Monthly Archives: February 2012

Running windows 8 beta from vmware workstation.

Just a quick post regarding Windows 8 on vmware workstation. I just downloaded the windows 8 server beta and I was trying to boot the ISO from vmware workstation 7.

But then I recived a sad face HAL error

The reason for this is mostly because I was using vmware workstation 7.
So potensial fixes.

Fix #1

Update the VMware Version to the Latest Version 8. Download the Evaluation Version of VMware from here. [LINK]

Fix #2

When using Virtual Box, Make sure you are using the latest version [LINK]. Then set 2 processors and in the initial OS selection choose windows 7 64 bit.

Fix #3

Remove any external media like Floppy Disk, Unwanted USB Media etc.

Fix #4

Check your System Minimum Requirements. [Check Them Here]

These were some of the possible Fixes for the Hal_Initialization_Failed Error in windows 8 installation.

Happy testing!

Allowing only non-windows users to use the Citrix Webinterface

This is a bit of an ugly homemade fix, but its quite useable šŸ™‚

If you have a simple Citrix setup without Access Gateway or Netscaler there is no good way to filter who gets in from what & where. (Of course you can use Load Evaluators to filter based on ip-ranges and such, and use groups to filer who can access the application) But in this case we are just consered with filtering away windows-users.

(And this fix will only work if your only way inn to Xenapp is trough the webinterface. Users can just bypass this by setting their Reciver to the Services site.)

When users access the web-interface (ver 5.4) , a group of javascripts run on the client to detect if the user has a client innstalled, and if not should the webinterface server offer an client to the user.
This is mostly done by the loading.html page. Located in theĀ C:inetpubwwwrootCitrixXenApp folder.

What you can do here is to enter an javascript in the top of the loading.html file

<script language=”JavaScript”>

if (navigator.appVersion.indexOf(“Win”)!=-1) window.location=(“”);


This is a simple javascript that cheks if the user is sitting on a windows computer if so then it redirects the user to (Of course in this case you would redirect the windows user to its RDweb page šŸ™‚

Of course the user can block the browser from running javascript on that particular site, but then the user will not be able to login at all.

I have tested this script on multiple computers (running windows) and with different browser and it works just fine.

If someone else has a better way to filter out windows-users please send me an mail

Deployment of Citrix Reciver through webinterface

For those that don’t haveĀ merchandising server it is possible to control what version of Citrix Reciver users have trough the web interface (Not for all clients f.eks iOS and Android ) Those have to get theirs at the market/marketplace.

PS: This is for Webinterface 5.4 ( Xenapp 6.5)

On the web interface server open Ā C:inetpubwwwrootCitrixXenAppconfwebinterface.conf in a word editor (Like notepad & wordpad) Remember that you need to have admin rights in order to do this, therefore the application you open the .conf file with needs to be start as administrator.

This file has all the configurations for the webinterface, if you scroll down to the part where it says #ClientICA, you will see that you have options for linux and mac as well (+Solaris)

In order for Citrix to deploy clients for a user you need to uncomment the ones that you need and alter the configuration. In this case we want windows users to get the Citrix Reciver.

Now I’ve uncommencted the configuration and altered the filename to CitrixReciver.exe (which is the client I want to deploy) also make sure that the files you specify here are avaliable underĀ C:Program Files (x86)CitrixWeb Interface5.4.0Clients. Ā (When you install web interface it gives you a question regarding if you want to copu over clients to the server, which you should do!) And save the changes. and do a iisreset.

Next time you open the Browser to the Citrix site you will get the option to download the reciver.

Powershell for remote desktop services

With Microsoft RDS its hard to manage a large infrastucture since you need to manage each serverĀ individually. If you have Citrix you have a single console to do everything. But with Windows you have one server that has the Web-interface, you have one server that has the load-balancing role ( broker ) and then you have each TS.

So if you need to do changes to a farm, you would have to logon to the spesific server to remove it from the farm. Of course this would be a pain in the a** if you didn’t have Powershell šŸ™‚

Microsoft has done great job to provide Powershell cmdlets for almost every server role in Windows 2008.

