Build a Thin PC in the Script Editor

On this page we will focus on creating a Thin PC in the Script Editor. For most purposes, it is recommended to use the simpler Home Screen wizard to build your Thin PC, as demonstrate here. This page focuses on manually writing the scripts that the Home Screen makes for you, which is relevant in scenarios where the controller and installation scripts need to be different than the ones the Home Screen generates for you. If you have not read the Thin PC main page, please refer to it here before reading on.

There are some minor differences to the Home Screen approach versus the approach on this page. The scripts generated by the Home Screen will be installed locally on the target computer and the lockdown settings are included in the menu script. On this page, lock down settings are assumed to be set by Group Policies for a dedicated OU and the menu executable is put on a common share instead of being embedded inside the installation MSI file. This gives the advantage that the menu can be changed without updating the installation on the Thin PCs.

Build a Thin PC

Video Version

If you prefer a video version of the material presented on this page, you can watch Senior Technical Writer Steve Dodson from Binary Research International walk you through the content on this page using the video link below.



Step 1 of 3: Creating a menu

The first thing we need to do is to create a menu. You can choose to use the template script below - or you can start the Home Screen Thin PC wizard and let it generate a full menu for you. After building the menu through the wizard, the next page offers to export the generated script. You can choose to use such a script as the template script.

At first we can just start the menu script from the script editor for later installation through the OU Group Policies. If we just want the computer to start one specific application, we can just write a script line to do that one thing at startup, for example starting a published Citrix XenApp Desktop using the ShowIcaApp command followed by a ShutDown command. In this case we will show a menu of choices.

Let us use the example from the Citrix page as a template, which mixes an offering of locally installed applications and Remote Desktop and Citrix XenApp remote sessions. You can insert this example in the script editor by selecting "Thin PC Menu" in the "New Script" window.

ResumeOnError

 

:Restart

Set Selection=[Menu ACME KIOSK,Process|Intranet,Connected|Internet,Window|Acme ERP,User|Acme CRM,Screen|My Remote Desktop,Stop|Exit]

 

Switch [Var Selection]

  Case Intranet

    ShowWebPage www.google.com,Acme Intranet   ''Url would be internal intranet url

  Case Internet

    RunMax IExplore.exe,-private http://www.google.com

  Case Acme ERP

    RunIcaApp AcmeCitrix:8080,Acme ERP

  Case Acme CRM

    RunIcaApp AcmeCitrix:8080,Acme CRM

  Case My Remote Desktop

    ShowRemoteDesktop AcmeSrv,My Remote Desktop

  Default

    ShutDown

End Switch

 

Goto Restart

This will show the menu below. While you are testing on your own computer, you should replace the ShutDown command with an Exit command to avoid shutting down your computer, when exiting the menu. The initial ResumeOnError should be present, because in case of a problem launching a menu item, the script must continue to avoid terminating the script itself and rendering the Thin PC with no shell.

Thin PC Menu

We need to compile our script into an exe file. Hit F10 or select "Create Exe File" -> "Save Script As Exe File" in the script editor menu. Save the exe file as "FSHShell.exe" on the netlogon share.

Compiling a shell exe

If you need more than one type of Thin PC, you can handle it two ways. You can duplicate the whole setup using more OUs and shell exe files, but if the Thin PCs are relatively similar, you can use one OU and shell exe file and control the menu by computer security groups in the menu script. An example of this can be seen on the RemoteApp launchers page, but ComputerIsMemberOf must be used instead of UserIsMemberOf, as this script must be based on computer groups instead of user groups.

Step 2 of 3: Creating an installation script

Now we have a shell exe file ready and the next thing we need is a script to install the shell and make a few machine modifications. The way this script will be deployed is by compiling it into an msi file and then set up as a software installation for the OU that we will be creating later. The script we will use, looks like the below and is the same as the script that the Home Screen uses as the installation script, except that it points to a local exe file instead of our netlogon share FSHShell.exe. You can insert this example in the script editor by selecting "Thin PC Installer" in the "New Script" window.

