RES IT Store Web Portal Setup

We’ve had some confusion both internally and externally with some customers with the installation of the RES IT Store Web Portal. During the installation you will be prompted as to how you would like the IIS website to be configured:

image

This dialog is a little bit unclear as to what it is actually asking you. If you follow these simple guidelines, I’m sure you’ll be a whole lot clearer as to what is going on:

  • The RES IT Store Web Portal setup will create a new website – no ifs, buts or maybes.
    • It will not install to the default IIS website.
  • If you select the “Yes” option, the new website will be bound to port TCP port 80:
    • The existing default IIS website will also be bound to port 80 and therefore only one will start.
    • You will need to manually change the IIS default website port bindings.
  • If you select the “No” option, the new website can be bound to a specific TCP port:
    • Be careful as it will default to TCP port 80 but you can manually alter it.
    • The wizard will bind the Hostname specified to the new website as an IIS Host Header Name.

Our recommendation is to always select “No”, leave the default port binding and configure the host header value with your load-balanced fully qualified DNS alias, i.e. itstore.virtualengine.co.uk.

Easy!

RES Workspace Manager Training Dates

Virtual Engine are pleased to announce that we’re running official RES Workspace Manager 2012 training courses in July 2013, in London. The following courses are available:

  • 3 day RES Workspace Manager 2012 Bronze RWMBC-510 course (details) between July 15 – 17 2013
  • 4 day RES Workspace Manager 2012 Silver/Gold RWMBC-510, 520 and 530 courses (details) from 15 – 18 July 2013.

If you would like to attend either of these training courses or require pricing information then please get in contact. Places are allocated on a first-come, first-served basis!

RES Workspace Manager 2012 Integration with Configuration Manager 2012 SP1 (SCCM)

This blog contains the ramblings of a man who has just installed System Center Configuration Manager 2012 SP1 in our RES Demo Showcase, to show how the integration works with RES Workspace Manager 2012.

The first thing I’d like to point out is why anyone would prefer to use Configuration Manager over RES Automation Manager is beyond me, but that’s probably left for another blog post. One thing I will say is that “simplicity” is not something I’d ever use to describe Configuration Manager! Enough of the drivel; lets get on with the real reason for this post.

Configuration Manager is used by many customers as a software delivery tool to deploy and install applications across their organisation. These applications can be targeted at devices or users and installed when required, i.e. when the user requests them or in a mandatory fashion; say when a new version of Microsoft Office is rolled out. Now this is all fine and dandy but there is no context awareness behind these deployment mechanisms. By context I mean Who they are, What type of device they are using, Where they are located and When they initiated the installation. Configuration Manager does now try and address this short coming by introducing the new “Applications” feature and “Rules”, but its limited in what it can do.

Those of you reading this blog post will hopefully already understand that RES Workspace Manager has been built around this ethos from before the dinosaurs (not quite, but you get my point). With that in mind you’d be correct in asking, “wouldn’t it be a great idea if RES Workspace Manager could integrate with Configuration Manager?” This would bring context awareness to application installs as well as delivering these applications “Just-In-Time,” i.e. when the user attempts to launch an application shortcut (if the application wasn’t already present). Well you might have guessed it by now, you can, and I’m going to show you how and what kind of things to look out for. I’m assuming you already know how to install and configure Configuration Manager (and its running ever so sweetly on your site servers consuming resources like there going out of fashion) so I’m not going to cover that bit!!

Configuration Manager “Applications”

One important point I’d like to mention here is that Workspace Manager does not yet support the new “Applications” feature in Configuration Manager 2012. When I say “support” I mean it will not work at all in Workspace Manager 2012 SR2. Whether that’s something RES will add at a later  date I’m not entirely sure, but for the sake of this blog it doesn’t. That means you have to continue to create and use the old style “Packages” and “Programs” that everyone knew and loved in previous versions of Configuration Manager.

