Archive

Archive for the ‘Administration’ Category

XenDesktop Iconizer, a new tool for XenDesktop icons.

September 26, 2013 1 comment

Recently I read a post from XD Tipster on how to convert Png files into icons and use them for XenDesktop and Storefront… A very interesting piece, but a bit convoluted and long winded for my liking. I didn’t like the idea of the two website hops to get this information into XenDesktop format… So I decided to write two utilities:

icons

 

Iconizer:

 

iconizer

 

Iconizer Converts png files (with transparency supported) to an Ico file format , then in turn converts it To a Base 64 String.

You can send the data to the clipboard or import directly into XenDesktop if you have the powershell tools available.

 

added

 

It’s very simple, I wont bore you with the details, just convert and import. then map with powershell:

 

seticon

 

Reverse Iconizer:

 

reverseiconizer

 

I’m sure you can guess, takes the massive string of information stored in base64 and gives you a visual representation.

An example command line of how to do this is below:

 

poshtoclipreverse

 

Hey wait?

 

Why didn’t you integrate both of these?

Well it seems .net and Powershell have a limit on the data (string length) it can pull out of the pipeline. The default Citrix icon is close to 20,000 characters and results in you being unable to pull this data from powershell directly to .net. WIth great help from http://www.jonathanmedd.net/  we found that, yep the console does seem to have a roughly 8k char limit… Sure I could parse it to a file or the clipboard, but that was messy and frankly, I really couldn’t be arsed.

If you are up to the challenge I’ve got the source code for forward and reverse of the icon data below. I’ve also got a half assed attempt at creating a list… So fill your boots and take up the challenge if you wish.

 

Download:

 

As with most of my utilities the download links and source code are below, and a few icons to get you going:

System-Windows-icon Windows8

Download utilities.

Download Source Code.

Categories: Tools, XenDesktop Tags: , ,

Update to AppV launcher for Version 5

Just a quick note to say I’ve updated the AppV launcher tool to support Appv 5.

appv5

 

The app-V launcher tool is a self contained executable which lists your installed App-V packages and allows you to launch an executable in that virtual applications environment. This is particularly useful if you or your admins / users are not PowerShell friendly or you would prefer to not publish PowerShell scripts as programs.

You can get a copy of the latest version and/or it’s source code over here.

As an added benefit I’ve included source code for running PowerShell commands in .Net, so if you are interested in trying to do so grab the source code!

Introducing Wake On Lan manager

checklist_2_128x128x32Here’s a little tool I’ve been using in my home lab in anger for a few months and decided somebody else might get some use out of it.

2013-07-30 08_52_00-home.thinscale.net_3389 - Remote Desktop Connection

Wake on Lan manager is the latest tool I’ve written for managing your home lab environment for power saving. With Wake on Lan manager you can add a list of hosts or pc’s sitting at home behind a firewall and wake them up on demand. In my setup I leave one machine running in my lab at home every day and when I need to spin up the hypervisors I can simply right click and wake the computer up on demand:

2013-07-30 08_51_18-home.thinscale.net_3389 - Remote Desktop Connection

Wake on Lan will check the status of the machine via DNS and ping to check when the machine comes up at which time you can choose to RDP or SSH directly to the device.

How it works:

In order for Wake on lan manager to work correctly, you should register the correct DNS name and IP address in your lab for the hypervisors. The target machines must also support Magic Packet aka Wake on Lan.

Putty Support:

In order to get putty working, install wake on lan manager and browse down to the installation folder, find the wolmanager.exe.config and add the putty path as follows:

2013-07-30 08_58_39-home.thinscale.net_3389 - Remote Desktop Connection

Download link:

Download.

Requirements:

.Net Framework 4 client profile.

Another handy little tool, Move On Boot.

February 4, 2013 2 comments

red_copyUpon receiving a new dll from a support provider recently, I could not replace the existing file, as the file was in use by the system. A restart to safemode also wielded the same result. Dang!

I wanted to use the PendingFileRenameOperations registry key to instruct windows to copy a file during the boot process.

The issue with this key and behavior is that in order to tell windows to delete a file, the next line to the source file must be blank… if you manually try to add a blank line to regedit you receive the following error!

error

I needed an application to move a file during the boot process of windows before the service or handle held the file I wanted to replace open. I decided to write a new tool called MoveOnBoot.exe.

MoveOnBoot leverages the PendingFileRenameOperations registry key and the MoveFileEx Api to move the file on boot simply and easily.

Move on boot does the following:

  1. Adds the copy jobs to the PendingFileRename key you specify.
  2. Copies the new file into the target directory with an  _newer file extension.
  3. Optional: instructs windows to copy the current file to a _old extension
  4. instructs windows to replace the target file with the _Newer file.

