Blog: thin client

We recently encountered some machines running Windows Embedded with the Write Filter enabled that were losing their trust relationship with an Active Directory domain due to mismatched passwords associated with computer accounts. [more]

Cause: After 30 days (default), machine account password expires. The password is updated on the machine as well as in AD. At some point, the machine is rebooted. Since the machine is running in Read Only mode (write filter enabled), the password associated with the computer account is reverted back to the password that is stored with the image on the machine. Since that password does not match the one stored in AD (the updated password), the machine can no longer communicate with the DC and the trust is broken.

Resolution: Windows Embedded Standard (from XP forward) has the ability to retain specific registry keys across reboots. It is called the Registry Filter service (Regfilter), and it works like this: determine what you want to retain, and configure it in a specific area of the registry. The service will monitor the specified key for changes, if there are any it'll both keep them in memory and write them in a specific way to c:\regfdata. From then on, any system call to read or write to that key will instead be reading from and writing to the key in memory and in c:\regfdata. When using a prebuilt HP image, keys for the Terminal Services Client Access License (TSCAL) and Domain Secret Key (key that holds the secret password for the issue above) are already added to the regfilter registry key. This process didn’t seem to be working with the current HP image we were using. However, the most current image on HP’s site did work.


I recently travelled to a customer location wehre 80% of the employees use Windows XP Embedded Thin Clients. With the new XenApp 6 farm, it requires the latest version of the Citrix Client 12.0 or higher to be able to use all the functionalities of the new farm.

Now this became tricky as some older models (T20’s) had 512KB of Hard Drive space and 512KB of RAM.  I was happy to see that the the newer versions, T30 and T40, both had 1MG.  Adding to this storage surplus, all the images had Citrix plugins ranging from versions 10 to 11.  We also wanted to help IT support out and install a Bomgar Button to these machines. [more]

After some trail and error we finally found a work around to the installation of the Thin Clients.

  1. Changing the environmental variable to run the installation off the USB keys
  2. Loading a file that Bomgar created on Local Settings/App Data to the All Programs folder for all users to be able to launch the button
  3. Registry fixes to disable Icons and rename the Thin Clients so they pass through the correct machine names.

All these changes, had to be made in the administrator account and all changes required a reboot of the machine for the changes to take place.  All in all, I believe I became a very thin client myself.


This is pretty straight forward, but comes up from time to time.  A customer called to say their screen is smaller (lower resolution) than it used to be after Windows Updates.
Notes about Terminal Server resolution:

  • You cannot change the resolution while in a terminal server session.
  • The Display tab in the RDP options before you connect is usually set to “Full Screen”.  It can be set to lower resolution sizes than your current PC or Thin Client settings, but not higher.

In order to fix the problem, close the terminal server connection.  Change the resolution size as needed on the local PC or Thin Client, and then reconnect to the terminal server.  The new resolution settings will be passed through automatically if the display settings are still set to “Full Screen”.


We recently encountered a problem where users were unable to type in the password or username box after locking Terminal Server sessions from their Thin Clients. Their keyboards were responsive (pressing CAPS Lock key initiated the notification on the Terminal Server) but the cursor or any keys entered would not show up.

It is suspected that one of the multiple windows updates that were released for the month of June may have caused this. Users started complaining the day after the updates were applied. However, testing was not completed to determine which one of the updates caused this or if removal of the update fixed the issue.

Here is the workaround we found:  The problem does not occur if the user locks their screen using the left CTRL+ALT combination. This issue only presents itself if the user locked their session using the right CTRL+ALT key combination. If the user does lock their session using the right CTRL+ALT key combination and is presented with the problem, pressing the left CTRL+ALT keys simultaneously will allow the user to enter their information into the password\username boxes to unlock their session.


Make sure that you plug the printer in while the thin client is turned off. After plugging it in boot up the thin client. Log in and go to install a printer like normal. You should see a printer port named LPT2, this is the one that you want to select since it is what was mapped to that USB port. If you plugged in the printer while the thin client was turned on you have to turn it off and switch the printer to another USB port.