<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

MSTSC as a Shell

Published on
18,287 Points
12,087 Views
2 Endorsements
Last Modified:
Approved
This article is written for administrators wanting to transform PC's into Fat Clients for use with Remote Desktop Services (aka Terminal Services).  It creates a seamless transition from the client desktop to Remote Desktop window.  It works on XP, Vista, and Windows 7.  

How it works
The user logs in to the PC, the MSTSC shell opens (instead of Explorer), and it automatically logs the user in using the "Allow Default Credentials" GPO to pass through local credentials.  When the user closes the Terminal Services window, the computer will automatically log off the user and return to the logon screen.

Step 1:  This creates a batch file that starts MSTSC and waits until its closed and  automatically logs out the user.
In C:\Program Files create a batch file called mstsc.bat with the following:
c:\Program Files\system32\mstsc.exe /v RDPServerName
logout

Open in new window

Step 2:  This step is a VBS script that runs the previous batch file invisibly.  You don't have to run it invisibly, but I like it because then the user can't close the batch file and leave the computer with a blank screen.
In C:\windows\system32 create a file called invisible.vbs with the following
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False

Open in new window


Step 3:  Allow Default Credentials GPO
See the following articles:
Windows XP: Must have SP3            http://support.microsoft.com/kb/951608
Windows Vista and Windows 7      http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx

Step 4:  This sets the shell to the batch file and runs it invisibly:
Open Regedit, navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
and change "Shell" from explorer.exe to
wscript.exe C:\windows\system32\invisible.vbs C:\windows\system32\mstsc.bat

If you want to work on the PC, minimize the TS window, and just press CTRL+ALT+DEL, Task Manager, Start new process, and run explorer.exe.  That will bring up an Explorer window.


Silent/Automatic/Command Line Install:  Use the following in a batch file to run all of the above in one quick step.  This script also creates an MSTSCUninstall.bat to remove settings and files.
@echo off
echo wscript.exe "%WinDir%\system32\invisible.vbs" "%WinDir%\system32\mstsc.bat" > "%WinDir%\system32\invisible.vbs"
(
  echo "%WinDir%\mstsc.exe" /v yourservername
  echo logoff
) > "%WinDir%\system32\mstsc.bat"

set LMSw=HKEY_LOCAL_MACHINE\SOFTWARE
reg add "%LMSw%\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t reg_sz /d "wscript.exe ^"%WinDir%\system32\invisible.vbs^" ^"%WinDir%\system32\mstsc.bat^"" /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v AllowDefaultCredentials /t reg_dword /d 1 /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v ConcatenateDefaults_AllowDefault /t reg_dword /d 1 /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 1 /t reg_sz /d "TERMSRV/yourservername.domainname.org" /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 2 /t reg_sz /d "TERMSRV/yourservername" /f

REM:  This generatess the uninstall script:
(
  echo del "%WinDir%\system32\mstsc.bat"
  echo del "%WinDir%\system32\invisible.vbs"
  echo reg add "%LMSw%\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t reg_sz /d explorer.exe /f
  echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v AllowDefaultCredentials /t reg_dword /d 1 /f
  echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v ConcatenateDefaults_AllowDefault /t reg_dword /d 1 /f
  echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 1 /t reg_sz /d "TERMSRV/yourservername.domainname.org" /f
  echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 2 /t reg_sz /d "TERMSRV/yourservername" /f
  echo del "%WinDir%\system32\MSTSCUninstall.bat"
) > "%WinDir%\system32\MSTSCUninstall.bat"

Open in new window

To undo the shell replacement: minimize the TS window, and just hit CTRL+ALT+DEL, click Task Manager.  In Task Manager, click on File, New Process, and type in C:\Windows\System32 and run MSTSCUninstall.bat.  Or you could run regedit instead and change the registry key shown above back to explorer.exe.
2
  • 8
  • 6
  • 3
  • +2
21 Comments
LVL 7

Author Comment

by:Justin Collins
If you close or logout of the session you are stuck at a blank screen.  You have to hit CTRL+ALT+DEL to do anything.
0
LVL 7

Author Comment

by:Justin Collins
Also, if you want to work on the PC, minimize the TS window, and just CTRL+ALT+DEL, Task Manager, start new process and run explorer.exe.  That will bring up the full explorer window.
0
LVL 74

Expert Comment

by:Qlemo
If you close or logout of the session you are stuck at a blank screen.  You have to hit CTRL+ALT+DEL to do anything.
I do not agree here. If the "shell" process dies, it is respawned, and hence the MSTSC session should get opened again.

My points were meant to allow you to add some more content to your article - please do so by editing it. We need to get over the 300 words limit. You could also apply some more formatting, like putting the reg key into a separate line, and/or set it in bold, aso.
0
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

LVL 7

Author Comment

by:Justin Collins
You're not being a pain.  This is my first article and I didn't understand what I was getting into.  I changed the format around so hopefully it's easier to read/understand this way.  I added in the introduction as advised and also added Install and Uninstall instructions.  If that's not enough then I probably will just change it to a blog as I don't have much time to mess with it anymore.

