Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Terminal Server’ Category

Just had a good laugh while reading Microsoft KB article 2258090:

When you try to copy a file that is larger than 2 GB over a Remote Desktop Services or a Terminal Services session through Clipboard Redirection (copy and paste) by using the RDP client 6.0 or a later version, the file is not copied. And, you do not receive an error message.

Wow, did you ever (attempt to) copy such a large file in your Remote Desktop Session?

I usually change the text below the “This Computer” icon to reflect the current username and servername:


This is an ancient trick, just set the the LocalizedString Value of the following key:


It get’s a little more complicated if you want to set this from a script, because the environment variables are replaced with the actual value BEFORE they are entered in the Registry.


Automatically Accept Shadow Request

When you request Shadow (Remote Control) of a Remote Desktop (Terminal Server) or Citrix session the user gets a Dialog where he can Accept or Deny the Shadow Request.

It looks something like this:


It’s possible to change the default settings and remove the need for this permission but I think this is a bad idea since it violates the user’s privacy.

But sometimes it would be convenient to automatically accept, for instance for when a user is away or when you want to shadow a session that is “yours” but runs under another account.

I wrote a tool to do just that 😀

Windows Vista introduced the Command Bar in Explorer which is sometimes also referred to as the Folder Band or the Task Band. The Command Bar is of course also present in Windows 7 and Server 2008 (R2).


This Command Bar shows possible tasks or actions depending on the active folder. I wanted to remove the “Uninstall or change a program” (in Dutch this is called “Een programma verwijderen of wijzigen”) button from the Computer view:



I needed to add a printer connection to a Citrix server but the problem was that this printer had a buggy driver. I wanted to use an alternative driver such as the Citrx Universal Printer driver but on Terminal Server you might want to use the Terminal Services Easy Print driver.

So I decided to make something that could be used in both situations, the result is a small commandline tool called AddPrinter2 (sorry I am not good in finding original names).

It takes 2 parameters: the printername as unc path and the driver name. An example would be:

AddPrinter2 “\\server\printer” “Citrix Universal Printer”.


Small LaunchRDP Update

For a long time now people have asked for a version of LaunchRDP that includes the Connection Bar. The original version was originally written for a very specific purpose and I never anticipated so many people would want to use it. But it seems that a lot of people like the Connection Bar (I hate it, especially with sessions in sessions, so that’s why I am using RDPWithLocalTaskbar).


Delegated Management Console

In this topic I just want to show(case) you something I created in the past. It is a management console that enables delegated management in a Terminal Server or Citrix environment.

The console is launched by a small executable that check credentials (based on group membership) and then launches an RDP session with the actual console in it. The logic behind it is that the RDP session runs with an account with delegated permissions in Active Directory and the actual user account that logs in here doesn’t have any permissions at all.

This is the login screen:


If you’ve passed the login screen you enter the Main Console which consists of a Treeview on the left with possible options and a work area on the right:



Modifying Microsoft Updates and/or hotfixes

As you might know Microsoft distributes updates and hotfixes with in installer, update.exe. When you run update.exe it looks into the supplied .inf files to see what it has to install. It’s not possible to make changes to the inf files however because that will invalidate it’s signature (and update.exe checks the signature that is stored in an accompanying .cat file).

In my case I wanted to deploy the MUI pack for Internet Explorer 7 to be able to support multiple languages. By default this pack installs 35 (!) languages and I wanted to install only Dutch language on top of existing English.


A few days ago I was troubleshooting some strange problems on a Citrix Server. After some investigation (I will write about that later) it was clear to me that there was a shortage of System Page Table Entries (PTE’s). Using perfmon you can see how many free System PTE’s are available:


Any value below 5000 is not good, values below 2000 are critical. In my case it wasn’t possible to view processes with Task Manager anymore.

Next I used WinDbg and attached to the Kernel (you can do that with File | Kernel Debug | Local | OK) and issued the !vm command:


WinDbg shows us a warning that a lot of PTE allocations have failed, we can also see that there’s enough Paged Pool and Non Paged Pool available.

So how do we find the guilty driver (usually it’s a driver)? (more…)

Existing code to simulate the Secure Attention Sequence (SAS),which most people refer to as control alt delete or ctrl-alt-del, no longer works in Windows Vista. It seems that Microsoft offers a library that exports a function called SimulateSAS(). It is not public and one is supposed to request it by sending a mail to Mails to this address remain unanswered though.

I researched how other people (including Microsoft) have solved this task and was unhappy with the results: some solutions work only with (or without) UAC, most solutions work only for the current or console Terminal Server sessions or need a kernel mode driver.

So I decided to create my own Saslib with the following goals:

  • Should work both with and without User Account Control (UAC)
  • Should support current, console and any Terminal Server session
  • Does not need a driver
  • The calling application does not need to be signed or have a special manifest
  • Support multiple programming languages

I have succeeded and thus SasLibEx was born: not only can it successfully simulate the SAS sequence it can do this for any/all Terminal Server sessions. It can also lock the workstation (again for all sessions) and switch between the normal desktop and the secure desktop (the desktop that UAC runs on). SasLibEx was successfully tested both with and without User Account Control (UAC).

In the future I will place SasLibEx on it’s own website. Meanwhile you can contact me if you are interested in it at the following mail address: mail

Please note that I have spend lots of time into this project and therefore I cannot give it away for free

Update: I have added new features to SasLibEx, see here: