$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
24 Jun // php the_time('Y') ?>
I wanted to read the otherWellKnownObjects attribute from an Active Directory object.
In my case this was the Microsoft Exchange container in the Configuration partition:
The otherWellKnownObjects attribute is of type ADSTYPE_DN_WITH_BINARY which unfortunately cannot be viewed or edited with ADSI Edit:
2 May // php the_time('Y') ?>
I was digging around in termsrv.dll yesterday when I noticed that there are some (well 372 to be exact) SSL certificates inside the Terminal Server binary (termsrv.dll):
Two of them seem to actually contain the private keys as well, but I am not 100% sure it may be just a certificate in another format.
8 Feb // php the_time('Y') ?>
I had a very interesting issue today on a new Citrix XenApp 5 farm. We went into production yesterday and we noticed a number of issues:
I took a look at the profiles first and noticed that the size growth was due to a Xerox subfolder in %APPDATA%:
(more…)
1 Feb // php the_time('Y') ?>
For my Reboot Script I needed to get the last character of the computername and convert it to an integer.
We can do it like this in PowerShell:
1 | $i = [int]"$((gc env:computername)[-1])" |
31 Jan // php the_time('Y') ?>
I wanted to create a Scheduled Task on my Citrix Servers to have the reboot every other night.
The idea is that half of the servers will reboot in a night and the other half the following night.
The TSSHUTDN tool is handy since it can issue a warning to logged on users, log them out after a certain period and finally issue the reboot.
Since I needed to add a scheduled task to many servers I wanted to do this with a script.
WMI Exposes the Win32_ScheduledJob Class and it’s Create Method.
28 Jan // php the_time('Y') ?>
On a Citrix XenApp 5 environment a user reported that he was unable to start a Full Screen session on a Dual Monitor Configuration.
He received this error message:
Citrix has a KB Article: “How to Allow More Memory for Session Graphics on Windows Server 2003” that explains exactly how we can solve this.
We need to change the MaxLVBMem registry value and we can use the Excel Sheet from the KB Article to calculate the proper value.
Please don’t set this value too high because a higher value means you will restrict other kernel memory pools.
You also need to deny the SYSTEM account the SetValue permission on the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management key to prevent the Citrix IMA service from overwriting the new value.
So I wrote a small PowerShell script to change the permission and set the value:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | $keyName = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\icawd\thin16" $valueName = "MaxLVBMem" # Calculate your value! http://support.citrix.com/article/CTX114497 [int]$value = 0xc00000 # Set Identity to SYSTEM via it's Well Known SID [System.Security.Principal.SecurityIdentifier]$ident = "S-1-5-18" # Open Registry Key (with Write Permissions) $regKey = Get-Item "HKLM:" $regKey = $regKey.OpenSubKey($keyName, $true) # Fetch Existing permissions $acl = $regKey.GetAccessControl() # Construct a new Ace $rights = [Enum]::Parse([Security.AccessControl.RegistryRights], "SetValue") $deny = [Enum]::Parse([Security.AccessControl.AccessControlType], "Deny") $rule = New-Object Security.AccessControl.RegistryAccessRule($ident, $rights, $deny) # Add the new Ace to the Acl $acl.AddAccessRule($rule) # Apply the new Acl to the Registry key: $regKey.SetAccessControl($acl) # Now set the required Value $regKey.SetValue($valueName, $value) # Close the key $regKey.Close() |
27 Jan // php the_time('Y') ?>
A few days ago I wrote about a PowerShell Script to Install Printer Drivers.
I noticed there was a problem with this script: some drivers fail to load with error 1797 which means ERROR_UNKNOWN_PRINTER_DRIVER.
I reread the AddPrinterConnection documentation on MSDN but it didn’t mention anything about additional required permissions or anything.
But then I read the remarks sections of the Win32_Printer Class and it mentions that for some operations the SeLoadDriverPrivilege is required.
In VBScript we can indicate it like this:
1 2 3 | Set objPrinter = GetObject( _ "winmgmts:{impersonationLevel=Impersonate ," _ & "(LoadDriver)}!//./root/cimv2:Win32_Printer") |
But how to do this in PowerShell?
I didn’t find a way to enable a specific privilege but we can enable all by setting Scope.Options.EnablePrivileges to $true.
So I modified the script like this:
1 | powershell.exe "& { $Wmi = ([wmiclass]'Win32_Printer') ; $Wmi.Scope.Options.EnablePrivileges = $true; gwmi win32_printer -ComputerName 'ADNRD02' -Filter 'shared=true' | foreach {$Wmi.AddPrinterConnection( [string]::Concat('\\', $_.__SERVER, '\', $_.ShareName) )} }" |
25 Jan // php the_time('Y') ?>
I wrote a PowerShell script to install all printer drivers on a Citrix or Terminal Server.
Actually the script isn’t specific to Citrix or Terminal Server but on such environments we need to preload all drivers because users do not have the permissions to do that.
I have chosen for PowerShell because you can do it in a one-liner which makes it easy to run this script from my Altiris server on all Citrix Servers.
The idea is that we enumerate all the shared printers on a Printer Server and make a connection to each printer. This will make sure that the driver is installed if it wasn’t already present.
The script could even be scheduled to enforce that newly added printer drivers are added to each Citrix Server.
25 Jan // php the_time('Y') ?>
In Exchange it’s possible to hide a Mailbox from the (Global) Address List. You can do that in the Exchange System Manager:
But after you have hidden a Mailbox you cannot create an Outlook profile for it (or add it as an extra mailbox).
When you click Check Name in the wizard you’ll get an error:
The common workaround is to remove the “Hide from Exchange address lists” setting, create the profile (or add the Mailbox) and afterwards set it again.
Once the profile is created it all keeps working.
There is an easier solution though!
18 Jan // php the_time('Y') ?>
In my previous post I explained how to get the recursive group membership with a very simple Powershell Script.
Commenter Michel thought that the script only tested one level deep but it doesn’t.
But let’s prove that!
Create 3 Global Groups in your Active Directory and name them Level1, 2 and 3:
Make Level3 a Member of Level 2 and make Level a member of Level 1 and finally add an account to the Level 3 group: