Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like


2,114 views

In this topic I just want to show(case) you something I created in the past. It is a management console that enables delegated management in a Terminal Server or Citrix environment.

The console is launched by a small executable that check credentials (based on group membership) and then launches an RDP session with the actual console in it. The logic behind it is that the RDP session runs with an account with delegated permissions in Active Directory and the actual user account that logs in here doesn’t have any permissions at all.

This is the login screen:

login

If you’ve passed the login screen you enter the Main Console which consists of a Treeview on the left with possible options and a work area on the right:

mainscreen

Read the rest of this entry »

11,239 views

A while ago I wrote a small tool to assist in switching between a Full Screen Citrix Desktop and the local desktop. By default the Citrix client can switch from full screen to windowed mode (with the SHIFT F2 hotkey) but it doesn’t minimize the window automatically. So this always requires manually minimizing, do your local work, give focus to the Citrix client again and press the hotkey again to return to full screen.

My idea was really simply: we write a little exe that runs locally and registers the SHIFT F2 hotkey. When the Hotkey is pressed we determine if we are in full screen or in windowed mode and reverse that. When going from Full Screen to Windowed we minimize the Citrix Client and notify the user (by balloon tip) that he is on the local desktop. I called it the Citrix Desktop Switcher (sorry I couldn’t come up with a more original name)

So let’s see it in action!

When you start the Citrix Desktop Switcher you are notified that the tool is running (it doesn’t matter when you start the Switcher, you can start if even if the Citrix Session is already running).

Balloon1

Read the rest of this entry »

  • 4 Comments
  • Filed under: Citrix
  • 2,985 views

    Today someone asked questions about a script I wrote back in 2007 to solve a bug in Outlook (2003 but at least Outlook XP has the same issue). If you have access to someone’s calendar and want to make a print of it Outlook wants to print it in it’s default view which is a combined view on calendar appointments and tasks. However if you do not have permissions to the other persons tasks folder Outlook refuses to print and displays the following error: The messaging interface has returned an unknown error. If the problem persists, restart Outlook.

    To resolve it you can go to the Calendar | Daily View | Print, then click Page Setup and under Include Options deselect Taskpad. I didn’t want to do this for all users that’s why I wrote the script.

    Read the rest of this entry »

  • 0 Comments
  • Filed under: script
  • 3,396 views

    As you might know Microsoft distributes updates and hotfixes with in installer, update.exe. When you run update.exe it looks into the supplied .inf files to see what it has to install. It’s not possible to make changes to the inf files however because that will invalidate it’s signature (and update.exe checks the signature that is stored in an accompanying .cat file).

    In my case I wanted to deploy the MUI pack for Internet Explorer 7 to be able to support multiple languages. By default this pack installs 35 (!) languages and I wanted to install only Dutch language on top of existing English.

    Read the rest of this entry »

    6,828 views

    A few days ago I was troubleshooting some strange problems on a Citrix Server. After some investigation (I will write about that later) it was clear to me that there was a shortage of System Page Table Entries (PTE’s). Using perfmon you can see how many free System PTE’s are available:

    perfcounter

    Any value below 5000 is not good, values below 2000 are critical. In my case it wasn’t possible to view processes with Task Manager anymore.

    Next I used WinDbg and attached to the Kernel (you can do that with File | Kernel Debug | Local | OK) and issued the !vm command:

    WinDbg

    WinDbg shows us a warning that a lot of PTE allocations have failed, we can also see that there’s enough Paged Pool and Non Paged Pool available.

    So how do we find the guilty driver (usually it’s a driver)? Read the rest of this entry »

    9,967 views

    I have found and tested some new functionalities which I will add to SasLibEx:

    • Unlocking workstation without entering password
    • Cancel UAC (User Account Control) request
    • fully disable Ctrl-Alt-Del
    • Cancel Ctrl-Alt-Del
    • Switch between secure desktop (where the UAC prompt is) and the normal desktop.

