Jp 2012-05-25 05:16:54
I have a terminal server hosting a web application accessed by 20 thin
clients. Currently, there is only 1 terminal server user account set up.
Whoever connected to the terminal server will be using the same credential
for authenticating to the TS. Users will then be authenticated to the
application by entering their specific name set up at the application level.
The advantage of this set up is simplicity. I don’t have to create new user
name for additional thin clients. No matter there are 20, 30 or even 50
terminals, 1 user account on the server can do the job.
The disadvantage I can see so far is mainly the difficulties in managing the
connected clients. You cannot easily identify them as they are all using
the same user name. Even the IP addresses are dynamically assigned. Also, I
realized that when I logged on to the server console using the shared
account, I found that the performance is much slower than when I logged on
as administrator or another non-generic user. I am worrying about some
specific application data being mixed up as well when having one generic
account with multiplie sessions logged on concurrently.
Now I have to decide should I continue to use one generic account for all
terminal users, or create separate one for each terminal. Can some experts
please shed some light?
Rick chisholm 2012-05-25 05:16:56
that throws security and auditing right out the window.
Jp 2012-05-25 05:16:58
Thanks for your opinion. That’s why I said I needed advice from experts.
But I cannot agree totally that security would be completely neglected. In
my situation, IE6. would be started automatically when a user connects. I
have locked down the browser completely and force it to run in kiosk mode.
The session will be closed when the browser terminates. Second, the
application will authenticate users when the browser load up the application
In the case of Citrix, it generates a lot of anonymous users.
Administrators still cannot easily determine who is anon001.
Rick chisholm 2012-05-25 05:17:04
yours might be a special case
so you are using TS to serve IE6 to anon users to autheticate via Citrix
web interface to published apps? When autheticating to the published
app are they then using a unique username and secure password?
what are they interfacing to the TS with? I asked b.c. they could run
their browser locally and attached to the published apps that way and
save some CPU cycles.
Lindsay keith 2012-05-25 05:17:08
Do the applications inherit the Windows Account for authenication?
If so then any activity logged int hat application will be logged as one
user – could be problematic if you need to tack user behavoiur metrics in
Security is non-exisitent. Authentication, Access and Auditing are all
assigned to one user.
New Moon (Tarantella) Canaveral Allows you to easily set up applications and
user accounts. Relativiely Cheap compared to Citrix – less complicated to
manage as administrator. It has built in security model.