stealthpuppy | Aaron Parker, Citrix Technology Professional Principal Modern Workplace Architect @I
Time 2021-04-22 13:12:14Web Name: stealthpuppy | Aaron Parker, Citrix Technology Professional Principal Modern Workplace Architect @I
WebSite: http://stealthpuppy.com
ID:171661
Keywords:
Principal,Professional,Workplace,Description:
With a hosting renewal pending I thought it past time to migrate to a new platform for stealthpuppy.com. While I’ve found WordPress to be OK with plenty of support for extensibility through plug-ins, I’m not keen on paying for a blogging platform that I don’t actively make an income from, nor do I want to deal with the hassle of a multi-tier platform using MySQL, PHP and WordPress itself.Thunderbolt 3 and USB-C have arrived to make our life easier and more confusing all at the same time. The promise of a single cable that does everything is appealing but for the average consumer, knowing what to purchase is challenging. This article is a view into my research into Thunderbolt, USB-C and 4K monitors and what I’ve ultimately purchased.Folder Redirection to OneDrive on Windows 10 with IntuneIf you’re deploying Windows 10 with Modern Management (Azure AD joined, MDM managed), you’ll likely have wondered about data protection - if users aren’t intentionally saving documents to their OneDrive folder, that data is likely, not synchronised and therefore not protected against data loss.Setting up the Windows Store for BusinessWhile the Universal app platform on Windows 10 isn’t going to replace legacy Win32 apps for some time, the potential of this platform to improve the way IT approaches application lifecycle management is high. Apps can be deployed, updated and removed without packaging or having to worry about application conflicts. It’s encouraging to see a number of useful enterprise applications available - the future is mobile apps, even on the desktop, so every enterprise should be looking at the Windows Store for Business.Storage Capacity Required for Machine Creation ServicesHow much storage capacity do you need for Citrix Machine Creation Services? If you’re designing a XenApp or XenDesktop environment, one question you’re going to ask is “how much storage do we need?”. Let’s dig into the fundamentals of Machine Creation Services and have a look at how much capacity you’ll need to provision.Choose Your Own Adventure with Microsoft IntuneMicrosoft Intune has multiple methods for managing Windows 10 - you can choose to deploy a client or use the mobile device management capabilities built into the operating system. However, guidance from Microsoft on the comparing the capabilities of each, especially from a policy perspective, is currently unclear.Windows Store User Experience in the Enterprise in Windows 10Chicken Little seems to be working overtime when it comes to the Windows Store in Windows 10. I’ve read and heard many different thoughts and approaches to the Store in Windows 10, but I believe that the Store and Universal apps should be embraced. It would; however, be nice to have more control over user interaction with the Store and in-box Univeral apps.Configuring Remote Desktop Certificates for OS X ClientsWindows has supported TLS for server authentication with RDP going back to Windows Server 2003 SP1. When connecting to a Windows PC, unless certificates have been configured, the remote PC presents a self-signed certificate, which results in a warning prompt from the Remote Desktop client. An environment with an enterprise certificate authority can enable certificate autoenrollment to enable trusted certificates on the RDP listener, thus removing the prompt. To get OS X clients to accept the certificate takes a little extra configuration not required on Windows clients.Citrix Synergy 2015 is just next week, so for me that means several things - attending CTP meetings (from about 8:00 am to 9:00 pm each day) on the Sunday and Monday, presenting a Geek Speak Live session on Tuesday, helping to man the Atlantis booth on the solutions expo floor, taking part in Geek Speak on Wednesday evening, meet old and new friends and generally have some fun.Using the Citrix X1 Prototype MouseI received a Citrix X1 Prototype mouse a few days ago, so I’ve put together here a short video that shows paring the mouse and using it in a remote Windows 8 desktop.File Sync Solutions as Alternatives to Folder Redirection - AppSense DataNowI’ve previously covered the use of AppSense DataNow as an alternative to folder redirection and Offline Files. In that article I provided an approach to using DataNow to sync a copy of the user’s home drive locally instead of redirecting user folders to the network. I’ve previously used a beta version of DataNow and with the release of DataNow 3.5, I want to take an updated look at this solution.A conversation about desktop virtualisation will invariably turn to the topic of persistent vs. non-persistent. Anyone new to VDI or Server Based Computing (SBC), may need persistent and non-persistent defined in context. This is a discussion that I have on a semi-regular basis, so for easy reference, I’d thought I would put down a discussion on this topic into an article.There’s a particular behaviour in Outlook for Mac, that for several years I have thought was a bug. If you reply to an email, you often only get some of the text from the original email, rather than the entire email being copied into the reply. Like this:Participate in the Project VRC State of the VDI and SBC union 2015 surveyThe independent R D project ‘Virtual Reality Check’ (VRC) was started in early 2009 by Ruben Spruijt (@rspruijt) of PQR and Jeroen van de Kamp (@thejeroen) of Login Consultants, and focuses on research in the desktop and application virtualization market. Several white papers with Login VSI test results were published about the performance and best practices of different hypervisors, Microsoft Office versions, application virtualization solutions, Windows Operating Systems in server hosted desktop solutions and the impact of antivirus in VDI environments.Updating an MCS-based XenDesktop Machine Catalog with PowerShellI wrote previously about automating the creation of an MCS-based machine catalog in XenDesktop with PowerShell, so in this article I’ll cover updating that machine catalog via PowerShell.Separate to this article would be the process of creating the updated image - that could be done manually (by updating the existing master image), or by automating a new master image deployment with MDT, or any other method that you can think of.Just as with creating the machine catalog, the PowerShell output from Studio when updating a catalog is a place to start - the code provided isn’t reusable without some effort to make it work.Linking the Code to the UII’ll walk briefly through the wizards to show, in part, how the code relates to each step when updating a machine catalog via the Studio UI.In this case, I’ve already created the machine catalog and updated my master image and created a snapshot. The hypervisor isn’t important because Citrix Studio abstracts this from the process when performing the update (I do need to be using the same infrastructure as the target catalog).To find the snapshot to use, I’ve obtained the path to the master image and a specified snapshot via the Get-ChildItem command (on the path XDHyp:\HostingUnits Storage Resource ). This is essentially a path/directory that I can parse - I’ve explicitly specified the master image and the snapshot to use. I need the path to the snapshot so that I can use that in the publish step for the image update.Get-ChildItem "XDHyp:\HostingUnits\"I can choose from a couple of rollout strategies for the image update - I can choose to update on next shutdown of the desktop, or update immediately (with a specified delay).Start-BrokerRebootCycle is used to control the the reboot cycle, but this is called at the end of the script to ensure the update process is completed first.Start-BrokerRebootCycle -InputObject @( Machine Catalog Name ) -RebootDuration 120 -WarningDuration 15 -WarningMessage message -WarningTitle message Publish-ProvMasterVmImage is used to publish the image. The process can then be monitored by getting updates for the process via Get-ProvTask. I’ve opted to show a progress bar while the update is on-going before initiating the desktop reboot.There’s plenty that the wizard does to hide the complexity of setting up a catalog from the administrator. If you attempt the same via PowerShell, what goes on under the hood is laid bare.The CodeBelow is the full code listing with comments inline that should provide some detail on the process the code follows. At this point the code provides some error checking for the most important steps. There are still some additional steps and error checking that could be integrated:The code will get a specified snapshot from the target VM. I’ve done this to ensure I’m using the correct version of the imagePublish the image update to the catalogMonitor the update process until completionStart the desktop reboot cycleAt this stage, I haven’t added too much error checking, but an important step to add will be to check that the image update process was successful and rollback if it wasn’t.#---------------------------------------------------------------------------## Author: Aaron Parker## Desc: Using PowerShell to update a XenDesktop 7.x machine catalog ## Date: Oct 27, 2014## Site: http://stealthpuppy.com#---------------------------------------------------------------------------## Set variables for the target infrastructure## ----------$adminAddress = 'xd71.home.stealthpuppy.com' #The XD Controller we're going to execute against$xdControllers = 'xd71.home.stealthpuppy.com'## Hypervisor and storage resources## These need to be configured in Studio prior to running this script## This script is hypervisor and management agnostic - just point to the right infrastructure$storageResource = "HV2-EVOPro" #Storage$hostResource = "Lab vCenter" #Hypervisor management## Master image properties$machineCatalogName = "Windows 8 vSphere"$masterImage ="Windows8*"$snapshot = "VDA 7.6"$messageDetail = "Your computer has been updated and will be automatically restarted in 15 minutes."$messageTitle = "Help desk message"## ----------## Load the Citrix PowerShell modulesWrite-Verbose "Loading Citrix XenDesktop modules."Add-PSSnapin Citrix*## Get information from the hosting environment via the XD Controller## Get the storage resourceWrite-Verbose "Gathering storage and hypervisor connections from the XenDesktop infrastructure."$hostingUnit = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\HostingUnits" | Where-Object { $_.PSChildName -like $storageResource } | Select-Object PSChildName, PsPath## Get the hypervisor management resources$hostConnection = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\Connections" | Where-Object { $_.PSChildName -like $hostResource }## Get the broker connection to the hypervisor management## http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/get-brokerhypervisorconnection-xd75.html$brokerHypConnection = Get-BrokerHypervisorConnection -AdminAddress $adminAddress -HypHypervisorConnectionUid $hostConnection.HypervisorConnectionUid## Set a provisioning scheme for the update process## http://support.citrix.com/proddocs/topic/citrix-machinecreation-admin-v2-xd75/set-provschememetadata-xd75.html$ProvScheme = Set-ProvSchemeMetadata -AdminAddress $adminAddress -Name 'ImageManagementPrep_DoImagePreparation' -ProvisioningSchemeName $machineCatalogName -Value 'True'## Get the master VM image from the same storage resource we're going to deploy to. Could pull this from another storage resource available to the hostWrite-Verbose "Getting the snapshot details for the catalog: $machineCatalogName"$VM = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\HostingUnits\$storageResource" | Where-Object { $_.ObjectType -eq "VM" -and $_.PSChildName -like $masterImage }## Get the snapshot details. This code will grab a specific snapshot, although you could grab the last in the list assuming it's the latest.$VMSnapshots = Get-ChildItem -AdminAddress $adminAddress $VM.FullPath -Recurse -Include *.snapshot$TargetSnapshot = $VMSnapshots | Where-Object { $_.FullName -eq "$snapshot.snapshot" }## Publish the image update to the machine catalog## http://support.citrix.com/proddocs/topic/citrix-machinecreation-admin-v2-xd75/publish-provmastervmimage-xd75.html$PubTask = Publish-ProvMasterVmImage -AdminAddress $adminAddress -MasterImageVM $TargetSnapshot.FullPath -ProvisioningSchemeName $machineCatalogName -RunAsynchronously$provTask = Get-ProvTask -AdminAddress $adminAddress -TaskId $PubTask## Track progress of the image updateWrite-Verbose "Tracking progress of the machine creation task."$totalPercent = 0While ( $provTask.Active -eq $True ) { Try { $totalPercent = If ( $provTask.TaskProgress ) { $provTask.TaskProgress } Else {0} } Catch { } Write-Progress -Activity "Provisioning image update" -Status "$totalPercent% Complete:" -percentcomplete $totalPercent Sleep 15 $provTask = Get-ProvTask -AdminAddress $adminAddress -TaskId $PubTask## Start the desktop reboot cycle to get the update to the actual desktops## http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/start-brokerrebootcycle-xd75.htmlStart-BrokerRebootCycle -AdminAddress $adminAddress -InputObject @($machineCatalogName) -RebootDuration 60 -WarningDuration 15 -WarningMessage $messageDetail -WarningTitle $messageTitleComments or feedback on bugs, better ways to do things or additional steps is welcome. the code is provided as-is, so ensure you test before using in a production environment.Adding App-V Publishing Information to a XenDesktop Site with PowerShellAdding Microsoft App-V publishing information to a XenDesktop or XenApp 7.x site is very easy via the Citrix Studio UI, but what if you want to automate this process? Of course, you’ll need to reach for PowerShell.What may not be widely known is that you can add additional App-V publishing configuration to a XenDesktop site beyond what you see in the UI. This allows you to set publishing information per delivery group. Useful for complex XenDesktop sites such as multi-tenant environments.Creating the App-V publishing information with PowerShell is a multi step process. You’ll need to create the publishing information with New-CtxAppVServer and then apply the configuration with New-BrokerMachineConfiguration.Applying this in practice however may ultimately require testing the App-V management and publishing servers and ensuring that the configuration does not already exist before adding it.So to do that, I’ve written a function that will take the App-V Management and Publishing servers as parameters, ensure that they test OK and check that the configuration does not already exist before importing the configuration into the site.This function is fairly basic and while it does do some error checking, it could probably go a little further to ensure the configuration is applied successfully.Function Set-CtxAppvConfig { .SYNOPSIS Sets new App-V publishing information in a XenDesktop site. .DESCRIPTION This function can be used to set or add App-V publishing information in a XenDesktop or XenApp 7.x site. .PARAMETER AdminAddress Specifies a remote XenDesktop controller to apply the configuration against. If omitted, the local host will be used instead. .PARAMETER AppvMgmtSvr Specifies a remote XenDesktop controller to apply the configuration against. If omitted, the local host will be used instead. .PARAMETER AppvPubSvr Specifies a remote XenDesktop controller to apply the configuration against. If omitted, the local host will be used instead. .PARAMETER Description Specifies a remote XenDesktop controller to apply the configuration against. If omitted, the local host will be used instead. .EXAMPLE Set-CtxAppvConfig -AdminAddress 'xd71.home.stealthpuppy.com' -AppvMgmtSvr 'http://appv1:8080' -AppvPubSvr 'http://appv1:80' -Description 'Created by PowerShell' .NOTES .LINK param( [Parameter(Mandatory = $false, Position = 0, HelpMessage = "XenDesktop Controller address.")] [string]$AdminAddress = 'localhost', [Parameter(Mandatory = $true, Position = 1, HelpMessage = "Microsoft App-V Management Server address.")] [string]$AppvMgmtSvr = $(throw = "Please specify an App-V Management Server address."), [Parameter(Mandatory = $true, Position = 2, HelpMessage = "Microsoft App-V Publishing Server address.")] [string]$AppvPubSvr = $(throw = "Please specify an App-V Publishing Server address."), [Parameter(Mandatory = $true, Position = 2, HelpMessage = "App-V publishing configuration description.")] [string]$Description = $(throw = "Specify a description to apply to the App-V publishing information. Specify 'Created by Studio' to set the App-V publishing inforamtion viewed in Citrix Studio.") Function Add-AppvConfig { # Add the AppV Server settings to the new specified settings Write-Verbose "Setting App-V Management Server to specified URI." #http://support.citrix.com/proddocs/topic/citrix-appv-admin-v1-xd71/new-ctxappvserver-xd71.html $newAppvConfig = New-CtxAppVServer -ManagementServer $AppvMgmtSvr -PublishingServer $AppvPubSvr # Applying configuration to the site Write-Verbose "Saving configuration to the site." #http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokermachineconfiguration-xd75.html $machineConfig = New-BrokerMachineConfiguration -AdminAddress $AdminAddress -ConfigurationSlotUid 3 -LeafName 1 -Description "Created by Studio" -Policy $newAppvConfig -Verbose # Obtain FQDN from Management server URL $urlGroups = [regex]::Match($AppvMgmtSvr, '^(? protocol (http|https))://(? fqdn ([^:]*))((:(? port \d+))?)').Groups # Test specified Management Server. Write-Verbose "Testing Management Server." If (Test-CtxAppVServer -AppVManagementServer $urlGroups["fqdn"].Value -ErrorAction SilentlyContinue -ErrorVariable $manError) { Write-Verbose "Management Server tested OK." # Test specified Publishing Server Write-Verbose "Testing Publishing Server." If (Test-CtxAppVServer -AppVPublishingServer $AppvPubSvr -ErrorAction SilentlyContinue -ErrorVariable $pubError) { Write-Verbose "Publishing Server tested OK." # Get any existing AppV configuration from the broker #http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd71/get-brokermachineconfiguration-xd71.html If ($Config) { Remove-Variable Config } $Config = Get-BrokerMachineConfiguration -AdminAddress $AdminAddress -Name AppV* -ErrorAction SilentlyContinue $cfgMatch = $False If ($Config) { ForEach ($cfg in $Config) { # Grab the AppV configuration details #http://support.citrix.com/proddocs/topic/citrix-appv-admin-v1-xd71/get-ctxappvserver-xd71.html $appvConfig = Get-CtxAppVServer -ByteArray $cfg.Policy # If the existing Management Server matches the specified Management Server If (($appvConfig.ManagementServer -eq $AppvMgmtSvr) -and ($appvConfig.PublishingServer -eq $AppvPubSvr)) { Write-Verbose "Specified config matches existing config." $cfgMatch = $True If (!($cfgMatch)) { # Add config Add-AppvConfig Else { Write-Verbose "App-V configuration already exists." Else { # Add config Add-AppvConfig Else { Write-Error "[Aborting] App-V Publishing Server test failed with: $pubError" Else { Write-Error "[Aborting] App-V Management Server test failed with: $manError"Please ensure that you test thoroughly before using in a production environment. Comments or feedback on bugs, better ways to do things or additional steps is welcome.Note - a very big thanks to David Wagner at Citrix (and team) for assisting with working out how to write the App-V publishing information that you see in the Studio UI. This is done by applying the description “Created with Studio” to the publishing configuration (presumably only the first configuration that you apply with that description).Does Horizon View RDS stack up against XenApp?Is VMware Horizon View 6 RDS a viable replacement or competitor to Citrix XenApp? A competitor, most certainly. View RDS as a replacement for XenApp deserves further investigation and I recommend no assumptions be made as to the suitability of View RDS, especially if you are a current Citrix customer, or a VMware partner.I’ve got a very simple setup in my home lab with a couple of machine running either Hyper-V or ESXi. I typically don’t have monitoring solutions running and manage each host directly, rather than part of a cluster or with SCVMM or vCenter. For Hyper-V, I try to manage it remotely via PowerShell as much as I can and so it’s handy to be able to see memory utilisation on the remote host to understand how much capacity I’ve got before powering on a VM. I’ve written a PowerShell function to return various memory stats:Total RAM available in the host - using Get-VMHost.Total memory in use by running VMs - by returning the running VMs and finding the current amount of RAM assigned to each VM with Get-VM. This works with dynamic memory.Available memory to run additional VMs - using Get-Counter to gather the ‘\Memory\Available Bytes’ performance counterHow much memory is used by the system - this is calculated by adding what’s in use by VMs, to the available memory and subtracting the results from the physical RAM in the host. This is a rough calculation, but an interesting metric to view.The function returns an array that includes each stat. Here’s an example of what the function returns. All values are in gigabytes and multiple hosts can be specified to gather details from.PS C:\ Get-HvMem -ComputerName hv1 .DESCRIPTION This function returns the total available RAM, RAM in use by VMs and the available RAM on a Hyper-V host. .PARAMETER ComputerName Specifies one or more Hyper-V hosts to retrieve stats from. .EXAMPLE Get-HvRAM -ComputerName hyperv1 .NOTES .LINK /hyperv-memory-powershell param( [Parameter(Mandatory=$true, Position=0,HelpMessage="Hyper-V host.")] [string[]]$ComputerName = $(throw = "Please specify a remote Hyper-V host to gather memory details from.") # Create an array to return $allStats = @() ForEach ( $computer in $ComputerName ) { # Create an array to contain this computer's metrics $a = @() # Get details for Hyper-V host $vmHost = Get-VMHost -ComputerName $computer If ($vmHost) { # Get total RAM consumed by running VMs. $total = 0 Get-VM -ComputerName $computer | Where-Object { $_.State -eq "Running" } | Select-Object Name, MemoryAssigned | ForEach-Object { $total = $total + $_.MemoryAssigned } #Get available RAM via performance counters $Bytes = Get-Counter -ComputerName $computer -Counter "\Memory\Available Bytes" # Convert values to GB $availGB = ($Bytes[0].CounterSamples.CookedValue / 1GB) $hostGB = ($vmhost.MemoryCapacity / 1GB) $vmInUse = ($total / 1GB) # Construct an array of properties to return $item = New-Object PSObject # Add host name $item | Add-Member -type NoteProperty -Name 'Name' -Value $vmHost.Name # Host RAM in GB $item | Add-Member -type NoteProperty -Name 'HostRAMGB' -Value $hostGB # In use RAM in GB $item | Add-Member -type NoteProperty -Name 'VMInUseGB' -Value $vmInUse # System used in GB $item | Add-Member -type NoteProperty -Name 'SystemUsedGB' -Value ($hostGB - ($vmInUse + $availGB)) # Available RAM in GB $item | Add-Member -type NoteProperty -Name 'AvailableGB' -Value $availGB $a += $item # Add the current machine details to the array to return $allStats += $a Return $allStatsComments or feedback on bugs, better ways to do things or additional steps is welcome.Creating a XenDesktop Delivery Group with PowerShellMy last article was on creating a XenDesktop machine catalog with PowerShell - in this article I’m going to create a Delivery Group which provides access to the virtual machines that a part of that catalog.Like the last article, I’ve taken the PowerShell generated by Citrix Studio, banged my head against the wall a few times, and improved it to create the code presented in this article.Linking the Code to the UITo help explain the code, I’ll first run through the Create Delivery Group wizard and show how the code relates to options in the wizard and the Delivery Group properties.Add-BrokerMachinesToDesktopGroup assigns virtual machines from a specified Machine Catalog to the new Delivery Group.Selecting the Machine Catalog and the number of desktops - Add-BrokerMachinesToDesktopGroup -Catalog “Windows 8 x86” -Count 5Specify the delivery type for this Delivery Group when using New-BrokerDesktopGroup.Selecting the delivery type - New-BrokerDesktopGroup -DeliveryType ‘DesktopsOnly’New-BrokerEntitlementPolicyRule is used to assign user or group accounts to the Delivery Group.Assigning users to the Desktop Group - New-BrokerEntitlementPolicyRule -Name “Windows 8 x86_1” -IncludedUsers “HOME\Domain Users” -DesktopGroupUid 11Add-BrokerMachineConfiguration adds StoreFront and UPM configurations to a Delivery Group. The function just adds a machine configuration - the configuration is setup separately. To avoid selecting a StoreFront server for the Delivery Group, don’t use this function.Selecting a StoreFront server - Add-BrokerMachineConfiguration -DesktopGroup “Windows 8 x86” -InputObject @(1005)When calling New-BrokerDesktopGroup, the Delivery Group name, display or published name and description is specified.Group name, Display name and description - New-BrokerDesktopGroup -Name “Windows 8 x86” -PublishedName “Windows 8 x86” -Description “Windows 8 x86 with Office 2013, Pooled desktops”The wizard does not expose all settings for the Delivery Group, so additional settings require opening the properties of the new group. These can be set during creation of the group when using PowerShell.The same call to New-BrokerDesktopGroup is used to specify user settings including colour depth and time zone preferences.Controlling various user settings - New-BrokerDesktopGroup -ColorDepth TwentyFourBit -TimeZone “AUS Eastern Standard Time” -SecureIcaRequired $FalseNew-BrokerDesktopGroup and New-BrokerPowerTimeScheme are both used to manage virtual machine power management settings. Setting or modifying the peak and off peak hours isn’t friendly either.Virtual machine power management settings - New-BrokerPowerTimeScheme -DisplayName ‘Weekdays’ -DaysOfWeek ‘Weekdays’ -DesktopGroupUid 11; New-BrokerDesktopGroup -OffPeakDisconnectAction Suspend -OffPeakDisconnectTimeout 15New-BrokerAccessPolicyRule modifies the access policies. This is called twice - once for connections through NetScaler Gateway and once for direct connections.Modifying access policies - New-BrokerAccessPolicyRule -Name “Windows 8 x86_AG” -AllowedConnections ‘ViaAG’ -AllowedProtocols @(‘HDX’,’RDP’) -DesktopGroupUid 11 -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled $TrueCreating the Delivery Group is relatively straight-forward; however there are some additional steps, such as creating a StoreFront server and working out how to manage peak and off peak times, that require a bit more investigation.The CodeBelow is the full code listing with comments inline that should provide some detail on the process the code follows. At this point the code provides some error checking for the most important steps. There are still some additional steps and error checking that could be integrated into the code.#---------------------------------------------------------------------------# Author: Aaron Parker# Desc: Using PowerShell to create a XenDesktop 7.x Delivery Group# Date: Aug 23, 2014# Site: http://stealthpuppy.com#---------------------------------------------------------------------------# Set variables for the target infrastructure# ----------$adminAddress = 'xd71.home.stealthpuppy.com' #The XD Controller we're going to execute against$xdControllers = 'xd71.home.stealthpuppy.com'# Desktop Group properties$desktopGroupName = "Windows 8 desktops"$desktopGroupPublishedName = "Windows 8 desktops"$desktopGroupDesc = "Windows 8 x86 with Office 2013, Pooled desktops"$colorDepth = 'TwentyFourBit'$deliveryType = 'DesktopsOnly'$desktopKind = 'Shared'$sessionSupport = "SingleSession" #Also: MultiSession$functionalLevel = 'L7'$timeZone = 'AUS Eastern Standard Time'$offPeakBuffer = 10$peakBuffer = 10$assignedGroup = "HOME\Domain Users"#Machine Catalog$machineCatalogName = "Windows 8 x86"# ----------# Change to SilentlyContinue to avoid verbose output$VerbosePreference = "Continue"# Create the Desktop Group# http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokerdesktopgroup-xd75.htmlIf (!(Get-BrokerDesktopGroup -Name $desktopGroupName -ErrorAction SilentlyContinue)) { Write-Verbose "Creating new Desktop Group: $desktopGroupName" $desktopGroup = New-BrokerDesktopGroup -ErrorAction SilentlyContinue -AdminAddress $adminAddress -Name $desktopGroupName -DesktopKind $desktopKind -DeliveryType $deliveryType -Description $desktopGroupPublishedName -PublishedName $desktopGroupPublishedName -MinimumFunctionalLevel $functionalLevel -ColorDepth $colorDepth -SessionSupport $sessionSupport -ShutdownDesktopsAfterUse $True -TimeZone $timeZone -InMaintenanceMode $False -IsRemotePC $False -OffPeakBufferSizePercent $offPeakBuffer -PeakBufferSizePercent $peakBuffer -SecureIcaRequired $False -TurnOnAddedMachine $False -OffPeakDisconnectAction Suspend -OffPeakDisconnectTimeout 15 -Scope @() # At this point, we have a Desktop Group, but no users or desktops assigned to it, no power management etc.# Open the properties of the new Desktop Group to see what's missing.# If creation of the desktop group was successful, continue modifying its propertiesIf ($desktopGroup) { # Add a machine configuration to the new desktop group; This line adds an existing StoreFront server to the desktop group # Where does Input Object 1005 come from? # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/add-brokermachineconfiguration-xd75.html # Write-Verbose "Adding machine configuration to the Desktop Group: $desktopGroupName" # Add-BrokerMachineConfiguration -AdminAddress $adminAddress -DesktopGroup $desktopGroup -InputObject @(1005) # Add machines to the new desktop group. Uses the number of machines available in the target machine catalog # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/add-brokermachinestodesktopgroup-xd75.html Write-Verbose "Getting details for the Machine Catalog: $machineCatalogName" $machineCatalog = Get-BrokerCatalog -AdminAddress $adminAddress -Name $machineCatalogName Write-Verbose "Adding $machineCatalog.UnassignedCount machines to the Desktop Group: $desktopGroupName" $machinesCount = Add-BrokerMachinesToDesktopGroup -AdminAddress $adminAddress -Catalog $machineCatalog -Count $machineCatalog.UnassignedCount -DesktopGroup $desktopGroup # Create a new broker user/group object if it doesn't already exist # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokeruser-xd75.html Write-Verbose "Creating user/group object in the broker for $assignedGroup" If (!(Get-BrokerUser -AdminAddress $adminAddress -Name $assignedGroup -ErrorAction SilentlyContinue)) { $brokerUsers = New-BrokerUser -AdminAddress $adminAddress -Name $assignedGroup } Else { $brokerUsers = Get-BrokerUser -AdminAddress $adminAddress -Name $assignedGroup # Create an entitlement policy for the new desktop group. Assigned users to the desktop group # First check that we have an entitlement name available. Increment until we do. $Num = 1 Do { # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/test-brokerentitlementpolicyrulenameavailable-xd75.html $Test = Test-BrokerEntitlementPolicyRuleNameAvailable -AdminAddress $adminAddress -Name @($desktopGroupName + "_" + $Num.ToString()) -ErrorAction SilentlyContinue If ($Test.Available -eq $False) { $Num = $Num + 1 } } While ($Test.Available -eq $False) #http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokerentitlementpolicyrule-xd75.html Write-Verbose "Assigning $brokerUsers.Name to Desktop Catalog: $machineCatalogName" $EntPolicyRule = New-BrokerEntitlementPolicyRule -AdminAddress $adminAddress -Name ($desktopGroupName + "_" + $Num.ToString()) -IncludedUsers $brokerUsers -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedUserFilterEnabled $False # Check whether access rules exist and then create rules for direct access and via Access Gateway # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokeraccesspolicyrule-xd75.html $accessPolicyRule = $desktopGroupName + "_Direct" If (Test-BrokerAccessPolicyRuleNameAvailable -AdminAddress $adminAddress -Name @($accessPolicyRule) -ErrorAction SilentlyContinue) { Write-Verbose "Allowing direct access rule to the Desktop Catalog: $machineCatalogName" New-BrokerAccessPolicyRule -AdminAddress $adminAddress -Name $accessPolicyRule -IncludedUsers @($brokerUsers.Name) -AllowedConnections 'NotViaAG' -AllowedProtocols @('HDX','RDP') -AllowRestart $True -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedUserFilterEnabled $True } Else { Write-Error "Failed to add direct access rule $accessPolicyRule. It already exists." $accessPolicyRule = $desktopGroupName + "_AG" If (Test-BrokerAccessPolicyRuleNameAvailable -AdminAddress $adminAddress -Name @($accessPolicyRule) -ErrorAction SilentlyContinue) { Write-Verbose "Allowing access via Access Gateway rule to the Desktop Catalog: $machineCatalogName" New-BrokerAccessPolicyRule -AdminAddress $adminAddress -Name $accessPolicyRule -IncludedUsers @($brokerUsers.Name) -AllowedConnections 'ViaAG' -AllowedProtocols @('HDX','RDP') -AllowRestart $True -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled $True } Else { Write-Error "Failed to add Access Gateway rule $accessPolicyRule. It already exists." # Create weekday and weekend access rules # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokerpowertimescheme-xd75.html $powerTimeScheme = "Windows 8 Pooled Desktop_Weekdays" If (Test-BrokerPowerTimeSchemeNameAvailable -AdminAddress $adminAddress -Name @($powerTimeScheme) -ErrorAction SilentlyContinue) { Write-Verbose "Adding new power scheme $powerTimeScheme" New-BrokerPowerTimeScheme -AdminAddress $adminAddress -DisplayName 'Weekdays' -Name $powerTimeScheme -DaysOfWeek 'Weekdays' -DesktopGroupUid $desktopGroup.Uid -PeakHours @($False,$False,$False,$False,$False,$False,$False,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$False,$False,$False,$False,$False) -PoolSize @(0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0) } Else { Write-Error "Failed to add power scheme rule $powerTimeScheme. It already exists." $powerTimeScheme = "Windows 8 Pooled Desktop_Weekend" If (Test-BrokerPowerTimeSchemeNameAvailable -AdminAddress $adminAddress -Name @($powerTimeScheme) -ErrorAction SilentlyContinue) { Write-Verbose "Adding new power scheme $powerTimeScheme" New-BrokerPowerTimeScheme -AdminAddress $adminAddress -DisplayName 'Weekend' -Name $powerTimeScheme -DaysOfWeek 'Weekend' -DesktopGroupUid $desktopGroup.Uid -PeakHours @($False,$False,$False,$False,$False,$False,$False,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$False,$False,$False,$False,$False) -PoolSize @(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0) } Else { Write-Error "Failed to add power scheme rule $powerTimeScheme. It already exists."} #End If DesktopGroupComments or feedback on bugs, better ways to do things or additional steps is welcome.Creating an MCS-based XenDesktop Machine Catalog with PowerShellDriving XenDesktop with PowerShell is a challenge to say the least. While documentation for the XenDesktop PowerShell modules is OK and Citrix Studio outputs PowerShell code after you’ve completed a task in the console, there’s still plenty of work to get that code into something usable.As part of an ongoing series of articles themed around automating virtual desktop deployment, I’ve written some PowerShell code to automate the creation of an non-persistent, MCS-based Machine Catalog based on a specific Windows image, that we’ve already automated with a solution such as MDT.Don’t expect to copy and paste the PowerShell output in Citrix Studio and have a complete script. The code is missing a number of lines that link tasks together. I found this article on the Citrix Blogs quite useful - Using PowerShell to Create a Catalog of Machine Creations Services Machines; however I’ve taken my script a few steps further.Linking the Code to the UIWhile the Create Machine Catalog wizard doesn’t expose everything that goes on behind the scenes when a machine catalog is created, I think it’s still worth showing how specific functions relate to choices that the administrator makes in the wizard.The screenshots below show just a snippet of the functions required to automate the catalog creation using PowerShell. These walkthrough the same environment that the full code listing at the end of this article is creating. See the image captions for example code that applies to each step.New-BrokerCataog is used to create the machine catalog and set a number of properties. You’ll see New-BrokerCatalog across a number of these screen shots. First up is setting the broker type - in this instance, I’m deploying a Windows 8 image, so need to choose ‘Windows Desktop OS’:Selecting the Machine Catalog type - New-BrokerCatalog -SessionSupport SingleSessionBecause were using MCS, I’m going to specify that I’m using virtual machines and choose the storage on which to deploy those VMs and use the ProvisioningType parameter on New-BrokerCatalog to specify MCS. This is done in PowerShell via a number of commands - see around line 45 where we specify the hypervisor management and storage resource to use.Selecting the provisioning type - New-BrokerCatalog -ProvisioningType MCSAlso on the New-BrokerCatalog, we can specify that this is a set of randomly assigned desktops.Selecting Random or Static desktops - New-BrokerCatalog -AllocationType RandomTo find the image to use, I’ve obtained the path to the master image and its snapshot via the Get-ChildItem command (on the path XDHyp:\HostingUnits Storage Resource ) and passed that to New-ProvScheme.Selecting the master image and snapshot to use - New-ProvScheme -ProvisioningSchemeName “Windows 8” -HostingUnitName “HV1-LocalStorage” -MasterImageVM “XDHyp:\HostingUnits\HV1-LocalStorage\WIN81.vm\MasterImage.snapshot”Also with New-ProvScheme we can set the number of virtual CPUs and the amount of RAM to assign to each virtual desktop. To specify the number of desktops to create, we’re actually first specifying the number of AD machine accounts to create via New-AcctADAccount and then creating the same number of desktops to assign to those accounts.Selecting the virtual machine configurations - New-ProvScheme -VMCpuCount 2 -VMMemoryMB 2048New-AcctIdentityPool is used to create an identity pool that stores the machine accounts by specifying the naming convention and where the accounts will be stored.Setting machine account names and location - New-AcctIdentityPool -Domain ‘home.stealthpuppy.com’ -NamingScheme ‘W8-MCS-###’-NamingSchemeType Numeric -OU ‘OU=MCS Pooled,OU=Workstations,DC=home,DC=stealthpuppy,DC=com’Again we can see where New-BrokerCataog is used to specify the catalog name and description.Setting the machine catalog name and description - New-BrokerCatalog -Name “Windows 8 x86” -Description “Windows 8.1 x86 SP1 with Office 2013”There’s plenty that the wizard does to hide the complexity of setting up a catalog from the administrator. If you attempt the same via PowerShell, what goes on under the hood is laid bare.The CodeBelow is the full code listing with comments inline that should provide some detail on the process the code follows. At this point the code provides some error checking for the most important steps. There are still some additional steps and error checking that could be integrated:This code should find the last snapshot of the target master image; it would be simple enough to specify a particular snapshot if requiredChecking whether provisioning schemes are already available or exist before attempting to create a new provisioning schemeAdditional checking that some tasks have completed successfully before continuing#---------------------------------------------------------------------------# Author: Aaron Parker# Desc: Using PowerShell to create a XenDesktop 7.x machine catalog # Date: Aug 19, 2014# Site: http://stealthpuppy.com#---------------------------------------------------------------------------# Set variables for the target infrastructure# ----------$adminAddress = 'xd71.home.stealthpuppy.com' #The XD Controller we're going to execute against$xdControllers = 'xd71.home.stealthpuppy.com'# Hypervisor and storage resources# These need to be configured in Studio prior to running this script# This script is hypervisor and management agnostic - just point to the right infrastructure$storageResource = "HV1-LocalStorage" #Storage$hostResource = "Lab SCVMM" #Hypervisor management# Machine catalog properties$machineCatalogName = "Windows 8 x86"$machineCatalogDesc = "Windows 8.1 x86 SP1 with Office 2013"$domain = "home.stealthpuppy.com"$orgUnit = "OU=MCS Pooled,OU=Workstations,DC=home,DC=stealthpuppy,DC=com"$namingScheme = "W8-MCS-###" #AD machine account naming conventions$namingSchemeType = "Numeric" #Also: Alphabetic$allocType = "Random" #Also: Static$persistChanges = "Discard" #Also: OnLocal, OnPvD$provType = "MCS" #Also: Manual, PVS$sessionSupport = "SingleSession" #Also: MultiSession$masterImage ="WIN81*"$vCPUs = 2$VRAM = 2048# ----------# Change to SilentlyContinue to avoid verbose output$VerbosePreference = "Continue"# Load the Citrix PowerShell modulesWrite-Verbose "Loading Citrix XenDesktop modules."Add-PSSnapin Citrix*# Get information from the hosting environment via the XD Controller# Get the storage resourceWrite-Verbose "Gathering storage and hypervisor connections from the XenDesktop infrastructure."$hostingUnit = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\HostingUnits" | Where-Object { $_.PSChildName -like $storageResource } | Select-Object PSChildName, PsPath# Get the hypervisor management resources$hostConnection = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\Connections" | Where-Object { $_.PSChildName -like $hostResource }$brokerHypConnection = Get-BrokerHypervisorConnection -AdminAddress $adminAddress -HypHypervisorConnectionUid $hostConnection.HypervisorConnectionUid$brokerServiceGroup = Get-ConfigServiceGroup -AdminAddress $adminAddress -ServiceType 'Broker' -MaxRecordCount 2147483647# Create a Machine Catalog. In this case a catalog with randomly assigned desktopsWrite-Verbose "Creating machine catalog. Name: $machineCatalogName; Description: $machineCatalogDesc; Allocation: $allocType"$brokerCatalog = New-BrokerCatalog -AdminAddress $adminAddress -AllocationType $allocType -Description $machineCatalogDesc -Name $machineCatalogName -PersistUserChanges $persistChanges -ProvisioningType $provType -SessionSupport $sessionSupport# The identity pool is used to store AD machine accountsWrite-Verbose "Creating a new identity pool for machine accounts."$identPool = New-AcctIdentityPool -AdminAddress $adminAddress -Domain $domain -IdentityPoolName $machineCatalogName -NamingScheme $namingScheme -NamingSchemeType $namingSchemeType -OU $orgUnit# Creates/Updates metadata key-value pairs for the catalog (no idea why).Write-Verbose "Retrieving the newly created machine catalog."$catalogUid = Get-BrokerCatalog | Where-Object { $_.Name -eq $machineCatalogName } | Select-Object Uid$guid = [guid]::NewGuid()Write-Verbose "Updating metadata key-value pairs for the catalog."Set-BrokerCatalogMetadata -AdminAddress $adminAddress -CatalogId $catalogUid.Uid -Name 'Citrix_DesktopStudio_IdentityPoolUid' -Value $guid# Check to see whether a provisioning scheme is already availableWrite-Verbose "Checking whether the provisioning scheme name is unused."If (Test-ProvSchemeNameAvailable -AdminAddress $adminAddress -ProvisioningSchemeName @($machineCatalogName)) Write-Verbose "Success." # Get the master VM image from the same storage resource we're going to deploy to. Could pull this from another storage resource available to the host Write-Verbose "Getting the master image details for the new catalog: $masterImage" $VM = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\HostingUnits\$storageResource" | Where-Object { $_.ObjectType -eq "VM" -and $_.PSChildName -like $masterImage } # Get the snapshot details. This code will assume a single snapshot exists - could add additional checking to grab last snapshot or check for no snapshots. $VMDetails = Get-ChildItem -AdminAddress $adminAddress $VM.FullPath # Create a new provisioning scheme - the configuration of VMs to deploy. This will copy the master image to the target datastore. Write-Verbose "Creating new provisioning scheme using $VMDetails.FullPath" # Provision VMs based on the selected snapshot. $provTaskId = New-ProvScheme -AdminAddress $adminAddress -ProvisioningSchemeName $machineCatalogName -HostingUnitName $storageResource -MasterImageVM $VMDetails.FullPath -CleanOnBoot -IdentityPoolName $identPool.IdentityPoolName -VMCpuCount $vCPUs -VMMemoryMB $vRAM -RunAsynchronously $provTask = Get-ProvTask -AdminAddress $adminAddress -TaskId $provTaskId # Track the progress of copying the master image Write-Verbose "Tracking progress of provisioning scheme creation task." $totalPercent = 0 While ( $provTask.Active -eq $True ) { Try { $totalPercent = If ( $provTask.TaskProgress ) { $provTask.TaskProgress } Else {0} } Catch { } Write-Progress -Activity "Creating Provisioning Scheme (copying and composing master image):" -Status "$totalPercent% Complete:" -percentcomplete $totalPercent Sleep 15 $provTask = Get-ProvTask -AdminAddress $adminAddress -TaskID $provTaskId # If provisioning task fails, there's no point in continuing further. If ( $provTask.WorkflowStatus -eq "Completed" ) # Apply the provisioning scheme to the machine catalog Write-Verbose "Binding provisioning scheme to the new machine catalog" $provScheme = Get-ProvScheme | Where-Object { $_.ProvisioningSchemeName -eq $machineCatalogName } Set-BrokerCatalog -AdminAddress $adminAddress -Name $provScheme.ProvisioningSchemeName -ProvisioningSchemeId $provScheme.ProvisioningSchemeUid # Associate a specific set of controllers to the provisioning scheme. This steps appears to be optional. Write-Verbose "Associating controllers $xdControllers to the provisioning scheme." Add-ProvSchemeControllerAddress -AdminAddress $adminAddress -ControllerAddress @($xdControllers) -ProvisioningSchemeName $provScheme.ProvisioningSchemeName # Provisiong the actual machines and map them to AD accounts, track the progress while this is happening Write-Verbose "Creating the machine accounts in AD." $adAccounts = New-AcctADAccount -AdminAddress $adminAddress -Count 5 -IdentityPoolUid $identPool.IdentityPoolUid Write-Verbose "Creating the virtual machines." $provTaskId = New-ProvVM -AdminAddress $adminAddress -ADAccountName @($adAccounts.SuccessfulAccounts) -ProvisioningSchemeName $provScheme.ProvisioningSchemeName -RunAsynchronously $provTask = Get-ProvTask -AdminAddress $adminAddress -TaskId $provTaskId Write-Verbose "Tracking progress of the machine creation task." $totalPercent = 0 While ( $provTask.Active -eq $True ) { Try { $totalPercent = If ( $provTask.TaskProgress ) { $provTask.TaskProgress } Else {0} } Catch { } Write-Progress -Activity "Creating Virtual Machines:" -Status "$totalPercent% Complete:" -percentcomplete $totalPercent Sleep 15 $ProvTask = Get-ProvTask -AdminAddress $adminAddress -TaskID $provTaskId # Assign the newly created virtual machines to the machine catalog $provVMs = Get-ProvVM -AdminAddress $adminAddress -ProvisioningSchemeUid $provScheme.ProvisioningSchemeUid Write-Verbose "Assigning the virtual machines to the new machine catalog." ForEach ( $provVM in $provVMs ) { Write-Verbose "Locking VM $provVM.ADAccountName" Lock-ProvVM -AdminAddress $adminAddress -ProvisioningSchemeName $provScheme.ProvisioningSchemeName -Tag 'Brokered' -VMID @($provVM.VMId) Write-Verbose "Adding VM $provVM.ADAccountName" New-BrokerMachine -AdminAddress $adminAddress -CatalogUid $catalogUid.Uid -MachineName $provVM.ADAccountName Write-Verbose "Machine catalog creation complete." } Else { # If provisioning task fails, provide error # Check that the hypervisor management and storage resources do no have errors. Run 'Test Connection', 'Test Resources' in Citrix Studio Write-Error "Provisioning task failed with error: [$provTask.TaskState] $provTask.TerminatingError"Comments or feedback on bugs, better ways to do things or additional steps is welcome.I’ve previously posted about retrieving the UUID from a virtual machine hosted on vSphere. UUIDs are useful if you want to uniquely identify a target machine for OS deployment task sequences and the like (e.g. MDT). Here’s how to obtain the UUID from a virtual machine hosted on Hyper-V.Just like with vSphere, the UUID isn’t a property of the virtual machine that can be queried directly. We need to go via WMI to query the target virtual machine. Note that in this function, I’m using version 2 of the Root\Virtualization WMI namespace (root\virtualization\v2. This means the function as written, will only work on Windows 8 and Windows Server 2012 (and above). If you want to use this function on earlier versions of Hyper-V, remove the “\v2” from the namespace.As an example, here’s how to retrieve the UUIDs from a set of VMs on a target Hyper-V host named hv1:C:\ Get-HypervVMUUID -ComputerName hv1 -VM win71, file3, pvs1Name BIOSGUID---- ----WIN71 E6E1A176-0713-4BB0-99E9-4570A1A3A94A FILE3 9E9D788A-15E2-4760-A049-9F6EB88677A9 PVS1 74EFF5BC-A24E-48C3-85BE-12D758FE7AB6Here’s the full function code listing. Please let me know if you find any bugs:#---------------------------------------------------------------------------# Author: Aaron Parker# Desc: Function that uses retrieves the UUID from a specified VM and# formats it into the right format for use with MDT/SCCM etc# Date: Aug 18, 2014# Site: http://stealthpuppy.com#---------------------------------------------------------------------------Function Get-HypervVMUUID { .SYNOPSIS Retrieve the UUID from a virtual machine or set of virtual machines. .DESCRIPTION This function will retrieve the UUID from from a virtual machine or set of virtual machines from a Hyper-V host. .PARAMETER ComputerName Specifies the host from which to query the virtual machine or set of virtual machines. .PARAMETER VM Specifies the virtual machine or set of virtual machines (a comma delimited list) from which to obtain the UUID/s. .EXAMPLE PS C:\ Get-HypervVMUUID -ComputerName hv1 -VM win71, win72 This command retrieves the UUIDs from the virtual machines win71 and win72 from the host hv1. .EXAMPLE PS C:\ Get-HypervVMUUID -VM win71, win72 This command retrieves the UUIDs from the virtual machines win71 and win72 from the local host. .EXAMPLE PS C:\ Get-HypervVMUUID This command retrieves the UUIDs from the all of the virtual machines on the local host. .NOTES /retrieving-a-vms-uuid-from-hyperv/ for support information. .LINK /retrieving-a-vms-uuid-from-hyperv/ [cmdletbinding(SupportsShouldProcess=$True)] param( [Parameter(Mandatory=$false,HelpMessage="Specifies one or more Hyper-V hosts from which virtual machine UUIDs are to be retrieved. NetBIOS names, IP addresses, and fully-qualified domain names are allowable. The default is the local computer — use ""localhost"" or a dot (""."") to specify the local computer explicitly.")] [string]$ComputerName, [Parameter(Mandatory=$false, Position=0,HelpMessage="Specifies the virtual machine from which to retrieve the UUID.")] [string[]]$VM # If ComputerName parameter is not specified, set value to the local host If (!