    Some people asked if SasLibEx works on x64 or Windows 7, the answer is yes. I tested on build 7000 of Windows 7 beta and also on Server 2008 x64.

    13,407 views

    If you read the MSDN documentation of WM_KEYDOWN and WM_KEYUP you can see that those message require us to interpret lParam as a bitfield:

    lParam
    Specifies the repeat count, scan code, extended-key flag, context code, previous key-state flag, and transition-state flag, as shown in the following table.

    0-15
    Specifies the repeat count for the current message. The value is the number of times the keystroke is autorepeated as a result of the user holding down the key. The repeat count is always one for a WM_KEYUP message.
    16-23
    Specifies the scan code. The value depends on the OEM.
    24
    Specifies whether the key is an extended key, such as the right-hand ALT and CTRL keys that appear on an enhanced 101- or 102-key keyboard. The value is 1 if it is an extended key; otherwise, it is 0.
    25-28
    Reserved; do not use.
    29
    Specifies the context code. The value is always 0 for a WM_KEYUP message.
    30
    Specifies the previous key state. The value is always 1 for a WM_KEYUP message.
    31
    Specifies the transition state. The value is always 1 for a WM_KEYUP message.

    I was looking for a convenient way to get and read the bits and this is what I made up:
    Read the rest of this entry »

    18,884 views

    Existing code to simulate the Secure Attention Sequence (SAS),which most people refer to as control alt delete or ctrl-alt-del, no longer works in Windows Vista. It seems that Microsoft offers a library that exports a function called SimulateSAS(). It is not public and one is supposed to request it by sending a mail to saslib@microsoft.com. Mails to this address remain unanswered though.

    I researched how other people (including Microsoft) have solved this task and was unhappy with the results: some solutions work only with (or without) UAC, most solutions work only for the current or console Terminal Server sessions or need a kernel mode driver.

    So I decided to create my own Saslib with the following goals:

    • Should work both with and without User Account Control (UAC)
    • Should support current, console and any Terminal Server session
    • Does not need a driver
    • The calling application does not need to be signed or have a special manifest
    • Support multiple programming languages

    I have succeeded and thus SasLibEx was born: not only can it successfully simulate the SAS sequence it can do this for any/all Terminal Server sessions. It can also lock the workstation (again for all sessions) and switch between the normal desktop and the secure desktop (the desktop that UAC runs on). SasLibEx was successfully tested both with and without User Account Control (UAC).

    In the future I will place SasLibEx on it’s own website. Meanwhile you can contact me if you are interested in it at the following mail address: mail

    Please note that I have spend lots of time into this project and therefore I cannot give it away for free

    Update: I have added new features to SasLibEx, see here: https://www.remkoweijnen.nl/blog/2009/04/07/saslibex-updates/

    15,440 views

    I’m working on a new build of TSAdminEx for which I need to query the total amount of physical memory. Locally we can use the GlobalMemoryStatusEx API but there’s no API to do this remotely. It would be possible using WMI but I decided not to use that because I dislike it because of it’s slowness and I need support for older OS versions which might not have WMI.

    So I found in the registry the following key:

    HKLM\HARDWARE\RESOURCEMAP\System Resources\Physical Memory

    It has a value .Translated of type RES_RESOURCE_LIST which seems undocumented besides stating that it exists. Regedit knows how to handle it though. If you doubleclick on the key you will see something like this:

    Read the rest of this entry »

    19,736 views

    I was just researching a little on how Group Policies are applied in Windows Vista. The client processing is actually done by the Group Policy Client Service. So can a user prevent Domain Policies from being applied by stopping this service?

    If you go to the service properties you can see that even a local administrator cannot stop or disable the service:

    gpsvc

    The description says: “The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.”

    That sounds good! Let’s try it…

    Read the rest of this entry »

  • 11 Comments
  • Filed under: General, Vista
  • Blogroll


    Categories


    Archives