Today I noticed that a recently added Application to the Citrix Test environment added a Macro to the Office Startup directory.

When a user launches Word he will get a popup because the Template (.dot file) was not signed:

It would have been a lot easier if Application Vendors sign their stuff because in that case I could have just added the certificate using Group Policy (yesterday’s post describes how to do this).

Application Vendors usually tell you that you should lower the Macro security in Office (or Word in this case) to Low to get rid of this message. But I think there’s a better solution: we will sign the .dot file ourselves!

(more…)

Yesterday I created an Unattended Installation of a webapplication. Of course it was “just a web link” and the application vendor usually says: you don’t need to install it just go the URL and that’s it.

The reality is usually that you go to the URL and need to install several (ActiveX) components and maybe other dependencies such as Java.

While a user may have the permissions for this on his own pc, on a Citrix or Terminal Server environment this is highly unlikely.

So we need to package and pre-install this for the users.

Nothing special so far but this particular application had some special things that were interesting enough to blog about.

So let’s start with what happened, I visited the URL of an application called Centric Key 2 Financien.

First I got a few popups with Certificates that needed to be accepted:

The application’s instructions say that the user must accept this and set the “Always trust content from this publisher” checkbox.

(more…)

I often hear that people configure the Paging File (on Citrix or Terminal Servers) on a seperate volume but, the reasons is either performance or the chance that the Paging File might corrupt the volume.

However if at some point you would like to create a Memory Dump you must have a paging file on the boot volume.

For a Small memory dump you need at least 2MB Paging File on the Boot Volume but for a Full Memory Dump you need a Paging File that is sufficient to hold all the physical RAM plus 1 megabyte (MB).

Side Note: with the increasing ram of today’s servers, how long does it take for a full memory dump to be saved when you have lots of gigabytes?

See also: Overview of memory dump file options for Windows Vista, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000.

If you are implementing a Citrix, Terminal Server or even just a plain Client-Server environment you will need to create a Default User Profile at some point.

The Default User Profile can be thought of as the initial registry settings that are used when a new profile is created.

Many people think that the Default User Profile is available in regedit via HKEY_USERS\.Default but this is NOT the Default User Profile.

(more…)

Today I shadowed a user’s session in Citrix and when I wanted to type something I noticed that the keyboard layout was incorrect.

This is and old “friend” that I always tend to forget about. So hopefully this post will help me to remember it .

You can prevent this by adding a value “IgnoreRemoteKeyboardLayout” to the registry key HKLM\System\CurrentControlSet\Keyboard Layout:

reg add “HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout” /v IgnoreRemoteKeyboardLayout /t REG_DWORD /d 0×00000001 /f

This option has been present since Windows 2000 but was broken in Windows 2003. For Windows 2003 there are two related hotfixes, see kb 842136 and kb 917910.

(more…)

As you probably know there are several different Folder Views in Windows Explorer:

The Explorer keeps tracks of the last used View per Folder in the registry in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags. This KB article sort of desribes this functionality.

(more…)

Just had a good laugh while reading Microsoft KB article 2258090:

When you try to copy a file that is larger than 2 GB over a Remote Desktop Services or a Terminal Services session through Clipboard Redirection (copy and paste) by using the RDP client 6.0 or a later version, the file is not copied. And, you do not receive an error message.

Wow, did you ever (attempt to) copy such a large file in your Remote Desktop Session?

I usually change the text below the “This Computer” icon to reflect the current username and servername:

This is an ancient trick, just set the the LocalizedString Value of the following key:

to “%USERNAME% on %COMPUTERNAME%”.

It get’s a little more complicated if you want to set this from a script, because the environment variables are replaced with the actual value BEFORE they are entered in the Registry.

(more…)

When you request Shadow (Remote Control) of a Remote Desktop (Terminal Server) or Citrix session the user gets a Dialog where he can Accept or Deny the Shadow Request.

It looks something like this:

It’s possible to change the default settings and remove the need for this permission but I think this is a bad idea since it violates the user’s privacy.

But sometimes it would be convenient to automatically accept, for instance for when a user is away or when you want to shadow a session that is “yours” but runs under another account.

I wrote a tool to do just that
(more…)

Windows Vista introduced the Command Bar in Explorer which is sometimes also referred to as the Folder Band or the Task Band. The Command Bar is of course also present in Windows 7 and Server 2008 (R2).

This Command Bar shows possible tasks or actions depending on the active folder. I wanted to remove the “Uninstall or change a program” (in Dutch this is called “Een programma verwijderen of wijzigen”) button from the Computer view:

(more…)