Here are some quick guidelines.
Since I neve managed to deplys WTPC with MDT, I used a bootable USB key on which I installed the OS with a Microsoft tool I can't recall the name).
The install is pretty basic, it needs to reboot once.
Once done, I shut the machine down and move it to a specific OU
In this OU, I have a GPO that does all the job; which is bascially.
runnning a script that copy saved local policies, basically some stuff about blocking ctrl+alt+del, task maneger + others I can't recall but could dig in if needed.
Install the client if not already installed
Set a registry key to avoid ssl certificate check
reboot the machine
runnning an other script that sets all the registry for autologon
GPP to copy shelly.exe and vdm_client.adm
disable local users and create a spécific local admin
disable access to local c drive and some other security stuff
set firewall on except for 3389
create a job to stop the machine every night at 9pm.
I have to say it took me a bit of time but that does the job. But Zero Client are more comfortable for end users.
The only thing is when setup is finished, I am having a hard time modifying it, I have to start again from scratch :smileyblush:
Hope this help.