Tag: Workspace Manager

Posted on

Active Setup – Stubpath Command Lines

I spend a lot time working with mandatory profiles and RES Workspace Manager, especially when using Citrix XenApp or Remote Desktop Services. One of the key elements to creating a slick mandatory profile is to ensure the Active Setup keys are added to the mandatory profile or you will forever see the annoying “Personaliz(s)ing Settings” message. We have covered how to do this in a previous post here by using our great free tool the Virtual Engine Profile Update Utility (PuU).

image

While you can merge these Active Setup Keys to stop the message box appearing; this isn’t actually where the story ends. Behind some Active Setup Components there is a command line (Stubpath) that needs to run once per user i.e. for new users logging on for the first time (for a great explanation of Active Setup, check out Helge Klein’s write up here). The drawback of just merging these keys will be that the command line (Stubpath) will not run for any user. This could have undesirable results as mentioned in the RES Blog post here and Andrew Morgan’s Blog post here.

So the purpose of this blog is really for informational purposes above anything else and to detail the most common Active Setup components containing Stubpaths, by OS. Should you need this information, it’s here for reference. For example, if you disable the ActiveSetup option within RES Workspace Manager or merge the ActiveSetup keys using the Profile Update Utility (PuU), you may have to reinstate a particular action if it causes issues (like Andy’s issue). The command line (Stubpath) is highlighted in yellow and can be used to remedy the situation if necessary:

UPDATE : Windows 8 Consumer Preview (Subject to Change) – Yes ActiveSetup is still here!

{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Themes Setup
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Microsoft Windows (MailNews)
"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

{6BF52A52-394A-11d3-B153-00C04F79FAA6}
Microsoft Windows Media Player
%SystemRoot%\system32\unregmp2.exe /FirstLogon

{89820200-ECBD-11cf-8B85-00AA005B4340}
Windows Desktop Update
regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll

{89820200-ECBD-11cf-8B85-00AA005B4383}
Web Platform Customizations
C:\Windows\System32\ie4uinit.exe -BaseSettings

{89B4C1CD-B018-4511-B0A1-5476DBF70820}
DOTNETFRAMEWORKS
C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Microsoft Windows Media Player
%SystemRoot%\system32\unregmp2.exe /ShowWMP

>{26923b43-4d38-484f-9b9e-de460746276c}
Internet Explorer
C:\Windows\System32\ie4uinit.exe -UserIconConfig

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Browser Customizations
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

>{ABB824FE-FBBE-464D-9AAA-FAFED848BF41}
IE History
C:\Windows\System32\ie4uinit.exe -UpgradeOldHistoryEntries

Windows XP

{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Themes Setup
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
NetMeeting 3.01
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

{5945c046-1e7d-11d1-bc44-00c04fd912be}
Windows Messenger 4.7
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

{6BF52A52-394A-11d3-B153-00C04F79FAA6}
Microsoft Windows Media Player
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

{7790769C-0471-11d2-AF11-00C04FA35D02}
Address Book 6
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

{89820200-ECBD-11cf-8B85-00AA005B4340}
Windows Desktop Update
regsvr32.exe /s /n /i:U shell32.dll

{89820200-ECBD-11cf-8B85-00AA005B4383}
Internet Explorer
C:\Windows\System32\ie4uinit.exe -BaseSettings

{89B4C1CD-B018-4511-B0A1-5476DBF70820}
DOTNETFRAMEWORKS
C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
Internet Explorer Version Update
C:\WINDOWS\system32\ieudinit.exe

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Microsoft Windows Media Player
C:\WINDOWS\inf\unregmp2.exe /ShowWMP

>{26923b43-4d38-484f-9b9e-de460746276c}
Internet Explorer
C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Browser Customizations
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
Browser Customizations
RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Outlook Express
%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Windows 7 32bit

{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Themes Setup
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Microsoft Windows (MailNews)
"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

{6BF52A52-394A-11d3-B153-00C04F79FAA6}
Microsoft Windows Media Player
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

