Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for February, 2012

The Windows 8 Consumer Preview is downloaded as a Web Installer called Windows8-ConsumerPreview-setup.exe.

On my system the Web Installer crashed while checking Application Compatibility:


I clicked the Debug option and launched the Visual Studio debugger:


  • Filed under: Windows 8
  • Convert MCli output into PowerShell Objects

    imageI was experimenting today with the PowerShell cmdlets for Citrix Provisioning Server. I was surprised to learn that the output of these cmdlets are not PowerShell types such as collections and objects with methods and properties but just plain text output.

    A google search for a method to quickly convert the garbage output to objects led me to this blog post by Frank Peter. He describes a clever use of the switch statement with regular expressions with the Get-DiskInfo cmdlet.

    Using Frank’s code as a basis I wrote a generic function that converts Mcli output to an array of objects.


    Switching to the Services Session

    Just read a tweet from @andyjmorgan about Interactive Service Detection. This made me remember that it’s possible to switch to the Session 0 with an undocumented api in winsta.dll.

    For this API to work you must have the Interactive Services Detection (UI0Detect) service running.


    Where to download TraceView

    TraceView IconVarious Citrix knowledge base articles refer to a tool called TraceView.exe to view the output of diagnostic traces.

    CTX106233 describes where to download traceview but this article is outdated because it describes an older version of the DDK (the Windows Driver Development).

    The current DDK version (7.1.0) can be downloaded here and has the filename “GRMWDK_EN_7600_1.ISO”.


  • Filed under: Citrix
  • imageI logged remotely to a server with RDP and I noticed that  I had options to restart or shutdown that server. This means we can shutdown or restart a server without physical access and without authentication:

    Windows Server 2003 Logon Screen | Imprivata | Shutdown | REstart


  • Filed under: General
  • Session freeze when starting Excel

    Windows 2003 Enterprise (32 bit), Citrix XenApp 5, RES Workspace Manager 2011, McAfee VirusScan Enterprise 8.7.0i.

    When a opening an Excel workbook from Sharepoint the whole session freezes.

    I asked the user to open an Excel workbook from Sharepoint and I noticed the following popup:

    Some files can harm your computer. If the file information looks suspicious or you do not fully trust the source, do not open the file | You are opening the following file: | File name: My Workbook.xls | From: Sharepoint

    So my first thought was that the user somehow clicked this message to the background and IE was waiting for a response.


    I needed to change the drive letter assigned to the cd/dvd station from an Automation Manager project.

    DVD Drive IconAlthough most systems only have one cd/dvd drive, some machines might be equipped with multiple drives.

    A couple of years ago I wrote a tool called ChDrvLetter that can assign a specific drive letter to a partition given it’s volumename. In that tool I also included an option for CD/DVD drives.

    Using the CDROM [Letters] parameter you can assign specific letters to the CD/DVD drives.


  • Filed under: RES
  • Script to Get Computer OU

    Just some quick code to get the OU Name of the computer we run the script on.



    Scripting Citrix Online Plugin Settings

    The Citrix Online Plugin has a number of settings that can be changed. This includes things as Window Size and Color Depth:

    Session Options | Window size | Default | Full Screen | Requested Color Quality

    In my case I wanted to preset the Window size to Full Screen so using Process Monitor I checked where the Online Plugin writes this setting. I Used a Filter that includes only the Online Plugin (PNAMain.exe) and the RegSetValue Operation:

    Filter on Process Name is PNAMain.exe | Operation is RegSetValue


    The XLSploit explained

    Recently I published a Proof of Concept that showed it was possible to launch unauthorized processes with both AppSense Application Manager and RES Workspace Manager.

    Although I didn’t test Microsoft Applocker I have no doubt at all that we couldn’t bypass it.

    imageI have named my Proof of Concept the XLSploit because I am using Excel as a trampoline. I choose Excel because this is generally a trusted process and VBA offers access to the Windows API that is needed.

    After publishing the XLSploit I have talked to both RES and AppSense and not that they both have a response to my Proof of Concept, I consider it safe to tell a little more about how it works.

    If you are merely interested in stopping the XLSploit, please scroll down to the end of the article.


  • Filed under: General
  • Blogroll