Configuration Manager “Advertisements”

Another important point that might be worth mentioning at this time, from my testing, it doesn’t seem you actually have to create the “Deployment” (aka “Advertisement” in older versions) for the Programs that will be integrated with RES Workspace Manager. From the testing I’ve been doing, what actually seems to happen is RES Workspace Manager creates a temporary collection and advertisement/deployment on the fly, and deletes these once the application has been deployed and installed. The collection is named after the device where you initiated the installation from and if you’re quick enough you can see these objects being created in Configuration Manager console.

Configuration Manager “Administrative User”

You need to supply RES Workspace Manager, with a user that’s been defined in Configuration Manage and has sufficient privileges to carry out certain tasks; namely manage collections and create deployments. Configuration Manager 2012 has various security roles predefined but from my testing the minimum role that can be used is the “Application Administrator”. So I’d create a new user in Active Directory, could be a service account, add them as an administrative user in Configuration Manager i.e. RESWM and assign them that role – if you not bothered about security, you can grant them the “Full Administrator” role Surprised smile.

The first thing we need to do is enable the integration in RES Workspace Manager; which is relatively straight forward and is split into two phases.

Phase 1

  1. Start the RES Workspace Manager console, under the Setup menu select Microsoft System Center…
  2. Select the check box Enable Microsoft System Center ConfigMgr Integration.
  3. You will need to enter the the Configuration Manager server that has the Management Point role installed, i.e. Primary Site server and check the Autodetect management server on client. This can be useful if you have a large Configuration Manager implementation and multiple Site Servers etc.
  4. The credentials you supply will need to have sufficient privileges to the Configuration Manager environment – as I’ve pointed out previously.
  5. When you click the Test Now… button for the first time, the version will automatically be enumerated for you and set accordingly.Enable Configuration Manager Integration
  6. The next step in the process is to click the Test Now… button again. If successful you should be presented with a list of your defined Packages. As you can see from the screen shot below my list is not particularly exhaustive. This test also gives you the first indication that RES Workspace Management does not work with the new Applications feature as they aren’t listed.Test Configuration Manager Settings
  7. At this stage remember to click the Save Settings from the menu bar to commit your changes.

This concludes the first phase. We’re now in a position to use these Packages to install applications with the RES Workspace Manager integration; either at a global level or behind the configuration of an application – which is where I’d see it as most useful and what I’ve described below.

Phase 2

  1. Within the RES Workspace Manager console edit the managed application where you’re going to add the Configuration Manager integration; in my example I’m going to use WinRAR.
  2. From the Configuration tab add the Microsoft ConfigMgr action (shown below).Select Microsoft ConfigMgr Action
  3. You’ll see the Edit software distribution dialogue displayed.
  4. The first thing you probably want to do here is select the Program you’re going to deploy/install when this application is launched. You do this by clicking (…) in the Program field. What’s actually occurring here is: the Management Server that was defined in Phase 1 is being contacted to retrieve a list of Packages and Programs. The result should look something like this; hopefully your list contains more than my paltry set of programs.Select ConfigMgr Program
  5. Simply select the program you want to deploy and click OK. In my example I’m using WinRAR Archiver.
  6. You’ll need to fill in the rest of the fields as shown below (obviously changing WinRAR to something that matches you application!).New software distribution
  7. I probably need to explain some of my choices I’ve made here to avoid any confusion.
      • The Package name is automatically completed upon selecting the program;
      • I’ve checked the Skip if application executable was found ‘cos why would you want to try and deploy/install an application again if its already present? Makes sense I hope?!;
      • Now I’ve left the The Run Once as No ; using this setting in conjunction with the previous setting means should anyone uninstall the application is will instruct Configuration Manager to redeploy and reinstall the application again (because the executable will be missing);
      • For the Custom status message I’d certainly recommend mentioning its being installed by Configuration Manager. It’s not like we live in a “no blame culture” and someone would never, ever blame RES Workspace Manager if the installation was taking a long time, is it!? Anyway, there’s nothing more a user likes than a bit of feedback as to what’s happening.
      • Wait for task to finish before continuing is pretty obvious along with Run before other actions; you can’t launch the application if its not installed right?
  8. Finally make sure the Hide application if executable was not found is unchecked in the application Settings tab (shown below). Obviously the user needs to see the shortcut to actually invoke the application deployment and installation. Application Settings