 

How to use it:

Simply select the source and destination files as below:

UI

Optionally choose to backup the target file during the operation with the check box above.

Once you have added all the files you need to replace, you can check the queue by going to file > view pending operations:

results

And that’s it! restart the device and let windows do the hard work.

Optionally, if you chose to backup the file as part of the operation, you will find an _old file in the target directory as below:

after reboot

 

Download:

Stand alone Binary.

Source code.

Support information:

  • Requires Administrator privileges.
  • Requires .net framework 2.0 or greater.

 

Using powershell as a replacement for the Change Logon command in Remote Desktop Services.

August 9, 2012 8 comments

Still on my PowerShell buzz for the week, this is post 2 of 3 on some Remote Desktop Services / XenApp Powershell goodness!

This is one I’ve been meaning to post for quite some time, but other things got in the way. Mainly me forgetting how to use most of the powershell native methods due to having my head stuck in .net the last few weeks… Moving on…

While trying to find a method to check the status of logon’s to a Remote Desktop server via PowerShell, I didn’t have much luck. Either people are string scraping the output of the command using select-string or going to the registry and checking the raw Value with get-itemproperty. I wasn’t happy with either approach so I dug down into WMI and found the following.

From what I’ve found, the settings for enable, disable and the two drain modes are stored under the namespace root\cimv2\terminalservices. Under the class Win32_terminalservicesetting.

There are two properties we are interested in here:

  • logons (0 = enabled, 1 = disabled*)
  • SessionBrokerDrainMode (0 = Disabled, 1 = DrainUntilRestart, 2 = Drain)

*why oh why 1 is disabled is beyond me, but I digress.

The order of priority is enabled / disabled first, before the drain options are referenced.

So what does this tell us? Well, a change logon /query is simply performing the following simple checks:

Change Logon /query

gwmi win32_terminalservicesetting -N "root\cimv2\terminalservices" | %{
    if ($_.logons -eq 1){
    "Disabled"}
    Else {
        switch ($_.sessionbrokerdrainmode)
        {
            0 {"Enabled"}
            1 {"DrainUntilRestart"}
            2 {"Drain"}
            default {"something's not right here!"}
        }
    }
}

Ok that’s great and all, we’ve now replicated change logon /enable, but how do we set these values?

Easy! Using the native PowerShell $_.put() method, we can push values back in.

Below you will find each “Change Logon” option in server 2008 R2 and the corresponding WMI property.

Change logon /Enable

$temp = (gwmi win32_terminalservicesetting -N "root\cimv2\terminalservices")
$temp.sessionbrokerdrainmode=0
$temp.logons=0
$temp.put()

Change Logon /Disable

$temp = (gwmi win32_terminalservicesetting -N "root\cimv2\terminalservices")
$temp.logons=1
$temp.put()

Change Logon /Drain

$temp = (gwmi win32_terminalservicesetting -N "root\cimv2\terminalservices")
$temp.sessionbrokerdrainmode=2
$temp.put()

Change Logon /DrainUntilRestart

$temp = (gwmi win32_terminalservicesetting -N "root\cimv2\terminalservices")
$temp.sessionbrokerdrainmode=1
$temp.put()

And that’s it! now if you want to wrap this up in a function be my guest, or if you would like me to do so just drop me a line.

Caffeine for Citrix Receiver!

July 24, 2012 14 comments

In this post I’m announcing a new little tool from my lab for managing power saving and screen saver settings while using the Citrix Receiver for windows. I’ve been using this tool for months, I love it and miss it when I use a workstation without this tool. I’ve also sent this out for feedback to a select few experts in the VDI market space and the feedback was very positive.

That being said, this tool will be welcomed by some (users) and hated by others (admins). I’m a bit torn about whether to publish it or not so if you want to add to the feedback drop me an email on andrew@andrewmorgan.ie.

A big thanks to Mike Stanley, Kees Baggerman, Simon Pettit & Dan Garcia for the feedback!

Caffeine will also be available in the next release of ThinKiosk.

The Mission statement:



Often when using the XenApp, XenDesktop or even Citrix VDI in a Box, double prompting for passwords from windows devices is both common and a pain in the backside.  When you’re local workstation locks out you need to re input your workstation password, then re input your password again in the remote session… irritating and unnecessary.

From a security perspective its necessary to configure a secure screensaver on their desktop in the datacenter to ensure any connecting device receives a password prompt when the user is idle a certain amount of time, but it can be a management nightmare to exclude users from receiving double password prompts from managed windows devices.

Removing the double password scenario:

This issue extends from desktops, to laptops and to thin clients too and it often bugged me how often I spent entering my password twice each day.





