Monday, February 13, 2006

Turning a Laptop into a Thin Client

I have recently been involved in a project that aimed to provide a thin client interface on a laptop. The only two 'applications' that should be available are:

  • A connection to a Full Desktop running on a Citrix Platform
  • The Printer dialog, in order to set printer preferences and clear the print queue
Quite some possibilities have been tested, but only one came out strong: RES PowerFuse.

As a first attempt, we tested the RES Subscriber, which basically proved a small menu with a customizable list of possibilities of applications to launch. This worked quite well, apart from the fact that 1) you don't get to see the warning screens of the locally running virus scanner and 2) policies are still required to avoid that users use task manager to start whatever they like.

Due to these issues, we then moved to PowerFuse. PowerFuse has a very nice solution for managing laptops. You centrally configure and secure the laptop environment, and changes are synchronized whenever the laptop is connected to the LAN. Also application-usage statistics are recorded and sent back to the server.

We have tested several possibilities in configuration. From these, we recorded the following important guidelines:
  • Always use a domain account to run the PowerFuse service. Otherwize synchronisation does not occur.
  • A local account can be used as a PowerFuse user (be carefull in configuring PowerFuse, though), although automatic synchronisation is only possible with a domain user.
  • Some policies may still be required, but those can easily be applied using PowerFuse, so no additional GPO settings are required. A very handy way is to import the administrative template (.adm file) into PowerFuse and simply select the suitable options, just as you would when configuring a GPO.
  • When you use an imaging tool to clone laptops, make sure to disjoin the laptop before making the image and to join it again after restoring the image. Also, the PowerFuse database synchronisation should be applied after the joining of the domain.
All in all, everything seems to work well. If a change is required in the future, user connect to the LAN and a few minutes later they have the new configuration that is tailored for them.

Custom Search