Now that you have finished with the RES Workspace Manager setup give yourself a good pat on the back and keep your fingers crossed that Configuration Manager continues to play ball! In theory we’re now in a good position to login and launch our application from the shortcut, RES Workspace Manager will determine if the application executable is present and if not it will instruct the Configuration Manager client (CcmExec.exe) to contact the Management Point too deploy and install the application from the Distribution Point. When this magic occurs (as you can see from the screen shot) you’re presented with a very informative message box from RES Workspace Manager, just above the system tray, letting you know that something is happening.

System Tray Message

At this point you’re at the mercy of Configuration Manager which can potentially take a while to deploy and install the application. It goes without saying that should this part be successful, the application will launch. You might have noticed from the screenshot above that there weren’t any Configuration Manager notifications and that’s simply because I supressed the notifications. Within the program definition in Configuration Manager (as you can see below) simply check the Suppress program notifications checkbox. In your environment you might want these turned on, I just don’t like too many system tray notifications popping out at the users.

Program Properties

There are a couple of places in RES Workspace Manager that you can look to see when a Configuration Manager task was invoked and the outcome for troubleshooting purposes or just because you’re nosey! The first place too take a look at is the Log tab under the Setup menu select Microsoft System Center…

Logs

This gives a good overview of each task invoked. You can also use the Diagnostics > Event Logs to view the outcome per user session as seen here:

Event Logs

Now if for any reason the installation fails you’ll probably need to go and have a chat with the Configuration Manager “guru” (maybe that lucky person is you?) and look at the myriad of Configuration Manager logs to see why it failed.

Some Takeaways (Indian Please :D)

  1. Using RES Workspace Manager with Configuration Manager allows you to bring Context Awareness to your application deployments and install them Just-in-Time;
  2. Have a friendly word with your Configuration Manager “guru” before you begin, so he understands why you’re doing this and how it can benefit them too;
  3. You’ll need the Configuration Manager server details that have the Management Point role installed;
  4. Make sure you have the details or created an account that has correct Security Role defined in Configuration Manager;
  5. RES Workspace Manager 2012 SR2 can’t presently integrate with the new Applications feature in Configuration Manager 2012;
  6. You don’t need to create Deployments/Advertisements or Collections beforehand in Configuration Manager for the integration to work with RES Workspace Manager;

I’ve tried to be as factually correct as possible but I confess that I’m no Configuration Manager “guru.” Please do leave a comment if I’ve got something horribly wrong and I hope you’ve found this blog post useful.

Enjoy!!

Nathan

Virtual Engine Receives RES Recognition

Virtual Engine are honoured to have been highlighted by RES Software in their 5 year milestone of the RES Software Valued Professional programme. Having two RSVP members is in itself a privilege, but to have received recognition for our efforts with the Virtual Engine Toolkit is also important to us.

Needless to say we are already working on the next major version of VET which incorporates a complete overhaul of the user interface. Thank you to Bob de K and the RES team for publically recognising the time and effort we contribute to the community.

The Anywhere Home Drive

I thought I’d put pen to paper to discuss a topic that was raised during the most recent UK Citrix User Group meeting. Discussions in the afternoon session were focused around user data, mobility and possibly the end of the user home drive as we know it. There has been lots of talk about how insecure DropBox is and the desire for businesses to implement an on premise solution. Obviously there are other commercial and open source services/products in market today that were not covered, e.g. Box, Google Drive and SkyDrive etc.

Ultimately we had AppSense, Citrix and RES in the same room demonstrating their respective products; DataNow, ShareFile and HyperDrive.

The ways in which these products are implemented varies significantly and they’re seemingly targeted at different markets or are trying to solve slightly different problems (some of which I’m not convinced really exist). For example, AppSense take a data aggregation perspective whereas RES are outwardly targeting DropBox with their current release.

