Thursday, May 27, 2010

Create a GPO by using Group Policy Preferences functionality.

The value is stored in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\Favorites

Create or Edit a GPO and expand "User Configuration\Preferences\Windows Settings\Registry"
Add new value and browse to the HKCU\SOFTWARE\...\Favorites if logged on as user that has configured the pinned program or HKEY_USERS\\... if another logged on user has done the pinning.

As it's a binary value containing all pinned programs, it will overwrite any modifications done by user when applying the policy.

If linking GPO to OU with TS-server computer objects, you also nead to enable loopback processing by using "Computer Configuration\Policies\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode"

Monday, May 24, 2010

CTX: XenApp 6 Migration Tool Beta

XenApp 6 Migration Tool Beta is comprised of PowerShell commands packaged as a PowerShell 2.0 module. Citrix Administrators can leverage the use of these PowerShell commands to export all server and farm settings/policies, applications, folders, load evaluators and administrators to quickly setup a new XenApp 6 environment that inherits these settings.

XA6 Migration Tool is available at
http://www.citrix.com/English/ss/downloads/details.asp?downloadId=1864561&productId=186

CTX: XenApp 6 Feature Overview - PART 3

XenApp 6 Feature Overview: Any Device, Anywhere

Users can simply and securely access applications instantly with a consistent high quality experience regardless of location or device.

Universal Device Access: Citrix online plug-in for accessing hosted applications is available for a wide range of platforms including: DOS, Windows XP, Vista, Win7, Windows Mobile, Mac OS X, iPhone, Linux, Android, UNIX, Java, IBM OS/2 Warp, Blackberry, and EPOC / Symbian OS. (Refer to the Client feature matrix for feature availability by platform)
Microsoft Remote Desktop Client support: Allows users to connect to XenApp using the Microsoft Remote Desktop Client, enabling access from Windows devices that are locked-down and which may not support Java.
Non-admin client installation: Eliminates the need to give users “Administrator "privileges in order to install XenApp plug-ins in order to simplify application access.
Secure application access: A full featured SSL VPN gives users access to any application or network resource including applications delivered via Citrix XenApp.
Application gateway: Hardware and software-based SSL-proxy that allows remote users to securely access data center hosted applications delivered via XenApp. All hosted application traffic is proxied to enable firewall traversal without requiring additional ports to be opened.
SmartAccess: Provides granular access control policies and integrated endpoint analysis for users accessing applications via SSL VPN. Administrators have a single point of access control for all applications and resources - not just XenApp traffic.
Endpoint scanning and extensible analysis: Clients are scanned against administrator-defined criteria to enforce proper configuration such as up-to-date security software and operating system hotfixes. Endpoint analysis can be extended using industry-standard development tools.
Hot desktop: Enables users to securely share workstations. Let’s users logon/logoff in seconds instead of using a time-consuming, full Windows or Novell logon/logoff procedure.
Citrix Receiver: A single client interface that automatically installs and configures client devices to access applications and resources meant specifically for authenticated users.
Auto-updating client software: Through Citrix Receiver, XenApp plug-ins for a variety of application access, security and performance management functions are automatically updated to the latest version without IT intervention.
Web interface: A browser-based interface for accessing applications. Offers built-in support for two-factor authentication, simple customization through the management console and multilingual support. Integration with most third-party portals is seamless.
Support for Microsoft SharePoint: Allows organization to add Web interface functionality to Microsoft SharePoint to deliver applications to users through a SharePoint portal.
Client-less SSL VPN access: Allows users to access network file shares, Web email and internal Web sites from devices that are locked down and do not permit the downloading of any software.

CTX: XenApp 6 Feature Overview - PART 2

XenApp 6 Feature Overview: Single Instance Management

Application and server images are stored, maintained and updated once in the datacenter and delivered on-demand. This simplifies management, avoids application conflicts and makes it easy to provide real-time updates.