$ComputerName) { $ComputerName = "." } # If VM parameter is specified, return those VMs, else return all VMs If ($VM) { $UUIDs = Get-VM -ComputerName $ComputerName -VM $VM -ErrorAction SilentlyContinue | Select-Object Name,@{Name="BIOSGUID";Expression={(Get-WmiObject -ComputerName $_.ComputerName -Namespace "root\virtualization\v2" -Class Msvm_VirtualSystemSettingData -Property BIOSGUID -Filter ("InstanceID = 'Microsoft:{0}'" -f $_.VMId.Guid)).BIOSGUID}} } Else { $UUIDs = Get-VM -ComputerName $ComputerName -ErrorAction SilentlyContinue | Select-Object Name,@{Name="BIOSGUID";Expression={(Get-WmiObject -ComputerName $_.ComputerName -Namespace "root\virtualization\v2" -Class Msvm_VirtualSystemSettingData -Property BIOSGUID -Filter ("InstanceID = 'Microsoft:{0}'" -f $_.VMId.Guid)).BIOSGUID}} # Remove curly brackets from the UUIDs and return the array ForEach ( $UID in $UUIDs ) { $UID.BIOSGUID = $UID.BIOSGUID -replace "}"; $UID.BIOSGUID = $UID.BIOSGUID -replace "{" } Return $UUIDsBuilding a Lab Server to Run ESXi and Hyper-VOne of the great things I enjoyed about working at Kelway was the access to a pretty solid lab environment. While I do have access to a lab environment at Atlantis (3 in fact), now that I work primarily from home, I really prefer a lab environment that can provide me more flexibility. Only a local environment can do that.Cleaning up and Reducing the Size of your Master ImageThere’s typically not too much that you can do to reduce the size of your master image. You might use application virtualization or layering solutions to reduce the number of master images, but once you work out what needs to go into the core image, that’s going to dictate the size of the image.In my lab environment, I often want to start a list of virtual machines, but without taxing the system in the process by starting them all at the same time. I could do that manually, but that’s no fun.Here’s a short function I wrote to sequentially start a list of virtual machines - the script will start a VM and wait for that VM to boot before starting the next VM. You can optionally also wait additional time before starting the next VM to give the first one some time to finish starting it’s services etc.This version currently supports Hyper-V only. The script does not currently return anything, but has a number of parameters:ComputerName - the name of the Hyper-V host. Specify “.” for the local machine (without quotes)VM - specify a comma separated list of VMsWait - the number of seconds to wait between starting a VM after the previous VM. Specify the number of VMs as a number (integer) only. This will default to 180 secondsShowProgress - Specify whether to show progress while starting the VMs. This is cosmetic only, but does give some indication as to how far through the boot process the script is.Other standard parameters such as Verbose are supported.Function Start-SequentialVMs { .SYNOPSIS Starts a list of VMs. .DESCRIPTION This function starts a list of VMs sequentially. It will wait until a VM is booted, optionally pause for a number of seconds, before starting the next VM. .PARAMETER ComputerName Specifies the Hyper-V host to start the VM on. .PARAMETER VM Specifies a list of VMs to start. .PARAMETER Wait Specifies a number of seconds to wait after the previous VM has booted successfully. Defaults to 180 seconds. .PARAMETER ShowProgress Specified whether to show progress as VMs are started. .EXAMPLE Start-SequentialVMs -ComputerName hyperv1 -VMList "sql1", "pvs1", "xd71" -Wait 20 .NOTES .LINK param( [Parameter(Mandatory=$true, Position=0,HelpMessage="Hyper-V host.")] [string]$ComputerName = $(throw = "Please specify a remote Hyper-V host to start VMs on."), [Parameter(Mandatory=$true, Position=1,HelpMessage="List of VMs to start.")] [string[]]$VMList = $(throw = "Please specifiy a list of VMs to start"), [Parameter(Mandatory=$false)] [int]$Wait = 180, [Parameter(Mandatory=$false)] [bool]$ShowProgress # Connect to Hyper-V host before attempting to start VMs. Stop script if unable to connect Write-Verbose "Connecting to VM host." Get-VMHost -ComputerName $ComputerName -Verbose $False -ErrorAction Stop # Start progress at 0 $Percent = 0 # Step through list of provided VMs ForEach ( $vm in $VMList ) { # Convert current location in list of VMs to a percentage $Percent = ($VMList.IndexOf($vm)/$VMList.Count) * 100 # Show progress if specified on the command line If ($ShowProgress -eq $True) { Write-Progress -Activity "Starting VMs." -Status "Starting VM $vm." -PercentComplete $Percent } # Get status for current VM Remove-Variable currentVM -ErrorAction SilentlyContinue Write-Verbose "Getting status for VM $vm..." $currentVM = Get-VM -ComputerName $ComputerName -Name $vm -ErrorAction SilentlyContinue # If the VM exists, then power it on if it is in an Off state If ($currentVM.Length -gt 0) { If ($currentVM.State -eq "Off" ) { Start-VM -ComputerName $ComputerName -Name $vm -Verbose # Wait for VM to boot and report a heartbeat Write-Verbose "Waiting for VM heartbeat." Do { Start-Sleep -milliseconds 100 } Until ((Get-VMIntegrationService $currentVM | ?{$_.name -eq "Heartbeat"}).PrimaryStatusDescription -eq "OK") # Wait the specified number of seconds before booting the next VM, unless this is the last VM in the list If ($Wait -gt 0 -and $VMList.IndexOf($vm) -lt ($VMList.Count-1)) { Write-Verbose "Waiting for $Wait seconds before starting next VM." Start-Sleep -Seconds $Wait } Else { Write-Verbose "VM $vm already running." } Else { Write-Error -Message "Unable to find VM $vm on host $ComputerName." -Category ObjectNotFound Write-Verbose "Started VMs." # Show progress if specified on the command line If ($ShowProgress -eq $True) { Write-Progress -Activity "Starting VMs." -Status "Started all VMs." -PercentComplete 100 } Start-Sleep -Seconds 1Save the script as Start-SequentialVMs.ps1 and run it or add the function to your PowerShell profile so that the function is available when starting PowerShell. Use Get-Help to see the full syntax and examples from within a PowerShell window.Work around for getting File Transfer Manager to download from TechNet/MSDNUpdate: August 8, 2015 - Microsoft have discontinued the Microsoft Download Manager as of March 2015, so the below workload will no longer work. If fact there are no workaround now, you’ll need to rely on your browser’s download manager. See this article for more info: Using Subscriber DownloadsA Better Way to Customize the Windows Default ProfileMultiple MethodsThe Deployment Guys have a great article from 2009 that I recommend reading for a overview of customisation methods: Configuring Default User Settings – Full Update for Windows 7 and Windows Server 2008 R2. This article is still applicable today and the process hasn’t changed that much between Windows versions. Here are most of the ways that you could edit the default user profile:Copy a configured profile over the default profile - this is the most common way of changing the default user experience but this approach is unsupported by Microsoft and therefore I recommend against using it.Using Sysprep and the CopyProfile value - this approach requires creating a reference image and using Sysprep to generalise the image. Many enterprise desktop deployments will use reference images so this isn’t too hard; however Microsoft has not documented every setting that is copied to the default user profile, so it’s a bit of pot luck.Place a default profile in NETLOGON - a default profile copied to the NETLOGON share of a domain controller (and replicated) will be copied down to the local machine at first logon. The downside of this approach is that there can be only one default profile and it will be copied to all machines, regardless as to whether the profile should apply to that machine or not.Commands or scripts run from the RunOnce Registry key to edit the user profile.Logon scripts to edit the user profile.Group Policy Preferences - GPP has become more prevalent in the past few years, so should now be available across the board.Editing the default profile directly, typically during an automated deployment, but you could run the same script on any existing PC.So there are multiple methods (of driving yourself to madness), I’d recommend experimenting with each approach and you’ll most likely implement a combination of approaches to best suit your environment.Group Policy As A Last ResortGroup Policy is great, until it isn’t. Group Policy is pervasive and every Windows admin is familiar with it, but there a two things to consider when using it to manage the default user experience:Group Policy is is a policy - that is, if you’re using policies to manage default user settings, the user cannot then change to their own preference.Group Policy Preferences must be processed to determine whether they have been applied. Whilst GPPs can implement a preference rather than a policy, Windows must determine whether the preference has been applied by reading a flag. Whilst checking those flags isn’t a big problem, implementing GPPs should be considered in the context of whatever else is running at logon, how many preferences are implemented plus what happens to the environment over time (how many additional policies, applications, scripts etc. will be added to the environment over the life of that desktop).I have seen many organisations over-relying on Group Policy and missing the most important component user environment management - change control and ownership. Group Policy becomes a black hole, complete with settings that no one can remember why they were implemented and settings that are no longer relevant. Group Policy Preferences are great for replacing logon scripts, but use Group Policy and GPP sparingly so as not to adversely affect the user experience.A Better Way - Edit the Default Profile DirectlyMy preferred method for modifying the default user experience is to edit the default user profile directly using a script that is run during Windows deployment. This type of script can also be run on existing machines or used in combination with CopyProfile. A benefit of this approach is that you can modify the default profile with or without a reference image.Editing the Default ProfileTo edit the default profile, we’ll use the command line tool REG to mount and make changes to the default user registry hive. Additionally we can make folder and file changes to the default profile and a couple of other command line tools to perform tasks such as pin and unpin shortcuts or change the Windows 7 Libraries. As far as this article is concerned, the default profile is in its default location, usually C:\Users\Default. In a script, you could refer to this location as %SystemDrive%\Users\Default.Finding SettingsTo find the profile locations to modify there’s a couple of methods that I rely on:Google (or your favourite search engine)Process Monitor and Process ExplorerIn most cases, someone (or even Microsoft) will have documented a registry value or profile location that is used to store a setting. More obscure or new settings will require detecting the location with Process Monitor. For example, to determine where a setting is stored in the Registry, create a filter in Process Monitor using the process name or process ID, additionally filtering on the operation such as RegSetValue, as shown below:A trace with Process Monitor when making a preference change should result in something like this:Regshot is also useful for comparing a before and after change to the profile for determining registry value locations.Additionally Process Explorer can be useful for tracking down a process that might be responsible for writing a setting by viewing the command line used to launch the process. Finding settings can sometimes be a time consuming process, but once found and documented, you’ve got a detailed understanding of the default profile.Editing the RegistryTo make direct registry edits to the default user profile, the REG command line utility is used to load the default profile registry hive, change a registry value and then unload the hive, saving it back to the default profile. The following lines show a rough example of how this is done:REG LOAD HKU\DefaultUser %SystemDrive%\Users\Default\NTUSER.DATREG ADD HKU\DefaultUser\Software\KeyName /v ValueName /d Data /t REG_SZ /fREG UNLOAD HKU\DefaultUserNote that this will need to be run with administrative privileges and in an elevated context, so that you have write access to the default profile.Pinning and Unpinning ShortcutsA common requirement is to modify the the pinned shortcuts on the Taskbar or Start menu. This can be automated using a script, which needs to run a first logon (either as the user, or in the profile copied over the default profile via Sysprep/CopyProfile). Unfortunately I can’t find the original source for this script; however it works quite well and allows you to pin shortcuts to and unpin shortcuts from the Taskbar and Start menu via a command line. The script is available here:[download id="62 format="1 ]Note that Windows 8 and above, do not expose a programatic method to pin and unpin shortcuts to the Start screen. If you’re looking to customise the Start screen, refer to this existing article: Customizing the Windows 8.1 Start Screen? Don’t follow Microsoft’s guidance.Modifying the Windows LibrariesBy default, the Libraries introduced in Windows 7, include the public folder locations. Removing these or adding locations requires editing the Libraries; however they’re stored in XML files and are created at first logon. To modify the libraries, you can use a command line tool ShLib.exe. Like pinning and unpinning shortcuts, this tool also needs to be run at first logon (and won’t work via CopyProfile). This article, Administratively Create and Modify Windows 7 Libraries, covers the use of ShLib.exe quite well.Implementing a Script to Modify the Default ProfileOnce you’ve created your script to make changes to the default registry, modify the default profile folder locations, pin and unpin shortcuts and make changes to the Libraries, you’ll need to implement the changes on the target PCs via script. Using an automation solution such as the Microsoft Deployment Toolkit (or an ESD like System Center Configuration Manager) the script can be run during a deployment task sequence. In the case of MDT, the script will be run after Windows unattended setup has completed in the local Administrator context. This way the script will have full elevation and write access to the default profile. An ESD solution will typically run the script via the local SYSTEM account. If you need to make changes to existing PCs, you’ll need a method to do so, such as an advertisement in Configuration Manager. If you take this approach, you can combine a script that makes direct changes to the default profile with the CopyProfile approach. That allows you to modify the profile for deployments from an unmodified OS as well as a custom image, keeping consistency across deployment types.Example ScriptsIncluded here, along with some notation, are some example scripts for modifying the Windows 7 and Windows 8.1 default profiles. These example scripts include creation of a script at runtime that will run during first logon of any new profile. This is implemented as a batch file to keep things as simple as possible. Users will see a Command Prompt window as the script runs (but only once). The command lines includes in the script could be implemented with a UEM solution such as AppSense Environment Manager or even Group Policy to improve the user experience.Windows 7Here’s a sample script that will modify the default profile on a Windows 7 PC (x86 and x64). At a high level, the script will perform the following steps:Load and modifies the registry of the default profileCopies ExecuteVerbAction.VBS and ShLib.exe to folder under %ProgramFiles%Creates a batch script that will run on first logon to edit the Libraries and pin/unpin shortcuts. Once the script runs for the user, it will delete itself.@ECHO OFFREM Load the default profile hiveSET HKEY=HKU\DefaultREG LOAD %HKEY% %SystemDrive%\Users\Default\NTUSER.DATREM Sound and end-applicationREG ADD "%HKEY%\Control Panel\Sound" /v Beep /t REG_SZ /d NO /fREG ADD "%HKEY%\Control Panel\Sound" /v ExtendedSounds /t REG_SZ /d NO /fREG ADD "%HKEY%\Control Panel\Desktop" /v HungAppTimeout /t REG_SZ /d 5000 /fREG ADD "%HKEY%\Control Panel\Desktop" /v AutoEndTasks /t REG_SZ /d 1 /fREG ADD "%HKEY%\Control Panel\Desktop" /v WaitToKillAppTimeout /t REG_SZ /d 4000 /fREM Command Prompt settingsREG ADD "%HKEY%\Console" /v QuickEdit /t REG_DWORD /d 1 /fREG ADD "%HKEY%\Software\Microsoft\Command Processor" /v CompletionChar /t REG_DWORD /d 9 /fREG ADD "%HKEY%\Software\Microsoft\Command Processor" /v PathCompletionChar /t REG_DWORD /d 9 /fREG ADD "%HKEY%\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections" /v SaveConnections /d "no" /t REG_SZ /fREM Language bar - only apply if using single regional settingsREM REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v ShowStatus /t REG_DWORD /d 3 /fREM REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v Label /t REG_DWORD /d 1 /fREM REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v ExtraIconsOnMinimized /t REG_DWORD /d 0 /fREM Windows Explorer and Start MenuREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v SeparateProcess /t REG_DWORD /d 1 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ServerAdminUI /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_AdminToolsRoot /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_PowerButtonAction /t REG_DWORD /d 2 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_ShowDownloads /t REG_DWORD /d 1 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_ShowMyGames /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_ShowMyMusic /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v StartMenuAdminTools /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v StartMenuFavorites /t REG_DWORD /d 1 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarSizeMove /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete" /v "Append Completion" /t REG_SZ /d YES /fREG ADD "%HKEY%\AppEvents\Schemes\Apps\Explorer\Navigating\.Current" /ve /t REG_EXPAND_SZ /d "" /fREM Set IE as default browser, prevent prompting userREG ADD "%HKEY%\Software\Clients\StartmenuInternet" /ve /d "IEXPLORE.EXE" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice" /v Progid /d "IE.AssocFile.MHT" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v Progid /d "IE.AssocFile.HTM" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v Progid /d "IE.AssocFile.HTM" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice" /v Progid /d "IE.AssocFile.URL" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice" /v Progid /d "IE.AssocFile.MHT" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v Progid /d "IE.AssocFile.XHT" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice" /v Progid /d "IE.AssocFile.SVG" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice" /v Progid /d "IE.AssocFile.PARTIAL" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice" /v Progid /d "IE.AssocFile.WEBSITE" /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice" /v Progid /d "IE.AssocFile.XHT" /fREG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice" /v Progid /d "IE.HTTPS" /fREG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice" /v Progid /d "IE.FTP" /fREG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" /v Progid /d "IE.HTTP" /fREG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\message/rfc822\UserChoice" /v Progid /d "IE.message/rfc822" /fREG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text/html\UserChoice" /v Progid /d "IE.text/html" /fREM Additional Internet Explorer optionsREG ADD "%HKEY%\Software\Microsoft\Internet Explorer\TabbedBrowsing" /v PopupsUseNewWindow /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Internet Explorer\PhishingFilter" /v Enabled /t REG_DWORD /d 1 /fREG ADD "%HKEY%\Software\Microsoft\Internet Explorer\Main" /v "Enable AutoImageResize" /t REG_SZ /d YES /fREG ADD "%HKEY%\Software\Microsoft\Internet Explorer\PhishingFilter" /v Enabled /t REG_DWORD /d 2 /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.local" /v * /t REG_DWORD /d 1 /fREM REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\New Windows\Allow" /v *.domain.local /t REG_BINARY /d 0000 /fREM Windows Media PlayerREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Setup\UserOptions" /v DesktopShortcut /d No /t REG_SZ /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Setup\UserOptions" /v QuickLaunchShortcut /d 0 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v AcceptedPrivacyStatement /d 1 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v FirstRun /d 0 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v DisableMRU /d 1 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v AutoCopyCD /d 0 /t REG_DWORD /fREM Help and SupportREG ADD "%HKEY%\Software\Microsoft\Assistance\Client\1.0\Settings" /v OnlineAssist /d 1 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\Assistance\Client\1.0\Settings" /v IsConnected /d 1 /t REG_DWORD /fREM Remove localisation - Themes, Feeds, FavouritesREG DELETE "%HKEY%\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v mctadmin /fREM Snipping ToolREG ADD "%HKEY%\Software\Microsoft\Windows\TabletPC\Snipping Tool" /v ShowCaptureStroke /d 0 /t REG_DWORD /fREM Unload the default profile hiveREG UNLOAD %HKEY%REM Setup Taskbar unpin items on first loginIF NOT EXIST "%ProgramFiles%\Scripts" MD "%ProgramFiles%\Scripts"COPY /Y ExecuteVerbAction.VBS "%ProgramFiles%\Scripts\ExecuteVerbAction.VBS"COPY /Y ShLib.exe "%ProgramFiles%\Scripts\ShLib.exe"MD "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"ECHO @ECHO OFF gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO cscript.exe "%ProgramFiles%\Scripts\ExecuteVerbAction.vbs" "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk" UnpinFromTaskbar gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Documents.library-ms" %PUBLIC%\Documents gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Music.library-ms" %PUBLIC%\Music gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Pictures.library-ms" %PUBLIC%\Pictures gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Videos.library-ms" %PUBLIC%\Videos gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO DEL /Q "%%APPDATA%%\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd" gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"If you use this in a production environment, please test and confirm each setting to ensure you understand what the script will implement.Windows 8.1Here’s a sample script that will modify the default profile on a Windows 8.1 PC (x86 and x64). At a high level, the script will perform the following steps:Load and modifies the registry of the default profileImport a pre-configured Start screenCopies ExecuteVerbAction.VBS and ShLib.exe to folder under %ProgramFiles%Creates a batch script that will run on first logon to edit the Libraries and pin/unpin shortcuts. Once the script runs for the user, it will delete itself@ECHO OFFREM Load the default profile hiveSET HKEY=HKU\DefaultREG LOAD %HKEY% %SystemDrive%\Users\Default\NTUSER.DATREM Sound and end-applicationREG ADD "%HKEY%\Control Panel\Sound" /v Beep /t REG_SZ /d NO /fREG ADD "%HKEY%\Control Panel\Sound" /v ExtendedSounds /t REG_SZ /d NO /fREG ADD "%HKEY%\Control Panel\Desktop" /v HungAppTimeout /t REG_SZ /d 5000 /fREG ADD "%HKEY%\Control Panel\Desktop" /v AutoEndTasks /t REG_SZ /d 1 /fREG ADD "%HKEY%\Control Panel\Desktop" /v WaitToKillAppTimeout /t REG_SZ /d 4000 /fREM Command Prompt settingsREG ADD "%HKEY%\Console" /v QuickEdit /t REG_DWORD /d 1 /fREG ADD "%HKEY%\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections" /v SaveConnections /d "no" /t REG_SZ /fREM Language bar - only apply if using single regional settingsREM REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v ShowStatus /t REG_DWORD /d 3 /fREM REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v Label /t REG_DWORD /d 1 /fREM REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v ExtraIconsOnMinimized /t REG_DWORD /d 0 /fREM Windows ExplorerREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v SeparateProcess /t REG_DWORD /d 1 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarSizeMove /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete" /v "Append Completion" /t REG_SZ /d YES /fREG ADD "%HKEY%\AppEvents\Schemes\Apps\Explorer\Navigating\.Current" /ve /t REG_EXPAND_SZ /d "" /fREM Windows 8 navigation settingsREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" /v OpenAtLogon /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" /v DesktopFirst /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" /v MakeAllAppsDefault /t REG_DWORD /d 0 /fREG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" /v MonitorOverride /t REG_DWORD /d 0 /fREM Set IE as default browser, prevent prompting userREM REG ADD "%HKEY%\Software\Clients\StartmenuInternet" /ve /d "IEXPLORE.EXE" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice" /v Progid /d "IE.AssocFile.MHT" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v Progid /d "IE.AssocFile.HTM" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v Progid /d "IE.AssocFile.HTM" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice" /v Progid /d "IE.AssocFile.URL" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice" /v Progid /d "IE.AssocFile.MHT" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v Progid /d "IE.AssocFile.XHT" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice" /v Progid /d "IE.AssocFile.SVG" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice" /v Progid /d "IE.AssocFile.PARTIAL" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice" /v Progid /d "IE.AssocFile.WEBSITE" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice" /v Progid /d "IE.AssocFile.XHT" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice" /v Progid /d "IE.HTTPS" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice" /v Progid /d "IE.FTP" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" /v Progid /d "IE.HTTP" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\message\rfc822\UserChoice" /v Progid /d "IE.message/rfc822" /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text\html\UserChoice" /v Progid /d "IE.text/html" /fREM Additional Internet Explorer optionsREM REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\TabbedBrowsing" /v PopupsUseNewWindow /t REG_DWORD /d 0 /fREM REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\PhishingFilter" /v Enabled /t REG_DWORD /d 1 /fREM REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\Main" /v "Enable AutoImageResize" /t REG_SZ /d YES /fREM REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\PhishingFilter" /v Enabled /t REG_DWORD /d 2 /fREM REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.local" /v * /t REG_DWORD /d 1 /fREM REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\New Windows\Allow" /v *.domain.local /t REG_BINARY /d 0000 /fREM Windows Media PlayerREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Setup\UserOptions" /v DesktopShortcut /d No /t REG_SZ /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Setup\UserOptions" /v QuickLaunchShortcut /d 0 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v AcceptedPrivacyStatement /d 1 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v FirstRun /d 0 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v DisableMRU /d 1 /t REG_DWORD /fREG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v AutoCopyCD /d 0 /t REG_DWORD /fREM Unload the default profile hiveREG UNLOAD %HKEY%REM Configure the default Start ScreenIF NOT EXIST %SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows MD %SystemDrive%\Users\Default\AppData\Local\Microsoft\WindowsPOWERSHELL -NonInteractive -Command Import-StartLayout -LayoutPath .\CustomStartScreenLayout.bin -MountPath %SystemDrive%\REM Setup Taskbar unpin items on first loginIF NOT EXIST "%ProgramFiles%\Scripts" MD "%ProgramFiles%\Scripts"COPY /Y ExecuteVerbAction.VBS "%ProgramFiles%\Scripts\ExecuteVerbAction.VBS"COPY /Y ShLib.exe "%ProgramFiles%\Scripts\ShLib.exe"MD "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"ECHO @ECHO OFF gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"REM ECHO cscript.exe "%ProgramFiles%\Scripts\ExecuteVerbAction.vbs" "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk" UnpinFromTaskbar "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Documents.library-ms" %PUBLIC%\Documents gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Music.library-ms" %PUBLIC%\Music gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Pictures.library-ms" %PUBLIC%\Pictures gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Videos.library-ms" %PUBLIC%\Videos gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"ECHO DEL /Q "%%APPDATA%%\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd" gt; gt; "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"If you use this in a production environment, please test and confirm each setting to ensure you understand what the script will implement.Summing UpThere are numerous ways to edit the default profile, some more complicated and involved than others. It’s my view that the best way to modify the default profile is targeting the required settings, which does mean more work. However, this approach results in a better understanding of the user environment and with any luck a better user experience.Each new major release of Windows results in less modifications, so your job will be easier. There are a few scripts and tools you’ll need to have in place and I’m confident the approach outlined here will result in happy users (or at least users who aren’t complaining).In the next article on the same subject, I’ll cover customising the default profile for Remote Desktop Services Session Hosts.Testing Citrix Receiver on Android without an Android deviceI have too many devices but not one of them runs Android. A good part of my job is testing, presenting and demoing, so it’s handy being able to show the user experiences across different devices. One of everything is perhaps going a bit too far, so I’d prefer to run Android as a VM.A Quick Look at Work Folders in Windows Server 2012 R2Microsoft announced some interesting new features in Windows Server 2012 R2 at TechEd 2013 and one of those that piqued my interest is Work Folders. I’m not the biggest fan of Redirected Folders and Offline files, but it’s essentially the only enterprise solution Microsoft provides today for taking your data offline. Microsoft needs to provide a completely new method of syncing file data - one that is designed for todays use cases and computing environment.Automating the XenDesktop 7 Virtual Desktop Agent InstallationCitrix provides a nice wizard for installing the XenDesktop 7 VDA and some pretty good documentation on using a command line installation, but the wizard does not expose all of the available options and working out what the wizard is doing in relation to the command line takes a bit of translation. Here’s how to automate a typical VDA deployment.Monitoring MDT Task Sequences with PowerShellThe Microsoft Deployment Toolkit provides a Lite Touch deployment model - typically a device requires an engineer to manually start the deployment task sequence. Using PowerShell to drive MDT offers the chance to provide a little more automation around OS deployments.Hands off my gold image! A recap from Citrix Synergy 2013Here’s an overview of my talk from Citrix Synergy 2013 - Hands off my gold image! If you were unable to attend Synergy or missed my session, this is a short version of the talk, but hopefully it will give you an idea of what was covered.Take part in the OS Deployment Automation SurveyAt Citrix Synergy in Anaheim next month, I’ll have the opportunity to present a Geek Speak Live session - Hands Off My Gold Image! If you aren’t automating the creation of your gold images, there’s lots to learn in this session. Even if you are automating your gold images, perhaps there’s something new that I can still share with you. In this session, which will be demo heavy, I’ll show you some ways that you can deliver build automation with toolsets provided by Microsoft and Citrix.Retrieving a Virtual Machine s UUID from vSphereWhile working on a PowerShell script to drive OS deployment through MDT, I’ve needed to obtain the UUID from a target virtual machine. Unfortunately this isn’t just a property of the VM that you get through Get-VM. Instead you’ll need jump through a few hoops to retrieve the right UUID.Sequencing Mozilla Firefox with App-V 5.xIt’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little preparation. Before embarking on sequencing Firefox, please refer to this companion article - Prepare Mozilla Firefox for Enterprise Deployment and Virtualization - which covers configuring a Firefox installation for virtualizing. It’s important that Firefox is configured correctly for virtualization by disabling specific features.The App-V 5 Sequencer, just like version 4.6 SP1, includes support for Sequencer Templates. These are an ideal approach for ensuring the use of the same set of Sequencer settings and exclusions across all packages.Prepare Mozilla Firefox for Enterprise Deployment and VirtualizationI’ve previously written articles on virtualizing Mozilla Firefox, but with Firefox releases more regular these days and the release of App-V 5, it makes sense to split details on configuring Firefox for an enterprise deployment and virtualizing Firefox into separate articles.App-V 5.0 delivers Internet Explorer Plugin NirvanaOne of the great promises of application virtualization is dynamic delivery of software to end-points; however delivering plugins or add-ons to installed (i.e. not virtualized) software has thus far been a stumbling block.Sequencing Apple iTunes 11 with App-V 5Two recent releases presents an opportunity to revisit the state of virtualizing Apple iTunes. iTunes 11 looks great, but is it just lipstick on a pig? Under the hood, it doesn’t appear to differ that much from previous versions, but lets see whether a combination of Apple’s latest and greatest along with App-V 5 offers a better virtualisation experience.Prepare your Office 2013 Customizations for Better Deployments and User ExperienceUser settings that might impact the default Office experience or may require special consideration in your environment, are worth investing in planning time because you’ll often have only one chance to get deployment right.App-V 5 PowerShell One Liners – Adding and Publishing A Folder of App-V Client PackagesApp-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.Converting CTX114501 to a readable formatYou’ll then have tackled with the product matrix that comes as a PDF instead of something more reasonable like, say, a spread sheet. There’s probably a good reason for this document to be a PDF, but it’s not the best format for reading this type of information.App-V 5 PowerShell One Liners – Sequencing an applicationApp-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.App-V 5 PowerShell One Liners – Adding and Publishing App-V Client PackagesApp-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.App-V 5 PowerShell One Liners - Adding and Publishing App-V Server PackagesApp-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.Hands off my gold image - Automating Citrix XenApp/PVS Image CreationCitrix Provisioning Services is a great solution for the rapid deployment of Windows workloads from a master image. However, rapid deployment is not a replacement for a consistent, repeatable method of creating that master image.Adobe Reader XI is now available and along with this release comes some interesting tools for deployment:Replacing Redirected Folders and Offline Files with AppSense DataNowNote: this article covers a product that is in beta at the time of writing; therefore the specifics of the approach outlined in this article may be subject to change. This is not a recommendation to use this approach in production; rather it’s an exercise in understanding what’s possible with a new data synchronisation product.Sequencing Mozilla Firefox with App-V 4.6It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little more effort. I’ve previously shown you how to sequence Firefox 8, Firefox 7 and Firefox 5. Before embarking on sequencing Firefox, please refer to this companion article - Prepare Mozilla Firefox for Enterprise Deployment and Virtualization - which covers configuring a Firefox installation for virtualizing. It’s important that Firefox is configured correctly for virtualization by disabling specific features..Unattended Windows deployment fails with 0x80004005 under Hyper-VThere’s one thing that I can’t get enough of when automating Windows deployments, it’s ambiguous and confusing error messages. More please, I’m a sucker for punishment.Automated Citrix Receiver deployment hangs indefinitelyDeploying Citrix Receiver (full or Enterprise) via an unattended command-line, may result in the installer running indefinitely and not completing until you interact with the target machine.Migrating packages from App-V 4.x to App-V 5.0The App-V 5.0 Sequencer includes a couple of PowerShell modules and for converting packages is the only interface to use. Here’s how to automate the migration of packages from the old 4.x format to the new App-V 5.0 format.Last Friday turned out to be a pretty awesome day - my wife and I found out we’ll be having a girl in July and I’ve been selected to receive the Citrix Technology Professional award for 2012.Configuring Hyper-V Virtual Networks with PowerShellI’ve been configuring a Windows Server 2008 R2 Hyper-V deployment in the lab via MDT to a couple of ProLiant DL380 G5’s. I’ve been keeping the deployment as simple as possible, so there’s no SCVMM integrated at this point and as such I’ve need to configure the Hyper-V networking once the OS is deployed to the machine. Naturally, I don’t want to do that manually.Client Side Performance Testing coming to Login VSIMark Plettenberg, the lead developer of Login VSI. This new module looks very interesting because it will allow us to objectively measure and analyse the performance of remoting protocols such as Teradici PCoIP, Microsoft RDP, Citrix ICA/HDX and Quest EOP.Delivering Office with App-V – Sequencer Recommendations #038; Best PracticesHaving had to travel to Australia and the US recently, I’ve not had that much time to work on an upcoming white paper, but I have been posting some of the early versions of the chapters. So here’s another in that series while I work on getting the paper finished.Update (28/03/2012): This list of white papers are now available on the Microsoft Download Centre: Microsoft Application Virtualization (App-V) Documentation Resources Download PageMailbag - Deploying multiple editions of Office 2010 with App-VI’m not sure why I didn’t think of this earlier – I get emails from readers fairly regularly and many of them make great topics for blog posts. So here’s the first in a series of posts where I’ll cover interesting questions I get via email and where I think other readers will benefit from a public response.Reducing Profile Size with a Profile Clean Up Script - PowerShell EditionI recently posted a script for removing unnecessary files and pruning files based on their age, which can be used at logoff to keep profile sizes manageable - Reducing Profile Size with a Profile Clean Up Script.Andrew Morgan (@andyjmorgan) has kindly translated my very basic VBscript to PowerShell. This can be used as a standalone script or the function (remove-itembyage) could be integrated into your own scripts and has the added benefit of in-built help and the ability to run silently.Just like the original script, this could be executed at logoff, before the profile is saved back to the network, to perform two actions:Delete all files of a specific file type in a specified folder, including sub-foldersDelete all files older than X days in a specified folder, including sub-foldersFor example, you could use the script to delete all .log or temporary files below %APPDATA% that aren’t required to be roamed, or delete all Cookies older than 90 days to keep the Cookies folder to a manageable size.Note: the script listing below has the -whatif parameter applied when calling the function, so no deletes will occur unless the parameter is removed.function remove-itembyage { .SYNOPSIS remove items from folders recursively. .DESCRIPTION this function removes items older than a specified age from the target folder .PARAMETER Days Specifies the ammount of days since the file was last written to you wish to filter on. .PARAMETER Path Specifies the path to the folder you wish to search recursively. .PARAMETER Silent Instructs the function not to return any output. .EXAMPLE PS C:\ remove-itembyage -days 0 -path $recent This command searches the $recent directory, for any files, then deletes them. .EXAMPLE PS C:\ remove-itembyage -days 5 -path $recent This command searches the $recent directory, for files older than 5 days, then deletes them. .EXAMPLE PS C:\ remove-itembyage -days 10 -path $appdata -typefilter "txt,log" This command searches the $cookies directory, for files older than 10 days and end with txt or log extensions, then deletes them. .EXAMPLE PS C:\ remove-itembyage -days 10 -path $cookies -typefilter "txt,log" -silent This command searches the $cookies directory, for files older than 10 days and end with txt or log extensions, then deletes them without a report. .NOTES /user-virtualization/profile-clean-up-script-powershell-edition/ for support information. .LINK /user-virtualization/profile-clean-up-script-powershell-edition/ [cmdletbinding(SupportsShouldProcess = $True)] param( [Parameter(Mandatory = $true, Position = 0, HelpMessage = "Number of days to filter by, E.G. ""14""")] [int]$days, [Parameter(Mandatory = $true, Position = 1, HelpMessage = "Path to files you wish to delete")] [string]$path, [string]$typefilter, [switch]$silent) #check for silent switch if ($silent) {$ea = "Silentlycontinue"} Else {$ea = "Continue"} #check for typefilter, creates an array if specified. if (!($typefilter)) {$filter = "*"} Else {$filter = foreach ($item in $typefilter.split(",")) {$item.insert(0, "*.")}} if (test-path $path) { $now = get-date $datefilter = $now.adddays( - $days) foreach ($file in get-childitem "$path\*" -recurse -force -include $filter | where {$_.PSIsContainer -eq $false -and $_.lastwritetime -le $datefilter -and $_.name -ne "desktop.ini"}) { if (!($silent)) {write-host "Deleting: $($file.fullname)"} remove-item -literalPath $file.fullname -force -ea $ea }#end for }#end if Else { if (!