Remote GPUpdate on Windows Server 2012

 

You often need to run ‘gpupdate /force’ to ensure the latest policy is applied to systems. Now you can remotely run this command. This method creates a task through task scheduler. The task will execute within the next 10 minutes, which runs the ‘gpupdate /force’ locally on the machine.

This uses a remote connection, you will need the firewall rules enabled on clients.

• Remote Scheduled Tasks Management (RPC)
• Remote Scheduled Tasks Management (RPC-EPMAP)
• Windows Management Instrumentation (WMI-In)

There are two ways you can invoke a remote Group Policy update.

GPMC

From the GPMC, right click on an OU that contains computer objects. Click the “Group Policy Update” option.

This will run a ‘gpupdate /force’ on all computers in the OU, and any sub-OUs. Computer policy will be refreshed for each computer, and user policy will be refreshed for any and all users currently logged into those computers.

 

Powershell

The Invoke-gpupdate cmdlet is part of the Group Policy Powershell Module.

An example of the most basic use of invoke-gpupdate:

Invoke-gpupdate computername

The completion of this cmdlet will put a task on the computer that will execute a gpupdate /force

Want to run it on many in series?

$cn = Get-ADComputer -filter { name -like 'my*hyperv*' } | select -ExpandProperty dnshostname

$cn | % { Invoke-GPUpdate -Computer $_ }

To find the installed .NET Framework versions manually (versions 4.5 and later)

 

Open regedit.exe

Open the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full

Check for Release. Just having the Release key shows that the .NET Framework 4.5 or newer has been installed

The value of Release shows which version of the .NET Framework is installed

Value of the Release DWORD	Version
378389	.NET Framework 4.5
378675	.NET Framework 4.5.1 installed with Windows 8.1
378758	.NET Framework 4.5.1 installed on Windows 8, Windows 7 SP1, or Windows Vista SP2
379893	.NET Framework 4.5.2

Note: You need to reboot before the correct release is shown.

Migrating DHCP Scopes between Windows Servers

 

Need to move a DHCP database from a computer that is running Microsoft Windows Server 2003 right through to Microsoft Windows Server 2012 r2 update 1. Here is how…

 

The one-time export/import process

Export the DHCP database from Windows, On the Windows DHCP server, navigate to a command prompt, type the following commands:

netsh

DHCP

\\Name or IP Address

export c:\oldserver.txt all

Or in a single command: netsh dhcp server \\servername export c:\oldserver.txt all

Then to import the DHCP database onto another server. Copy the exported DHCP database file to the local hard disk of the Windows Server that you have installed the DHCP Role on the server.

Stop the DHCP server service on the server.

net stop DHCPserver

Delete the c:\windows\system32\DHCP\DHCP.mdb

net start DHCPserver

Open the cmd prompt using elevated privileges. Type the following Commands:

• netsh
• DHCP
• server \\Name or IP Address
• import c:\oldserver.txt all

To do the import in one command: netsh dhcp server \\servername import c:\oldserver.txt all

• Activate the server if needed then restart DHCP.
• You need to update all affected router DHCP relays.

 

Consolidating scopes onto one server

NOTE: split scopes cannot be consolidated from two servers and server options that conflict will fail to import.

To do this you need to just to the specific scopes. Type the following Command:

• netsh
• DHCP
• server \\Name or IP Address
• export c:\dhcp-scopename.txt scope-ip-range

In one command line: netsc dhcp server \\servername export c:\dhcp-scopename.txt scope-ip-range

Repeat for all affected scopes

To import: netsc dhcp server \\servername import c:\dhcp-scopename.txt

 

DHCP relay

If you have multiple physical networks connected through routers, and you do not have a DHCP server on each network segment, the routers must be capable of relaying DHCP traffic. If you do not have such routers, you can set up the DHCP Relay Agent component on at least one server in each routed subnet. The relay agent relays DHCP message traffic between the DHCP-enabled clients on a local physical network and a remote DHCP server located on another physical network.

 

Here is the original material: http://support.microsoft.com/kb/962355

Deleting orphaned Hyper-V disks from a server

 

I have a tame Powershell expert on hand, and the problem with Hyper-V is the standard GUI does not delete the disk when you delete a Virtual Machine, this can lead to a bunch of ophan VHD/VHDX files on the server. This script must be run on the server and will put out the VM drive path, the VMs that are on the server, the VHX/VHDX’s and will allow to see or delete them.

NOTE NOTE NOTE: This will delete valid snapshots… No I did not have any … Just a warning.

