- XenDesktop/XenApp as a Service, using the included Citrix Cloud hosted StoreFront. Thus, we have no access to IIS nor can we run 2FA.
- Windows 10 Home thin clients, locked down with Desktop Lock. /includeSSON flag works fine
- Windows 10 Home local admin user (for desktop lock bypass) and a local non-admin user with a blank password (user is called 'press enter'). This is a hot-desk environment.
Scenario works great. Nice, inexpensive thin client, with great performance. OS is managed by LabTech.
Problem, users are able to check 'save password' at the receiver login and AD credentials are cached. Next person logging in with the hot-desk username of 'press enter' gets auto logged with the last persons AD creds.
I've tried the usual:
- install Receiver with the ALLOWSAVEPWD=N switch
- Registry- ...Dazzle/AllowSavePwd = N
- appsrv.ini, added NoSavePwordOption=On
nothing works. I even tried C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\CleanUp.exe" -cleanUser to run at login via scheduled task, which does clear the cached AD creds, but it kills the Desktop Lock environment...
Any ideas, other than, "stop being cheap and get a Win Pro thin client" ? :(
Question
Graham Caparulo
Our scenario...
- XenDesktop/XenApp as a Service, using the included Citrix Cloud hosted StoreFront. Thus, we have no access to IIS nor can we run 2FA.
- Windows 10 Home thin clients, locked down with Desktop Lock. /includeSSON flag works fine
- Windows 10 Home local admin user (for desktop lock bypass) and a local non-admin user with a blank password (user is called 'press enter'). This is a hot-desk environment.
Scenario works great. Nice, inexpensive thin client, with great performance. OS is managed by LabTech.
Problem, users are able to check 'save password' at the receiver login and AD credentials are cached. Next person logging in with the hot-desk username of 'press enter' gets auto logged with the last persons AD creds.
I've tried the usual:
- install Receiver with the ALLOWSAVEPWD=N switch
- Registry- ...Dazzle/AllowSavePwd = N
- appsrv.ini, added NoSavePwordOption=On
nothing works. I even tried C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\CleanUp.exe" -cleanUser to run at login via scheduled task, which does clear the cached AD creds, but it kills the Desktop Lock environment...
Any ideas, other than, "stop being cheap and get a Win Pro thin client" ? :(
Thanks!
Link to comment
8 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now