Monthly Archives: March 2012

Enabling Remote Desktop access to a Windows Server 8 Core machine.

2 Comments

So when you install Server 8 Core by default, Powershell Remoting is configured and a firewall rule is enabled to allow communication, But what if you still need RDP access?

Here’s a quick script that will enable RDP access to Server 8 Core and configure the firewall appropriately.

You can run this from a powershell remoting session, or via the console:

 
[sourcecode language=”powershell”]

(Get-WmiObject win32_TerminalServiceSetting -Namespace rootcimv2TerminalServices).SetAllowTSConnections(1)

import-module netsecurity -ea stop ; Get-NetFirewallRule | ? {$_.displayname -like "remote desktop*"} | Set-NetFirewallRule -enabled true
[/sourcecode]

Changing the default shell of Windows Server 8 Core

5 Comments

I have to admit, I’m a bit torn with Windows 8 in general. I’m absolutely in love with Windows Server 8’s new Powershell functions and management console, but despise the lack of a start menu. Luckily Powershell has gotten so powerful in Server 8, I hope to not spend much time in the Gui.

Back on topic: By default when you install Windows Server 8 Core and log into the console, you get presented with a CMD prompt… Weird eh?

Now most administrators will simply type powershell and perform their tasks, but I personally feel this is the wrong way around. Powershell should launch first, and if cmd is really needed you could call it inside of powershell!

Being the pedantic individual that I am, I set about changing Server Core to auto-load powershell on login. This was quite an easy task and I’ve documented it below for other users to follow if they wish:

The shell in Windows Server 8 is configured under the following key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonAlternateShellsAvailableShells

Under this key, on Server 8 Core, you will see the following entry:

And that’s where our CMD is coming from! This is another one of these blasted TrustedInstaller Keys. So if you want to change it, you’ll need to take owership of the key, then assign full control to your user account.

So the first thing I did was create a value lower than 30000 and assign it to powershell, but this didnt work.

Unusually here the weighting system is highest wins, rather than lowest which is a little counter intuitive, but I digress.

I added a new key 90000 (i’ll explain this later) and entered the path to powershell as below:

Now Once I restarted, Powershell is the automatic shell of choice:

Bonus 1: Why 90000?

Well if you look at a Server 8 Gui server, you’ll notice that Explorer.exe wins the selection by being 60000:

So I added another 30000 and bob’s your uncle.

If you asked yourself, “hmmm, could i also do this on windows server 8 where the gui is installed?the answer is yes.

And if you asked yourself  “hmmm, could I also do this on Windows 8?the answer is no.

And if you also asked yourself “hmmm, could i assign these in a users key instead of local machine?the answer is no.

Citrix XenApp Mobility pack & RES Workspace Manager, lets fix those issues!

Leave a reply

Late last year Citrix announced the availability of the XenApp 6.5 mobility pack. This mobility pack allows more native gestures to tablet users within their desktop session. Having testing it first hand, its really, really cool, but has a few issues to be aware of.

Firstly, it tends to enumerate hidden drives like c: or whichever drives you hide with Group policy, Kees Baggerman blogged about this issue a number of weeks ago:





and to confirm, there is definitely a private hotfix available for this. My own call reference with Citrix was SR60726532 if you wish to log a call yourself and receive the hotfix, you can quote this number.

The hotfix itself is just a binary replacement for the touchoptimizedDesktop.exe file in c:program files (x86)citrixsystem32.

Secondly, the Mobility pack’s start menu will enumerate both the local start menu and the users controlled start menu via RES Workspace Manager.


*red applications shouldn’t be visible



This presents a show stopper as the user is able to launch local applications they are not assigned without the security rules assigned. I logged this with both Citrix and RES. Citrix politely told me to PFO and RES agreed to log a feature request to add support.

If like me, you’d prefer a workaround while RES work their magic, Follow the below steps:

modify the permissions to the default start menu (c:programdatamicrosoftwindowsstart menu):





Modify the ACL’s on the Programs folder as follows, ensuring to remove the users group and everyone group from the acl:




After doing so, the users start menu inside of the Mobility pack, should be correctly populated:




And that should be it, your fondleslab users should now be able to experience the XenApp mobility pack in all its glory!

ThinKiosk 2.0 Beta Available:

4 Comments

It’s ready!

I’ve uploaded a copy of ThinKiosk 2.0 for you to start testing, Its available on the downloads page. A full list of new features can be found in my previous preview blog.

When you start testing, again use a new OU and Group Policy Object, I’ve changed it again (last time, Promise!)

A few quick Points:

  • Find a bug?
  • Want a new feature?
  • Want some help?

Drop me an email  on Andrew(at)andrewmorgan.ie or leave a comment below and we’ll have a quick chat.

