A. It is not possible to create a captive account, however you can force a user to run a program, and if they close that program they can be logged out:

  1. Create a command file similar to the following
    <The program you wish to run>
    Logout
  2. Create a mandatory profile for this user.
  3. Remove all groups from this profile except the autostart group.
  4. In this group, put the file created in step one.

The file Logout.exe just logs out the user. It is also possible to restrict a Users applications using the Policy Editor. From the Policy Editor you can select which applications a User can run (make sure you give them Explorer!).

Microsoft have also created the zero administration kit which allows a user to be confined to a single application or a set of applications.

This is a short WSH script written for NT workstations to automatically log on to a terminal server using a generic Staff account. The user would then logon to WTS with their fully featured account to an environment befitting their role (most single App users)

The Staff shell was set to wscript \\SERVER\NETLOGON\<script>.vbs

==============================================

dim objShell, bLogOff
Set objShell=CreateObject("WScript.Shell")
bLogOff=FALSE
' Merge reg setting for MSTSC
objShell.Run "regedit /s \\SERVER\NETLOGON\WTSCon.reg",0,FALSE

Do
ObjShell.Run """c:\program files\terminal server client\mstsc.exe " & """" & "Server" & """",,TRUE
if Msgbox("Logoff?",vbquestion+vbyesno+vbDefaultButton2,"Logoff System")=vbYes then bLogOff=TRUE
Loop While bLogOff=FALSE
objShell.Run "\\SERVER\NETLOGON\Logoff /N",0,FALSE
' NB shutdown.exe also an alternative

==============================================