From a UEM perspective there is obviously the desire for both AppSense and RES that the users’ personalisation is moved to a solution that also enables ubiquitous access within their respective UEM solutions. Synchronisation of favourites and signatures etc. regardless of device would be a massive boon for corporate users. Microsoft are doing some of this with Windows 8 today via SkyDrive.

My feeling is that regardless of what solution is implemented the vendors need to make using their product easier to use than “free” consumer products. I’m sure the majority of corporate users will happily utilise an alternative solution if it’s as easy or easier to use then their existing tool of choice. Key to this process is ensuring that a user does not have to move their data to a new solution and that their existing workflows continue to work. How many linked spread sheets are entrenched within businesses today?

Out of the solutions demonstrated the other week AppSense appear to have a head start. DataNow will currently (only) make a user’s existing home drive/directory available via the DataNow client on iOS and Android devices. This will be extended to other SMB shares and SharePoint in the future with the DataNow Enterprise product. You never know, it might actually make using SharePoint bearable!

Contrary to the DataNow product, the HyperDrive appliance is targeted directly at replacing DropBox with an on premise alternative. The caveat here is that data still needs to be moved from its existing location to a secured area managed by HyperDrive. Now don’t get me wrong; DropBox users do this already so this should not be huge undertaking. However, moving and duplicating data is not a long term solution.

Citrix announced at Synergy in Barcelona that the “Control Plane” that federates authentication and management for it’s ShareFile product is now available within the EU (Germany). For European organisations that was always going to be necessary requirement. One can only assume that this will be extended to further geographies in the near future?

The introduction of Storage Zones for ShareFile enabling on-premise data storage is something of a (welcome) surprise considering the relationship Citrix have with both AppSense and RES. OK; I’m not really surprised but it has happened quicker than I thought it would. Unfortunately for Citrix, until the Control Plane is able to run on-site it is likely there will still be some reluctance from enterprises as you’re still reliant on Citrix data centres for access to your data.

In summary all three of the products still need some development before they’re adopted by enterprises en masse, if at all.

  • The DataNow Enterprise product isn’t currently shipping (the Essentials version is) so it’s hard to recommend but looks promising.
  • HyperDrive is functional although a “little rough around the edges” but this should be expected for a v1 product. As a direct replacement for DropBox it is workable.
  • ShareFile has some fantastic opportunities with the Citrix Receiver integration but you’ll need both ShareFile Enterprise and CloudGateway Enterprise to the get the most out it. Would a smaller “point” solution be cheaper and easier to implement?

So who can deliver first…?

RES Workspace Manager – JETCMD Example Use Case

We recently announced the release of our new free Job Execution Tool (JET). If you haven’t had chance to read the announcement yet you can find it here. In this post, I’m going to detail one of the various use cases for JETCMD. This should give you an idea why we developed it in the first place and how powerful it can be.

My use case is going to focus around using JETCMD in conjunction with RES Workspace Manager to invoke a RES Automation Manager job at logoff time. The purposes of this job is to delete the locally cached user’s profile from the machine which the user has just logged off from. With the constant debate raging on whether we should be using mandatory or local (temporary) profiles, we now have a way of deleting local profiles at log off without fudging HKLM settings in the registry (perhaps another blog post?!). Regardless of how or why we should or shouldn’t be doing this, your immediate reaction at this point might be that RES Workspace Manager already integrates with RES Automation Manager! You would be correct, however we have the following restrictions:

  1. The integration only allows job scheduling at user login or when launching a managed application; not at logoff ;
  2. Run Books can’t be invoked – only Projects and Modules;
  3. You cannot dynamically pass job parameters at runtime, i.e. they are embedded into the Automation Task in RES Workspace Manager.

So how can JETCMD help us? As you’ve probably guessed JETCMD will allow us to both invoke the appropriate RES Automation Manager job at log off and pass the required parameter(s) to delete the relevant profile. The following are the outline steps involved to accomplish this task:

  1. Create a Module, Project or Run Book in the RES Automation Manager console that will be invoked by JETCMD (making note of the job GUID);
  2. As JETCMD is part of the free Virtual Engine Toolkit (VET) you’ll need to download from here and install it;
  3. Add the JETCMD.exe as a “Custom Resource” within RES Workspace Manager. Note: JETCMD.EXE can found in the “%ProgramFiles%\Virtual Engine\JETCMD” or “%ProgramFiles(x86)%\Virtual Engine\JETCMD”, depending whether it was installed on a 32 or 64-bit system;
  4. Optionally create “Environment Variables” within RES Workspace Manager, which will hold various command line parameters to pass to JETCMD such as TYPE, JOBGUID, USER and PASSWORD. Using this method makes the task you create in RES Workspace Manager extremely powerful and flexible;
  5. Create the “Execute Command” in RES Workspace Manager that runs JETCMD at logoff. Ultimately this will invoke and schedule the target RES Automation Manager job.

Now lets cover each step in slightly more detail:

STEP 1

I’m not going to cover how you create a Module, Project or Run Book in the RES Automation Manager console in detail. Rather, I am assuming that you have already created one that you would like to be invoked by JETCMD (and have noted down the relevant job GUID!). For the sake of my use case, I’m using a great tool called DelProf2 from Helge Klein (@HelgeKlein) within a RES Automation Manager module. I’ve used the following “Command (Execute)” task.

image

What you see above might look a little cryptic so I’ll briefly explain:

  1. The $Workspace{E2EBA027-FA6B-42AB-9358-C7656E99822E} reference is just a resource link that points to the DELPROF2.EXE that has been added as a resource within the RES Automation Manager console. When the RES Automation Manager task executes it will download the executable and run it;
  2. The /U switch will be passed to DELPROF2 and signifies that we would like it to run unattended, i.e. with no confirmation;
  3. To only delete a particular user profile, the /id switch is used to include only profile directories whose name matches this pattern;
  4. Used in conjunction with the /id switch, the $[UserName] is the RES Automation Manager parameter used to hold the user’s name of the profile I wish to delete (refer to JET_PARAMNAME in Step 5 for more details).

STEP 2

Nothing really to explain here other than download and install VET on your machine – simples! Smile.

STEP 3

Before we carry on with this step lets quickly describe what a “Custom Resource” is. This is an abstract from the RES Workspace Manager Administration Guide:

image

To import JETCMD as a custom resource, just follow these steps:

  1. In the RES Workspace Manager console, click on “Administration” in the navigation pane;
  2. Click on the “Custom Resources” node in the same left hand pane;
  3. Right click in the right hand pane, select “New” and browse to the location of the JETCMD.exe;
  4. The JETCMD.exe should now appear as a “Custom Resource” in the RES Workspace Manager console as shown below: image

STEP 4

Now while I did say this step was optional, I would highly recommend using “Environment Variables” to hold the parameters that JETCMD will use. This allows more visibility of these values and the potential to change them dynamically depending in the ACL’s used behind the “Environment Variables“. For example, utilising environment variables will allow you change the target RES Automation Manager job based on location or security group without having to create additional tasks!

  1. In the RES Workspace Manager console, click on “Composition” in the navigation pane;
  2. Click on the “Environment Variables” node in the same left hand pane;
  3. Right click in the right hand pane, select “New”;image
  4. Give the “Environment Variable” a suitable Name, Administrative Note and Value and change the ACLs etc. accordingly. In my instance I’ll accept the defaults;image
  5. I’m going to create 6 “Environment Variables” to make managing my “Execute Command” as simple and flexible as possible, as you can see below;image
  • JET_TYPE = RES Automation Job type to invoke i.e. Module, Project or RunBook;
  • JET_JOBGUID = The Module, Project or Run Book GUID that can be found in RES Automation Manager console;
  • JET_RESAMUSER = The RES Automation Manager console user to authenticate as;
  • JET_RESAMPWD = The password for the user as specified in JET_RESAMUSER;
  • JET_PARAMNAME = Parameter name(s) that’s specified with the RES Automation Manager job;
  • JET_PARAMVALUE = Parameter value(s) that’s used in-conjunction with JET_PARAMNAME (Refer to $[UserName] in Step 1).

STEP 5

The last step involves creating an “Execute Command” in the RES Workspace Manager console that will be executed upon logoff time.

  1. In the RES Workspace Manager console, click on “Composition” from the left hand pane;
  2. Click on the “Execute Command” node in the same left hand pane;
  3. Right click in the right hand pane, select “New”;image
  4. Adjust the “Execute Command” options so “Run Hidden” and “Run Task At Logoff” are selected as shown below:image
  5. The next most import factor here is obviously the command line specified. As I’m using “Environment Variables” my command line looks like this. [code]%RESCUSTOMRESOURCES%\JETCMD.EXE /type:%JET_TYPE% /jobguid:%JET_JOBGUID% /agent:LOCAL /user:%JET_RESAMUSER% /password:%JET_RESAMPWD% /encrypted /paramname:%JET_PARAMNAME% /paramvalue:%JET_PARAMVALUE%[/code]You’ll notice I’m also using the %RESCUSTOMRESOURCES%Environment variable” – which is used internally by RES Workspace Manager to resolve the location of the “Custom Resources” folder.

And there you have it, a common use case for JETCMD with RES Workspace Manager. I hope by now you can see how flexible and powerful JETCMD can be Smile.

We’d love to hear you comments!!.

Nathan.

RES Automation Manager Quick Tip – appending to existing registry values

I was recently asked (by one of our existing RES Automation Manager customers) how they go about adding to an existing registry value using RES Automation Manager. Well the answer is simple really – by using the @REGISTRY function. I’ll detail how you go about using this function in this blog post.

  1. Firstly start the RES Automation Manager console;
  2. Select “Modules” from the left hand pane, Right Click and select “Add”;
  3. Give the module a suitable name then select the “Tasks” Tab, Right Click and select “Add”.
  4. Select the task “Registry Setting (Apply,Query)” and select “Apply”.
  5. You will now be presented with a dialogue where you can select various methods to add the required registry value you wish to append too. In my example I’m going to APPEND a new string to the START of the existing USERINIT registry value. Select “HKEY_LOCAL_MACHINE” from the left hand pane, Right Click and select “Open HKEY_LOCAL_MACHINE…”.
  6. Browse to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” and select “Userinit”, this will add this value to the current dialog box. image
  7. Now we are going to add the @REGISTRY function to the Userinit value by Right Clicking on “Userinit” in the right hand pane and selecting “Modify”.
  8. In the “Value Data” field, Right Click and select “Insert Functions” >; “@[REGISTRY(;)]”.image
  9. RES Automation Manager now provides you with a nice GUI that allows you to browse to the registry value you wish to retrieve, when the job is executed on the agent. In my case this is going to be the registry value I selected in Step 6, as this is the value I’d like to append too.
  10. Now I simply add the new value that I wish to append, before the @REGISTRY function or after, depending where I’d like my value to appear – in my case this value is “MyNewValuetoAppend” [code]MyNewValuetoAppend,@[REGISTRY(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon)][/code]
  11. The resulted registry value now looks like this, once the job has been scheduled and completed [code]MyNewValuetoAppend,C:\Windows\system32\userinit.exe[/code]

That’s all there is to it! Smile

Nathan

Introducing JETCMD

Complimentary to recently announced Job Execution Tool (JET) there is also a command line version. The purpose of this is tool is slightly different to the GUI version. Whilst the GUI version is all about passing parameters to modules, projects or run books chosen by the end user at run time, JETCMD is all about automation! Note: Just like JET, the RES Automation Manager (WMC.EXE) console must be installed to schedule jobs with JETCMD.

image

So how is JETCMD.EXE different from the standard WMC.EXE?! There are three big differences:

  1. To schedule a job via WMC.EXE you have to specify the target RES Automation Manager agent or team GUID. If you just want to schedule a job on the local agent there is no way to specify this. JETCMD allows you to simply specify the local agent without knowing its GUID or name in advance.
  2. There is no way to pass an encrypted password to WMC.EXE. JETCMD allows you to pass an encrypted password so it’s relatively safe to include in scripts.
  3. Parameters cannot be passed to a RES Automation Manager dispatcher without the use of a .CSV file. Therefore, it’s difficult to pass parameter values via the command line.

