thinlaunch quick take v08.20.09.txt
after reading Michael Keen's post at: http://www.brianmadden.com/blog/MichaelKeen/Have-you-heard-of-ThinLaunch I headed over to http://www.thinlaunch.com/ for the eval since repurposing existing winxp clients is something I am interested in..
first thing is that it requires .net 2.0 framework.. this shouldn't be an issue but just another hurdle and for whatever reason I don't have snapshot for my winxp sp2 vm with .net 2.0 already installed.. atleast not on this laptop.
quick install and at the end it asks you for what executable you want to run at startup.. browse and select something.
now for the guts.. it's is scary!!
it creates a local user that is a member of Local Users AND Administrators called:
ThinDesktopUser with a password of: test!123abc!!@#
then proceeds to modify the registry to autologin and run C:\Program Files\Thin Desktop\ThinDesktop.exe /s, via the UserInit key.
ThinDesktop.exe then reads: HKLM\SOFTWARE\ThinLaunch\Thin Desktop\LaunchCommand (which has the full path to the exe you defined earlier)
so... my quick and dirty lockdown that is going to set me back $20-26 per workstation has created a local admin account with a standard password and is still running explorer.exe as the shell..
good news is there is an alternative and Microsoft was so kind to provide it for free.. regedit.exe
simply browse to: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and change the Shell key to the full path of the executable of your VDI client, XenApp full client or better yet, frontend a web-portal with Public Web Browser from TeamSoftware Solutions
PWB will set you back $125 per year for a site license so you'll need atleast 5 clients to repurpose to realize your ROI versus ThinLaunch. This is only if you want to do the web portal, setting the Shell key to any other .exe is free and requires a keyboard, but PWB does give you alot of other neat features.
The above solution works as a local or domain USER not admin, and won't expose you to the vulnerabilities that appear very obvious with ThinLaunch.
Sorry, throwing together a quick .NET 2.0 app that modifies the registry and perform a ShellExec API command (possibly more, don't want to understate it) isn't worth $26 per client when there is alot of hard work and engineering that goes into many other client licensed products around that price range such as appvirt, antivirus, device control, and full disk encryption.
first thing is that it requires .net 2.0 framework.. this shouldn't be an issue but just another hurdle and for whatever reason I don't have snapshot for my winxp sp2 vm with .net 2.0 already installed.. atleast not on this laptop.
quick install and at the end it asks you for what executable you want to run at startup.. browse and select something.
now for the guts.. it's is scary!!
it creates a local user that is a member of Local Users AND Administrators called:
ThinDesktopUser with a password of: test!123abc!!@#
then proceeds to modify the registry to autologin and run C:\Program Files\Thin Desktop\ThinDesktop.exe /s, via the UserInit key.
ThinDesktop.exe then reads: HKLM\SOFTWARE\ThinLaunch\Thin Desktop\LaunchCommand (which has the full path to the exe you defined earlier)
so... my quick and dirty lockdown that is going to set me back $20-26 per workstation has created a local admin account with a standard password and is still running explorer.exe as the shell..
good news is there is an alternative and Microsoft was so kind to provide it for free.. regedit.exe
simply browse to: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and change the Shell key to the full path of the executable of your VDI client, XenApp full client or better yet, frontend a web-portal with Public Web Browser from TeamSoftware Solutions
PWB will set you back $125 per year for a site license so you'll need atleast 5 clients to repurpose to realize your ROI versus ThinLaunch. This is only if you want to do the web portal, setting the Shell key to any other .exe is free and requires a keyboard, but PWB does give you alot of other neat features.
The above solution works as a local or domain USER not admin, and won't expose you to the vulnerabilities that appear very obvious with ThinLaunch.
Sorry, throwing together a quick .NET 2.0 app that modifies the registry and perform a ShellExec API command (possibly more, don't want to understate it) isn't worth $26 per client when there is alot of hard work and engineering that goes into many other client licensed products around that price range such as appvirt, antivirus, device control, and full disk encryption.
Comments
Look for the release some time this week.