To view them run:

Delete-OphanedDisks.ps1 –whatif

To delete them run:

Delete-OphanedDisks.ps1

And follow the confirmation prompts.

PS: SCVMM does not have this problem. Cheers.

 

Script below, written by Peter Bertok

 

[CmdletBinding(ConfirmImpact='High',SupportsShouldProcess=$true)]

PARAM (

[switch]$Force,

[string[]]$Extensions = @( '*.vhdx', '*.vhd' )

)

BEGIN {

$disks = @( Get-VM | Get-VMHardDiskDrive | select -ExpandProperty Path )

$store = (Get-VMHost).VirtualHardDiskPath

If ( -not ( Test-Path $store ))

    {

Throw "Cannot find default VM disk path: $store"

    }

$List = @( $Extensions | `

ForEach-Object { dir -Path:$store -Filter $_ } | `

Select-Object -ExpandProperty FullName | `

Where-Object { $_ -notin $disks } | `

Select-Object -Unique )

If ( $Force )

    {

$List | del -Force:$Force -Confirm:$False -WhatIf:$False

    }   

Else #If ( $PSCmdlet.ShouldProcess( "$($List.Length) Files", "Delete" ))

    {

$List | del -Confirm:$ConfirmPreference

    }

}

Working with Server 2012 r2 Core

 

General

 

Changing computer name

Netdom renamecomputer %computername% /newname:w12r2DC1 /reboot

 

Join to a domain, ex “colv.in”:

Netdom join %computername% /domain:colv.in /userD:administrator passwordD:secret11

 

Configuring IP

SCONFIG.EXE is easier on Server Windows Server 2012 r2 but here is the old way.

netsh interface ipv4 show addresses

netsh interface ipv4 set address “eth” static 10.0.1.41 255.255.255.0 10.0.1.1

To set the DNS server on interface “eth” of 10.0.1.10 as primary and 10.0.1.15 as secondary:

netsh interface ipv4 set dnsservers “eth” static 10.0.1.10

netsh interface ipv4 add dnsservers “eth” 10.0.1.15 index=2

 

Enable remote desktop in the windows command prompt

cscript %windir%\system32\scregedit.wsf /ar 0

View remote desktop settings in the windows command prompt

cscript %windir%\system32\scregedit.wsf /ar /v

0=enabled 1=disabled

 

Restart Computer

shutdown /r /t 0

 

Server Core Vs Server GUI

 

Change from Server core to Full Windows UI

Install-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:\sources\install.wim:2

Install-WindowsFeature Server-Gui-Shell -source wim:d:\sources\install.wim:2

 

Windows Full to Minimal Server Interface

Uninstall-windowsfeature Server-Gui-Shell

Minimal Server Interface to core

Uninstall-windowsfeature Server-Gui-Mgmt-Infra

 

Full Windows GUI to server Core

Uninstall-WindowsFeature Server-Gui-Shell -source wim:d:\sources\install.wim:2

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:\sources\install.wim:2

 

Firewall

 

Get the status of all the firewall profiles:

netsh advfirewall show allprofiles

netsh advfirewall firewall show rule name=all profile=any

 

To get the status of firewall profiles

Get-NetFirewallProfiles

 

To see the firewall rules

Get-NetFirewallRule

 

To enable the appropriate firewall rules

Enable-NetFirewallRule -DisplayGroup "Remote Service Management"

Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management"

Enable-NetFirewallRule -DisplayGroup "Remote Firewall Management"

Enable or Disable Windows Features Using DISM

 

Just like APT-GET but more Windows’ie…

Deployment Image Servicing and Management (DISM) is a command-line tool that is used to modify late model Windows Operating Systems (OS) or disk images. DISM can enable or disable Windows features directly from the command prompt.

To use it, open command with administrator privileges.

Use the /Get-ImageInfo to retrieve the index number for the image that you want to modify.

• Dism /Get-ImageInfo /ImageFile:D:\images\install.wim

Mount the Windows image

• Dism /Mount-Image /ImageFile:D:\images\install.wim /Name:"Windows Image" /MountDir:C:\test\Windoze

To find available Windows features in an image. List all of the features available in the operating system.

• Dism /online /Get-Features

To work with an image, specify the location of the mounted image directory.

• Dism /Image:C:\test\offline /Get-Features

Use /Get-FeatureInfo to list specific features

• Dism /online /Get-FeatureInfo /FeatureName:TFTP

To enable features

You can use the /All to enable all of the features in the one command.

