Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘General’ Category

imageInteresting case today: customer uses Imprivate for two factor logon in combination with Citrix XenApp.

Users reported that logons failed after they had changed their password. After contacting the users we learned that this only happened with special characters in the password like ! and +.

imageTo do the actual logon to Citrix Imprivata uses an executable which is actually an AutoIT script compiled to an executable.

After authentication the executable get’s the password from the Imprivata Appliance.

I decompiled the executable to source and read the line that passes the password to XenApp:


  • 1 Comment
  • Filed under: General
  • Run multiple instances of Lync 2010–POC

    This video shows that’s it’s possible to run multiple instances of the Lync 2010 client.

    I am running natively, so I am not using ThinApp or App-V.

    I will follow this up later with a how-to blog.

    Running Multiple Instances of Lync 2010
  • 1 Comment
  • Filed under: General
  • imageI logged remotely to a server with RDP and I noticed that  I had options to restart or shutdown that server. This means we can shutdown or restart a server without physical access and without authentication:

    Windows Server 2003 Logon Screen | Imprivata | Shutdown | REstart


  • Filed under: General
  • The XLSploit explained

    Recently I published a Proof of Concept that showed it was possible to launch unauthorized processes with both AppSense Application Manager and RES Workspace Manager.

    Although I didn’t test Microsoft Applocker I have no doubt at all that we couldn’t bypass it.

    imageI have named my Proof of Concept the XLSploit because I am using Excel as a trampoline. I choose Excel because this is generally a trusted process and VBA offers access to the Windows API that is needed.

    After publishing the XLSploit I have talked to both RES and AppSense and not that they both have a response to my Proof of Concept, I consider it safe to tell a little more about how it works.

    If you are merely interested in stopping the XLSploit, please scroll down to the end of the article.


  • Filed under: General
  • Xerox LogoEarlier this week I was asked to investigate a problem with the Xerox Universal Printer Driver. Users complained that printing to a Xerox printer was much slower than printing to an HP printer.

    Excel 2007 IconI received a reference document from a user, a rather complex Excel sheet. When selecting multiple tabs it took almost a minute to generate a print preview in Excel 2007 running on Windows 2003 with XenApp 5.

    I was aware of a bug in the Xerox Universal Driver where almost 9.000 files were copied into the user’s profile directory (I wrote about that in an earlier post). But this seemed to be another problem.



    I wanted to save the SHSH signatures from my iPhone before updating to iOS 5.01. I started Tiny Umbrella but it showed an error indicating that there’s already a process listening on port 80:

    Cannot Start TSS Service | DO NOT TRY RESTORING YOUR DEVICE!!! | System(PID:4) must be killed!!

    I verified this using netstat (netstat -aon | find /I “LISTENING” | find /I “:80”):

    netstat -aon | find /i "LISTENING" | find /i ":80"



    imageI needed to change a few settings on a McAfee VirusScan Enterprise 8.7.Oi client. However there was a password protection in place that locks the user interface and nobody around that could tell me the password. So what to do?

    Right, we check out where this password is stored and how we can get rid of it!

    I openend vsplugin.dll in Ida Pro and searched for related strings such as password, lock etc.



  • Filed under: General
  • Dutch Citrix User Group Launched

    Dutch Citrix User Group LogoA while ago I was invited for a presentation at the UK Citrix User Group. I went there together with my colleague Ingmar Verheij and we had a great day there.

    I was impressed with what I say there, a community that was very much alive and with good discussions. It was clear that the UK Citrix User Group was doing very well, thumbs up for their Steering Group!

    So Ingmar and I wondered why there was no active Dutch Citrix User Group in The Netherlands. There had been an initiative in the past, the DUCUG so we decided to see if we could revive it.


  • Filed under: General
  • imageI wanted to know if a certain server had a Battery Backed Write Cache module (BBWC) on it’s array controller.

    I suspected it did not, but I had to be sure. Since this server was running production I couldn’t open (Visual Inspection) or reboot it.

    The server didn’t have Insight Agents installed so I couldn’t query it via iLO or the Insight Agents webpage either.

    imageI knew that when you do a full install of the array controller bundled software it comes with a commandline tool, hpacucli.exe.


  • 1 Comment
  • Filed under: General
  • Installing Dell Wireless 5530 HSPA Mini PC #2

    imageIn a Comment on my Article “Installing Dell Wireless 5530 HSPA Mini PCI“, Florian asked how to Install Dell’s R298998 driver on non authorized system and card combinations.

    I decided to have a look and downloaded this driver. The structure isn’t much different from the R251153 driver I described in my earlier post.

    When installing it on a non authorized card/laptop combination the error is similar:

    Authentification failed. The Dell Wireless HSPA Mobile Broadband Mini-Card cannot be installed on this computer. Please contact the Dell support for further information.

    When the error message appeared I looked into the temp folder and I noticed that just like before 2 folders were created (with a GUID as name). One of these folders contained the file driver_auth.exe which, as I already knew, performs the actual validation.


  • Filed under: General
  • Donate