With Caffeine for receiver, you  install a lightweight application that runs in the system tray. This application automatically attaches to Receiver sessions (via the ICA Client Object) and sends a keep alive every minute to ensure the remote screen saver never kicks in. Leaving just the local secure screensaver to lock the users out.

This works really well from Enterprise devices with double screensavers or home devices that are secure by default. This also allows you to keep your secure screensaver policies on the datacenter side and work around them from managed devices.

Sleep settings:



As a father, I struggle to find alot of time to work while my son is awake. Often I’ll start working on something and get dragged away for hours only to return to my pc asleep and my remote session disconnected and logged off due to policies. This infuriates me and I disable sleep on most of my devices for this reason… Which is costing me a fortune in electricity!





Further to just screensaving, Caffeine can also be configured to stop computers from going to sleep while a remote session is active. This will keep your pc awake when you are running a remote session if you need to step away but allow it to sleep when you don’t have a remote session… Best of both worlds!

If you still wish to use power saving while on battery, this is still available as above.

Wasted resource?



Well if I’m sending a keep alive from my enterprise device this means the sessions will never reach enough of an idle timeout to satisfy idle timeout policies. Which from an admin perspective mean’s these sessions will never terminate unless the remote machine is restarted.

With Caffeine you can configure these idle time-outs for managed devices via the settings (above) or via GPO meaning you can mirror your idle time-out settings…and dare I say feel confident they’re work reliably for once!

But.. but.. but.. security!!! We can’t have users turning off their secure screensavers!



Well, yes. This is the conflict of interest here, users want it and the admins wont! In order to make Caffeine as secure as possible I’ve included the following options for enterprises:

Caffeine requires administrative permissions to install:

By default only administrators of their local machines will be able to install Caffeine.

Enterprise Kill Pill:

Caffeine has a “Kill Pill” built in, you can download the enterprise GPO to stop Caffeine from working on your devices.

Secure screensaver requirement:






By default caffeine will only work if a secure screensaver is present locally. If the user attempts to remove the screensaver after login, they will be alerted and Caffeine will no longer keep the sessions alive:







Advanced Access Control.



Using Advanced access control with access gateway you can target machines running caffeine and exclude them from using your citrix environment.

Availability:



The Caffeine for Citrix Receiver beta is now available for download.

Pre-Requisits:

  • .Net Framework 2.0
  • Citrix Receiver 3.2 and upwards.

Tested Platforms:

  • Windows 7 x64

 

Download:



Caffeine for Citrix Receiver

Group Policy Template











Adding Windows Media Player Codec’s to Windows Thin PC.

February 7, 2012 1 comment

By default when you install windows thin pc, you get access to windows media player without codec’s. If you are using Windows Thin PC for Citrix products these codecs are vital for correct HDX Mediastream redirection.Below you will find a few quick and dirty steps to include the necessary codec’s in your Windows Thin PC image:

 

Acquiring the Codec’s:

 

1: Head over to the microsoft download site and download the Windows Embedded Standard 7 Service Pack 1 Tookit (part’s 1 to 8)
2: Once fully downloaded, run the Standard 7 SP1 Toolkit.part01.exe and extract the contents to a folder (e.g. c:\toolkit)
3: Once fully extracted, browse to C:\toolkit\Standard 7 SP1 Toolkit\DS\Packages\FeaturePack (where the extract folder was c:\toolkit).
4: In this folder, you will find the codec’s stored in folders beginning with “x86~winemb-premiumcodecs


5: Make a new folder in your c: drive called codecs, and copy the contents of the above folders into this new folder. The folder should appear as below:

 

6: Once we have the codec’s we can now integrate them using two methods, we can add them to a current machine, or add them to an installer image. Both Method’s are included below:

 

Online Method:

 

1: From a Windows Thin PC, run the following command from an administrative command prompt:

Dism.exe /Online /Add-Package /PackagePath:C:\codecs /NoRestart

 

Integrating the Codec’s into an image:

 

1: Extract your ISO copy of the Windows Thin PC to c:\windows_thin_pc

2: create a new folder to mount the image to, called c:\mnt

3: Run the following command from an administrative command prompt:

Dism.exe /Mount-Wim /WimFile:C:\Windows_Thin_PC\sources\install.wim /index:1 /MountDir:c:\Mnt
Dism /Image:c:\Mnt /Add-Package /PackagePath:c:\codecs
Dism.exe /Unmount-Wim /MountDir:c:\Mnt /commit

4: Once this completes, add your image back to Microsoft WDS, or write it to a usb key or DVD.

 

Note: if the command prompt reports DISM.exe is unavailable, grab a copy of the Microsoft WAIK.

Follow

Get every new post delivered to your Inbox.

Join 2,587 other followers