If [CmdParam Action]=Uninstall Then

  ''==== UNINSTALL - ENABLE USB, CD AND FLOPPY SERVICES - SEE http://support.microsoft.com/kb/555324 ====

  WriteRegistry HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\Start,3,REG_DWORD

  WriteRegistry HKLM\SYSTEM\CurrentControlSet\Services\Cdrom\Start,3,REG_DWORD

  WriteRegistry HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\Start,3,REG_DWORD

  WriteRegistry HKLM\SYSTEM\CurrentControlSet\Services\Sfloppy\Start,3,REG_DWORD

 

  ''==== REMOVE AUTO-LOGON ====

  DisableAutoLogon

 

  ''==== RESTORE THE SHELL (EXPLORER.EXE) ====

  WriteRegistry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,Explorer.exe

Else

  ''==== INSTALL - DISABLE USB, CD AND FLOPPY SERVICES - SEE http://support.microsoft.com/kb/555324 ====

  WriteRegistry HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\Start,4,REG_DWORD

  WriteRegistry HKLM\SYSTEM\CurrentControlSet\Services\Cdrom\Start,4,REG_DWORD

  WriteRegistry HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\Start,4,REG_DWORD

  WriteRegistry HKLM\SYSTEM\CurrentControlSet\Services\Sfloppy\Start,4,REG_DWORD

 

  ''==== SET AUTO-LOGON ====

  EnableAutoLogon acme\KioskUser,KioskPass45

 

  ''==== REPLACE THE SHELL ====

  WriteRegistry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,\\[UserDomain]\netlogon\FSHShell.exe

End If

If we look at the MSI page, it says that when you compile a FastTrack script into an MSI installation file, the command-line parameter "Action" is passed, which contains either "Install" or "Uninstall", depending on the context. When you drag a computer into the OU, the MSI file is installed and the "Action" command-line parameter value will contain "Install". When you drag a computer out of the OU, the script is uninstalled and the value then contains "Uninstall". In other words, the first half of the script is executed when a computer is removed from the OU and the second half is executed, when a computer is added to the OU.

The command EnableAutoLogon command needs credentials to log on automatically to the computers. In the last section, the creation of the user is explained. Correct the domain "acme" to your domain and decide on a password to use for KioskUser before saving the script.

Let us first compile the script into an MSI file to understand the context of use, before analyzing the script further. Save the script and click the "Compile to MSI" menu or press F12.

Creating MSI file from project

Generating an MSI file from a script

We could have embedded the FSHShell.exe file inside the MSI file by checking "Include additional files from my project folder inside the MSI file" and embedding FSHShell.exe, but leaving it on a network location instead allows us to change it at any time without requiring a new deployment each time.

It is important to pay attention to the version number, because in case you need to update existing computers, you can just generate a new MSI file, increase the version number and replace the OU software package. Because the installation name is the same, FastTrack will automatically later identify the package as the same software in an updated version, which again will invoke what is called "major update" in Windows Installer. The "Major Update" feature ensures that existing installations are updated instead of installing another copy. This is explained on the MSI page.

If we go back to the script above, the script basically does this on install (and the opposite on uninstall):
  • Disables the services for USB, CD-ROMs, DVDs and legacy floppy disks. While it may not be necessary, it is still possible to open a document from a usb stick, if word or excel were offered as a menu choice.
  • Sets auto logon for a specific user. This must be a user in the same OU as the Thin PCs - see next section.
  • Points the shell process to FSHShell.exe on any copy of the netlogon share instead of Explorer.exe.

Step 3 of 3: Setting up the OU and GPO

The last step is mandatory and is creating an OU and Group Policies for the OU for deployment and lock down. This part is explained on the Thin PC main page. Click here to continue on that page.


Rating: 5 out of 5

"Use this as a replacement for VBScript and PowerShell"

"It's easy to include attractive GUI elements in FastTrack scripts, beyond the basic dialog boxes and text input that VBScript offers ... Another powerful feature is the ability to distribute scripts as Windows Installer (.msi) or standard .exe files. Although interesting in its own right, this ability results in a much more intriguing capability: to repackage -- or wrap -- software installers as .msi files without using snapshots. If you've ever created an .msi installer file from before-and-after system snapshots, for use with a software distribution system such as Group Policy or SCCM, then you know how hit-and-miss the results can be."

Read full review


Rating: 8 out of 10

"Faster than the rest"

"We found the FastTrack syntax to be more transparent and easier to learn than Microsoft's PowerShell – the editor in particular provided good support in this regard. the Script Editor offers a large number of options from the command set through to simple output of graphical elements, which cannot be achieved at all with PowerShell or other solutions or only with a significantly greater level of effort."

"Anyone wanting to tackle the many hurdles in everyday admin and especially anyone for whom logon scripts and client automation is a priority will benefit from the variety of functions offered by FastTrack."

Review in English      Review in German