{89820200-ECBD-11cf-8B85-00AA005B4340}
Windows Desktop Update
regsvr32.exe /s /n /i:U shell32.dll

{89820200-ECBD-11cf-8B85-00AA005B4383}
Web Platform Customizations
C:\Windows\System32\ie4uinit.exe -BaseSettings

{89B4C1CD-B018-4511-B0A1-5476DBF70820}
DOTNETFRAMEWORKS
C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Microsoft Windows Media Player
%SystemRoot%\system32\unregmp2.exe /ShowWMP

>{26923b43-4d38-484f-9b9e-de460746276c}
Internet Explorer
C:\Windows\System32\ie4uinit.exe -UserIconConfig

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Browser Customizations
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Windows 2008 R2 SP1 with Desktop Experience Installed

{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Themes Setup
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Microsoft Windows (MailNews)
"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
"%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

{6BF52A52-394A-11d3-B153-00C04F79FAA6}
Microsoft Windows Media Player
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

{89820200-ECBD-11cf-8B85-00AA005B4340}
Windows Desktop Update
regsvr32.exe /s /n /i:U shell32.dll

{89820200-ECBD-11cf-8B85-00AA005B4383}
Web Platform Customizations
C:\Windows\System32\ie4uinit.exe -BaseSettings
C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

{89B4C1CD-B018-4511-B0A1-5476DBF70820}
DOTNETFRAMEWORKS
C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}
Applying Enhanced Security Configuration (Admin)
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iesetup.dll",IEHardenAdmin

{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}
Applying Enhanced Security Configuration (User)
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iesetup.dll",IEHardenUser

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Microsoft Windows Media Player
%SystemRoot%\system32\unregmp2.exe /ShowWMP

>{26923b43-4d38-484f-9b9e-de460746276c}
Internet Explorer
C:\Windows\System32\ie4uinit.exe -UserIconConfig
C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Browser Customizations
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Should anyone wish to expand on what each Active Setup Component does please feel free to leave a comment I’ll update the blog accordingly; some are more obvious than others Winking smile.

Enjoy

Nathan

Posted on

RES Workspace Manager and 32/64 File Paths

With deployments of x64 Windows Operating Systems (Windows 2008 R2 RDS and Windows 7) on the significant increase, you will discover over time that you need to support the same applications in the RES Workspace Manager management console but with two differing file paths. For example, Adobe Reader 9 on a 32-bit OS will typically be located in the ‘C:\Program Files\Adobe\Reader 9.0’ directory (or ‘%ProgramFiles%\Adobe\Reader 9.0’). The same application installed on a 64-bit OS will generally reside in the ‘C:\Program Files (x86)\Adobe\Reader 9.0’ directory (or ‘%ProgamFiles(x86)\Adobe\Reader 9.0’). On x64 system the ‘C:\Program Files\’ (or %ProgramFiles%) is used for native 64-bit applications. Now, if only Mickeysoft had chosen an alternative path the native 64-bit apps life would have been a whole lot easier…

Historically when deploying RES Workspace Manager on x64 Operating Systems you would have to update all your applications within the management console to reference the ‘%ProgramFiles(x86)%’ location as the installation paths are different. RES Workspace Manager attempts to fix problem this with on-the-fly redirection. That’s to say that it’ll automatically detect it’s running on a x64 OS and attempt to launch the executable in the %ProgramFiles(x86)% location instead of the defined %ProgramFiles% path. In turn this creates a problem for the 32-bit OSes as the ‘%ProgramFiles(x86)%’ system environment variable does not exist – DOH!

When I originally set out about writing this post, my understanding was slightly different from what I’ve ended up with. However, the findings are still valid so please continue to read. From the testing performed in preparation for this post with RES Workspace Manager 2011 SR2, it all appears to work correctly (shock/horror!). What I mean is, that not only does Workspace Manager appear to automatically redirect on 64-bit OSes, but also appears to attempt it on 32-bit OSes too.

