Monthly Archives: February 2013

I need your help Server Based Computing / VDI Experts!

21 Comments

Hi Guys and Gals. I’m currently fighting the good fight with Microsoft support and require your help and backing in order to close down a long standing bug in the Windows Explorer Shell.

As you are all aware, hiding the c: drive and restricting access has been a utility we use frequently in shared computing and VDI environments. Restricting this functionality removes views of the shared drive from users and adds a layer of security and complexity* to ensure the users in question have access to only what they need in order to do their jobs day to day.

*I’m not looking to argue the merit of doing this either, it really depends on the business case or environment to dictate whether this option is set. I’m NOT saying it should be done in every case.

We all know it’s not fool proof, there are certain ways for users to circumvent this layer and I particularly don’t want to discuss them here to give potential devious users a landing page for idea’s!

The problem:

Prior to windows Vista, when you hide the c: drive and an application requests access to a c: drive folder, be it from an “open save dialog” or otherwise, Windows detects this event knows that the folder is restricted and merely redirects them to the desktop which they can see then browse to where they wish to open or save a document. This has worked fine to memory since windows server 2000.

But with the changes to Windows Vista’s windows explorer, repeating the above steps will result in the following annoying, unnecessary and interrupting error message “This operation has been cancelled due to.. bla bla blah”:

noname

This issue can be easily recreated, simply hide and restrict the c: drive, then click start > run > browse… bang.

The more annoying problem here, is after the error message, windows simply redirects back to visible folder. In most cases this is the documents library. So the error message is simply poping up then reverting to the functionality seen in previous operating systems.

So to review:

  • Issue introduced in Vista / 2008 and above.
  • error message displays.
  • Previous redirect functionality is still there and occurs after ok is pressed.

To Microsoft!

Being a pedantic individual, along with my colleague we brought this to Microsoft support and somehow lost months in the conversation as follows:

  1. Microsoft then redirected us to RES Software.
  2. Who (although very nice about it) sent us back to Microsoft.
  3. At which point I got involved.

Now with the correct audience and suitable severity, this problem has been identified as “introduced in Windows Vista” as an “Added Security feature“. How an annoying pop up box, masking previous functionality is a security feature is anyones guess, but it’s bloody annoying…

We have raised this as a bug and have requested Microsoft to fix it. The change in question was deemed as large change or substantial change due to WIndows explorer being used by all of the operating systems and basically told, without significant backing, this change wont be implemented.

Bureaucracy and broken policies, yes but that doesn’t help my customer.

Here’s where I need you:

In order to bolster this change and fix an issue in our beloved operating systems for Server Based Computing and VDI environments I need to hear from you and your customers to confirm they have had this issue, or currently face the issue and wish for a fix.

  • If you are a customer and suffer this issue, email me.
  • If you are a consultant and have customers with this issue, email me.
  • If you or your customer have enterprise support with Microsoft, I ESPECIALLY want to hear from you.

What’s in it for you?

Microsoft have provided us a work around, as a process that watches window messages and suppresses this dialog box when it occurs. If you get in touch, I’ll recompile this application with Microsofts permission and pass it on to you for use in your environment while we get “The Man” to fix it!

This fix is a bit of hack, as it’s scraping window messages but it’s light weight and scalable. Use this process for now and I’ll provide you with updates on a fix as and when I get them.

How do you contact me?

Please drop me and email on andrew{at}andrewmorgan{dot}ie with the following information:

  • Customer name:
  • Affected users:
  • Has enterprise support: (yes/no)

Once I have that information, I’ll send you back an executable via dropbox and keep you updated on the call process. This information is merely going to be fed straight to Microsoft with my personal guarantee of confidentiality. No funny business.

If you can’t share customer information, but have suffered this issue in the past, no problem! Please comment on this blog post the number of seats that were affected and roughly how many times you’ve seen it.

That’s it!

Thanks for entertaining my request for help and hopefully you too want to get this issue fixed as much as I.

Another handy little tool, Move On Boot.

2 Comments

red_copyUpon receiving a new dll from a support provider recently, I could not replace the existing file, as the file was in use by the system. A restart to safemode also wielded the same result. Dang!

I wanted to use the PendingFileRenameOperations registry key to instruct windows to copy a file during the boot process.

The issue with this key and behavior is that in order to tell windows to delete a file, the next line to the source file must be blank… if you manually try to add a blank line to regedit you receive the following error!

error

I needed an application to move a file during the boot process of windows before the service or handle held the file I wanted to replace open. I decided to write a new tool called MoveOnBoot.exe.

MoveOnBoot leverages the PendingFileRenameOperations registry key and the MoveFileEx Api to move the file on boot simply and easily.

Move on boot does the following:

  1. Adds the copy jobs to the PendingFileRename key you specify.
  2. Copies the new file into the target directory with an  _newer file extension.
  3. Optional: instructs windows to copy the current file to a _old extension
  4. instructs windows to replace the target file with the _Newer file.

 

How to use it:

Simply select the source and destination files as below:

UI

Optionally choose to backup the target file during the operation with the check box above.

Once you have added all the files you need to replace, you can check the queue by going to file > view pending operations:

results

And that’s it! restart the device and let windows do the hard work.

Optionally, if you chose to backup the file as part of the operation, you will find an _old file in the target directory as below:

after reboot

 

Download:

Stand alone Binary.

Source code.

Support information:

  • Requires Administrator privileges.
  • Requires .net framework 2.0 or greater.