Category Archives: Batch Scripting

Silently installing the Citrix Edgesight ActiveX plugin

Just a really quick blog post on how to silently install the reporting agent inside your environment.

Log into a server / client without the EdgeSight plugin installed, and browse to the edgesight website. Once logged in, you will receive the usual prompt to install the software:

Install the software and ensure it works, then fire up a command prompt and browse down to “c:windowsdownloaded program files”. Once in this folder, a DIR will reveal the ActiveX plugin “csmdbprov.dll”.

Now simply copy this file out to shared storage:

Once done, now its scripting time!

Below are two examples in batch (.bat , .cmd) or PowerShell (.ps1) for achieving this:

(please amend h:csmdbprov.dll to the path you use)


[sourcecode language=”text”]
copy h:csmdbprov.dll "c:windowsdownloaded program files"
regsvr32 /s "c:windowsdownloaded program files"


[sourcecode language=”powershell”]
if (test-path h:csmdbprov.dll){
copy-item H:csmdbprov.dll ‘C:WindowsDownloaded Program Files’ -Force
start-process regsvr32 -ArgumentList "/s ""C:WindowsDownloaded Program Filescsmdbprov.dll""" -wait

Removing Screen Resolution and Personalize shell extensions from a users desktop session.

While working in a XenApp 6 proof of concept I came accross this little feature and decided its time to share it!

When a user right clicks on the desktop, by default they get access to commands to manipulate the appearance of the desktop. As I restricted access to the control panel, the two options below were generating errors in the users sessions:

The error generated is your standard group policy restrictions error message as below:

While digging into this further I found the following registry key that corresponds to the two prompts we see above.


Under this key, you can see both entries that appear on the shell extension menu;

The problem with this key is, its owned by the TrustedInstaller account, and by default administrators cannot modify it. To modify this  key and hide this menu from users (but maintain it for administators) please follow the below steps.

Please note, any hotfixes from microsoft may remove your hard work, so be prepared to redo this work if Microsoft decide to work with this key in future.

  1. Take a backup of this key, you’ll thank me if you get it wrong!
  2. Browse down to desktopbackgroundshelldisplay
  3. right click this key, choose permissions, click advanced then owner
  4. Select administrators from the list, then choose “Apply”.
  5. browse to the permissions tab and remove the “users” group.
  6. Click “apply”, then “ok”.
  7. The “screen resolution” menu should now disappear from any current and future sessions.
  8. Repeat step 2 to 8 on DesktopBackgroundShellPersonalize.
  9. Tada! go grab a coffee to celebrate your domination over the windows operating system.

And that’s it, you should now have a lean, clean and  error free shell extension menu when right clicking on the desktop.

Pedantic, begrudging scripters note:

Now if you’re a pedantic scripting so and so like me, you wont be satisfied to leave this job as a manual task. And despite spending more time than I’d like to admit, I couldn’t perform this work in powershell despite what I tried. Luckily the task was extremely easy to do with Helge Klein‘s setacl program.

Below is an example of a script to achieve this:

setacl.exe -on HKLMsoftwareclassesDesktopBackground -ot reg -actn setprot -op dacl:p_nc;sacl:p_nc -rec yes

SetACL.exe -on HKLMsoftwareclassesDesktopBackground -ot reg -actn ace -ace “n:system;p:read” -ace “n:administrators;p:read” -actn clear -clr “dacl,sacl” -actn rstchldrn -rst “dacl,sacl” -rec yes

Configuring “Language for non-Unicode programs” via the registry in Server 2003.

As a break from server 2008 r2 profiles, I recently had a customer with a character display issue in our xenapp environment. Their local characters were not displaying correctly when run from our English XenApp servers. The language in question was Czech and numerous characters were incorrect or null in application menu’s and data contained in the application.

Testing the Microsoft AppLocale utility ended in utter failure, so we had no choice but to modify the default unicode option on the server 2003 operating system to change this to Czech.

Now this is all very simple to do from a console, start > run > intl.cpl > advanced and choose your language from a drop down list. But what if you want to automate, or script it?

No group policy exists for managing this option, and the documentation / forums online do not cover a full answer to the question. This also cannot be applied on a per user basis, this is strictly a per machine setting.

In my case, the language needed was Czech, and the below steps assume Czech language, this probably will work for any other… but let it be known here’s your disclaimer!

The process we’ll use, is to capture the regional and language options from one server, then export them for the remaining servers.

Step 1: create the necessary changes:

  • As mentioned above, click start, run, Intl.cpl.
  • Choose the advanced tab:

  • Choose the language you wish from the drop down list:

  • Hit Apply
  • Choose “yes” from the dialogue box, to skip the file copy if needed

  • Choose “no” to restart later.

click “Ok” to close.

Step 2: capture the changes:

  • Create a folder on the root of the c: drive, called “c:unicode-export”
  • Once you’ve made the changes listed above, fire up regedit (start > run > regedit).
  • Export the following keys to the c:unicode-export folder to .reg files:
  • (right click the key, and choose export, I named them 1-6 respectively for convenience.)
  1. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontMapper]
  2. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFonts]
  3. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes]
  4. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionGRE_Initialize]
  5. [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNls]
  6. [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetHardware ProfilesCurrentSoftwareFonts]
  • Copy the following file to the c:unicode-export folder:
  1. c:windowssystem.ini

Once finished, you should end up with 6 registry files, and 1 ini file in the “c:unicode-export” folder:

Step 3: import the settings on the subsequent servers:

  • Copy the c:unicode-export folder from your source server to the target server:
  • import the keys / ini with this simple script:

for /f /%%a in (‘dir /s /b c:unicode-export*.reg’) do regedit -s %%a

copy /y c:unicode-exportsystem.ini c:windows

Note: (if you run this from a command line, outside of a batch file, replace %%a with %a.)

And that’s it, once the script is finished you can delete the c:unicode-export folder and restart the server.

This was a massive pain in the arse to get to the bottom of (excuse the pun) so I hope its useful to somebody! I’ll also be reviewing this by the end of the year for server 2008 r2.

Internet explorer 7 wont launch

Internet-Explorer-8Had a weird one over the weekend. A colleague of mine accidentally approved Internet Explorer 8 to all servers in our domain via wsus and it left our Citrix servers in a bit of a sad state. We set about removing it as soon as possible but after the uninstall / restart we were faced with this very strange problem. When we double clicked internet explorer on the desktop, the application wouldn’t launch and a new shortcut to Internet Explorer would be created on the desktop.

We also had these logged every thirty minutes or so in the event logs:

Event Type:    Error
Event Source:    Userenv
Event Category:    None
Event ID:    1041
Date:        06/09/2009
Time:        21:50:38
Computer:    Computername
Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

For more information, see Help and Support Center at


Event Type:    Error
Event Source:    Userenv
Event Category:    None
Event ID:    1041
Date:        06/09/2009
Time:        21:50:38
Computer:    Computername
Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

For more information, see Help and Support Center at

If you face the above problems, delete the following registry keys and open internet explorer as an administrator:

“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}” /f
“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{7B849a69-220F-451E-B3FE-2CB811AF94AE}” /f
“HKEY_CLASSES_ROOTCLSID{871C5380-42A0-1069-A2EA-08002B30309D}shellOpenHomePage” /v legacydisable /f

That should fix that!