The purpose of the “Disable folder redirection on 64-bit platforms” option (on a per application basis) stops RES Workspace Manager from redirecting entries defined with %ProgramFiles% to ‘C:\Program Files (x86)\’. Using Wordpad as an example, if you have the application entry defined as ‘%ProgramFiles%\Windows NT\Accessories\wordpad.exe’ Workspace Manager will automatically attempt to launch “C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe” by default (the 32-bit version) on a 64-bit OS.

Checking the ‘Disable folder redirection..’ check box forces Workspace Manager to launch the actual process defined in the executable path, i.e. the 64-bit version. Obviously, this example only works if both 32-bit and 64-bit versions of the application are available. If you use Microsoft PowerPoint 2007 as an example, checking the ‘Disable folder redirection..’ option will break the 32-bit application on 64-bit OSes.

Caveat #1

The on-the-fly folder redirection only works when using system environment variables, i.e. %ProgramFiles% and/or %ProgramFiles(x86)%. If you have hard coded paths such as ‘C:\Program Files\’ or ‘C:\Program Files (x86)\’ it doesn’t work. So get updating all your applications to use these variables!

As previously mentioned, RES Workspace Manager appears to redirect on 32-bit OSes too. For example, Workspace Manager will launch an application defined with the executable path as ‘%ProgramFiles(x86)%’ successfully on a 32-bit OS even though the environment variable does not exist. I was not aware of this and can only assume that it’s a recent addition. Unfortunately this is different from what we’ve seen happening in the field and hence why we earmarked the subject for a blog post! What we have seen are applications failing to appear and/or launch correctly when updated to point to ‘%ProgramFiles(x86)%’ on 32-bit Operating Systems.

Caveat #2

Once you’ve updated all your applications with environment variables it should just work. To circumnavigate this issue we put the following simple workaround in place. Note: from the above diagnosis you should no longer have to do this.

Workaround

  1. Define the %ProgramFiles(x86)% environment variable only on 32-bit machines via a Location/Device zone. Configure this environment variable to point to %ProgramFiles%. On 32-bit systems both variables will point to same location but your applications are guaranteed to work on 32-bit OSes.
  2. Ensure that you replace all file paths for managed applications with their associated environment string (I have mentioned this already haven’t I?!). If you don’t do this then you’ll need to ensure you manage the availability another way, e.g. via Workspaces or Zones.
  3. Add/configure applications in the RES Workspace Manager console on 64-bit OSes wherever possible. This will ensure that 32-bit applications always use the %ProgramFiles(x86)% variable (and not cross-platform %ProgramFiles%). If not, you need to hope that RES Workspace Manager performs it’s on-the-fly redirection magic!

Thanks, Iain

Posted on

Using Software Restriction Policies to Block Scripts

When we are implementing RES Workspace Manager POC/Pilot’s on a customer’s site, one of the first things we try and do is create an new AD organisation unit (OU) where our test PC’s or XenApp/RDS servers will be placed. One of the reasons we do this is it allows us to block any existing AD group policies (GPOs) that might impact the POC e.g. startup/shutdown/logon/logoff scripts; especially as these might be the cause of slow logins that we are trying improve using Workspace Manager.

For computer related GPO’s we use “block inheritance” on the new OU. For user related GPO’s we employ the “GPO loopback > replace” technique.

These methods work very well but something I’ve come across on customers sites, they have set the login script in the AD properties for each user and not within any GPO that you are trying to block as you can see in the screen shot below. Generally this is the “old school” method of doing this but its still out there!

image

This causes us some headaches in our POC/Pilot especially when these users are asked to start testing the POC/Pilot and the first thing that happens is they start complaining that it takes an age to login. Why? Because the script is mapping 24 network drives and 15 printers at logon!!

Therefore, we need to stop this script from running on our POC/Pilot environment. We could do this by simply removing the line from their AD properties but what happens if they still want to use the existing environment that relies on this script to map drives and printers? We need to find another way of doing it…in steps “Microsoft Software Restriction Policies”.