So why and where would you use it?! As always, we only develop additions to the Virtual Engine Toolkit when we or our customers need them! We primarily use JETCMD during Windows 7 (soon to be Windows 8) builds but I’m sure there are many other use cases…

As an example, during Windows 7 deployment we might wish to automatically schedule a RES Automation Manager module, project or run book post setup, e.g. in SetupComplete.cmd. Unfortunately, we have no way of specifying the job to run on the local agent via WMC.EXE as we don’t know its GUID – DOH! To get around this restriction we can just use JETCMD as a wrapper for WMC.

Another great example is when you’d like to schedule a RES Automation Manager module, project or run book as a logoff task in RES Workspace Manager i.e. delete any cached local profiles. The RES Automation Manager integration in RES Workspace Manager only allows for tasks to be scheduled at login or when launching managed applications – using JETCMD as an Execute Command at logoff can get around this drawback.

Here are some examples. To schedule a run book on the local agent using pass-through authentication we can use something like this (obviously the run book needs to exist!):

[code]JETCMD.EXE /type:runbook /jobguid:{5E5906A7-00D5-49E4-909B-CEB1810BF37} /agent:local[/code]

Or if you want/need to use RES Automation Manager authentication we could specify this instead:

[code]JETCMD.EXE /type:runbook /jobguid:{5E5906A7-00D5-49E4-909B-CEB1810BF37} /agent:local /username:RESAMUser /password:RESAMPassword[/code]

If you want to pass parameters to the same run book the command line would look something like this:

[code]JETCMD.EXE /type:runbook /jobguid:{5E5906A7-00D5-49E4-909B-CEB1810BF37} /agent:local /username:RESAMUser /password:RESAMPassword /paramname:”””MessageTitle”””,”””MessageBody””” /paramvalue:”””Job Successful”””,”””The target job has finished”””[/code]

You may ask why we don’t utilise team membership for this? The simple answer is if the RES Automation Manager agent is installed within an image (or how you identify RES AM agents), automatically invoking a job can be problematic. The detailed answer is that team membership rules won’t necessarily be triggered if the agent is not seen as a “new” agent. A classic example of this is when a machine is re-imaged and it’s already a member of the target team. Humans are rubbish at having to remember to remove a RES Automation Manager agent from a team before re-imaging (as well as removing a computer’s AD account!).

As we’re security conscious we also don’t like specifying the RES Automation Manager console username password in clear text if we can avoid it. Therefore, we allow you to obfuscate the password so users cannot manually open the RES Automation Manager console with credentials embedded in any scripts. Encoding the password is optional so the choice is entirely down to you.

If you do wish to obfuscate the password then you’ll need to use JETPWD.EXE (yet another tool!). This tool is used to generate obfuscated passwords for both JET and JETCMD.

These new tools will be included in the upcoming Virtual Engine Toolkit v1.2 release. Until then, if you’d like a copy please complete the Contact Us form or email me and we’ll happily send you a copy!

Introducing the Job Execution Tool (JET)

We’re pleased to announce that we have beta copies of the new RES Automation Manager Job Execution Tool (JET) and Job Execution Tool Command Line (JETCMD) available. The premise of these two new utilities is to overcome a particular shortcoming in the RES Automation Manager product suite; unattended job scheduling. These new tools overcome the following problems:

  1. When scheduling a job unattended you have to specify the target agent that you wish a job to run on as there is no way to flag the “local” machine.
  2. When integrating RES Automation Manager jobs with RES Workspace Manager you have to supply parameter values up front. There is no way to prompt the user for parameter values from RES Workspace Manager.
  3. When parameter values are required at run-time, jobs have to be scheduled via the RES Automation Manager GUI.