You can see the cmdlets avalible here ->

But let’s say you want to script a server to join a spesific farm and it will participate in load-balancing, and publish 3 custom applications to display on the Ā webinterface.

First of you Ā have to import the module for rds.

Import-Module RemoteDesktopServices

Then you have to change to a virtual directory rds

set-location rds:

If you do a dir there you will see what it contains.

PS RDS:> dir
Directory: RDS:
Name Type CurrentValue GP PermissibleValues PermissibleOperations
—- —- ———— — —————– ———————
RDSConfiguration Container – Get-Item, Get-ChildItem
RemoteApp Container – Get-Item, Get-ChildItem

The container RDSconfiguration contains the settings in the Remote Desktop Session Host Configurtion and the RemoteApp contains the same for RemoteApp Manager šŸ™‚
And since they are containers you can’t do much at this level. So If we change to Remoteapp manager.

Directory: RDS:RemoteApp dir
Name Type CurrentValue GP PermissibleValues PermissibleOperations
—- —- ———— — —————– ———————
Port Integer 3389 – 1-65535 Get-Item, Set-Item
ServerName String Ā – Get-Item, Set-Item
ColorDepth Integer 5 – 1, 2, 3, 4, 5 Get-Item, Set-Item
AllowFontSmoothing Integer 1 – 0, 1 Get-Item, Set-Item
CustomRDPSettings String authentication le… – Get-Item, Set-Item
DisableUnlistedPrograms Integer 0 No 0, 1 Get-Item, Set-Item
RDPSetting String redirectclipboard… – Get-Item
DeviceRedirectionSettings Container – Get-Item, Get-ChildItem
RemoteDesktopAccess Container – Get-Item, Get-ChildItem
DigitalSignatureSettings Container – Get-Item, Get-ChildItem
GatewaySettings Container – Get-Item, Get-ChildItem
RemoteAppPrograms Container – Get-Item, Get-ChildItem, New-Item
WebAccessComputers Container – Get-Item, Get-ChildItem, New-Item

If you want to change a setting here. You can use the Set-item name and value.
set-item port 3388 (This will change the port RDP uses)

Publishing an application

So in order to publish a application here. We will have to change to the RemoteAppPrograms directory. And use the command.

PS RDS:RemoteApp> new-item .RemoteAppPrograms -name ‘calc’ -applicationpath c:windowssystem32calc.exe

This Ā will create a remoteapp and by default it will publish it to Remote Desktop Web Interface.
We can look at the settings by moving to the calc folder and do dir.

PS RDS:RemoteAppRemoteAppProgramscalc> dir
Directory: RDS:RemoteAppRemoteAppProgramscalc
Name Type CurrentValue GP PermissibleValues PermissibleOperations
—- —- ———— — —————– ———————
DisplayName String Windows Calculator – Get-Item, Set-Item
Path String c:windowssystem… – Get-Item, Set-Item
PathExists Integer 1 – 0, 1 Get-Item
IconPath String c:windowssystem… – Get-Item, Set-Item
IconIndex Integer 0 – Get-Item, Set-Item
IconContents String 0,0,1,0,5,0,64,64… – Get-Item
CommandLineSetting Integer 0 – 0, 1, 2 Get-Item, Set-Item
RequiredCommandLine String – Get-Item, Set-Item
ShowInWebAccess Integer 1 – 0, 1 Get-Item, Set-Item
RDPFileContents String redirectclipboard… – Get-Item
UserAssignment Container – Get-Item, Get-ChildItem, New-Item

Something we should have done before publishing the application is to join the server to a farm and participate in load-balancing.

First we can look at the settings for the server.