Using Software Restriction Policies will allow us to block these logon scripts without affecting the users ability to use the existing environment and here is how.

Firstly we need to add the Software Restriction Policy to a GPO which will allow it to apply; the easiest way to achieve this would be to add it to the new GPO we have created in the first instance that applies the computer related settings.

Using the Group Policy Management Console (GPMC) edit the GPO and expand the “Computer Configuration/Windows Settings/Security Settings/Software Restriction Policies”

image

Right click on “Software Restriction Policies” and select “New Software Restriction Policies”.

image

At which point the you will see some additional settings available.

image

Right click on “Additional Rules” and select “New Path Rule”.

image

You now need to tell the policy what path to block scripts running from. Most lightly these scripts will located in the NETLOGON share on your domain controllers (DC); the problem now being which DC will the script run from should you have more than one DC in your environment. Easy we can use the %LOGONSERVER% environment variable that is used to store the logon DC used by the user who is logging on. The Security level should obviously be set to “Disallowed”.

image

That’s about it!! Now when you logon to the POC/Pilot environment you can be sure any unwanted logon/logoff scripts will be blocked from running.

Nathan

Posted on

Migrating RES Databases to a New SQL Server

We have recently had the requirement to move the SQL databases to a new Microsoft SQL Server 2008 R2 server. This process is not complicated, but there does seem to be a lack of documentation available. At a high level we need to perform the following actions:

  1. Backup the RES Workspace Manager and Automation Manager databases on the source server;
  2. Restore the RES Workspace Manager and Automation Manager databases on the destination server;
  3. Fix the SQL permissions, i.e. recreate the users and redelegate access;
  4. Update the RES Automation Manager Dispatchers to point to the new database server;
  5. Update the RES Workspace Manager Agents to point to the new database server.

I’m not going to cover Steps 1 and 2 as these are well documented on Microsoft’s web site and many other various blogs. In this particular instance we’re moving from SQL 2008 to SQL 2008 R2 and I’ve restored copies of the Workspace Manager and Automation Manager databases on the new server. The SQL user account for the Workspace Manager database (RES-WM) is ‘RES-WM’ and the user account for the RES Automation Manager database is ‘RES-AM’ (note that naming the database and user accounts the same is not best practice but it helps in our lab environment!).

Migrating RES Automation Manager

We’ll start with the RES AM database as we’ll then use this to update the RES WM information! Firstly we need to check that the correct user permissions have be granted on the new database server. When creating the SQL user accounts you’ll need to ensure that the password policies are set correctly:

In short make sure that the user password policies are disabled (unless you want to be forever updating your Dispatchers!). If you forgot to uncheck this and you can’t seem to change it, you can run the following SQL script via the SQL Management Studio (remember to change the RES-AM reference to your SQL user account!):

USE Master
GO
ALTER LOGIN “RES-AM” WITH PASSWORD = ‘samepassword’
GO
ALTER LOGIN “RES-AM” WITH CHECK_POLICY = OFF, CHECK_EXPIRATION = OFF;

After this is complete you will need to ensure that the RES-AM user account has DB Owner (DBO) rights to the database via the “User Mapping” page of the user account:

Once we’re happy with this we can focus our attention on the RES Automation Manager console. As it’s only the RES AM Consoles and Dispatchers that talk directly to the SQL database, we do not need to worry about the RES AM Agents. From the RES AM management console select the Infrastructure > Setup > Database node and enter the new SQL database server name (if the username/password has changed you can update them here).

After you click the Connect button the management console will reload and ask if you want to use the connection information permanently.

The management console will reload. The final piece to this puzzle is to update all the Dispatchers and Consoles. From the Infrastructure > Engines node we need to repair each Dispatcher and update the SQL connection information.

After the Dispatchers have been updated don’t forget to update the consoles in the same manner. You could also run a registry job via AM to update the connection information (remember to do this from the old database as the Dispatchers will communicating with the old database until updated!) or push out a new MSI from the Components node.

