I'm struggling to find adequate information on kiosk mode. We are interested in replacing several public workstations in a study area at our school with zero clients (Wyse P25s, on firmware 5.0.2). I followed the guidelines provided in the Kiosk Mode Whitepaper and referred to Configuring Clients in Kiosk Mode article on pubs.vmware.com. There are a few things that are called out that I feel aren't explained very well, specifically the requirements around using clientIDs in lieu of MAC addresses.

The pubs.vmware.com article states: "You should use each specified name with no more than one client device", yet I don't see why that affinity is necessary. It's unclear if that is a recommendation or technical requirement and why. It seems like the clientID method would help alleviate the amount of management overhead involved with adding and replacing endpoints compared to MAC addresses, however if a single clientID is not reusable across multiple endpoints, there are still scenarios where support staff (helpdesk) would need to manage accounts by direct interaction with the Connection Server (adding machines) or could disrupt sessions if replacing a machine and accidentally specifying a clientID account that is already in use on an active session. In all honesty, that is a process that dis-empowers them and results in tedious work for operations staff to help them manage these accounts. It would seem easier then to create a single AD service account and entitle it to a desktop pool that allows the user to initiate multiple sessions (understanding of course that we lose any sort of per-instance visibility within centralized logs, but that's besides the point). And despite the statement at the beginning of this paragraph, I don't see that there is any functional limitations in doing it this way.

Which brings me to my second question, specific to the options in the P25s: What is the difference between Kiosk Mode and Auto Logon? Yes, Kiosk Mode does automate some of the account creation activities, but in our case, our helpdesk is more empowered managing AD users and groups than they with issuing commands directly on Connection Servers, so is it really making anyone's job easier by automating account creation on a system that endpoint support staff are unfamiliar, and more importantly not provided access to? Wouldn't it be much simpler to create a desktop pool, entitle a single service account and allow the user to initiate multiple sessions using Auto Logon?

In summary, what are the specific differences between Kiosk Mode and Auto Logon? I can't seem to identify any technical restrictions or limitations or conversely any big advantages other than what's already been stated with using one over the other, so what are the business decisions that impact to go one way or the other?

Is there anything in kiosk mode that automates ADDING clients to the connection broker? Like "if an endpoint is enabled for kiosk mode, create an AD account based on MAC address in the default OU and assign them to the default kiosk mode group"?