Provisioning services: Manage the entire XenApp farm of application hosting servers, both physical or virtual, from a single standardized server image.
Template-style configuration: Use Microsoft Group Policies to configure provisioned servers automatically or re-configure them on-the-fly.
App hub: A central location that acts as a single point of delivery for all applications.
Application profile: A package containing multiple variations of an application for different Windows operating systems. Profiles can be delivered to any device – locally delivered to Windows devices or hosted in the data center and delivered to any device.
Installation manager: If application installation is desired, Installation manager enables IT to automatically and remotely install applications across multiple servers simultaneously.
Role-based installation: Intuitive, role-based product installation is built with provisioning in mind and enables easy and simple migration to the latest XenApp platform
Live image updates: Application and server images can be updated without interrupting the production XenApp system. Server updates apply on next boot and application updates are applied the next time they are launched by a user.
Instant application rollout and removal: Applications are configured for access and assigned to user groups. As soon as applications are published they can be accessed by users from any PC or mobile device without IT intervention. Applications can similarly be de-provisioned.
Automatic application synch and rollback: Applications can be patched, reconfigured or updated once, in the data center and users automatically synchronize these changes upon next connection. If an application update needs to be rolled back, users see the change upon next launch.
• Application self healing: Faulty applications due to user error or file corruption are automatically “healed” upon next launch to avoid support issues.
Application publishing: IT can create a personalized application list for users by configuring who can access each application, how it will be delivered and what the user experience will be.
Content publishing: IT can publish internal and external content (e.g. documents, web sites) and configure who can see them. Published content is presented along-side applications.
Active Directory Group Policy integration: Policy-style management enables IT to configure application availability and delivery using familiar Active Directory Group Policies and Local Group Policies. This enables fine-level control of applications and allows for easy control of thousands of applications delivered to thousands of users on thousands of servers.
Application Lease Control: Administrators can set how long an application is available for offline use. Users must reconnect to the network prior to the end of the lease period or the application cannot be used. In this manner, administrators retain a level of license control within their environment.

CTX: XenApp 6 Feature Overview - PART 2

XenApp 6 Feature Overview: Single Instance Management

Application and server images are stored, maintained and updated once in the datacenter and delivered on-demand. This simplifies management, avoids application conflicts and makes it easy to provide real-time updates.

Provisioning services: Manage the entire XenApp farm of application hosting servers, both physical or virtual, from a single standardized server image.
Template-style configuration: Use Microsoft Group Policies to configure provisioned servers automatically or re-configure them on-the-fly.
App hub: A central location that acts as a single point of delivery for all applications.
Application profile: A package containing multiple variations of an application for different Windows operating systems. Profiles can be delivered to any device – locally delivered to Windows devices or hosted in the data center and delivered to any device.
Installation manager: If application installation is desired, Installation manager enables IT to automatically and remotely install applications across multiple servers simultaneously.
Role-based installation: Intuitive, role-based product installation is built with provisioning in mind and enables easy and simple migration to the latest XenApp platform
Live image updates: Application and server images can be updated without interrupting the production XenApp system. Server updates apply on next boot and application updates are applied the next time they are launched by a user.
Instant application rollout and removal: Applications are configured for access and assigned to user groups. As soon as applications are published they can be accessed by users from any PC or mobile device without IT intervention. Applications can similarly be de-provisioned.
Automatic application synch and rollback: Applications can be patched, reconfigured or updated once, in the data center and users automatically synchronize these changes upon next connection. If an application update needs to be rolled back, users see the change upon next launch.
• Application self healing: Faulty applications due to user error or file corruption are automatically “healed” upon next launch to avoid support issues.
Application publishing: IT can create a personalized application list for users by configuring who can access each application, how it will be delivered and what the user experience will be.
Content publishing: IT can publish internal and external content (e.g. documents, web sites) and configure who can see them. Published content is presented along-side applications.
Active Directory Group Policy integration: Policy-style management enables IT to configure application availability and delivery using familiar Active Directory Group Policies and Local Group Policies. This enables fine-level control of applications and allows for easy control of thousands of applications delivered to thousands of users on thousands of servers.
Application Lease Control: Administrators can set how long an application is available for offline use. Users must reconnect to the network prior to the end of the lease period or the application cannot be used. In this manner, administrators retain a level of license control within their environment.

Sunday, May 23, 2010

CTX: XenApp 6 Feature Overview - PART 1

XenApp 6 Feature Overview: Self-service applications

System intelligence automatically determines the best fit method for virtualizing and delivering applications to users through a personalized and easy to use self-service storefront.