Thanks for you help and patience, it is appreciated.
0

Expert Comment

by:HDH-InformationSystems
Great read, Before I implement this, does anyone know if there are any newer solutions? I have performed similar things in the past so this is all familiar to me. Has anyone came up with a better solution?
0

Expert Comment

by:Steve Tipping
Change logout in the mstsc.bat file to logoff - works just fine.
0

Expert Comment

by:chili bong
how do you make this load a rdp file? I load a rdp file but can use the /v. and so it keeps restarting when i login the that user shell. without the /v the code doesnt work correctly when using rdp files.
0
LVL 7

Author Comment

by:Justin Collins
@Chili Bong - What is the exact command line that you are using to load the connection file?
0

Expert Comment

by:chili bong
@puter_geek hi here is my code
%windir%\system32\mstsc /v c:\mstsc\rdp.rdp
logoff

Open in new window


It works without the /v I tried /console but that doesn't work either. For reason it without the /v it just straight to logoff.
0
LVL 7

Author Comment

by:Justin Collins
Are you trying to use a RemoteApp?  If so, I was having the exact same issues and I never could get the RemoteApp to work.  :(  Desktops were fine, but when trying just the app, it seemed like it would open RDP, close the connection, and then reopen the app. (Which seems exactly like what you're describing)
0

Expert Comment

by:chili bong
I tried remote app before and found the command to run the remote app but just wont load in shell.

But I am just trying to run the mstsc.exe with the load setting from the rdp file. But if I put the logoff command it just logons and immediately logoff. So if I take off the logoff code when i exist the remote session I just get a blank scree.

I have this other code but I get the mstsc keep loading. I thought it was only going to load if the remote is closed or logged off.

:run
start /wait %windir%\system32\mstsc.exe c:\mstsc\rdp.rdp
ping -n 10 localhost
goto run

Open in new window


All these I found from other places. it works but nothing works how i think it should work. I would like to restart the mstsc with the loaded rdp file or log them off the computer when they exit or log off the remote session.
0
LVL 7

Author Comment

by:Justin Collins
Maybe my problem wasn't with RemoteApp, and it was a problem with using the rdp file.
0

Expert Comment

by:HDH-InformationSystems
%windir%\system32\mstsc /v c:\mstsc\rdp.rdp the underlined part should be the name of the destination computer or terminal server. for instance.... %windir%\system32\mstsc /v contososerver.contoso.com
0

Expert Comment

by:chili bong
So have you got this to work before?
0

Expert Comment

by:chili bong
@HDH-InformationSystems I want to load the rdp file because it contain the config to connect to the terminal. because without that /v I cannot get it to work where they exit or log off the remote computer to log off the local computer.
0
LVL 74

Expert Comment

by:Qlemo
The /v is not related to anything else than to provide the remote computer name to connect to. It overrides the one stored in the RDP file.
0

Expert Comment

by:chili bong
@Qlemo yea but if I load the rdp file for some reason using the logoff command just logs the user off the local computer before they can even go into the rdp.

Just right now i am hitting an issue where the command start /wait %windir%\system32\mstsc.exe c:\mstsc\rdp.rdp works but when they logoff their session there is just a black screen. the other command with the goto it keeps relaunching the rdp file. So continuous loop of the application just pops up. If there is a way to either log them off the local computer when the session is over or launch the application again if they log off. Just so close but cant reach it.
0

Expert Comment

by:HDH-InformationSystems
I did have to add another layer in to mine to get it to work. These were copied from an email I sent to a coworker explaining how I got it to work...

https://blogs.technet.microsoft.com/enterprisemobility/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections/ done on terminal server
https://superuser.com/questions/584876/how-do-i-use-my-current-credentials-with-remote-desktop would have been cool but I can’t figure out a way to use this without it affecting every computer.
https://www.mydigitallife.info/force-windows-to-login-automatically-after-logging-out-with-forceautologon/ done to force the autologon to keep happening when RDP is closed or logged out of and the script finishes and logs out the local session
https://serverfault.com/questions/422770/changing-the-login-timeout-for-windows-remote-desktop-services#422837 DONE ON TERMINAL SERVER. Lets the logon screen from remote sessions set idle for 999 seconds. This will keep the room machine from starting, logging in to windows, using mstsc as a shell, not being logged in quick enough, closing, logging in to windows and on and on and on……
https://www.experts-exchange.com/articles/10032/MSTSC-as-a-Shell.html the bread and butter.

So basically when you fire it up it sets there with the RDP login window. 999 seconds later it will give up and close but then the machine logs off due to the script. Then policy kicks in and says to force it to log back in and then it sets for another 999 seconds waiting for someone to need to log on.
0

Expert Comment

by:chili bong
@hdh-informationsystesm this was the closes thing I thought would work for me

https://www.mydigitallife.info/force-windows-to-login-automatically-after-logging-out-with-forceautologon/ done to force the autologon to keep happening when RDP is closed or logged out of and the script finishes and logs out the local session

But it is not what I want. Cause I want it to auto log off when they close the remote desktop connection.

I have it where the computer auto login and launch the mstsc with the rdp file. they connect to the remote desktop. once they done they will logoff of the remote desktop and then i want the local computer to automatically log off. or run the instance of the mstsc with the rpd file again.
0

Expert Comment

by:chili bong
so having it like this where it loads no rdp file it works. it launch the mstsc.exe and you have to input all the settings manually. and you login and then when you logoff the session it logoff the local computer. then initiating the autologin and back to the mstsc.exe.

start /wait %windir%\system32\mstsc.exe 
logoff

Open in new window


But when I load an rdp file to this to save time and add in extra settings to the mstsc.exe it just logoff right away when it logs in to the local machine.

start /wait %windir%\system32\mstsc.exe c:\mstsc\rdp.rdp
logoff

Open in new window


It would worked perfectly if it was able to load a rdp file and be able to stay on until logging off the remote desktop.
0
 

Administrative Comment

by:Qlemo
chili bong, this is an issue with your machine or config. Please post a question to resolve this issue, as it does not belong here.

Qlemo
Page Editor & Topic Advisor
0

Featured Post

CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month