Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Terminal Server’ Category

As you may know, Fast User Switching (FUS) is not available (disabled) on Windows XP computers joined to a domain, Microsoft confirms this in kb280758.

However, Microsoft doesn’t tell us there’s an undocumented registry value that allows us to have FUS when joined to a domain!

To enable FUS you need to set the DWORD registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceFriendlyUI.

It can also be set by Group Policy at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

When the value is set to 1, and LogonType key is also set to 1, it allows you to use a Friendly UI on a computer joined in a domain:

If you want to obtain a user’s token in a Terminal Server or Citrix session (eg to launch a process in a session) you can call the WTSQueryUserToken function.

On the x64 versions of Windows XP and Server 2003 this function fails however and returns ERROR_INSUFFICIENT_BUFFER (“The data area passed to a system call is too small.”) when called from a 32 bit process.

Internally WTSQueryUserToken calls the undocumented function WinstationQueryInformationW with the WinStationUserToken class (14) and passing a WINSTATIONUSERTOKEN struct, filled with caller ProcessId and ThreadId.

But on x64 Windows the size of this structure is 24 bytes, while on 32 bit Windows the size of the structure is 12 bytes!


I wrote a PowerShell script to install all printer drivers on a Citrix or Terminal Server.

Actually the script isn’t specific to Citrix or Terminal Server but on such environments we need to preload all drivers because users do not have the permissions to do that.

I have chosen for PowerShell because you can do it in a one-liner which makes it easy to run this script from my Altiris server on all Citrix Servers.

The idea is that we enumerate all the shared printers on a Printer Server and make a connection to each printer. This will make sure that the driver is installed if it wasn’t already present.

The script could even be scheduled to enforce that newly added printer drivers are added to each Citrix Server.


SasLibEx Screencast

I just recorded a SasLibEx Screencast, it shows some of the very powerfull features of SasLibEx.

The following features are shown:

  • Simulate Ctrl Alt Del (Secure Attention Sequence)
  • Cancel Ctrl Alt Del
  • Lock Workstation
  • Unlock Workstation (without credentials)
  • Disable Ctrl Alt Del
  • Enable Ctrl Alt Del again
  • Cancel pending UAC request
  • Is Desktop Locked
SasLibEx Feature Demo #1

Self Signing Word Macro’s

Today I noticed that a recently added Application to the Citrix Test environment added a Macro to the Office Startup directory.

When a user launches Word he will get a popup because the Template (.dot file) was not signed:


It would have been a lot easier if Application Vendors sign their stuff because in that case I could have just added the certificate using Group Policy (yesterday’s post describes how to do this).

Application Vendors usually tell you that you should lower the Macro security in Office (or Word in this case) to Low to get rid of this message. But I think there’s a better solution: we will sign the .dot file ourselves!


Java Webapplication, certificates and Citrix

Yesterday I created an Unattended Installation of a webapplication. Of course it was “just a web link” and the application vendor usually says: you don’t need to install it just go the URL and that’s it.

The reality is usually that you go to the URL and need to install several (ActiveX) components and maybe other dependencies such as Java.

While a user may have the permissions for this on his own pc, on a Citrix or Terminal Server environment this is highly unlikely.

So we need to package and pre-install this for the users.

Nothing special so far but this particular application had some special things that were interesting enough to blog about.

So let’s start with what happened, I visited the URL of an application called Centric Key 2 Financien.

First I got a few popups with Certificates that needed to be accepted:


The application’s instructions say that the user must accept this and set the “Always trust content from this publisher” checkbox.


Paging file and Memory Dump

I often hear that people configure the Paging File (on Citrix or Terminal Servers) on a seperate volume but, the reasons is either performance or the chance that the Paging File might corrupt the volume.

However if at some point you would like to create a Memory Dump you must have a paging file on the boot volume.

For a Small memory dump you need at least 2MB Paging File on the Boot Volume but for a Full Memory Dump you need a Paging File that is sufficient to hold all the physical RAM plus 1 megabyte (MB).

Side Note: with the increasing ram of today’s servers, how long does it take for a full memory dump to be saved when you have lots of gigabytes?

See also: Overview of memory dump file options for Windows Vista, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000.

Default User Profile: Remko’s solution

If you are implementing a Citrix, Terminal Server or even just a plain Client-Server environment you will need to create a Default User Profile at some point.

The Default User Profile can be thought of as the initial registry settings that are used when a new profile is created.

Many people think that the Default User Profile is available in regedit via HKEY_USERS\.Default but this is NOT the Default User Profile.



Terminal Server Remote Keyboard Layout

Today I shadowed a user’s session in Citrix and when I wanted to type something I noticed that the keyboard layout was incorrect.

This is and old “friend” that I always tend to forget about. So hopefully this post will help me to remember it :D.

You can prevent this by adding a value “IgnoreRemoteKeyboardLayout” to the registry key HKLM\System\CurrentControlSet\Keyboard Layout:

reg add “HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout” /v IgnoreRemoteKeyboardLayout /t REG_DWORD /d 0x00000001 /f

This option has been present since Windows 2000 but was broken in Windows 2003. For Windows 2003 there are two related hotfixes, see kb 842136 and kb 917910.


Default Explorer View

As you probably know there are several different Folder Views in Windows Explorer:


The Explorer keeps tracks of the last used View per Folder in the registry in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags. This KB article sort of desribes this functionality.