PS RDS:RDSConfigurationConnectionBrokerSettings> dir
Directory: RDS:RDSConfigurationConnectionBrokerSettings
Name Type CurrentValue GP PermissibleValues PermissibleOperations
—- —- ———— — —————– ———————
ServerPurpose Integer 0 No 0, 1, 2, 3 Get-Item, Set-Item
FarmName String No Get-Item, Set-Item
LoadBalancingState Integer 0 No 0, 1 Get-Item, Set-Item
ServerWeight Integer 100 No 100-10000 Get-Item, Set-Item
ConnectionBroker String No Get-Item, Set-Item
IPAddressRedirection Integer 1 No 0, 1 Get-Item, Set-Item
CurrentRedirectableAddresses Container – Get-Item, Get-ChildItem, New-Item
RedirectableAddresses Container – Get-Item, Get-ChildItem

In order to make a server join the farm, you have to type the command.
Set-item -path RDS:RDSconfigurationConnectionBrokerSettingsServerpurpose -value 3 -ConnectionBroker test -Farmname TEST -CurrentRedirectableaddresses

By using these commands you can script an innstallation of terminal server.

RBAC in Configmgr 2012

A feature that I hold dear in SCCM 2012 is the Role Based Access Control, in previous versions (2007) Ā there were no good way to control permissions in 1 site. Now in 2012 its much easier to assign permissions to a group or user in the SCCM console.

For those that don’t know what RBAC is, it describes who gets access to what on which objects

In SCCM 2012 you can alter these security settings under Administration -> Security

On the left side there you can see 5 options.
Administrative users (this is the who can access )
Security rules ( this is what permissions those users get read/writeĀ )
Security Scopes ( this is which objects can they access )

SCCM 2012 comes default with 14 security roles, the account you install SCCM with gets default Full Administrator rights and is placed in the Administrative users list. Ā This account also gets the security scope “all” which grants my account full Access to everything in the site.

In a regular enviroment you don’t want to give anyone full administrator rights in your SCCM infrastructure, most likely you want to give him/her custom permissions to his/her device collection (which is this case is a bunch of servers)

First thing you need to do is create a custom security role that this user is going to have. What actions does the user need to do inside SCCM ? deploy software ? Remote control ? Run reports ?
For the simplicity im going to create a custom role that can use remote control on a custom device collection.

SCCM has a default security role that has the permissions to just do remote control (which is called Remote Tools operator) so we are going to copy that role and customize it a bit.

Go into Security Roles -> Find the remote tools operator -> right click and choose copy

Now a new window appear which shows you all the permissions that the role has. It only has permission to do something on a Collection, which is what we want.
As you can see there are alot of permissions that you can change here! We will just leave it to the default and give it the name “Help Desk

Now that we created the role, we have to create a security scope. Which is pretty simple. Go into the security scope right click and choose “Create Security Scope” you don’t define here what the scope grants access to.

Now we have to import a user and grant that user those spesific permissions and the scope of those permissions. Go to Administrative Users and choose “Add user or group”
Choose browse and find the spesific user from Active Directory.
From Assigned security role choose and and click the “Help Desk” role that we created.

In the bottom you will see which scopes the user will have with its permissions. Ā Remove all the default and choose a custom Device collection and the help desk security scope that we created.
Then click OK.

When the user logges into the ConfigMgr Console he will only see what he can access with his permissions.

Citrix Mobility pack

I’ve been twitring about Citrix mobility pack, so whats all the fuzz about ?

Well theĀ pack give you the ability to deliver a XenApp 6.5 touch-friendly interface or applications to mobile devices (iOS and Android)
To install this pack you need to install a rollup hotfix and one update to the Citrix Group Policy Management.

PS: just remember that you have to reboot the server to complete the installation! šŸ™‚

When this is done, don’t expect some new changes in the app delivery console. Most of the options are avaliable trough Group policy

But remember to enable the “combo box” option in policy, since this gives the user the option to choose between mobiliy desktop and the regular desktop. So when this is done, your desktop will look something like this.

You can download the mobility pack from here ->Ā

But remember this is the first release, and there are some issues. As an example if you have applied an group policy that “hides” local folders, these will reappear if you use the mobility pack, since it replaces the windows GUI.
ill post some more screenshots tommorow.
PS: I’ve been testing this on my Samsung Galaxy tab