($silent)) {write-warning "the path specified does not exist! ($path)"} }#end else}#end function#Get KnownFolder Paths$appdata = $env:appdata$Cookies = (new-object -com shell.application).namespace(289).Self.Path$History = (new-object -com shell.application).namespace(34).Self.Path$recent = (new-object -com shell.application).namespace(8).Self.Path$profile = $env:userprofile#commandsremove-itembyage -days 0 -path $appdata -typefilter "txt,log" -silent -whatifremove-itembyage -days 90 -path $cookies -silent -whatifremove-itembyage -days 14 -path $recent -silent -whatifremove-itembyage -days 21 -path $history -silent -whatifremove-itembyage -days 14 -path "$appdata\Microsoft\office\Recent" -silent -whatifI was quite relieved and grateful to receive the Microsoft MVP award again for 2012:Reducing Profile Size with a Profile Clean Up ScriptWindows profiles become larger over time - it’s an inescapable fact. This means that if you are using roaming profiles, logons (and logoff) will be longer and longer. It’s not just individual file sizes, but also the number of files stored in a profile that will make the synchronisation process slower.One approach to reducing profile sizes is to exclude certain folders. A better solution is to ditch roaming profiles and use a third-party solution to manage roaming of the user environment.However, there will still be folders that need to be roamed to maintain the experience that users expect when moving between devices (i.e. consistency). For those folders we can implement some maintenance to keep them at a manageable size - that is remove files that are not needed in a roaming profile (e.g. log files) or delete files older than a specific number of days.Warning: there’s a reason that Windows doesn’t do this maintenance itself - only each application vendor will have an understanding of whether specific files are required or can be discarded (hence the roaming and local portions of AppData). However, as any experienced Windows admin knows - many vendors either don’t test for or don’t care about roaming scenarios, therefore I strongly recommend testing this approach before production deployment.As a part of an upcoming version of this configuration, I’ve created a script that will execute at logoff, before the profile is saved back to the network, that will perform two actions:Delete all files of a specific file type in a specified folder, including sub-foldersDelete all files older than X days in a specified folder, including sub-foldersSo for example, you could use the script to delete all .log files below %APPDATA% or delete all Cookies older than 90 days.The script is extremely simple on purpose and I recommend testing thoroughly before implementing - use at your own risk; however feedback is welcome.' Profile clean up - remove unneeded or old files before logoff' --------------------------------------------------------------' Original scripts:' http://www.wisesoft.co.uk/scripts/vbscript_recursive_file_delete_by_extension.aspx' http://ss64.com/vb/syntax-profile.html' http://csi-windows.com/toolkit/csigetspecialfolder' Version 2.0; 27/12/2011Option ExplicitOn Error Resume Next 'Avoid file in use issuesDim strExtensionsToDelete, strAppData, strUserProfile, objFSO, strCookies, strHistory, strRecent, objShellAppSet objFSO = CreateObject("Scripting.FileSystemObject")Set objShellApp = CreateObject("Shell.Application")Const CSIDL_COOKIES = " H21"Const CSIDL_HISTORY = " H22"Const CSIDL_RECENT = " H08"Const CSIDL_NETHOOD = " H13"Const CSIDL_APPDATA = " H1A"Const CSIDL_PROFILE = " H28"' Folder to delete files from (files will also be deleted from Subfolders)strUserProfile = objShellApp.NameSpace(cint(CSIDL_PROFILE)).Self.PathstrAppData = objShellApp.NameSpace(cint(CSIDL_APPDATA)).Self.PathstrCookies = objShellApp.NameSpace(cint(CSIDL_COOKIES)).Self.PathstrHistory = objShellApp.NameSpace(cint(CSIDL_HISTORY)).Self.PathstrRecent = objShellApp.NameSpace(cint(CSIDL_RECENT)).Self.PathstrNetHood = objShellApp.NameSpace(cint(CSIDL_NETHOOD)).Self.Path' MainRecursiveDeleteByExtension strAppData, "tmp,log"RecursiveDeleteOlder 90, strCookiesRecursiveDeleteOlder 14, strRecentRecursiveDeleteOlder 21, strHistoryRecursiveDeleteOlder 21, strNetHoodRecursiveDeleteOlder 14, strAppData "\Microsoft\Office\Recent"'RecursiveDeleteOlder 5, strAppData "\Sun\Java\Deployment\cache"'RecursiveDeleteOlder 3, strAppData "\Macromedia\Flash Player"'RecursiveDeleteOlder 14, strUserProfile "\Oracle Jar Cache"Sub RecursiveDeleteByExtension(ByVal strPath,strExtensionsToDelete) ' Walk through strPath and sub-folders and delete files of type strExtensionsToDelete Dim objFolder, objSubFolder, objFile, strExt If objFSO.FolderExists(strPath) = True Then Set objFolder = objFSO.GetFolder(strPath) For Each objFile in objFolder.Files For each strExt in Split(UCase(strExtensionsToDelete),",") If Right(UCase(objFile.Path),Len(strExt)+1) = "." strExt then WScript.Echo "Deleting: " objFile.Path objFile.Delete(True) Exit For End If Next Next For Each objSubFolder in objFolder.SubFolders RecursiveDeleteByExtension objSubFolder.Path,strExtensionsToDelete Next End IfEnd SubSub RecursiveDeleteOlder(ByVal intDays,strPath) ' Delete files from strPath that are more than intDays old Dim objFolder, objFile, objSubFolder If objFSO.FolderExists(strPath) = True Then Set objFolder = objFSO.GetFolder(strPath) For each objFile in objFolder.files If DateDiff("d", objFile.DateLastModified,Now) intDays Then If UCase(objFile.Name) "DESKTOP.INI" Then ' Ensure we don't delete desktop.ini WScript.Echo "Deleting: " objFile.Path objFile.Delete(True) End If End If Next For Each objSubFolder in objFolder.SubFolders RecursiveDeleteOlder intDays,objSubFolder.Path Next End IfEnd SubDon t put yourself at risk by virtualizing Adobe Reader XAdobe released a new security advisory for Reader and Acrobat 9 and X this week to address details of an upcoming fix to these versions for a 0 day vulnerability. Exploits for this vulnerability exist for Reader and Acrobat 9 and are currently active:Delivering Office with App-V - The Need for Profile ManagementBecause Office is a core application of most desktop deployments, user interaction with Office and the user experience are important factors in the deployment of Office. From an administration perspective, providing a seamless user experience requires managing the user preferences of an application, independent of the application delivery method.An Archive and Analysis of #AppV TweetsSeveral months ago, I used the The Archivist to create an archive and analysis of tweets with the #AppV hash tag. 1,740 tweets later (not all of which I’m sure are App-V related), we get an interesting picture of conversations around App-V. To view the archive visit this URL: http://bit.ly/appvarchive.Mozilla has just released Firefox 8, so it’s time to look at virtualizing the new version. It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little more effort. Here’s how to successfully sequence Mozilla Firefox 8.x.Here’s how to successfully sequence Google Chrome 15; however the same approach should work for Chrome 13, 14 and 16 and maybe even some other versions.The Case of the Disappearing Application during SequencingIn the official Microsoft TechNet forums, a question had been asked about sequencing Google Chrome and the poster states that when using the Chrome Enterprise Installer (a downloadable MSI for deployment inside an organisation), Chrome installs OK during the monitoring phase, but the folder is deleted at the end of monitoring and thus isn’t captured.Surely one of the main goals of any good desktop delivery project is to remove the user’s reliance on any single device?Comparing User Profiles Sizes for Microsoft Office SuitesI’ve been doing some work recently virtualizing various versions of Office in App-V plus managing user preferences for those Office packages. Here’s something interesting that I’ve found – the size of the profile settings for a default installation of Office 2010 is massively different in size over previous versions of Office.Delivering Office with App-V - Error 0x80070424 installing the Office 2010 Deployment KitIf you have issues installing the Office 2010 Deployment Kit for App-V (OffVirt.msi) to install the licensing component for a virtualized Office 2010 package, it may fail to install. A typical command line to install the licensing component look like this:Delivering Office with App-V - The User ProfileIf you follow any of the following guidance from Microsoft for sequencing Office with App-V:It’s easy to virtualize Firefox with App-V; however getting it right takes a little more effort. Here’s how to successfully sequence Mozilla Firefox 7.x.Reducing the size of App-V packagesIf you’re looking to reduce the size of your App-V packages, you can compress them when saving them in the Sequencer; however if that content in the package doesn’t actually compress that well, you may not save as much space as you might expect. Here a quick win to reduce the size of your packages.Is it legal to virtualize Apple iTunes?Preface: I don’t speak legalese and this post is based on my own intepretation of the iTunes distribution agreement.AppSense Environment Manager 8 Baseline ConfigurationHere’s something that I’ve been looking to share with the community for some time - something to get you started when implementing AppSense Environment Manager 8.x.Disable Hibernation before enabling Hyper-V on a laptopIf you enable Hyper-V on a laptop (or any other machine where hibernation is enabled automatically) you’ll find that you won’t be able to delete the hibernation file (hiberfil.sys). Although hibernation is effectively disabled, the file remains in use once Windows has booted:It’s easy to virtualize Firefox with App-V; however getting it right takes a little more effort. Here’s how to successfully sequence Mozilla Firefox 5.x.Here’s a nut I’ve been trying to crack for some time – successfully virtualizing Apple iTunes with App-V. I think a combination of iTunes 10 and App-V 4.6 SP1 did the trick. Here’s how to do it.Adding Shell Extensions to App-V PackagesInspired by a post on the ThinApp blog on Adding Shell Extensions to ThinApp Packages, I’ve documented here how to add Shell Extensions to an App-V package using the Windows Installer file generated by the App-V Sequencer.Announcing the Server App-V Recipes, Tips #038; Tricks feedI’ve previously written about the Desktop App-V Recipes, Tips and Tricks list that fellow App-V MVP, Nicke Källén and I have been compiling over the past year. This list has recently reached well over 220 links and highlights the fantastic efforts of many different contributors.How the App-V 4.6 Service Pack 1 Sequencer helps you implement best practicesThe App-V 4.6 Sequencer introduces some major changes in the user interface and the sequencing workflow. These changes have been designed to assist the sequencing engineer with virtualising applications in App-V while aligning with best practices.Just how do Exclusions in App-V packages work?Exactly how do folder and Registry exclusions work in App-V? I had presumed that exclusions for both folder and Registry paths would carry over to package execution. This is something that I had made some assumptions about and it’s only recently that I looked into exclusions in detail to get a better understanding.200 App-V Recipes, Tips and Tricks to keep you busyWith (far) more than a little help from another App-V MVP, Nicke Källén, we’ve been compiling a list of completed App-V recipes plus links to various places around the Internets where you’ll find assistance in getting your applications virtualised in App-V..Sequencing the App-V Management ConsoleSequencing the the App-V Management Console is reasonably straight-forward; however it wasn’t quite as simple as you would expect.This is a guest post from Jurjen van Leeuwen, an App-V MVP (new for 2011) and independent consultant based in Norway. You can read more from Jurjen at his web site.This arrived in my inbox on the 1st of Jan, which was a great way to finish off a day of snowboarding:How to silently deploy RemoteApp Programs to the Start MenuRemoteApp in Windows Server 2008 R2 Remote Desktop Services finally allows you to do what some 3rd party solutions have been doing for years – delivering published applications directly to the user’s Start Menu. The bad news is that this feature requires Windows 7 and Windows Server 2008 R2, but your migrations plans are well underway right?App-V presentations from TechEd 2010 Australia #038; NZI’ve embedded the videos here. You’ll need an HTML 5 capable browser to view them, otherwise go to the TechEd Online site links I’ve provided, to view Silverlight and download MP4 versions plus access to the slide decks.App-V FAQ: My virtual application won t start. Where do I start troubleshooting?If you have successfully virtualised an application, imported the package into the Management Server but you are having issues publishing the package, streaming the application or getting it to launch, the first place to start is the the App-V client log.App-V FAQ: How do I configure my App-V clients to stream from a local source?If you have decided on streaming your App-V packages to client machines (rather than deploying via Windows Installer or SCCM), you will most certainly need to control where clients stream packages from. This, of course, would be the source closest to the client computer.App-V FAQ: How do I restrict access to specific applications in an App-V package?Consider the following scenario - I have created a Microsoft Office package with App-V that includes the base Office applications (Word, Excel, PowerPoint and Outlook). In addition to these I have also included Project and Visio. So I have a single App-V package that includes all of the Office applications – the base set of applications plus a couple of additional applications that I want to provide to a subset of users.App-V FAQ: How do I troubleshoot the App-V Management Server?Common scenarios for troubleshooting the Management Server (or the Streaming Server) are connectivity issues between the client and server, opening the Management Console from a remote machine and upgrading the Management Server.Configuring an Automatic Resolution Policy for Offline Files in Windows 7If you’ve ever had any experience implementing Offline Files for Windows laptops, you’re no doubt aware that users are required to manually resolve synchronisation conflicts. Well that’s the impression I’ve always been under until recently – there’s no documentation on TechNet on how to automatically resolve conflicts and certainly no Group Policy controls available either.App-V FAQ: What are the deployment methods for App-V?There are several methods that you can use to deliver App-V packages in your environment – you could even combine the methods depending on your requirements. I will summarise the methods here and give you some links to existing Microsoft articles and white papers and some excellent blog posts that discuss these options in detail:App-V FAQ: Where can I find information on sequencing applications?Before you even attempt your first sequence with App-V, I strongly recommend reading the Microsoft Application Virtualization 4.6 Sequencing Guide. This document lays the ground work for creating a successful sequencing environment and describes the best practices you should follow when sequencing. An older knowledgebase article exists, but it is still worth referencing: Best practices to use for sequencing in Microsoft SoftGrid.App-V FAQ: How do I configure the App-V Client in stand-alone mode?Stand-alone mode in App-V is useful where you are deploying App-V applications via Group Policy or a 3rd party ESD (using the MSI file), or you have the App-V packages available on a file share and import them with the SFTMIME command.Display corruption with Mobile Intel GM45 ChipsetI have a Dell Latitude XT2, which includes the Mobile Intel GM45 Chipset (and the Mobile Intel Graphics Media Accelerator 4500MHD). On occasion I’ve experienced display corruptions issues that make working with the laptop somewhat difficult.App-V FAQ: What are the current versions of App-V 4.x?There are currently several versions of App-V 4.x available for deployment, although it is highly recommended that you deploy or migrate to 4.6 SP2. For the full list of available versions and hotfixes for all App-V components see the spread sheet at the end of this post.App-V FAQ: Where can I download App-V?Depending on how you license App-V, you may need to download the ISO from different sources:Microsoft App-V is available in two flavours: for desktops (this includes laptops and virtual desktops – essentially anything that will run Windows XP, Windows Vista or Windows 7) and for Remote Desktop Services (RDS).Event ID 11708 logged when installing Application Error ReportingWhen installing Microsoft Application Error Reporting, for example as a part of deploying the App-V Client, you may see an event with ID 11708 logged in the Application log. The error logged will be something along the lines of this: Safari 5.x with Microsoft Application Virtualization; however the same basic steps should apply to any application virtualisation product.Managing product activation with a TechNet subscription (and MSDN too) I’ve been avoiding activating Windows installations in my home test environment with the product keys from my TechNet subscription because I’ve been afraid of running out of keys. Fortunately that fear has been mostly unfounded. I won’t go into what I really think about product activation but if you’re interested in how to manage your TechNet or MSDN keys, I have discussed how I’m doing that here.Application Virtualisation Sequencing SuperFlow availableMicrosoft have made available what looks to be an excellent resource for walking through the complete sequencing process:Setting App-V client permissions during installHowever, I generally recommend configuring as many settings as you can during install so that you don’t have to rely on external tools (e.g. Group Policy) that may not apply in a timely manner.Reduce logon times by excluding the bloatProfile bloat – we’ve all seen it. Many applications, and even Windows itself, can store files in the most inappropriate places within the user profile. For example, here’s just part of what the Vodafone Mobile Connect application stores within the roaming portion of my profile:This post details virtualising OpenOffice.org 3.x with Microsoft Application Virtualization; however the same basic steps should apply to any application virtualisation product.Virtualising Firefox? Don t forget to disable UpdatesIf you are virtualising Mozilla Firefox, you should probably consider disabling the update functionality within the browser, to ensure consistency of the virtual package. There are several items that need to be configured or removed:Deploy and update Adobe Reader with GFI LANguardThis post has been sitting in my drafts since June 2009 and for whatever reason I haven’t gotten around to posting it. So rather than delete it, I’m posting it as is - apologies in advance for quality of this postYou’re probably aware of the Browser Choice screen coming to Windows users in the EU, the update that forced on users because of a company that can’t do something a bunch of volunteers have done quite admirably. This update will actually unpin Internet Explorer from the taskbar even if you’ve already made IE your default browser.KB Article: Sequencing Office 2010 beta in App-V 4.6A new knowledge-base article, released on the 22nd, is available from Microsoft for sequencing Office 2010 (32-bit and 64-bit) with App-V 4.6:Microsoft Application Virtualisation 4.6 (RTM) has been made available, which you can download from the Microsoft Download Centre, including some new and updated support tools:RemoteApp for Windows XP and Windows Vista, the missing piecesYou may recall from my last post on RemoteApp, that we can get RemoteApp for Hyper-V works on other platforms too. While it was straight-forward publishing applications from a Windows 7 host, the client would report this error when connecting to Windows XP and Windows Vista hosts:App-V Errors 00000006 and 000D3002 When Adding PackagesI’m unsure if this is a bug or by design, but if you are using SFTMIME to add packages to an App-V client, you may receive the following error:How I m using FeedDemon 3.1 to make sense of the Citrix Community Blog feedI’ve been a fan of FeedDemon for several years now and was even a paying customer of the 2.x version, so this post is a little biased – you may be able to do something similar in other feed readers.Microsoft posted about RemoteApp for Hyper-V yesterday, which was essentially highlighting the application publishing capabilities available in Windows XP mode and Windows Virtual PC; however this particular blog post calls out the use of RemoteApp to publish applications on Windows XP and Vista guests running under Hyper-V.When Windows just won’t stay in sleep mode there’s a simple fix. First you need to identify which component keeps bringing Windows out of sleep mode.MSI Live Update disables User Account ControlI thought I’d seen just about every dumb thing that a developer could do, but this latest one from MSI is a whopper..Some More Windows Virtual PC ScreensOf course, Windows Virtual PC has been covered in detail already, but I got a chance to play with the product and there’s some neat UI experiences that I hadn’t seen covered yet. Here’s a quick overview of interacting with Windows Virtual PC.Did you know that App-V 4.5 CU1 is not beta?I’m a little slow off the mark here (I’ve got my head buried in something unrelated), but I’ve just found out today that the App-V 4.5 Cumulative Update 1, although only available on Connect, is not actually a beta, it is the final code that you can start deploying.Pismo File Mount for using ISOs in Windows 7My old favourite Daemon Tools just hasn’t been working in Windows 7, so I’ve been on the look out for another tool for mounting ISOs. I haven’t really liked other tools like CloneDrive or PowerISO, but I’ve come across Psimo File Mount (via My Digital Life, I think) which so far has been working a treat.In addition to the new Start Menu customisation options available in build 7048, build 7057 introduces a very subtle change when using the Windows 7 Basic theme. The links on the right-hand side of the Start Menu gain a faux glass look, which gives the Start Menu a little more consistency across the Basic and Aero themes.Remote Desktop Connection in Windows 7 7048The Remote Desktop Connection client gets a facelift in build 7048 as well as Jump List integration, which is has been making life much simpler indeed:I like the Command Prompt, it’s a little like those old worn out pair of shoes that you just don’t want to get rid of. I’m also a fan of the Consolas font, so when I can mix it with Command Prompt, those old shoes get a new lease on life.For those looking to fit just about every link possible on their Start Menu, Windows 7 build 7048 and above are aiming to please. In addition to the options seen in earlier builds, 7048 adds Downloads, Homegroup and the ability to edit the number of recent items in Jump Lists:A little more than just Internet Explorer 8 is removable in Windows 7 build 7048. This build allow you to remove Internet Explorer 8, Windows DVD Maker, Windows Media Center, Windows Media Player (no more N editions, I presume) and even Windows Search:Two great tools for managing App-V applications have appeared in the last few weeks - SoftBar and the App-V 4.5 Client Diagnostic and Configuration tool (ACDC). Thanks to the efforts of Greg Brownstein and Ment van der Plas, we have some excellent choices for improving the way we can manage and troubleshoot virtual applications on the client. Here’s an interesting video on the Channel 9 site about the architecture of Microsoft Application Virtualization:For the 10 people who use Windows Briefcase, this one is not for you. If you’re like me and can’t stand the rough edges in Windows that have yet to be cleaned up, the Windows Briefcase icon is a bit of an eye sore because it still uses a Windows XP style icon:Eliminate the Windows Start Navigation soundWhat’s the most annoying sound in Windows? For me it’s got to be the Start Navigation sound – that click that Windows plays whenever you navigate your way around Windows Explorer or Internet Explorer.Hiding the vmware_user account in Windows 7Installing VMware Server or Workstation on Windows 7 will leave the __vmware_user\__ account showing on the logon screen, which does not happen in earlier versions of Windows.It’s been a busy December, so it’s been a bit quiet around here and by the time you read this I’ll be on the slopes somewhere around Arinsal, so here’s my final post for the year. Merry Christmas, Happy Hanukkah, Saturnalia or Yule or whatever it is you do or don’t celebrate at this time of year.Attempting to install the App-V Sequencer may not be successful and result the message “The wizard was interrupted before Microsoft Application Virtualization Sequencer could be completely installed”. Of course the message in the dialog isn’t particularly helpful, so what’s going on?A reader e-mailed me the other day about the KEEPCURRENTSETTINGS property of the App-V 4.5 client setup and how when used on the command line, other properties are ignored. I hadn’t seen this behaviour – or so I thought until I found that my client install script was not setting the right virtual driver letter or enabling streaming from file.Workaround for crashing App-V Management ConsoleIf you are managing a large number of applications with App-V you may experience a crash in the Microsoft Management Console when drilling down into the Application node.Unable to set security descriptor on global package files on App-V client upgradeIf you are deploying the App-V ADM Template to manage your App-V 4.5 clients you may need to consider the timing of deploying of Group Policy settings versus deployment of the client. The App-V ADM Template whitepaper recommends deploying the template after you have deployed the client. Well