Want to help translate ThinKiosk?

Drop me an email on  Andrew(at)andrewmorgan.ie to let me know you’re awesome and want to help, then download a copy of the language file from the downloads page. All translators will be forever immortalised on the Credits page.

Don’t worry if you’re language isn’t already in the worksheet, add an additional column and fire away.

Note: Please don’t reorder the tabs or sorting.

Want to help further development of ThinKiosk?

If you have access to any of the following environments, I’d be very interested in talking to you about doing some testing.

  • Web access portal to Windows Remote Desktop services.
  • a MEDV environment.
  • a web portal to a VMware View environment.

If you have another web based access to an SBC or VDI environment I’m also happy to test also.

And, of course, any such testing will also result in aforementioned immortality.

Want to give back?

I have a donate button over there —->

:)

ThinKiosk 2.0 Beta Preview

4 Comments

It’s been a busy couple of weeks for me, my mailbox has been flooded, the feedback and functionality idea’s for ThinKiosk’s next release have been flying in. While most of my Irish bretherin were out celebrating the ousting of snakes from our fair Isle this week, I stayed behind and broke the back of the next release.

Version 2.0 is a complete rework of the code as I adopted some standards, a big thank you again to Pierre Marmignon for taking the time to point me in the right direction!

With that out of the way, I’m delighted to announce the functionality to be included in version 2.0!

ThinKiosk 2.0 Layout:






Without further ado, lets get to the goodies:


Customisable title:



The title for ThinKiosk can now to updated to include your corporate slogan, company name or consulting company, whatever you like.

A simple registry key entry will allow you to change this title to deliver a once off, professional solution to your customer or users.


Random: Current CCIA’s will probably shudder at that title, I still do.

Site Selection:



If you wish to present a list of websites to which the user can login to, ThinKiosk will now cater for this with a simple selection box at the bottom of the screen. You can optionally populate this list (or not, its up to you) with up to five websites.

The label’s and url’s are configurable via registry or group policy putting you in full control of the appearance.

Home Button:



A quick and easy home button has been added to allow access gateway users to log in after timeout without having to reload their browser. Simple but effective.

Custom Tools:



A frequent request I received was to allow the users access to certain commands from the Kiosk, these requests ranged from TeamViewer, to Remote Desktop, to printers, to EWF access to Installing windows updates and I was beginning to worry things might get out of control if I attempted to integrate them all… So I didn’t!

With the custom tools menu, you can populate up to five commands you wish to allow your users access to. The command line and label’s for each command are fully customisable so you can do what you wish with them.

Local Printer Management:



So one of the coolest, yet understated features in the Citrix receiver is the printing channel right?  Single driver for all, compressed and quick printing popping out on your local machine? Awesome Right?

Yeah, feedback dictated that thought too so I set about integrating the local windows printing control panel items into ThinKiosk. But, alas I hit a fairly big stumbling block, calling the printers display window was also calling explorer.exe… which pretty much circumvents all of ThinKiosk’s advantages.

Undeterred, I decided to write my own Printer control menu!




From this menu, you can:

  • Add a printer (this can be restricted)
  • Open a printers queue to dispatch stuck jobs
  • Open and configure printers properties
  • set your default printer
It’s still an unpolished diamond visually, but it works well. I’ll pretty it up once the testing has been completed.


Power Management:


With ThinKiosk 2.0 I really wanted to add more benefits and this feature is one I’m really proud of. ThinKiosk now has power saving options as follows to power off your Kiosk Pc’s when they are not in use, saving you money!


Power Down at a certain time:


If you would like to power your machines off at night, but not disturb active users. I have you covered!
You can instruct ThinKiosk to power down at a certain time each evening and when that time is reached the user is notified:
This shutdown can be suppressed by the user within five minutes of it triggering, and once suppressed the user will not be notified again for that day.


Power down when not in use:


If you would like to power down your pc’s after a period of inactivity, I’ve also got you covered!
You can configure an idle time via registry or policy and if the pc / kiosk is idle for longer than this It will warn the user of the inpending shutdown. This can also be cancelled and suppressed as above.


Offline Configuration tool:


When configuring ThinKiosk outside of a domain or setting up ThinKiosk for a test, it was a bit cumbersome to configure the registry keys each time. For this reason I’ve put together an offline configuration tool to speed up the process in an offline situation or in a quick proof of concept:


One last thing?

ThinKiosk will, always, remain free to use!

I will also be introducing a support & maintenance option for companies who would like SLA based support, customisations and notified software updates. But this will never affect the happy free users.


How can i get a copy of the beta?


I’ll be releasing the beta later this week so follow me on twitter (@andyjmorgan) for updates.  If you would prefer me to send you a copy when its ready, Drop me an email on Andrew (at) andrewmorgan.ie.