Migrating RES Workspace Manager

Note: RES Workspace Manager 2011 has the built-in ability to migrate the exisiting database to a new SQL server and/or database; this can be found in Setup > Datastore > Connections > Click on the ‘…’ next to the Primary datastore to display the migrate wizard. At the end of the migration process after various other prompts you will also be prompted if you wish to create a handy building block that can be used in RES Automation Manager Module.  You can use this Module to migrate RES Workspace Manager Agents running an older version of RES Workspace Manager, not yet containing the Datastore Migration Wizard. The only downside using the migrate method I’ve found is the fact you have to activate the licenses again; if this going to cause some issues follow the procedure set out below. [Nathan Sperry]

RES Workspace Manager is slightly different as all RES WM agents talk directly to the SQL server rather than via a Dispatcher. After migrating the RES Workspace Manager database (as above) and fixing the user permission we need to update the  RES WM agents’ registry settings  via RES Automation Manager! For this task I created a module that updates the required registry value and restarts the RES Workspace Manager agent service.

You will notice that there are two Reigstry Settings tasks with conditions; 1 is for 64-bit machines and the other for 32-bit. Note: if the authentication details have changed you’ll need to the relevant registry settings to both Registry tasks.

Note: if you have a mixture of  freshly deployed RES Workspace Manager agents and agents upgraded from RES PowerFuse 2010 or earlier then the registry settings are in different locations and you may have more tasks/conditions!

Iain

Posted on

RES Workspace Manager Zones and USB Devices

Have you ever had a requirement to base a Device Zone within RES Workspace Manager on a particular hardware device? If so, you may have already discovered that if is a storage based device then you’re good to go. However, if it’s not of a “removable storage” type then we’re seemingly out of luck. Not quite..

Whilst on a customer site, a requirement arose that necessitated that we detect whether a particular USB device was connected or not so that we could configure an application for the hardware device. After a lot of digging and searching, I discovered that device information is located in the [HKEY_LOCAL_MACHINE\System\CurrentContolSet\ENUM] registry subkey(s). The problem with these registry entries is that if the device has ever been connected then it will exist and it doesn’t indicate that the device is currently connected so it’s back to the drawing board..

On further investigation, the [HKEY_LOCAL_MACHINE\System\CurrentContolSet\Services] key lists all the currently connected devices (all internal devices are listed in here so don’t be too surprised how many there are!). The difficult bit comes in determining how your USB device is enumerated. As a general rule all USB devices attached will probably be listed under keys beginning with USB. For example, the USB microphone I’m using is listed under the ..\Services\USBAudio subkey and a USB printer under the ..\Services\USBPrint subkey (more detail on hunting this information down might be a future blog post). In this instance I’m going to pick on the Samson C03U microphone and show you how can create a Device Zone in RES Workspace Manager that will allow you to set configurations options only when it’s connected. Looking in the registry in the [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Serices\USBAudio\Enum] key exposes the following settings:

I know that my microphone is identified as USB\VID_17A0&PID_0100&MI_00\6&1895ccd4&0&0000. We can see that the Samson microphone is listed in here. When the device is unplugged the instance disappears like so:

So to create our Device Zone in RES Workspace Manager for detecting the presence of a Samson microphone all we need to is create a zone based on the presence of this particular registry setting? Nearly! By creating a zone on the information from the first screenshot, it will only be true for the microphone on my desk, not any Samson C03U mike that might be on someone else’s desk. Experience has shown that everything listed after the ‘&MI_00\6&’ is device specific, i.e. a serial number or unique identifer and can safely be ignored (unless you want to tie the zone to a unique device). Therefore, if we create a Zone based on the presence of the ‘USB\VID_17A0&PID_0100&MI_00&6*’ (note the wildcard) value it should work for all Samson C03U microphones.