TechEd EMEA 2008 is done and I still have some notes to post from a few more noteworthy sessions, so until then here’s a few more observations about the conference:This was a session to demo the new features in App-V 4.5, mainly aimed at those people already familiar with App-V. It was presented by Gene Ferioli, a senior program manager on the App-V team. Gene worked with the SCCM team on the App-V integration for SCCM 2007 R2.TechEd EMEA 2008 - First ImpressionsAfter experiencing some initial troubles with Internet access from my hotel room, I might be able to start posting some pieces from Tech∙Ed here in Barcelona. Some of these might be out of chronological order, but first up here’s a general odds and ends from my first few days here:Issues Sequencing Adobe Reader 7 or 8 in App-V 4.5Microsoft posted a knowledgebase article yesterday titled: With Microsoft Application Virtualization 4.5 you are unable to Sequence Adobe Reader 7.x or 8.x due to NETOP FEAD Installer error. Essentially the NETOP FEAD installer is not compatible with the 4.5 Sequencer (or perhaps that’s the other way around).A number of useful App-V (resource kit) tools have been released which look very useful:Juggling Sun Java Runtimes in App-V img > before, but it’s not because I like Java… So before I get into a tirade about it, here’s yet another post on the subject..Troubleshooting an Extraneous UAC PromptEven though I log onto my domain machine with a standard user account, I’ve been prompted by UAC to elevate when running Registry Editor. After putting up with it for a couple of months, I finally got around to doing something to fix it today.Keeping The Windows Vista User Folder CleanBecause I’m a stickler for clean UI, I want to ensure users don’t see extra files or folders in their User folder on Windows Vista. I’m trying to avoid something similar to what you can see in the screenshot below, which looks a little out of place:Application Virtualization 4.5 PodcastA podcast that gives you can overview of Microsoft Application Virtualisation 4.5 has been posted that is worth checking out if you’re new to App-V or want to find out what version 4.5 is all about: Windows Springboard Series: AppV™ Application VirtualizationApp-V and SCCM 2007 R2: Are Virtualised Applications Delivered The Same Way?This was a great question, at this evenings talk, about deploying virtualised applications via ConfigMgr 2007 R2 - are virtualised applications delivered to clients in the same manner as installed applications?The WMUG meeting was well attended tonight and my talk went better than expected considering that most of what I plan to say goes out the window as soon as I stand at the front of the room (I’m still new to this speaking malarkey).I’m going to be presenting a session on Microsoft Application Virtualisation 4.5 at the Windows Management User Group this coming Thursday (11th of September) at Microsoft’s offices in Victoria here in London:Get Ready Now To Deploy Internet Explorer 8Unless you’re hell bent on deploying Firefox in your corporate environment (and managing it with Group Policy), here are some reasons why you should plan for Internet Explorer 8 now and deploy it when the final version is released:My Product Code Is Bigger Than Yours..I thought 25 character product keys where a pain in the proverbial, but this one takes the cake. I won’t tell you which application this authorisation code is for, but it’s a whopping 93 characters long..WSUS Update for Server Manager in Windows 2008Microsoft have made available an update for Windows Server 2008 that integrates the WSUS 3.0 console into Server Manager.Managing Control Panel in Windows VistaAt some point in your migration from Windows XP to Windows Vista you’ll no doubt be looking to manage which Control Panel applets are available to users. Controlling access to applets is no different than earlier version of Windows, but given that there are approximately 48 default applets in Windows Vista compared to 29 in Windows XP, more consideration will need to be given to those which you make available.Disable Office User Interface ElementsGroup Policy allows you to disable certain UI elements within Office applications, which you might want to do in the case of the Information Rights Management feature built into Office 2003 and 2007.Customise the Windows Vista Default User ProfileThere are numerous ways to customise the default user profile in earlier versions of Windows, including:An update to the documentation included in the Windows Automated Installation Kit are available:Windows Update 80092026 plus Certificate Crypto Operation FailedOk, two separate issues but here, but fixed the same way. First up is Windows Update reporting:Better Screen Shots For Documentation And BloggingThere are three tools that I use for creating and managing screen shots for documentation and posting here on my blog:Remote Desktop Connection 6.1 for Windows XP SP2 Want the Remote Desktop Connection 6.1 client for Windows XP but can’t update to Service Pack 3 or Windows Vista? No need to hack files from SP3, just grab the update from here:Fixing Windows Explorer security warning promptsLast week I wrote about avoiding Explorer’s Security Warning prompts, this time around I want to document a related fix that I’ve had to implement because Explorer’s expected behaviour was not just not working.Avoiding Explorer rsquo;s Security Warning PromptsWindows XP Service Pack 2 and Windows Server 2003 Service Pack 1 made some changes to the way Windows handles specific file types opened or downloaded from certain locations, which results in Open File – Security Warning prompts like these:I’ve updated my Sun Java Runtime Environment 1.6 Update X script, again. Updating this script seems to be a never ending task, usually because I find mistakes but this time around I’ve made a couple of changes including Windows x64 support. The script will now supports installing the 32-bit version of the JRE on x86 and x64 Windows and configures the environment accordingly.Intel vPro and Network Access ProtectionHere’s something I found interesting about Intel’s vPro management tool - Network Access Protection interaction is supported in hardware - even before the operating system has loaded. This isn’t mean to replace the agent in the OS, but it great stuff from a management perspective. Here’s the details:Update On Running Adobe CS3 Applications In SoftGridI have previously detailed some efforts on sequencing some of the Adobe CS3 applications (Photoshop, Illustrator and InDesign) and some challenges related to the FLEXnet licensing component that comes with each application. It’s only recently that we’ve been able to do some user acceptance testing and we’ve found that the applications have failed.Got both Visio Viewer 2007 and Visio 2007 on the same machine but want to set Visio Viewer as the default for some users? Here’s what you’ll need to do.Disk Usage Display Improvement In Windows VistaI’ve stumbled across a nice usability improvement in Windows Vista that had escaped me until today - the display of free disk space. Of course this feature has been in Windows Explorer since Windows 95, but the improvement in Windows Vista and Windows Server 2008 is the reporting of disk space when a drive is mapped to a remote share with disk quotas enabled.Troubleshooting Windows Vista Performance KBsTo get the best out of Windows requires the wipe and load approach when confronted with a slow performing OEM install. I’m working on a post to that effect and Ed Bott has some great articles on Windows Vista performance lately (not that I think I’m in Ed Bott’s league).No Redirected Folders? Just Wait LongerNo, Ace Ventura hasn’t started writing knowledgebase articles, it’s the advice given about an issue with redirected folders in Windows Vista and Windows Server 2008. I haven’t seen this myself, but fortunately there’s a better workaround than waiting 12 minutes.Instead of waiting for Citrix to support Windows Vista icon sizes in their new beta client, I’ve updated it myself. I’ll bet the Mac OS X client gets a full size icon (Leopard supports 512 x 512 pixels). Why does Vista have to be a second class citizen?I’ve seen some Visio resources popup around the place recently and though that these were worth sharing.SoftGrid Applications Keep Coming BackI’m currently seeing this in my own lab environment - SoftGrid application shortcuts are created even though the application has been disabled, deleted or the user account has been removed from the application group. I’ve got two user group presentations coming up next month where I’ll be presenting on Microsoft SoftGrid and why I think application virtualisation is great stuff. Hopefully I’ll be able to fit in a bit about some other appvirt products in there too.Comparing eSATA To USB For External DrivesI’ve just purchased a new SATA-based external hard drive to use with demos and I thought I would share some details about the performance gain over my older ATA-based hard disk.Delay On Windows Vista With Redirected DesktopIf you are redirecting the Desktop folder for users on Windows Vista laptops, a knowledgebase article just been published that might be useful to you. Here’s details of what this article addresses:Providing Redirected Start Menus To LaptopsSounds like a great blog post (and it gives my an excuse to avoid my eight other draft posts), so here’s my answer:Building Dynamic Start Menus With Access-Based EnumerationI hinted at creating dynamic Start Menus using Access-Based Enumeration (ABE) in Windows Server 2003 SP1 and above. I have read an article on this subject previously on the Internets, but the tubes must be clogged up as I can’t find it anymore. If anyone has a link please let me know, because I would like to link to it.In Defence Of The Windows Server 2008 Step-by-Step Guidesand I’m left scratching my head. His beef with the guides is that they haven’t yet been updated for RTM and still include some older terminology:Remote Server Administration Tools AvailableThe wait is finally over - the Microsoft Remote Server Administration Tools are available. The RSAT also includes a the command line version of the tools as well. There is a knowledge base article, KB941314, but it’s not yet available.Gordon Martin from Canada writes a great blog on his experiences deploying Windows Vista. It’s a good read and there’s a fair number of little gems in there. I’ve been meaning to post some links to his site for some time, but I’ve just been slack and haven’t gotten around to it. Who is Gordon? Here’s what he says:Placing The SoftGrid User Data Directory If you’re in the process of rolling out SoftGrid Application Virtualisation, you’ve most likely considered placement of the User Data Directory. The User Data Directory (or user cache) holds application configuration that would normally be stored in the user profile.Windows Command Line Reference Documentationfor Windows Server 2003, Windows Vista and Windows Server 2008, which curiously doesn’t include every command line tool in Windows.The Short NAP: Thursday March 13 2008Network Access Protection is a great new feature of Windows Server 2008 that will help you understand the health of your client machines (Windows Vista and Windows XP Service Pack 3) and increase the trust in your network.Export Your Product Keys Before Your TechNet Subscription Expires With Windows Vista and Windows Server 2008 requiring activation for all versions, the days of grabbing the corporate key for home use have gone. New Java Runtime Coming. Set Phasers To Yawnfor release later this year and there’s a couple of changes to this version that have some bearing on deployment. I can’t imagine there is an enterprise out there that doesn’t have to deal with Java applications.Group Policy Preference Client Side Extensions AvailableMicrosoft have made available the Group Policy Preferences Client Side Extensions for download and deployment. You’ll need Windows Server 2008 or Windows Vista SP1 with the Remote Server Administration Tools (not yet available) to manage these. You do not need to upgrade to a Windows Server 2008 domain to use Group Policy Extensions which is fantastic.SoftGrid Tip: What s On That Q: Drive?Here’s a nice SoftGrid tip from one of the guys in the team here.Planning and Deploying Group Policy? This Is For YouHere’s a great document from the Microsoft writing team on planning and deploying Group Policy for Windows Server 2008. Many of the details in this document do apply to Windows Server 2003 and Windows 2000 Server as well. This document is the place to start for anyone dealing with Group Policy, no matter what your experience is.The Short NAP: Tuesday February 19 2008Network Access Protection is a great new feature of Windows Server 2008 that will help you understand the health of your client machines (Windows Vista and Windows XP Service Pack 3) and increase the trust in your network.Server Manager s Power Is In The Command LineLike most IT Pros deploying and managing Windows Server, I’ve avoided the wizard interfaces, like Manage Your Server, in previous versions of Windows. However with Windows Server 2008, Microsoft have actually succeeded in creating a tool that I think people will find indispensable.Update Adobe Reader Now, PDF Exploits In The Wild![updateadobereader]/media/2008/02/updateadobereader.png)Citrix Hotfix Turns Oracle JInitiator PinkA workaround has been posted in the forums. Run the following command to exclude Internet Explorer from the multiple montior hooks that Presentation Server provides:REG ADD "HKLM\SOFTWARE\Citrix\CtxHook\AppInit_Dlls\Multiple Monitor Hook" /v Exclude /d "iexplore.exe" /t REG_SZ /fThe Short NAP: Thursday February 7 2008Network Access Protection is a great new feature of Windows Server 2008 that will help you understand the health of your client machines (Windows Vista and Windows XP Service Pack 3) and increase the trust in your network.Here’s how to create a custom Apple QuickTime 7.x installation for virtualisation. This post specifically deals with virtualising QuickTime with Microsoft App-V, but the general process should be similar for any application virtualisation product.Disable Adobe Updater When Sequencing CS3 AppsLike all of the current Adobe applications, the CS3 suite comes bundled with Adobe Updater 5. When you are sequencing any of these applications you should ensure that Updater is disabled or not installed.Addressing Licensing Issues With Adobe CS3 Apps On SoftGridAdobe uses Macrovision FLEXnet to enforce licensing for their applications. This is a service that is installed when you install any of the CS3 applications and will start when you launch a CS3 application. This licensing tool is installed even if you are using volume license media.Updating Flash On Presentation Server? Consider SpeedFlash FirstLike any good IT pro you’re probably keeping an eye on the latest software releases and updating to keep on top of security updates. When it comes to Adobe Flash under Citrix Presentation Server, you’ll want to ensure that the latest update is supported by SpeedFlash/SpeedScreen.Should We Need To Inform The User They re Running With Limited Rights?Expecting an application to execute correctly when run with limited user privileges should be something that we take for granted. Alas in the real world this is not the case, but things are getting better, if slowly.Windows Server 2003 SP2 Administration Tools Pack AvailableThe Service Pack 2 Administration Tools pack has been released as a stand alone package. I’m fairly certain this is new - I don’t recall seeing this download before and the knowledgebase article was updated just yesterday.SoftGrid, Presentation Server And Internet Explorer As A Help System If you’re deploying applications on Citrix Presentation Server via Application Virtualisation/SoftGrid, you may run into issues with applications that utilise a local HTML based help system. These applications will generally launch Internet Explorer as the viewer and in our case, we’ve found that IE is launched outside of the protected environment and thus never sees the help content located inside the environment.The Short NAP: Thursday January 10 2008The Short NAP is a quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are the links for Thursday the 10th of January 2008:Loading Local AppVirt/SoftGrid Packages on Windows VistaTesting applications inside the Microsoft Application Virtualisation (SoftGrid) bubble, from local packages (i.e. not streamed from the server) on Windows Vista requires a configuration change due to User Account Control. If you attempt to load an application from a local OSD file, you will receive the following error:It’s been a while since an entrant in the Hall of Shame, so today I’m pleased to bring you a bit of a chuckle courtesy of ACDSee Standard 5.0. It seems that the Tips dialog in this old version, doesn’t like it if you’ve installed the application to a non-default location (think sequencing in SoftGrid). Perhaps this dialog has a case of what my wife would call “Man eyes” - very similar to inattentional blindness.Windows Vista SP1 - Streamlining UAC InteractionHere’s a great example of the improvements to interaction with User Account Control in Windows Vista Service Pack -creating folders in system locations (e.g. the Start Menu, Program Files etc.). This is probably the most ‘in your face’ UAC interaction, and beyond this I’ve personally found UAC to be quite usable.The Short NAP: Monday December 17 2007The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are the links for Monday the 17th of December 2007:Running the latest Oracle JInitiatorHere’s a really simple method for using running the latest version of the Oracle JInitiator even though your application may require a specific version. DISCLAIMER: This is most likely unsupported by Oracle but it thus far it’s worked for me. If you’re worried about your applications breaking don’t implement this hack.Adobe InDesign should be the last of the Adobe CS3 applications that I’ll have to sequence and like Illustrator, Photoshop and Acrobat, I had the same issues with sequencing and running the application on the client. So I don’t have to repeat myself, check out those posts first and here are the basics for sequencing InDesign CS3.Deploying Adobe applications with SoftGrid/Microsoft Application Virtualisation certainly takes a lot of patience, because like Adobe Acrobat, Photoshop took quite a long time to sequence and troubleshoot. Sequencing the application alone will take around 6 hours, but your mileage may vary.After working on sequencing Adobe Acrobat 8 Professional for the better part of four days, I’ve come to the conclusion that this application is just not going to work well from within SoftGrid. Here’s my reasoning:SoftGrid: Sequencing Adobe Acrobat 8 - The Story So FarI’m not completely convinced that Adobe Acrobat (not Reader) is the best candidate for deploying via application virtualisation techniques, but if you’re looking to do it you’re in for a bit of a ride.The Short NAP: Friday November 22 2007The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are the links for Friday the 22nd of November 2007:Enable Streaming from File in SoftGrid 4.5The default behaviour of the SoftGrid Application Virtualisation 4.5 client is to not allow applications to be streamed from a file, i.e. streaming an application from a local OSD file rather than from the server. If you attempt to load from a local package, you may see an error similar to this:SoftGrid Client Error: 411136-0E80A704-00001213If you’ve ever added regsitry entries to your SoftGrid OSD file, you may receive an error like this, even though the entries are completely valid:New Group Policy White Papers Up For GrabsHere’s a couple of new Group Policy white papers released to the Microsoft Download Centre. They detail some great Group Policy additions coming with Windows Server 2008 and the Microsoft Desktop Optimisation Pack. The Advanced Group Policy Management tool came out of what was DesktopStandard GPOVault and Group Policy Preferences is what used to be PolicyMaker.SoftGrid: Launch Windows Explorer inside the bubbleIf you’ve attempted to launch Windows Explorer as a component of your SoftGrid sequenced applications, you may find that you are not able to view folders within the SoftGrid protected environment (i.e. inside the bubble). When you attempt to view a folder that lies within the bubble or your SoftGrid drive letter, you will receive an ‘Access Denied’ error. The reason for this is that the Explorer process is not running within the bubble and thus you won’t have access to those folder locations.Windows Vista components available for Windows XPHere’s a list of components developed for Windows Vista or during the same development time frame and included in Windows Vista, that have also been made available for installation on Windows XP:Microsoft Deployment Available on Download CentreMicrosoft Deployment looks to have made it’s way to version 1.0 and is available on Microsoft’s Download Centre. There’s no real confirmation that this is the RTM/RTW release but it’s just been posted so I can only assume.Sun Java 6 Update 3 Deployment ScriptI’ve just updated my Java Runtime Environment install script for Sun Java 6 Update 3. Apart from supporting the latest JRE update, this version of the script fixes some registry changes that I hadn’t got quite right previously. If you’ve not seen this script before here’s a breakdown of what it does:CD/DVD Writing via Script with IMAPIv2Looking to write to CD or DVD media via a script? Did you know that Windows includes an API to do just that? Version 2.0 of this API that is included in Windows Vista has also been made available for Windows XP and Windows Server 2003: Image Mastering API v2.0My Samsung P2 Review: great device with room for improvementAny review of a touch screen digital audio player or phone is going to inevitably compare to the iPhone/iPod touch, but touch interfaces are the way forward because they just make sense. So here’s my quick and dirty review of the Samsung P2 which turned up this morning.Well they came close, really close, but full marks goes to Axialis for first making the command line options for their installer and then making them nice and easy to see too. I got a nice surprise when installing the latest version of Axialis IconWorkshop, which has a link to the command line options right on the setup wizard. Now if only the setup programme was based on Windows Installer I’d be even more impressed.This is a about a week old (I’ve been away in Italy so I’m a bit behind), but Adobe have released Reader 8.1.1. Currently only available in English with quite a few languages still only receiving 8.0. You can download the full installer here and find what’s been updated here. Good news is that my deployment instructions and transform for 8.1 are still valid for this version.One Click Citrix Access Management Console UninstallCitrix provide a nice installer for the Access Management Console that you can automate to script the installation of the AMC. However, if you’ve ever needed to remove the AMC you’ll find that you need to remove each component one at a time. Because there are 9 components, this can become a little tedious. Page Cannot Be Displayed in McAfee ePO?Don’t get me started on the ridiculousness of wrapping an MMC console around a web application served by Apache Tomcat to administer McAfee’s ePolicy Orchestrator (surely one or the other, not both), but you may see this error after you log into the console instead of seeing the expected settings window:The Short NAP: Friday September 28 2007The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are the links for Friday the 28th of September 2007:The Short NAP: Wednesday September 12 2007The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. This one is a little too semi-regular, so this is almost three months worth of links. Here are the links for Wednesday the 12th of September 2007:ISA Server 2006 Supportability UpdateDon’t