JET

The main JET utility is a graphical interface, dynamically built around an XML Jet-256pxconfiguration file. Its initial intention was to be able to schedule RES Automation Manager jobs via managed RES Workspace Manager managed shortcuts with the ability to prompt for parameter values. Many customers have asked whether we can provide access to Run Books without granting access to the RES Automation Manager console. Unfortunately for us, there is no way to prompt for RES Automation Manager parameters when integrated with RES Workspace Manager. We can integrate parameters, but they’re  a one-way operation and set in stone, i.e. they cannot be changed on the fly only configured up front.

JET overcomes this issue and permits execution of either Modules, Projects or Run Books on the local agent without having to know the local agent’s name, GUID or launch the RES Automation Manager console. If you don’t want the target job to run on the local agent, then it can all be predefined in the target Run Book.

Here are a couple of scenarios where we have used JET to-date:

  1. Invoking AD object creation tasks (users etc) via managed desktop shortcut without requiring access to the RES Automation Manager console. This provides a simple to access self-service menu and reduces training as Helpdesk staff having to understand another console.
  2. During imaging processes to allow the technicians to select the target department/application set for the end user. Otherwise, this would require the technician having to manually schedule a RES Automation Manager project on the target device. What is its name etc.

The graphical interface is fully customisable (within reason) so you can change all the wording and even the main graphic if required. This helps end-user adoption as it can be branded with the corporate imaging etc. Here’s an example we’ve used (customer artwork removed!) at the end of the imaging process. After deployment, the relevant departmental applications can be installed by selecting the department:

image

These new tools will be included in the upcoming Virtual Engine Toolkit v1.2 release. Until then, if you’d like a copy please complete the Contact Us form or email me and we’ll happily send you a copy!

Move Machine Based Context Menus to Per User (Part II)

In Part I of this two part blog post, I described how you go about denying access to the machine based content menus, this blog post will describe how you now can target these same context menus to specific users or groups i.e. moving them to per user based.

Before we go on another further, you’ll need to retrieve those .REG files we modified and saved in Part I – you know the ones where we replaced HKEY_CLASSES_ROOT with HKEY_CURRENT_USER\Software\Classes.

So as you might have guessed to target the context menus are specific users or groups we simply need to inject this .REG file or its values for those users or groups. This can be achieved by various means or methods such as:

  1. Login Scripts (BAT, VBS, PowerShell);
  2. Group Policy custom ADM or ADMX’s;
  3. Group Policy Preferences;
  4. User Environment Manager (RES Workspace Manager or AppSense Environment Manager to name a couple).

I’m not going to detail how you would go about doing this for options 1 – 3 as there are numerous articles on the internet to aid with that process. What I will say is that you get a lot more flexibility using option 4 with regards to who, what and when these context menus are applied for users or groups. In most of my environments we tend to use RES Workspace Manager, so I’m going to cover what needs to be done to target the context menus at users and groups.

As a simple overview this is how I configured RES Workspace Manager to achieve this:

  1. Create a Location and Device (PowerZone), that determines if the application is installed that these context menus are associated with;
  2. Create a Global User Registry setting that adds the required registry keys and values by importing modified .REG, and changing the ACL to target the specific users or groups and the PowerZone created in step 1;
  3. Create a Global User Registry settings that removes the registry keys and values set in step 2, the ACL can be set to “All Users” but more importantly the order of execution for this setting must be HIGHER than that of step 2.

Step 1

To create this PowerZone use the “File or folder exists” rule for RES Workspace Manager 2012 or “File version” rule for RES Workspace Manager 2011 and below, that will check for the installation folder or file in the directory. My example here is using RES Workspace Manager 2012 to determine if WinRAR is installed.

image

Step 2

This registry setting will only get applied when both the user is part of the ACL and where the application is installed on the computer they are using; why apply these settings if the application isn’t installed!. These settings are applied at a Global level to ensure they are there, should the application be required to be started from the context menu and not just when the managed application is started.

image

image

Step 3

This step is import because should the user have access revoked to the application we need to make sure that context menu is removed from the users local cached profile. Make sure the order of execution for this setting is HIGHER than that of step 2, otherwise it will remove these settings after step 2 has applied, therefore removing the context menu for users or groups that have been granted access.

image

That’s all there is too it – any questions just post a comment.

Enjoy!

Nathan