Done? Almost (and you knew I was going to say that!). The value of ‘0’ (zero) in the first screenshot depicts the order in which a device is attached. Therefore, if I just so happened to have another USB audio device, the Samson mike might be listed as the second device under ‘1’ or the third device under ‘2’ etc. In order to ensure that we account for this we need to add multiple entries in like so:

If I had 4 USB audio devices, then depending on the order they were attached my Zone may fail to detect that the Samson microphone was attached. I could have added 10 or so entries but hopefully you get the idea! If you have varying models of devices, then it’s likely that the PID_ (product ID) portion of the values will change. In this case, you’ll need to make sure the rules also incorporate any variations.

It would be nice to have pattern matching on the registry keys\values like we have within RES Automation Manager. Perhaps it’s an enhancement request, but in all honesty, why can’t we natively select any hardware devices attached rather than being restricted to USB storage devices already? Perhaps I’ll take this up with product management.

Good luck! Iain

Posted on

RES Workspace Manager Registry Import Bug

[UPDATE 01/08/2011 – RES have released a fixpack for RES Workspace Manager 2011 SR1 that resolves the issues highlighted in this post. I don’t have any word on whether this fix will be rolled into the next Service Release of RES PowerFuse 2010 (SR5?). I hope so as we can then remove this post. In the meantime, please contact RES Software support to obtain this fix (assuming you’re running WM 2011 SR1!)]

An issue has been discovered in RES Workspace Manager 2011 and earlier versions (e.g. PowerFuse) when importing .REG files. Ironically, this was discovered when converting existing Group Policy Objects via the Virtual Engine Toolkit (VET). RES Workspace Manager does not implement the removal/deletion of registry keys or values correctly. It has been reported to RES Software and they have acknowledged there is an issue. It is not an issue with the Virtual Engine Toolkit but a problem with any .REG file, i.e. one’s migrated from log on scripts etc. [UPDATE – for clarification purposes, a support ticket had been raised prior to this post and RES are working on a fix.]

The following snippet from a REG file (some entries removed for clarity) should toggle the removal of NoInternetIcon and NoNetHood values and also toggle the removal of the \Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders key.

Windows Registry Editor Version 5.00;
Created by the Virtual Engine Toolkit v0.9.7.0;
Creation date: 05-30-2011 17:04:08

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“DisablePersonalDirChange”=dword:00000001
“NoDesktopCleanupWizard”=dword:00000001
“NoInternetIcon”=-
“NoNetHood”=-

-[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders]

What actually happens is RES Workspace Manager sets the two DWORD vales to 1 and doesn’t even import the \Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders key as shown below. This results in complete unexpected behaviour and might impact any Proof of Concept or pilot deployments.

Hopefully this issue will get resolved promptly but in the meantime, please be vigil!

Iain

Posted on

Office 2003, 2007, 2010 and 2008 R2 Templates Released

The merged Microsoft Office 2003, Office 2007 and Office 2010 template files have been uploaded to the Virtual Engine website and are available for download in the Templates section. Each .ZIP file contains all the office templates for each product edition, e.g. Standard, Small Business and Professional etc, making it easy for you to configure settings for multiple Office products in a single policy within the RES Workspace Manager management console.

image

In addition, all the standard Windows 2008 R2 Service Pack 1 administrative templates have been merged into a single file and is also available in the same place (as the Office templates). Using this template enables you configure all the standard Group Policy Administrative Template settings in a single Registry Policy within the RES Workspace Manager management console too. It takes a little while to expand the file due to the number of settings (it is all 156 ADMX files merged into 1!), but does mean that the console looks less cluttered. Here is what it looks like:

image

All these files were put together with the Virtual Engine Toolkit (VET) so if they don’t meet your individual requirements you can always download the tool and “roll your own”. Note: a new BETA 3 version will be released in the near future that fixes a few reported bugs and sports a couple of new features too..

Enjoy! Iain

Posted on

Finding the RES Workspace Manager Run Once GUIDS

Following on from the initial post on the Run Once Per Computer and Run Once Per Computer, Per User  GUID locations for the .ONCE files, it’s probably wise to let you know how to correlate the GUIDs used with their corresponding configuration items. There is no exposure to the GUIDs directly within the RES Workspace Manager GUI so to find these GUIDs we have to dig into the client database cache (there is a RES KB article but I can’t find it in the portal due to the search engine!).