Application subscription: Administrators can publish applications to specific users or groups and users can subscribe to the applications they need to work using a simple drag and drop interface.
• Favorite applications: Citrix Dazzle lets users define a list of favorite or frequently used applications for fast access. IT can configure featured applications for easy access to mission-critical programs.
Dynamic delivery determination: If local application delivery is not possible, XenApp automatically falls back to server hosted application delivery without any user interaction. This ensures that users always get the application they need with the best performance possible.
Policy-based access control: Policies enable administrators to control application delivery, availability and performance based on user, group, device or IP range. Policies can be used to control access to peripherals (drives, printers, clipboard, audio, com ports), optimize performance (bandwidth limits, feature availability, latency reduction), and even enforce connection limits (number of sessions per user, per application, or both)
Online app access with Session virtualization: Applications are installed or streamed to servers in the data center and are remotely displayed to users’ desktops and devices. Only screen updates, keystrokes and mouse clicks traverse the network.
Offline app access with Citrix Streaming: The best way to deliver applications to Windows devices for use even while disconnected from the network. Applications and integrated Windows services are streamed to the users Windows desktop and are virtualized, not installed, and run in an isolated environment without application and system conflicts. Applications can safely communicate via inter-isolation communication technology.
• Offline app access with Microsoft App-V: Deliver applications to Windows devices using Microsoft App-V application virtualization technology.
• Server-based session virtualization: The best way to deliver applications to any device, anywhere at the lowest cost. Applications are installed or streamed to Windows Server 2003/2008/2008 R2 servers in the data center and are remotely displayed to users’ desktops and devices. Only screen updates, keystrokes and mouse clicks traverse the network.
• VM hosted applications: The fastest way to deliver applications to any device, anywhere with the highest level of compatibility. Applications run on centralized Windows XP, Vista and Win 7 virtual or physical PC’s (32 or 64-bit) in the data center and session virtualization technology remotely displays them to users’ desktops and other devices. Only screen updates, keystrokes and mouse clicks traverse the network.
• Deliver any application: Ensures the highest level of application compatibility compared to traditional application management. A broad set of technologies including session virtualization, app virtualization, isolation and profile management technologies converge to give IT the ability to deliver any application regardless of its native run-time requirements.
• Access applications on any device: Deliver any Windows application to any user device or operating system, including Windows, Mac, Linux, UNIX and even iPhone OS, Blackberry.
• Use applications over any connection: Deliver network intensive and bandwidth sensitive applications to users over any network connection from dial-up, satellite or 3G link to wired Gigabit. XenApp makes the most network intensive applications usable over simple dial-up.


Source: Citrix XenApp Comparative Feature Matrix

Wednesday, May 19, 2010

Detect running inside a Virtual Machine

In December 2008, I wrote a tool to detect if we are running inside a Virtual Machine, this small application called DetectVM works fine for a several months until I received a few complains about it: not working on x64 systems and don't detect VMware ESX 4.0 vSphere.

Today I rewrite the whole application for scratch on Visual Studio.NET. The new version DetectVM 2.0 works on x86 and x64 systems and detect ESX 4.0 vSphere.

Detect VM 2.0 detect Virtual Machines running on Microsoft Virtual Server and Hyper-V, VMware and Citrix XenServer.

When you run DetectVM 2.0, the application return a code so we can run on silent mode (use /quiet or /q parameter) on a batch file.

Below is a script example:

---- Start Script ----

@ECHO OFF
DetectVM /QUIET
IF ERRORLEVEL 100 GOTO ErrorVM
IF ERRORLEVEL 3 GOTO Xen
IF ERRORLEVEL 2 GOTO VMware
IF ERRORLEVEL 1 GOTO Microsoft

REM No Virtual Machine
ECHO Not running inside a Virtual Machine
GOTO End

:Microsoft
REM Microsoft
ECHO Running Inside a Microsoft Virtual Machine
GOTO End

:VMware
REM VMware
ECHO Running Inside a VMware Virtual Machine
GOTO End

:Xen
REM Citrix XenServer
ECHO Running Inside a Citrix XenServer Virtual Machine
GOTO End

ErrorVM
ECHO Error Detecting Virtual Machine
:End

---- End Script ----

You can download DetectVM for FREE, the script and source code from
http://ctxadmtools.musumeci.com.ar

Friday, May 14, 2010

MS: Office 2007 Setup fail or crash on Windows 2003 x64 Terminal Server/Citrix

When you tried to install Office 2007 on a Windows 2003 x64 server with Terminal Server or Citrix installed the setup fail or crash.

This problem may occur when the 64-bit version of Windows Server 2003 is running Terminal Services in relaxed security mode. Office 2007 Setup program is only supported when Terminal Services is running in full security mode.

To work around this issue, you must run Terminal Services in full security mode. When you run Terminal Services in full security mode, Terminal Server users will have the same permissions as members of the Users group. To do this, follow these steps:

1) Open Terminal Services Configuration.
2) Click Server Settings.
3) Right-click Permission Compatibility, and then click Properties.
4) Click to select the Full Security check box, and then click OK.