Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like


On a Citrix or Terminal Server you will want to disable autoupdate notifications of the flash player.

This can be done by creating a file mm.cfg in the folder where the flash ActiveX control is installed (normally C:\Windows\System32\Macromed\Flash).

Place the following line in this file (with a text editor like Notepad):


Be sure to save the file with UTF-8 encoding, this can be selected in the Save As dialog in Notepad:

notepad utf8

Ofcourse you are aware that only certain Flash versions are supported (and optimized) in Citrix? At this time these versions are: 7a, 8, 8b, 9, 9c, and 9d.


Win32 API provides only 1 function for locking workstation, named LockWorkstation. What does it do and how we can use it?

When a new session is started, smss.exe invokes winlogon.exe. It registers its process id in win32k.sys by calling RegisterLogonProcess. It has this prototype: Read the rest of this entry »


Windows has a couple of different formats for volume names but it is unclear how to convert a Volumename (example: \\?\Volume{GUID}\) to a DeviceName (example: \Device\HarddiskVolume1).

I found at that you can use the QueryDosDevice function but you need to remove the preceeding \\?\ and the trailing \ of the VolumeName:


One of the side effects of using sysprep to prepare an image is that drive letter assignments are reset to default. This behaviour is documented in a knowledge base article.

I previously solved this by running a diskpart script but that needed a custom script for each system (if the disk or partition order differs the script needed to be adjusted). So I needed to run a restore with sysprep determine the drive layout after sysprep, change the script, test by restoring again. So I wrote a commandline tool that can change a drive letter assignment based on the volume label.

Read the rest of this entry »


A while ago I published a patch for Windows 2003 Terminal Server that allows more than 2 concurrent sessions in Remote Administration mode.

Today I publish the same patch but for Windows Server 2003 X64. The patched function (CRAPolicy::Logon) is the same as in the original patch.

Read the rest of this entry »


Up until now I used VPatch for all my patches. The disadvantage of VPatch is that it uses strict MD5 hash checks. This means that a patch can only be applied to exactly the same file the patch was based on (exact same build and language).

Because many people are asking for patches for other builds and languages I decided to move over to another patch mechanism. This will use search & replace on specific Hex bytes.

The consequence is that patching another build or language version is possible. However there is no absolute certaintity that the patch will work on other builds or languages. Ofcourse the patcher will only patch if the specific bytes were found which is safer than patching an offset.

It’s up to the user to carefully test the patched file and hopefully report back to me if it’s working.

Now I will describe how to use this universal patcher.

Read the rest of this entry »

  • Filed under: General


    Let’s write our own Credential Server implementation.

    At first, we need to create a named pipe with a unique name. Let’s construct the pipe name using a GUID – this should be unique, but we can do it in a cycle to be absolutely sure: Read the rest of this entry »


    I think many of you have got experience with multiple Terminal Server Sessions in windows XP, also called Fast User Switching (FUS). Let’s get inside this cool feature.

    How does FUS work? Each session has its own winlogon.exe. It draws the same interface which looks like the screenshot below:


    Read the rest of this entry »


    Hello, my name is Danila Galimov and i will write here sometimes 🙂

    My first post is about communications between Terminal Server sessions and Terminal Server service process (termsrv.exe/dll). Terminal Server service needs to communicate with each session for many tasks, such as sending window message, getting message reply and so on. So, on init, Terminal Server creates a SmSsWinStationApiPort port in global namespace and runs a few WinStationLpcThread threads, which are listening on port and are used to process port messages. When csrss.exe is started, it parses its command line, which usually looks like:

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=4096,4096,1024 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

    and loads the required dlls (winsrv.dll in our case). Initialization of winsrv.dll creates a thread, which connects to SmSsWinStationApiPort port and does the loop for processing Terminal Server messages until it receives WinStationTerminate message.

    We’ll try to fool Terminal Server Read the rest of this entry »


    On a Citrix environment 2 different applications were required. One of the applications required java version 1.5 (and didn’t work with 1.6) and the other application needed specifically version 1.6.

    Because the applications are installed on a Citrix server the users do not have write permissions to HKEY_LOCAL_MACHINE so that was another complication.

    After a lot of monitoring with process monitor the general process of how a particular Java version loads in Internet Explorer became clear to me.

    Java adds an addon to IE called ssv.dll, you can see this trough Tools | Manage Add-ons | Enable or Disable Add-ons:


    Read the rest of this entry »