All RES Workspace Manager agents download and cache a complete copy of the configuration database tables in the %RESPFDIR%\Data\DBCache\Objects folder as .XML files. In here are lots of files correlating to the configuration database tables within the database. The key to this process is to know what files you’re looking for! Here is a list of which files correspond to which object in the database that we’re interested in:

.XML File Object
apps.xml Applications (Notifications)
inst_mail.xml Email Templates
pl_reg.xml Registry Settings/Policies
pl_task.xml External Tasks

Armed with this information we can crack open the relevant file (pl_tasks.xml in this instance) with your favourite text/XML editor and perform a search for the “<runoncefile>” string to locate the relevant GUID.

image

To delete the .ONCE file for the “Per User Computer” external task, we need to delete the 132DBDF_34930_105A_TASK.ONE file from the %RESPFDIR%\Data (as it’s a related to the computer and not the user!) directory.

Note: @RESGuru has also pointed out that you can locate the relevant .ONCE files by exporting the item in question to a Building Block and then inspect the resulting .XML file. Thanks, Iain

Posted on

RES Workspace Manager Run Once Per Computer, Per User

We all know that RES Workspace Manager stores the flag that determines if a Run Once task has completed for a given user in the \PWRMENU folder (at least by default). These files are named with the .ONCE file extension and given a (seemingly random) GUID, i.e. <SeeminglyRandomGUID>_task.once.

Unfortunately, there is no simple way of determining which .ONCE file relates to which task but that’s a post for another day! To force a task to rerun for a given user all we need to do is delete the relevant .ONCE file and the task will magically rerun. This avoids the necessity to check the “Clear History” checkbox and force it to run again for all users.

What about the Run Once Per User, Per Computer and Run Once Per Computer options? Logically they don’t live in the user’s \PWRMENU folder as they’re not a per user setting. So where do they live? After a discussion with RES Support it was discovered they live in the %RESPFDIR%\Data directory. Once you’ve determined which file relates to which task you can just delete it!

Here is an example of a Run Once Per Computer and Run Once Per Computer, Per User external tasks:

image

The 132DBDF_34930_105A_task.once file is a Per Computer external task. The 132DBDF_34981_1381_<domain>_<username>_task.once files are the Per Computer, Per User tasks for the LAB\Administrator and LAB\LOCAL01 user accounts.

Easy when you know how! Iain

Posted on

Workspace Manager, Aero Basic Theme and Mandatory Profiles

For those of you that have attempted to deploy RES Workspace Manager 2011 (or RES PowerFuse 2010) on Windows 7 and wanted to use Mandatory Profiles with the Windows Aero Basic experience, you might have come across this issue. If you utilise the standard .Default user profile as your starting point for the Mandatory profile, you may discover that users do not have the Aero theme enabled as expected. The user experience either on traditional physical or hosted virtual desktops may look something like this:

image

Note: This typically happens if you enable the “Disable Active Setup (skip first-time shell init)” option in Composition > Desktop > Lockdown and Behaviour section of the RES Workspace Manager management console. This presumably because by the time User Settings are loaded by RES Workspace Manager, the Themes service has already processed the required registry keys loading the (mandatory) profile.

The resolution to this is to enable the Aero theme when utilising the Mandatory profile and export the HKCU\Software\Microsoft\Windows\CurrentVersion\Themes and the HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager registry keys. These can then be merged into the existing NTUSER.MAN registry hive to enable the Aero theme by default (see the Updating Mandatory Profiles post for further information on how to do this).

When you update the Mandatory profile with the Themes/ThemeManager settings you’ll end up with something like this:

image

Note: This process is also applicable for Windows 2008/R2 RDS servers with the Desktop Experience feature installed.

Easy when you know how! Iain

Virtual Engine Limited
450 Brook Drive, Green Park, Reading RG2 6UU