• Dism /online /Enable-Feature /FeatureName:Telnet /All

To service an offline image, specify the location of the mounted image directory.

• Dism /Image:C:\test\Windoze /Enable-Feature /FeatureName:Telnet /All

To get the status of the feature you have enabled.

• Dism /online /Get-FeatureInfo /FeatureName:Telnet

If the status is Enable Pending, you must reboot the image in order to enable the feature entirely.

To restore removed features

If the files are not found in the default location, DISM will contact Windows Update (WU) for the required files. You can use the /LimitAccess argument to prevent DISM from contacting WU.

If you specify multiple /Source arguments, the files are gathered from the first location where they are found and the rest of the locations are ignored.

• Dism /Online /Enable-Feature /FeatureName:TFTP /Source:Z:\sources\SxS /Source:C:\test\mount\windows /LimitAccess

To service an offline image you need the mounted image directory.

• Dism /Image:C:\test\offline /Enable-Feature /FeatureName:Telnet /Source:C:\test\mount\windows

Optional: Get the status of the feature you have enabled.

• Dism /online /Get-FeatureInfo /FeatureName:Telnet

If the status is EnablePending, you must reboot enable the feature .

To disable Windows features

Disable a specific feature in the image.

• Dism /online /Disable-Feature /FeatureName:Telnet

To service an offline image, specify the location of the mounted image directory.

• Dism /Image:C:\test\offline /Disable-Feature /FeatureName:Telnet

Optional: Use DISM /GetFeatureInfo to get the status of the feature you have disabled.

• Dism /online /Get-FeatureInfo /FeatureName:Telnet

If the status is DisablePending, you must reboot the image in order to disable the feature

Hyper-V Server 2012 r2 verses WS2012r2 Standard or WS2012r2 DataCenter

 

“Microsoft Hyper-V Server 2012 (HYS) does not contain the full set of features and roles that the full Windows Server 2012 operating system has, however, from a pure Hyper-V perspective, Microsoft Hyper-V Server 2012 has feature parity with the feature set of Windows Server 2012 Hyper-V”. Hyper-V Server does not contain a GUI.

The ONLY Roles available on Hyper-V server 2012 R2:

• File and Storage Services
• File and iSCSI Services
• File Services
• Storage Services
• Hyper-V
• Remote Desktop

Hyper-V Server is a dedicated stand-alone product that contains the hypervisor. Hyper-V Server is ideal where no new Windows Server licenses are required or where the servers being consolidated are running an alternative OS.

You configure Hyper-V Server by using the Server Configuration tool (SCONFIG.CMD). You can use an ordinary command prompt for operations that are not available in the Server Configuration tool. This is the command reference: http://technet.microsoft.com/en-us/library/cc754340.aspx 

The TL;DR licence details:

• Hyper-V Server, Standard or Datacenter all support as many as you put on them.
• Standard comes with a license for 2 Windows Server VMs on up to 2 CPUs (on the same motherboard).
• Datacenter comes with a license for as many Windows Server guests as you can run on up to 2 CPUs (in the same motherboard). You buy more CPUs are required
• Hyper-V Server 2012 R2 has no cost for its own license. The guests OSs must still be licensed, exactly as stated in the previous paragraph. The guest licenses are not tied to what hypervisor you actually use.

Hyper-V server 2012 Enhanced Storage Capabilities:

• Virtual Fiber Channel – Enables virtual machines to integrate directly into Fiber Channel SAN (fiber channel-based Hyper-V Guest Clusters)
• Support for 4-KB Disk Sectors in Hyper-V Virtual Disks
• New VHD Format. VHDX
• Offloaded Data Transfer (ODX). Offload storage-related tasks to the SAN, increasing performance.
• Boot from USB Disk.
• Storage Spaces. treat SAS & SATA disks as storage pools, from which logical disks can then be provisioned. Thinly or fully provisioned, and support advanced features such as trim provisioning.

Enhanced Resource Management include:

• Dynamic Memory (great for VDI)
• Resource Metering provides the ability to track and report the amount of data that is transferred per virtual machine
• QoS specifying the minimum bandwidth that is available to a virtual machine or a port.
• Data Center Bridging (DCB) converged networking… Look this one up.

