Browse All Articles > MSTSC as a Shell
This article is written for administrators wanting to transform PC's into Fat Clients for use with Remote Desktop Services (aka Terminal Services). It creates a seamless transition from the client desktop to Remote Desktop window. It works on XP, Vista, and Windows 7.
How it works
The user logs in to the PC, the MSTSC shell opens (instead of Explorer), and it automatically logs the user in using the "Allow Default Credentials" GPO to pass through local credentials. When the user closes the Terminal Services window, the computer will automatically log off the user and return to the logon screen.
Step 1: This creates a batch file that starts MSTSC and waits until its closed and automatically logs out the user.
In C:\Program Files create a batch file called mstsc.bat with the following:
In C:\windows\system32 create a file called invisible.vbs with the following
Step 3: Allow Default Credentials GPO
See the following articles:
Windows XP: Must have SP3 http://support.microsoft.com/kb/951608
Windows Vista and Windows 7 http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx
Step 4: This sets the shell to the batch file and runs it invisibly:
Open Regedit, navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
and change "Shell" from explorer.exe to
wscript.exe C:\windows\system32\invisible.vbs C:\windows\system32\mstsc.bat
If you want to work on the PC, minimize the TS window, and just press CTRL+ALT+DEL, Task Manager, Start new process, and run explorer.exe. That will bring up an Explorer window.
Silent/Automatic/Command Line Install: Use the following in a batch file to run all of the above in one quick step. This script also creates an MSTSCUninstall.bat to remove settings and files.
How it works
The user logs in to the PC, the MSTSC shell opens (instead of Explorer), and it automatically logs the user in using the "Allow Default Credentials" GPO to pass through local credentials. When the user closes the Terminal Services window, the computer will automatically log off the user and return to the logon screen.
Step 1: This creates a batch file that starts MSTSC and waits until its closed and automatically logs out the user.
In C:\Program Files create a batch file called mstsc.bat with the following:
c:\Program Files\system32\mstsc.exe /v RDPServerName
logoutIn C:\windows\system32 create a file called invisible.vbs with the following
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, FalseStep 3: Allow Default Credentials GPO
See the following articles:
Windows XP: Must have SP3 http://support.microsoft.com/kb/951608
Windows Vista and Windows 7 http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx
Step 4: This sets the shell to the batch file and runs it invisibly:
Open Regedit, navigate to
HKEY_LOCAL_MACHINE\SOFTWAR
wscript.exe C:\windows\system32\invisi
If you want to work on the PC, minimize the TS window, and just press CTRL+ALT+DEL, Task Manager, Start new process, and run explorer.exe. That will bring up an Explorer window.
Silent/Automatic/Command Line Install: Use the following in a batch file to run all of the above in one quick step. This script also creates an MSTSCUninstall.bat to remove settings and files.
@echo off
echo wscript.exe "%WinDir%\system32\invisible.vbs" "%WinDir%\system32\mstsc.bat" > "%WinDir%\system32\invisible.vbs"
(
echo "%WinDir%\mstsc.exe" /v yourservername
echo logoff
) > "%WinDir%\system32\mstsc.bat"
set LMSw=HKEY_LOCAL_MACHINE\SOFTWARE
reg add "%LMSw%\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t reg_sz /d "wscript.exe ^"%WinDir%\system32\invisible.vbs^" ^"%WinDir%\system32\mstsc.bat^"" /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v AllowDefaultCredentials /t reg_dword /d 1 /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v ConcatenateDefaults_AllowDefault /t reg_dword /d 1 /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 1 /t reg_sz /d "TERMSRV/yourservername.domainname.org" /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 2 /t reg_sz /d "TERMSRV/yourservername" /f
REM: This generatess the uninstall script:
(
echo del "%WinDir%\system32\mstsc.bat"
echo del "%WinDir%\system32\invisible.vbs"
echo reg add "%LMSw%\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t reg_sz /d explorer.exe /f
echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v AllowDefaultCredentials /t reg_dword /d 1 /f
echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v ConcatenateDefaults_AllowDefault /t reg_dword /d 1 /f
echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 1 /t reg_sz /d "TERMSRV/yourservername.domainname.org" /f
echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 2 /t reg_sz /d "TERMSRV/yourservername" /f
echo del "%WinDir%\system32\MSTSCUninstall.bat"
) > "%WinDir%\system32\MSTSCUninstall.bat"Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (20)
Commented:
Commented:
Just right now i am hitting an issue where the command start /wait %windir%\system32\mstsc.ex
Commented:
https://blogs.technet.microsoft.com/enterprisemobility/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections/ done on terminal server
https://superuser.com/questions/584876/how-do-i-use-my-current-credentials-with-remote-desktop would have been cool but I can’t figure out a way to use this without it affecting every computer.
https://www.mydigitallife.info/force-windows-to-login-automatically-after-logging-out-with-forceautologon/ done to force the autologon to keep happening when RDP is closed or logged out of and the script finishes and logs out the local session
https://serverfault.com/questions/422770/changing-the-login-timeout-for-windows-remote-desktop-services#422837 DONE ON TERMINAL SERVER. Lets the logon screen from remote sessions set idle for 999 seconds. This will keep the room machine from starting, logging in to windows, using mstsc as a shell, not being logged in quick enough, closing, logging in to windows and on and on and on……
https://www.experts-exchange.com/articles/10032/MSTSC-as-a-Shell.html the bread and butter.
So basically when you fire it up it sets there with the RDP login window. 999 seconds later it will give up and close but then the machine logs off due to the script. Then policy kicks in and says to force it to log back in and then it sets for another 999 seconds waiting for someone to need to log on.
Commented:
https://www.mydigitallife.info/force-windows-to-login-automatically-after-logging-out-with-forceautologon/ done to force the autologon to keep happening when RDP is closed or logged out of and the script finishes and logs out the local session
But it is not what I want. Cause I want it to auto log off when they close the remote desktop connection.
I have it where the computer auto login and launch the mstsc with the rdp file. they connect to the remote desktop. once they done they will logoff of the remote desktop and then i want the local computer to automatically log off. or run the instance of the mstsc with the rpd file again.
Commented:
Open in new window
But when I load an rdp file to this to save time and add in extra settings to the mstsc.exe it just logoff right away when it logs in to the local machine.
Open in new window
It would worked perfectly if it was able to load a rdp file and be able to stay on until logging off the remote desktop.
View More