Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for January, 2011

I wanted to create a Scheduled Task on my Citrix Servers to have the reboot every other night.

The idea is that half of the servers will reboot in a night and the other half the following night.

The TSSHUTDN tool is handy since it can issue a warning to logged on users, log them out after a certain period and finally issue the reboot.

Since I needed to add a scheduled task to many servers I wanted to do this with a script.

WMI Exposes the Win32_ScheduledJob Class and it’s Create Method.


Using Synctoy in Data Migrations

In every project I do I will have to migrate data at some point. This usually involves three types of data:

  • Home Directory Data
  • Workgroup Data (eg office documents)
  • Application Data (not database but flat file data belonging to applications such as templates and documents).

Home Directory Data is usually a flat copy although I tend to filter out the garbage (temp files and such).

Workgroup data usually needs to be cleaned up so it involves some kind of data mapping (folder x goes to place y).

Application Data is usually a flat copy from old to new location but often there are things like ini files that are adjusted and we don’t want to overwrite that.


  • Filed under: General
  • As you may know, Fast User Switching (FUS) is not available (disabled) on Windows XP computers joined to a domain, Microsoft confirms this in kb280758.

    However, Microsoft doesn’t tell us there’s an undocumented registry value that allows us to have FUS when joined to a domain!

    To enable FUS you need to set the DWORD registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceFriendlyUI.

    It can also be set by Group Policy at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

    When the value is set to 1, and LogonType key is also set to 1, it allows you to use a Friendly UI on a computer joined in a domain:

    If you want to obtain a user’s token in a Terminal Server or Citrix session (eg to launch a process in a session) you can call the WTSQueryUserToken function.

    On the x64 versions of Windows XP and Server 2003 this function fails however and returns ERROR_INSUFFICIENT_BUFFER (“The data area passed to a system call is too small.”) when called from a 32 bit process.

    Internally WTSQueryUserToken calls the undocumented function WinstationQueryInformationW with the WinStationUserToken class (14) and passing a WINSTATIONUSERTOKEN struct, filled with caller ProcessId and ThreadId.

    But on x64 Windows the size of this structure is 24 bytes, while on 32 bit Windows the size of the structure is 12 bytes!


    Making String.IndexOf case insensitive

    I don’t do much programming in .NET based languages but I have to for some things like the Windows Live Writer plugin I am creating.

    I didn’t expect this but the String.IndexOf Method is by default case sensitive.

    But we can make it case insensitive if we use one of the overloads: IndexOf(String, StringComparison).


  • Filed under: .NET, C#
  • On a Citrix XenApp 5 environment a user reported that he was unable to start a Full Screen session on a Dual Monitor Configuration.

    He received this error message:

    foutmelding (2)

    Citrix has a KB Article: “How to Allow More Memory for Session Graphics on Windows Server 2003” that explains exactly how we can solve this.

    We need to change the MaxLVBMem registry value and we can use the Excel Sheet from the KB Article to calculate the proper value.

    Please don’t set this value too high because a higher value means you will restrict other kernel memory pools.

    You also need to deny the SYSTEM account the SetValue permission on the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management key to prevent the Citrix IMA service from overwriting the new value.

    So I wrote a small PowerShell script to change the permission and set the value:

    Saving Password in Office Communicator

    If you want to be able save the password in Office Communicator you must create the key HKLM\Software\Microsoft\Communicator or on x64 OS HKLM\Software\Wow6432Node\Policies\Microsoft\Communicator and set the DWORD value SavePassword to 1.

    Now you will have the Save my password checkbox (which will save the encrpted password to HKCU\Software\Microsoft\Communicator\AccountPassword


  • 1 Comment
  • Filed under: General
  • Enabling Privileges for WMI in PowerShell

    A few days ago I wrote about a PowerShell Script to Install Printer Drivers.

    I noticed there was a problem with this script: some drivers fail to load with error 1797 which means ERROR_UNKNOWN_PRINTER_DRIVER.

    I reread the AddPrinterConnection documentation on MSDN but it didn’t mention anything about additional required permissions or anything.

    But then I read the remarks sections of the Win32_Printer Class and it mentions that for some operations the SeLoadDriverPrivilege is required.

    In VBScript we can indicate it like this:

    But how to do this in PowerShell?

    I didn’t find a way to enable a specific privilege but we can enable all by setting Scope.Options.EnablePrivileges to $true.

    So I modified the script like this:

  • Filed under: PowerShell
  • I wrote a PowerShell script to install all printer drivers on a Citrix or Terminal Server.

    Actually the script isn’t specific to Citrix or Terminal Server but on such environments we need to preload all drivers because users do not have the permissions to do that.

    I have chosen for PowerShell because you can do it in a one-liner which makes it easy to run this script from my Altiris server on all Citrix Servers.

    The idea is that we enumerate all the shared printers on a Printer Server and make a connection to each printer. This will make sure that the driver is installed if it wasn’t already present.

    The script could even be scheduled to enforce that newly added printer drivers are added to each Citrix Server.


    Adding a hidden Exchange mailbox to Outlook

    In Exchange it’s possible to hide a Mailbox from the (Global) Address List. You can do that in the Exchange System Manager:


    But after you have hidden a Mailbox you cannot create an Outlook profile for it (or add it as an extra mailbox).


    When you click Check Name in the wizard you’ll get an error:


    The common workaround is to remove the “Hide from Exchange address lists” setting, create the profile (or add the Mailbox) and afterwards set it again.

    Once the profile is created it all keeps working.

    There is an easier solution though!