Hyper-V Extensible Switch:

• Private VLANS (PVLANS) - Provide isolation between two virtual machines on the same VLAN
• ARP/ND Poisoning/Spoofing
• DHCP Snooping/DHCP Guard - Protects against rogue DHCP servers
• Virtual Port ACLs - Isolate networks and metering network traffic for a virtual port
• Trunk Mode to Virtual Machines
• Monitoring & Port Mirroring
• Windows PowerShell/Windows Management Instrumentation (WMI)

Microsoft Hyper-V Server 2012 Clusters:

• Maximum Nodes per Cluster                      64
• VMs per Cluster                                        8,000
• Maximum Guest Cluster Size (iSCSI)         64 Nodes
• Maximum Guest Cluster Size (Fiber)          64 Nodes
• Maximum Guest Cluster Size (File Based)  64 Nodes
• Guest Clustering with Live Migration          Yes
• Guest Clustering with Dynamic Memory     Yes

Hyper-V Server has the following upper limits on virtual machines:

• Virtual machines with 64 virtual processors
• 1 TB of RAM per virtual machine
• 64 TB virtual hard disks by using the VHDX format.

 

http://download.microsoft.com/Documents/UseTerms/Hyper-V_Server%202012%20R2_English_adc2a6ba-32b4-4a69-ab8a-e09d3fd1f785.pdf 

http://download.microsoft.com/download/7%2F7%2F0%2F7707E736-4557-4310-9709-87358F7E6D1A/WindowsServer2012VirtualTech_VLBrief.pdf

http://download.microsoft.com/download/5/7/8/578E035F-A1A8-4774-B404-317A7ABCF751/Competitive-Advantages-of-Hyper-V-Server-2012-over-VMware-vSphere-Hypervisor.pdf

Hyper-V 2012 R2–PXE boot from Synthetic NIC

 

Prior to Windows Server 2012 R2 Hyper-V there was a PXE issue that meant you needed to have a legacy NIC boot PXE then a synthetic NIC for speed, which the PVS would auto switch on boot. This is now gone.

This was the PVS v7+ setting:

By default, Provisioning Services automatically switches from legacy Hyper-V NICs to synthetic NICs if both exist in the same subnet. To enable the option to only use synthetic NICs if legacy Hyper-V NICs exist within the same subnet, edit the target device's registry settings:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BNIStack\Parameters] "DisableHyperVLegacyNic"=dword:00000000

 

Windows Server 2012 R2 Hyper-V

Generation 2 Virtual Machines now have this support:

The synthetic NIC can boot from the network using PXE

Synthetic network adapters support PXE boot. Gone is the old legacy network adapter.

Getting to know Citrix XenApp 7.5

 

Here are the key differences between XenApp 7.5 and XenApp 6.5 and earlier.

Windows server 2008 R2 and higher – yes all 64 bit

All management is via Citrix Studio instead of Delivery Services Console, CMC etc

No IMA data store as XenApp 7.5 uses technology from XenDesktop, so Microsoft SQL Server database as the data store for both configuration and session information.

XenApp Farms are now known as Sites. Sites should (generally) be contained within one data centre.

Delivery Controllers connect you, the incoming user, to the correct application on the correct server.

Zone masters are automatic and distributed evenly across all Controllers in the site.

Replace folders and Worker Groups with a combination of machine catalogues, Delivery Groups. While this works it is not as flexible and will require some rethinking of large scale deployments.

To build Delegated Administration us the built-in administrative roles, such as help desk, applications, hosting, and catalogue.

Remote Desktop Services Client Access Licenses (RDS CALs / TS CALS) are not required on the Controllers server.

You still need RDS CALs on the servers that are hosting and delivering your applications ie the terminal servers.

Citrix Director monitors the environment — You can monitor the environment, shadow user , and troubleshoot issues

Shadowing uses Microsoft Remote Assistance to connect to user machines.

Virtual Delivery Agent (VDA) is the installed service that you put on the server BEFORE installing applications.

Machine Creation Services (MCS) or Provisioning Services (PVS) are used to manage the server OS for medium and large scale deployments.

There is no XenApp any version to XenDesktop 7.5 upgrade.

The process of publishing application has changed:

In XenApp 7.5 now, you use the Studio component to create and add applications to make them available to users who are included in a Delivery Group.

Using Studio, you

1. In your site,
2. create and specify machine catalogues,
3. create Delivery Groups within those machine catalogues. Delivery Groups are then used to determine which users have access to the applications you deliver.
4. then create an application to specify which Delivery Groups, they are detected or manually added

To balance application load on server Load Management assigns the user to the server best able to handle the request. This is based on:

1. Server maintenance mode
2. Server load index (based CPU, memory, disk)
3. The number of sessions (allowed number of concurrent requests to log on to the server).