call it a service pack, but what’s a service pack by any other name? Seems it’s a “Supportability Update”. Microsoft have released an update for ISA Server 2006 that brings the features that ISA Server 2004 got with Service Pack 3. Here’s the breakdown of what’s included:Script: Update Published Application IconsIn a previous post I detailed updating your Citrix Presentation Server 4.5 environment to support true/high colour icons for published applications. One of the steps mentioned in the post is that you need to delete and re-publish each of your published applications to get a high colour icon, which detailed in the release notes for PSE450W2K3R01.Unattended Citrix Access Management ConsoleIf you’re looking at deploying the updated Access Management Console you might be interested in how to perform an unattended install. There are really two ways to do this:Group Policy Diagnostic Best Practice AnalyzerHere’s an interesting tool that Microsoft have just released - the Group Policy Diagnostic Best Practice Analyzer:High Colour icons for Citrix Presentation Server applicationsCitrix have released (and even re-released) whole slew of updates in the past few weeks that finally get’s a feature of Presentation Server working that’s close to my heart - high colour icons. Yes, high colour icons - the single most important feature that Citrix could add to Presentation Server! Forget application streaming, the new killer feautre is high colour icons!Creating Custom MetaFrame Admins with VBscript: Part 2Creating the AdministratorNow that we can read the privileges from an existing administrator object we can determine which privileges to write to a new administrator. In this post I have listed a script that you can use to create the custom administrator account.Creating Custom MetaFrame Admins with VBscript: Part 1OverviewSetting privileges on a custom administrator account in Presentation Server is not quite as simple as I thought when I set out to create a script to do so - there’s not much information on the CDN forums, so this was a bit of trial and error.Windows Script 5.7 Available for DownloadWe all know that PowerShell is the future, but Microsoft have released an updated version of Windows Script for Windows 2000/XP and 2003 (to match the version included with Windows Vista). You can read the release notes here.Quering Domino via LDAP with VBscriptI don’t really want to admit to interacting with Lotus Notes but that’s a part of what I’m doing currently. More specificially I’m attempting to query Domino via LDAP with a VBS script. It turns out that this is a fairly simple process and you can use the Active Directory Provider built into Windows.Following on from the Windows Server 2008 Component Posters, I’ve made a nice PNG of just the NAP component. This does a great job at giving you an overview of how the NAP components work, much easier than trawling though a document. Click on the picture below for a larger view and enjoy:The Short NAP: Thursday July 12 2007The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are links for Thursday the 12th of July 2007:Here’s something that’s caught my eye up on the Microsoft Download Centre which I thought might be useful to someone:The Short NAP: Thursday June 14 2007The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are links for Thursday the 14th of June 2007:Adobe Reader 8.1 Direct Download LinksFor anyone deploying Adobe Reader, the direct download links for Adobe Reader are far more useful than the standard download that attempts sell you on how great Adobe Photoshop Album Starter Edition and the Google Toolbar are.Deployment of Adobe Reader in an enterprise environment has been much simplified since version 6, however there is still some important preparation before you think about deploying version 8. Adobe have compiled information on enterprise deployment which are available on the following pages - I prefer the developer page over the page aimed at IT professionals because it has more information and is a little easier to read:Adobe have released version 8.1 of Reader that includes updates for Office 2007 and Windows Vista, including preview in Outlook 2007. I’ll update my Adobe Reader deployment tools as soon as I can, however I don’t see any reason why ~~[my existing transform files](/deployment/disable-adobe-updater-with-adobe-customization-wizard-8) won’t work with this version~~ my existing transform files won’t work with this version, so expect updates soon. If you are looking to download the latest version here is the direct download link:The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are links for Thursday the 31st of May 2007:How to Move a Storage Group in a Cluster Continuous Replication EnvironmentTechNet has an article on moving the database and log file paths for a Storage Group in an Exchange cluster running in a Cluster Continuous Replication environment, however it’s missing a couple of steps which are fairly important to the process.The Short NAP: Wednesday May 23 2007The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are links for Wednesday the 23rd of May 2007:Service Pack integration issues? It s probably something simpleI was having some issues integrating Windows Server 2003 Service Pack 2 into a copy of Windows Server 2003 Enterprise R2 x64. The updater would keep reporting this error and bomb out:VMware ESX Server and Security Update MS07-22We’ve had some issues with 32bit Windows on VMware ESX 3.0 which has been causing servers that have been patched with the MS07-22 security update to freeze on boot. The severity rating for this patch is Important and it fixes a vulnerability in the Windows kernel, you can read more information about this patch here:Exchange Server 2007 and Public Folder ReplicasDuring a migration from Exchange Server 2003 to Exchange Server 2007 you need to add the Exchange 2007 server to replicas for each of the Public Folders (as you would need with any Exchange server migration) and this includes the System folders as well.Access Gateway Advanced and Outlook Web Access 2007If you are looking at implementing remote access to Outlook Web Access 2007 through Citrix Access Gateway Advanced you’ll find that things aren’t going to work as expect and currently this configuration is not supported by Citrix.The Short NAP is a (semi-regular) quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are links for Monday the 7th of May 2007:Installing Office 2007 on Terminal ServerWhen install Office 2007 on your Terminal Servers there are a few things you’ll need to be aware of. The first of which is that you will need an Enterprise or Volume License key, i.e. those keys that use Volume Activation 1.0 and do not require activation. There is also some configuration and installation options that I recommend you set before and after installation.Group Policy Application Deployment Done RightIn this article I’ve outlined what I recommend for best utilising Group Policy to deploy applications. Deploying applications via Group Policy is a fairly straight-forward process, if a little limiting, however if you don’t do it right you could be setting yourself up for some pain down the track.Microsoft have released ISA Server 2004 Service Pack 3, which includes support for Exchange Server 2007 and updated log viewer functionality:Firefox on Vista doesn t have to be so uglyBecause non-native UI sucks, here’s a couple of extensions that help to make Firefox look much better on Windows Vista. These extensions mimic the Internet Explorer 7 interface, including the Windows Vista menus, making Firefox feel far more at home.The Short NAP: Wednesday 25th April 2007The Short NAP is a quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are links for Wednesday the 25th of April 2007:Here’s how to create an unattended installation of VMware Tools which I’ve aimed specifically at Terminal Servers, however you can apply the same concepts for any Windows server installed under any of the VMware virtualisation products.On our internal Terminal Servers the CEO has been having an issue whereby files or folders are not sent to the Recycle Bin, rather they are immediately deleted. If you logon with administrative rights on the machine, you can send files to the Recycle Bin. To date, he’d been told that this would be fixed once we move to some new boxes (which I did last week). Unfortunately the problem also exists on the new Terminal Servers which I only found out after the CEO pointed the problem out to me (luckily he’s a pretty understanding guy).The Short NAP: Sunday 22nd April 2007The Short NAP is a quick list of Microsoft Network Access Protection and Server/Domain Isolation related links from around the web. Here are links for Sunday the 22nd of April 2007:While things haven’t changed much since Presentation Server 4.0, I’ve put together what you’ll need to create an unattended install for Presentation Server 4.5. First up I’ve made a copy of the installation files from the CD and added them to a single folder. This includes a copy of the administration tools in the same folder:PolicyMaker and Internet Explorer 7If you are working with PolicyMaker Registry Extension, or any of the other PolicyMaker products, you will find the Microsoft Management Console will crash when you select the User Settings / Registry node when editing the Group Policy on machine that also has Internet Explorer 7 installed. If you look at the crash details you will see that the fault is with MSHTML.DLL.The ADM/ADMX templates have been updated and include the fix for the Outlook template. See the download link below to update your templates.Changing Icons and Labels for Mapped DrivesI had a need on a Terminal Server project last year to change the icon and label for client-mapped drives in use by Citrix Presentation Server clients. This proved to be quite easy to implement and actually worked well for users as they could more easily identify the drive mapped to their local C: drive.An Exchange 2007 Upgrade Is Like a Poke in the EyeI’ve upgraded our internal Exchange organisation over the last week and I’ve got to say Exchange 2007 is a completely different ball game. Now for seasoned Exchange architects and administrators a lot of the Exchange 2007 upgrade process is probably not new, but for those of us who don’t look after Exchange full time it’s a steep learning curve. The biggest challenges for me have been around the new Exchange Management Shell. I think the implementation of PowerShell as the basis for all Exchange management is a good thing - there’s nothing like being able to paste the exact command line into your change log. However there’s been a couple of issue that I’ve got with Exchange 2007:Windows 2003 R2 and Integrated Service Pack 2I recently ran into a spot of trouble with integrating Windows Server 2003 Service Pack 2 into Windows Server 2003 R2. After successfully installing Windows Server 2003 with integrated Service Pack 2 on a server I ran the R2 installer (SETUP2.EXE) and was greeted with this message:A Quick Look at the Windows Vista MMC ConsolesThere’s got to be a quicker way of getting to the management tools in Windows right? Well here’s a quick look at the MMC files included in the base install of Windows Vista. I’ve put together a list of those files and whether you need to elevate to run them. If you do need to elevate you will have to do so by running them from an elevated command prompt. Note that you can run these without having to add the .MSC extension. The exception to this is SERVICES.MSC.A couple of months back my old Toshiba TE2100 laptop that my wife has been using packed it in and it was time to look at a new one. I settled on a Dell and took delivery of a Dell XPS M1210 laptop last week. So far I’m pretty impressed. Here’s a breakdown of the features that I picked up for AU $2840:The Short NAP: Wednesday 4th April 2007The Short NAP is a quick list of NAP and Server/Domain Isolation links from around the web. Here are links for Wednesday the 4th of April 2007:Group Policy Scripts can fail due to UACIf you are starting to deploy Windows Vista you may have noticed that any user who has administrative access to their workstation will not receive mapped drives or printers. This is due to the new privilege model introduced in Windows Vista with User Account Control.Adventures in Access Gateway 4.5 UpgradeUpgrading our Access Gateway last night proved to be a bit of a challenge where perhaps it should not have been. The problem was not with the product, more due to the time between installs. Access Gateway is generally requires little administration after deployment and it’s certainly not a product I get to work with every day. So what problems did I run into? Well, things that should have been quite obvious from the start, so here’s how I got there and fixed them and how I won’t make the same mistakes twice.Citrix Access Gateway and Scans for Domain MembershipThe Endpoint Analysis feature of Citrix Access Gateway Advanced allows you to scan the client machine for specific criteria before the user is allowed access to internal network resources. One of these scans is machine membership of your internal domain. When configuring this scan you specify the NetBIOS name of your domain and apply this scan to a logon point or filter.I came across a Windows Sidebar gadget the other day which is actually proving to be useful - the Microsoft Office 2007 Recently Used Documents gadget. It’s quite handy having a list of your recent documents available without having to go through the Start Menu. I recommend checking this one out.Unattended Citrix Advanced Access Control Part 1I’ve spent some time in the past couple of days working out how to do an unattended install of Web Interface and Advanced Access Control and certainly been a challenge. Whilst I haven’t worked everything out, I thought that I would outline what I’ve found out thus far. Why would we want to automate the installation of AAC? Just like your Terminal Servers, the servers running AAC should be stateless, so an unattended installation will provide a method for replicating servers and for disaster recovery.Customising the Presentation Server Client Installation Part 2In my previous article on customising the Presentation Server Client, I outlined the steps required to make a custom package for deployment to your client machines. That just article covers creating the custom package using the packager, but there a few other customisations you might be interested in:Crash the ISA Server Firewall Service - Open All Inbound PortsHere’s an easy way to crash the Microsoft Firewall service in ISA Server - create a server publishing rule that allows all high ports inbound to an internal NATed IP address.If for whatever reason you are looking to remove Adobe Reader from your computers, here’s how to remove these applications via a script or some other unattended means. I have tested this with Adobe Reader 6.0.1, 7.0.9 and 8.0 which are all readily available from the Adobe web site and all use Windows Installer. I was also able to test Adobe Reader 5.1 which utilises a standard setup application from InstallShield.Presentation Server Client 10 still uses Windows HelpGee, I expected a little more than this from Citrix - the new Presentation Server Client version 10 is still using the old 16-bit Windows Help format (.HLP). What’s the problem with this you say? Well, Windows Help is no longer included with Windows Vista and Microsoft have been discouraging its’ use for some time now. Yes you can now download a version of Windows Help for Vista from Microsoft, but it’s not guaranteed to work with all .HLP files.Customising the Presentation Server Client Installation Part 1The Citrix Presentation Server Client provides the ability to customise the client before you deploy it to your workstations. Customisation of the client is an important step to ensure the best possible experience for your users and it is yet very simple to achieve:TweakVI encourages users to turn off UACTweakVI is a tweaking and “optimisation” application from Totalidea that is essentially a front end for a large number of registry settings that you can enable or disable to change the behaviour of features in Windows Vista. The application is mainly aimed at power users but I would assume that some slightly less power users would be interested in this application as well.Safely Remove Hardware, gets a facelift, almostThere are quite a few design choices in Windows Vista that have me baffled, especially where an interface change to me seems quite logical but Microsoft have not implemented one. The Safely Remove Hardware feature is one such change.Windows Vista Previous Versions, System Restore and Disk SpaceWhile checking out where my disk space was being consumed on my Windows Vista machines, I found that System Restore was the main culprit. So to reclaim my lost space I disabled it. Here you can see the before and after impact on the system drive of my desktop - close to 3GB was freed:Print Migrator utility included in Windows Vista/Longhorn ServerMicrosoft’s Windows Server 2003 Print Migrator 3.1 has now been rolled into the operating system with Windows Vista and Longhorn Server in the form of the Printer Migration Wizard. This new version is very simplified and comes as a UI, as you can see in the screenshot below, and a command line version.SafeWord RemoteAccess Keeps You WaitingIf you are ever installing SafeWord RemoteAccess, don’t be in a hurry. Be prepared to wait while the Setup application downloads the application updates from the SafeWord site, you could be there a while. It’s clocked just over an hour now and it’s not my end:The Short NAP: Friday 2nd March 2007Here’s a few interesting NAP links from the past several weeks:Configure Vista KMS on Windows Server 2003Unfortunately life with Windows Vista means living with Microsoft’s Volume Activation 2.0. For complete information on Volume Activation 2.0 see this TechNet page:Install the Windows Deployment Services Console on VistaInstalling the Windows Deployment Services MMC on Windows Vista is a simple process:Citrix have released version 10 of the Presentation Server Client and the new Citrix Streaming Client as well as Hotfix Rollup 3 for Presentation Server 4.0:Being a project engineer for an outsourcing company, much of my time is spent working with system administrators rather than users but like users system administrators, need help from time to time. So here are a couple of tips related to support that I think are worth sharing (or re-sharing for those already in the know):Intel Graphics and the Dynamically Generated DLLI’ve recently noticed a DLL file from Intel that keep reappearing on my system drive and I’ve tracked this down to the display software on my laptop - I’ve recently moved to a Dell laptop that has an Intel 945GM display adapter. Here’s the DLL in question:Changing the Citrix Web Interface Font FaceI’ve never previously had to change the font face in Web Interface, but I’ve had to it today for the first time ever. Now one would think that this would be in a custom style sheet, but the CSS is actually inline in the Web Interface web pages.You cannot share the Normal.dot file among multiple users in WordOn a semi-regular basis I see an issue on customer networks whereby users receive errors in Microsoft Word similar to the following:UPDATE: Unfortunately the video has been pulled. Hopefully someone can track down another link.I’ve seen some dumb software in my travels and Mercury Quality Center is no exception; however this one has got me scratching my head.I received the following error (in a dialog box) from Windows Setup on a Terminal Server running Windows Server 2003 not long after GUI-mode setup started:Link: Microsoft Cluster Configuration Validation WizardMicrosoft have release a new tool, ClusPrep, for testing your servers readiness before you create a cluster to run things like Exchange and SQL:Sophos Anti-Virus: Hide the Tray IconDuring my quest to disable as many tray icons as I possibly can, I’ve had to track down how to disable the tray icon for Sophos Anti-Virus in a Terminal Server environment. This one is pretty easy, it’s just a single DWORD registry value:Objective 7 Error Logging: Access DeniedObjective is an Enterprise Content Management system from Objective that uses a Win32 client that plugs into Office and can also be used as a stand-alone application for access to documents. I’m not a user of the application so I don’t really have an opinion on its effectiveness but organisations buy it so it must do the job.The Short NAP: Saturday 3rd February 2007Lot’s of NAP in the news over the past week or two, now if only I had the time and resources at the moment to do some more NAP testing.Installing Microsoft Update Standalone Packages SilentlyI can find very little information on the Update Standalone Packages on the Microsoft site, with this knowledgebase article being it. What I do know about them is that they use a .MSU file extenstion and they display a dialog box similar to the Windows Update install dialog when installing.PowerShell 1.0 released for Windows VistaYay! (it is so very geeky to get excited over a scripting tool isn’t it?) Microsoft have released PowerShell 1.0 for Windows Vista today. It comes as a Microsoft Update Standalone Package.Shameless Self Promotion: Unattended Install ScriptsIn case you were’nt aware, I have a number of install scripts for various applications that might be helpful for you if you are involved in any aspect of application deployment. A couple of these I have modified from an original script gleamed from AppDeploy.com. Hopefully you may find these useful:Adobe Reader/Acrobat 8, Citrix Presentation Server and Seamless WindowsDuring testing of Adobe Reader 8 on a new Presentation Server 4.0 farm, I tested Adobe Reader 8 as a published application in a seamless window, using the ICA Client 9.230.50211. When using the toolbars in the published application (right clicking on the toolbars or clicking any of the drop down items) the application would exit completely without any errors logged on the server.TS Logon Issues? It s Not What You ThinkEvery six to eight months or so, I have an issue logging onto a Terminal Server and then have to research the issue each time from scratch because I can’t remember how I fixed it. Here’s how it starts - after logging onto a Terminal Server I receive the following helpful error message:Some bright spark over at WinZip thought that it would be a great idea to build in an auto-update utility into WinZip so that users would be prompted to download the lastest version of WinZip as they are released. Unfortunately, this updater prompts users when they first run WinZip even if they don’t have administrative access to their machine (I think the guy from WinZip and the guy from Adobe must know each other). Here’s the dialog that users see when they first run WinZip, not ideal in a corporate environment:Last week Citrix released a hotfix for the Access Gateway 4.5. This hotfix fixes a number of issues, two of which are very interesting to me:Link: Update for Publishing Exchange Server 2007 for ISA Server 2006Microsoft have released an update for ISA Server 2006 to support publishing Exchange Server 2007. You will also need to install this patch on any machines running the ISA Server 2006 management console:Link: Using ISA Server to Extend Server and Domain Isolation InteroperabilityMicrosoft have posted a whitepaper on utilising ISA Server as an IPSec gateway/proxy in a domain or server isolation environment to extend IPSSec protecttion to machines that do not support IPSec. This essentially involves ISA Server terminating the IPSec connection and passing traffic into a NAT’d network. It’s a 23 page document and applies to both ISA Server 2004 and 2006:Disable Adobe Updater with Adobe Customization Wizard 8Adobe have released the Adobe Customization Wizard 8 to provide a method for customising the deployment of version 8 of the Acrobat products. This tool allows you to disable all of the most useless features included in the new release including Digital Editions, Adobe Online Services and even Adobe Updater 5. This means that you can get rid of the Updater5 folder that keeps appearing in your Documents folder.The Short NAP: Friday 5th Janurary 2007Microsoft have posted some updated NAP documents on microsoft.com/downloads today:We all know that Windows is not case sensitive when it comes to the command line. Someone forgot to tell DELPROF though - you can use DELPROF in a script to automatically and silently delete user profiles. However it seems that you need to run the command in lower case, if you use upper case it just ignores the silent switch completely and prompts you to delete profiles. Check it out in this screenshot - What The?:Windows PE 2.0 and VMware WorkstationI’m working on a Presentation Server deployment project at the moment, and am deploying the servers with Windows PE 2.0 via Windows Deployment Services (WDS). I need to launch Windows Setup via WINNT32.EXE because the servers have two RAID sets and the client wants the user profiles on the second disk set. So before deploying the unattended setup to hardware, I’m testing the deployment in VMware Workstation. Unfortunately Windows PE 2.0 does not recognise the VMware network card out of the box, so I’ve had to create a custom WinPE image with the drivers in it. This is the first time I’ve done this with Windows PE 2.0 so there was a little trial and error. Here are the steps I completed to create my custom image:Link: Introduction to Server #038; Domain Isolation with WindowsMicrosoft has posted what appears to be an updated document (version 1.1) from August 2005, Introduction to Server and Domain Isolation with Microsoft Windows. Server and Domain Isolation using IPSec is a great method for creating isolated networks to protect those networks from unwanted traffic. Domain isolation solves the problem where access to domain resources should only be from domain member computers. If you are considering implementing NAP with Windows Server “Longhorn”, you should be planning your domain isolation strategies now.Did you know that WinZip have an MSI installer available for WinZip 10.0 and 11.0? Neither did I until I was reading through their FAQ pages today. What I don’t get though is it’s not the default download you get for the product, you have to go looking for it on this FAQ page: Download WinZip with 64-bit Shell Extension Support. I’d like to welcome WinZip to the 21st century - Windows Installer’s only been around since 1999..Web Interface for Resource Manager 2.1 AvailableJason Conger has released Web Interface for Resource Manager 2.1. This couldn’t be more timely for me as I’m in the middle of a Presentation Server 4.0 implementation using Oracle 10g to host the data store and Resource Manager databases. Here’s what’s new in this release:World of Network Access Protection Chat Transcript AvailableThe November 13, World of NAP chat transcript is finally available on the TechNet site. Unfortunately I’m usually asleep when these chats and webcasts are live, so I missed out on taking part, but here are some highlight questions from the chat (edited slightly for readability):Access Gateway vs. Secure Gateway Part 2: It s In The DetailsIn part 1 I discussed how I believe that proving identity should be your most important consideration when deciding to implement the Citrix Access Gateway or Secure Gateway for remote access. In this second part I want to discuss some of the features of both the Access Gateway (CAG) and the Secure Gateway (CSG) and how they compare.For an Adobe Reader 9 version of this post, go here. For an Adobe Reader 8.x version of this post, go here.Publishing Outlook Web Access on an Alternate PortWe recently had client with a requirement to provide Outlook Web Access and Exchange over the Internet/Outlook Anywhere (RPC over HTTPS) access using a single IP address on ISA Server. The problem with making both of these services available on a single IP address is that both utilise HTTPS which by default is TCP 443. RPC over HTTPS with Outlook can’t use an alternate port - if you attempt to specify and alternate port Outlook UI you receive the following error:Swivel PINsafe and Citrix Access Gateway Installation NotesThe good guys over at Swivel have let me post a document that Graham Field (from Swivel) has created for integrating Swivel PINsafe into Access Gateway Advanced Edition 4.5. The document covers everything you’ll need to get PINsafe authentication working with Advanced Access Control, including setting up Turing or Single Channel authentication (use to stop bots not humans). You get a copy of the document in Word format here and the LOGIN.ASCX with the code for setting up the Turing authentication here.Microsoft have posted the Windows Vista Product Guide on their Downloads Centre. At 61Mb and 316 pages this document is huge, but it’s go some great detail about what Windows Vista is all about. If you’re one of those people who thinks that Windows Vista is Windows XP Service Pack 3, then this document is for you, if you’re not, then this document is still for you too. This is the document to give to your sales team (you may have to read it to them - could take a while and you might need a little bell handy to let them know when to turn the page..). Here’s a break down of what the document covers:I think that the attachment preview feature (see number 10) of Outlook 2007 is one of its best new features, however I’ve noticed that Outlook can’t preview calendar appointments sent as an attachment. So essentially, Outlook can’t preview it’s own files, do’h! Check out the screenshot:Windows XP, Internet Explorer 7 and SharePointInternally we have deployed SharePoint Portal Server 2003 as our intranet. To ensure that the Citrix Web Interface for SharePoint (WISP) web part works correctly, we need to ensure that there is only authenticated access to SharePoint (WISP fails if anonymous access is enabled). What I have found on Windows XP machines that have been upgraded to IE7, is that users are prompted for authentication when accessing SharePoint (IE presents the standard Windows authentication dialog) instead of the browser passing authentication through to IIS as it should. Hotfix 5 for Advanced Access Control 4.2Hotfix 5 (AAC420W005) is available for Advanced Access Control 4.2. The fix list is quite large - 50 fixes are listed in the readme file. One of the most important updates that you will need to be aware of, are changes to the Endpoint Analysis scans. This means that scans that you have installed into AAC will require updating to work with the new hotfix. From the Citrix readme:Daemon Tools: You must reboot after a previous operationDaemon Tools was giving me some grief after upgrading to Windows Vista RTM and I had to update to version 4.08 which includes an updated SPTD driver for the virtual CDROM drive. When running the 4.08 installer for the first time, I had to uninstall the old version and reboot. After the reboot, I ran the installer again and the following error message would be displayed: “You must reboot after a previous operation”Step By Step Guide: Demonstrate 802.1X NAP Enforcement in a Test LabNo, I haven’t written a step by step guide, but Microsoft has and they have released a document detailing 802.1X NAP enforcement for demonstration purposes. This is a very detailed resource that will require some time and effort to setup, but if you are interested in NAP and 801.2X then this document is for you. Here’s a view of the test lab configuration to give you an idea of what’s involved:We are testing a private hotfix from Citrix that addresses a HTTP Error 500 on the Access Gateway Advanced Edition 4.2. You may have seen this error in your Access Gateway implementations where access to a Logon Point on the Access Gateway produces the error and a reboot of the appliance temporarily fixes the issue. The hotfix brings the Access Gateway version to Access Gateway 4.2.3 Build 81.31; Build Date: 2006-11-03. I’m unsure if this hotfix is generally available, but if you are experiencing the issue give the good looking guys at Citrix Support a call to obtain a copy of the fix, or wait until a general hotfix is available from the Citrix support web site.Forefront Client Security Beta AvailableMicrosoft has made available a general beta for the Forefront Client Security product. Here’s a quote from the download to give you an idea of what Client Security is about:The Short NAP: November 14th 2006Here’s a quick list of interesting NAP and Domain/Server Isolation related links for November:ISA Server 2006 and LDAP AuthenticationISAServer.org has an excellent four part tutorial on using LDAP to pre-authenticate Outlook Web Access. You can find them here:I’ve been checking out the excellent UltraMon on Windows Vista, which provides some cool hacks for multiple displays under Windows. One of the excellent hacks is the ability to assign a hotkey that moves an application between screens - when you hit the hotkey the application or window appears on the next screen, very handy. However, this appears to work on the Start Menu too. I’m not sure if this happens on Windows XP but here’s what you get with the Start Menu open and then hit the hotkey:Access Gateway vs. Secure Gateway Part 1: A Case of Mistaken IdentityBefore I go into what I actually want to talk about, here’s a high level overview of the differences (and similarities) between the Access Gateway and Secure Gateway:Better Together: Networking Scenarios with Vista and Longhorn ServerIan Hameroff has put together a great webcast on the networking features of Windows Vista and Longhorn Server, and as you might expect from the title, how they work when the Longhorn client and server versions are teamed together. The webcast includes an overview of Network Access Protection and Windows Firewall with Advanced Security as well as Server and Domain Isolation and IPSec. The whole webcast is worth watching, however if you’re only interested in NAP and the Windows Firewall skip to about the 19 minute mark.Access Gateway 4.5 / Access Gateway Advanced 4.5 ReleasedAccording to Sam Johnston, Access Gateway and Access Gateway Advanced Edition (Access Gateway with Advanced Access Control) 4.5 have been released as of last Friday 13th October. Check out Sam's post for an excellent description of what to expect of the new version.Access Gateway Hangs When Changes Made to AAC Logon PointCitrix have a private hotfix to address issues with the Access Gateway 4.2.3 experiencing a hang when changes are made to a Logon Point in Advanced Access Control. If you are experiencing the issue, give the good looking guys at Citrix Support a call. You will have to give them information about your setup and they should be able to give you the hotfix to test out. If you are experiencing the issue, why not share your experiences over at the Brian Madden forums.Three months before Jay Tomlin started blogging and well before Citrite.org and CitrixCommunity.com popped up, Citrix France has been podcasting and blogging over at http://podcast.citrix.fr. It appears to be very much a marketing exercise rather than employees blogging about Citrix technologies and their experiences, but it’s interesting none the less. If you are like me and your French is limited to “Parlez-vous anglais?” you can view a Google translated version here.If you are looking to integrate the Swivel PINsafe one time password (OTP) authentication system into Advanced Access Control 4.2 you’ll find that it’s not going to work out of the box. You will see the following authentication packet sequence once you have configured PINsafe as a RADIUS profile within AAC and attempt to authenticate:Windows Vista 101: Multiple Local Group PolicyHere’s an interesting new feature of Windows Vista that will be a help to shared computing environments such as public libraries or those still inflicted with Windows NT 4.0 domains - Multiple Local Group Policy.Network Access Protection TechNet ForumIn case you weren’t aware, Microsoft have a web forum for support and discussion around NAP. It’s a little sparse at the moment with only 13 topics but once Longhorn Server is released this forum should become more widely used.Jeff Sigman, the NAP Release Manager at Microsoft, has posted a link to a webcast he did recently for MVPs, which is now available for general viewing. This is quite a long webcast (1h 40m) but it goes into detail about NAP and demonstrates using DHCP or IPSec as an enforcement tool for NAP. It’s well worth checking out if you have the time, but if you don’t, here’s my (really) rough notes to give you an overview of the content:Strengthening OWA Authentication with ISA 2006 and RSA SecurIDNow that Microsoft have released ISA Server 2006, we have more authentication options available to us. This includes the ability to add two-factor authentication solutions to the existing forms based authentication, traditionally used to authentication against Active Directory only. I have a previous post on how to protect Outlook Web Access with RSA SecurID, which discusses using the RSA Web Agent with IIS and RSA SecurID authentication with ISA Server 2004, however both of those options are a little clunky. Now with ISA Server 2006, we have a more elegant solution that allows us to integrate RSA SecurID directly into the forms authentication method. Assuming ISA Server is a domain member, here’s how to do it.How To: Add Office 2007 HTML Rendering Support in AACWith the release of Office 2007 not that far away, the new Open XML file formats should be starting to make an appearance in enterprises. By installing the Microsoft Office applications on your Advanced Access Control server you can provide HTML rendering of Word, Excel and PowerPoint documents to your users (You can also provide access to Visio documents too, but I won’t cover that here). At this stage, this will only cover the current .DOC, .XLS and .PPT file types. By installing the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats you can provide users with access to the new .DOCX, .XLSX and .PPTX. This is a simple process, here’s how to do it:I upgraded our firewall a couple of days ago from ISA Server 2004 to ISA Server 2006, which went fairly smoothly with the actual setup routine only taking about 5 minutes to complete. However, after the upgrade there were a couple of items required some configuration changes:0xc0040357: The Server referenced by Array SERVERNAME does not existJust in the process of upgrading our firewall from ISA Server 2004 to ISA Server 2006. Before I did this, though, I wanted to grab an export of my current config. However toward the end of the export, the management console would report this error:Here’s a couple of nifty tips for Windows Vista that I’ve learnt this week and wanted to share:The Short NAP: September 25th 2006Here’s a quick list of interesting NAP and Domain/Server Isolation related links from Microsoft for September:Windows Vista and Font InconsistencyI’m not alone in my frustration with Windows Vista (or Windows XP) and the inconsistency in font usage. Fonts are definitely in your face and consistent font usage helps the user distinguish between a UI element and content. David Vronay, Research Manager for Windows User Experience Compliance, has posted a response to a thread that I started on font inconsistency at shell: revealed. Here’s what he had to say on the topic:I’m sure the use of adding .ICA files to web servers to launch published applications from Presentation Server doesn’t happen as often as it used to, but it’s still useful for adding a link to an application on an intranet site. After adding a .ICA file to IIS6, however, users may receive a file not found error:Having issues getting Word 2007 to register your blog provider? You may receive the following error message when attempting to add a blog account to Word:Access Gateway Traffic Flow DiagramI’ve put together a diagram detailing the flow of IP traffic between the different components of an Access Gateway with Advanced Access Control implementation. This is designed to give everyone involved in implementation of the Access Gateway an understanding of each component and the communication required between each host. This diagram details these components:Windows Vista 101: How to leave UAC onThis one is in reply to Long’s post, but to be fair I know he’s all for UAC. Windows Vista finally introduces some real security improvements to the Windows operating system that have been long overdue. The product is still in beta, however people are already up in arms about how ‘intrusive’ UAC is. Why is it that Linux and MacOS users understand why it’s not a good idea to run with administrative privileges and Windows users don’t? *Cisco and Microsoft Unveil Joint Architecture for NAC-NAP InteroperabilityMicrosoft and Cisco annouced some time ago that they were working on NAP and NAC interoperability. They’ve demonstrated this recently at the Security Standard conference in Boston (all the cool stuff seems to happen in Boston). You can view the Microsoft PressPass update here and the Cisco press release here (they’re the same thing, no need to read both). Cisco and Microsoft have cross-licensed their protocols to make this interoperability work. You can view a white-paper on this architecture here:Turning Off AutoComplete on a Logon PointI went looking for this last week and just couldn’t find it. Well Sam Johnston has let us know how it’s done. If you want to stop the browser from offering to save your username and password when logging into the Access Gateway, follow these steps on your Advanced Access Control servers:Laptop Battery Life Reaches 76 hours and 56 minutesCheck out the battery life on my IBM ThinkPad T41p. There’s way too much FUD out there about Windows Vista shortening battery life, this is almost two working weeks from a single charge..Download: Protecting a Network from Unmanaged ClientsI promise this won’t become yet another blog just reposting links to other sites (more original posts to come), but here a link to a new document on the Microsoft Download site that’s worth mentioning. This document goes into the various methods that can be used to protect your network from unmanaged clients. This includes:Ah, the things you find when you’re looking for something else. I was extracting some icons from Window Vista with the excellent Axialis IconWorkshop and stumbled across MSSVP.DLL in the SYSTEM32 folder. It looks to be a part of Windows Seach. Well, this file has a number of Outlook icons in it and I don’t even have Office 2007 installed on that particular installation of Vista. What a strange behemoth Microsoft is. Here’s a look at the file properties and icons contained within:Access Gateway and Certificate Revocation ListsCitrite Sam Johnston has posted about Certificate Revocation List retrieval by the Access Gateway. I’ve not had this issue myself, but I’ll have to keep an eye out for it.Citrix (other than Jay Tomlin) have finally got their act together and started blogging. You can view the blogs at http://citrite.org/blogs/.Customising Logon points in Advanced Access Control is a fairly easy process. Customisation allows you to add a corporate look and feel to the user interface. However, removing and redeploying the Logon Point will remove all customisations - the Logon Point is just a bunch of HTML and graphic files. Here’s how to customise the source files so that redeployed and new Logon Points will already have your customisations.Access Gateway CITRIX_ADMIN_MONITOR.EXE and Proxy ServersIf you run CITRIX_ADMIN_MONITOR.EXE and after you enter the username and password the Access Gateway does not display, this could be related to proxy settings in Internet Explorer. Even adding the address of the Access Gateway to the proxy bypass list does not solve the issue. Disable proxy settings in Internet Explorer and the Access Gateway desktop displays immediately. In our case we have ISA Server 2004 as our firewall. ISA Server does not allow protocols other than HTTP to be tunnelled over SSL by default and if you check the log files you will see the connection being denied. So the solution here is to either, disable proxy settings when using CITRIX_ADMIN_MONITOR or enable port 9001 to be tunnelled over SSL.Download: System Center Configuration Manager (SMS) Network Access Protection Process FlowSystem Center Configuration Manager (SMS4) will be able to act as a remediation server in a NAP environment, which we would expect of course. Given that, with 3rd party agents, SMS can support operating systems other than Windows, all you need is a NAP system health agent (SHA) for your OS of choice and you can support that OS in your NAP/SMS environment.Access Gateway Advanced Edition Session ViewerAdvanced Access Control 4.5 includes a session viewer to enable the administrator to view logged in sessions, either directly to Advanced Access Control or view the Acces Gateway (existing versions require you to connect to the Access Gateway desktop to view sessions). Click the link for a full view, note the copy button, this allows you to copy the details of the session to the clipboard.Scheduling Reboots for the Access GatewayMartijn Kools has very kindly let me repost his instructions for enabling SSH on the Access Gateway and scheduling a reboot. WARNING: This is a totally unsupported method for enabling SSH. Be sure to have a backup of the config of the AG and access to the Access Gatway CD to be able to perform a reinstall if required.Esker Tun PLUS Requires Administrative AccessToday’s entrant into the Hall of Shame is Esker Tun PLUS which can be used to provide an ActiveX based terminal emulator via the web. This product downloads no less than 11 ActiveX controls and then wants the user to run an application named TRUST.EXE from a page that has the following text:The Ten Commandments of Exchange ServerAfter performing two Exchange disaster recoveries in as many months, I’ve come up with a list of Fifteen Ten Commandments for Exchange ServerTAGS:Principal Professional Workplace
<<< Thank you for your visit >>>
Aaron Parker, Citrix Technology Professional & Principal Modern Workplace Architect @Insentra, on End User Computing and Enterprise MobilityWebsites to related : 宝马在线娱乐线路网址_首页(欢迎您
天津宝马在线娱乐线路网址是专业从事精细化学品研究、开发和生产的高新技术企业,总部下辖天津市亚东化工有限公司、内蒙古新亚化工有限公司、内蒙古乌海亚东精细化
NOWAX stal zbrojeniowa Stal zbAlienum phaedrum torquatos nec eu, vis detraxit periculis ex, nihil expetendis in mei. Mei an pericula euripidis, hinc partem ei est. Eos ei nisl grae
dive site directory - scuba dividive site directory - scuba diving information and diving reviews on dive sites and countries all over the world including the Caribbean, Canary islan
North Suburban Eye Specialists |North Suburban Eye Specialists is now open for all services, including elective and cosmetic procedures and treatments. Please call our office at (763
National Center for InterprofessError messageThis browser is not supported. Please upgrade or use a standard-compliant browser. About Us The National Center is charged to provide the
"Be Gentle With The Earth"-The M"Be Gentle With The Earth"-The Monterey Bay Conservancy Home Page-Sustainable and Environmentally Responsible Water Policy For Monterey Bay, Santa Cru
Welcome to Santa Cruz | Santa Crthe nature-worshiping, fun-loving adventurer’s guide The Costume-Wearing Crabs of Monterey Bay The Costume-Wearing Crabs of Monterey Bay New resea
Home - Actionable.coIs Actionable right for you?Facilitators and boutique consultancies leverage the power of behavior science to scale their impact. See how Actionable c
Pets Parasites: The Pet Owner'sDid you know? Sign up for monthly email updates on parasite activity in your hometown. Learn More Myth Buster! In this video, Dr Susan Little debunks
Credit Risk Management AssessmeGovernment Draw clear, actionable insights to achieve your agency’s mission by leveraging LexisNexis data, identity intelligence and linking technolo
adsHot Websites