Some of the technologies still to come:

1. Session pre-launch
2. Session linger

Brief video of Citrix XenDesktopApp 7.5 Video

Everything is subject to change once the final product is out.

Key Changes for Windows Server 2012 R2 Hyper-V

 

Simplified editions:

• Windows Server 2012 R2 Datacentre: for highly virtualised datacentre and cloud environments.
• Windows Server 2012 R2 Standard: for physical or minimally virtualised environments.
• Windows Server 2012 R2 Essentials: small businesses with up to 25 users and 50 devices.

Specifications:

Class	Resource	Windows Server 2012-r2
Host	CPUs on hardware	320
Host	Physical memory	4TB
VM	vCPU per VM	64
VM	vRAM per VM	1TB
VM	vDisk per VM	64TB
VM	Running VMs per host	1024
Cluster	Nodes	64
Cluster	VMs in Cluster	8000

 

General performance changes:

• Storage Tiering (Pool HDD & SSD and automatically move hot data to SSD)
• Data De-duplication (for live VDI virtual hard disks)
• VMs on SMB 3.0
• Remote Direct Memory Access (RDMA) network cards
• Offload Data Exchange (ODX) if you SAN supports it
• Simultaneous Live Concurrent Migration now to the level of hardware you support (10gb use 8 concurrent)

Generation 2 VMs:

Generation 2 VMs are based on the Unified Extensible Firmware Interface (UEFI) BIOS. They use less emulated hardware. Gone are serial ports, PS/2 ports and other devices.

• ONLY Windows Server 2012 / 2012 R2, Windows 8 / 8.1, are supported.
• Secure Boot is an turned on by default
• The synthetic network interface controller (NIC) supports Pre-Boot eXecution Environment (PXE) booting.
• Gone are IDE-connected virtual hard drives (VHDs) you can now boot from virtual SCSI.
• Generation 2 VM boots about 20% faster and the OS installs about 50% faster
• However there is no performance benefit to a running VM.

Checking if the AD Domain is Server 2012 ready

 

Use the Dsquery.exe command. Open a command prompt on a domain controllers and run:

dsquery * cn=schema,cn=configuration,dc=colv,dc=in -scope base -attr objectVersion

The output from a 2008 domain is:
objectVersion
47

If you promote a Windows Server 2012 in the domain OR manually run ADPrep.

The output from the command looks like this:
objectVersion
56

Version 56 of the schema of your forest now includes domain controllers running Windows Server 2012.

Install Citrix Receiver the ‘easy’ way…

 

There is comprehensive documentation on installing the Receiver here: http://support.citrix.com/proddocs/topic/receiver-windows-40/receiver-windows-cfg-command-line-40.html 

There are THREE options, 1 manually via command line, 2 Via StoreFront server, 3 Email the configuration of the StoreFront (to then download it)

1. This is the command line to enable all the options.

c:\CitrixReceiver.exe /silent /includeSSON ADDLOCAL="ReceiverInside,ICA_Client,SSON,AM,SELFSERVICE,DesktopViewer,Flash,Vd3d,usb"

2. On the StoreFront server edit the client installation XML file to configure the installation options.

Contents of file:

<?xml version="1.0" encoding="utf-8"?><Services version="1.0" xmlns="http://www.citrix.com/ServiceRecord"><Service type="store"><SRID>3643525964</SRID><Name>sp</Name><Address>https://storefront.dave.colv.in/Citrix/sp/discovery</Address></Service></Services>

Save the file

3. Double click to test it and then you can email the config

Open it with IE

Bonus item (does not work on W8/W8.1):

If you want the receiver to look more like the PNA add the command line “/STARTMENUDIR=\Dave.Colv.in\” to the receiver install so the full line is:

CitrixReceiver.exe /includeSSON ADDLOCAL="ReceiverInside,ICA_Client,SSON,AM,SELFSERVICE,DesktopViewer,Flash,Vd3d,usb" “/STARTMENUDIR=\Daves.Colv.in\”  /Store0="sp;https://storefront.colv.in/Citrix/desktops/discovery"

You want back the PNA (Program Neighbourhood Agent) with Citrix Receiver 4.1, Citrix StoreFront 2.1 and Citrix XenDesktop 7.1

 

If you are longing for the 2000’s, you want back the PNA (Program Neighbourhood Agent) back but the man is making you move to receiver, never fear, with some time, configuration and tweeks you can be right back in the comfort zone.

This is the standard Citrix Receiver without sign sing on when it opens the StoreFront store.

First you need to install the agent with the single sign on support (/includeSSON and ,SSON,) in the command line below.

Just as a note when installing this and removing this the ,USB item had to be last to stop errors occurring in installing and the installation failing.

Command line to install Receiver 4.1:

CitrixReceiver.exe /includeSSON ADDLOCAL="ReceiverInside,ICA_Client,SSON,AM,SELFSERVICE,DesktopViewer,Flash,Vd3d,usb" /Store0="sp;https://storefront.colvi.in/Citrix/desktops/discovery"

YOU NEED TO REBOOT, you need the SSOSVR.EXE to be running as seen below.

You need to make the changes to the GPO for the client (the desktop computer) to allow internet explorer to pass the logon credentials.

You need to install and configure Authentication with Domain Pass-through on the StoreFront Server.

YOU NEED TO BE USING HTTPS and a valid Cert.

You can see I have the receiver web site disabled, you can use it, but it is not needed for this configuration (in fact it does not support pass-through and this confuses people).

You need to configure the XML Policy on the Delivery Controller, this is the GPO, but it can also be via PowerShell.

You need your StoreFront server to be in ‘Local Intranet’ or ‘Trusted Sites’.

If your IE policy is locked down, delete these Registry Settings and then you can check (until next reboot).

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Check that “Automatic Logon with current user name and password” is enabled in local Intranet if that is what you are in (see above).

Check that “Automatic Logon with current user name and password” is enabled in Trusted Sites if that is what you are in (see above).

At this point if you start the receiver you will see the client automatically logs on and gets the desktop(s) as shown below.

If you want to automate further (you needed the self service plug installed, it is if you used my command line above), then you can it force do a logon, a refresh and then see the newly created .EXE dummy files that you can use to create shortcuts in the Start Menu (or Metro interface), yes Windows 8.1 using these commands in the back ground.

Here are the commands to force this:

"C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe" -logon

"C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe" -poll

dir C:\Users\ColvinDave\AppData\Roaming\Citrix\SelfService

If you want to you can make shortcuts to the EXE files, anywhere in the start menu, you cant copy just the .EXE files or you will get the error below.

Good luck and tell them Dave Sent You.

Finding Citrix StoreFront via Email Address

 

This is old news, and everyone should know this, but I have never found a site using it yet, so maybe someone wasn't paying attention in class, so here is how.

 

You must install a valid server certificate on the StoreFront before you start. Also the full chain to the root certificate must be valid.

1. Create a DNS Service Location (SRV) record
2. In DNS, Right-click your Forward Lookup Zone
3. Click on Other New Records, Create a Service Location (SRV)
4. Click in the Service box and enter the host value _citrixreceiver
5. Click in the Protocol box and enter the value _tcp
6. In the Host offering this service box, put the fully qualified domain name (FQDN) and port for your StoreFront

You can use nslookup to test this:

1. Open command prompt, type nslookup
2. Type “set type=srv”
3. Type “_citrixreceiver._tcp.MyADdomain.com.au”
4. The response should be :

_citrixreceiver._tcp.MyADdomain.com.au SRV service location:

priority = 0
weight = 100
port     = 443
svr hostname = StoreFront.MyADdomain.com.au

Linux package management

Really, you need these commands again? What, you have forgotten the obscure command lines to remove a simple package? Well you are bad and you should feel bad.
Personally I always forget these myself so I thought why not a quick and easy reference for apt-get package management. ‘apt-*’ : APT is acronym for Advanced Package Tool.
Do you like cows?
apt-get moo
Search on my local Linux box connected repositories for something cool
apt-cache search {something cool}
Install an application (from a currently connected repository)
apt-get install {package-name}
List applications that are installed on this
boxdpkg-query –l
or
apt-cache pkgnames | more
Once you know the name of the packages that offended you delete it with
apt-get remove --purge {package-name} [Dave here, note - - is 2 dashes)

If you have upgraded, updated or removed some packages run this to clean up the package cache
apt-get autoclean
If you are running out of space and don't need a cache of local apps, say for example you are connected to the internet, be a bit more ruthless. If you want to see how big it is first (du -sh /var/cache/apt/archives)
apt-get clean
If something is broken use the automatic fix command first
apt-get install –f
If you have not been on this box for while run this to update the lists, and versions of packages in the attached repositories
apt-get update
If you are feeling like you still miss Windows Update use this command
apt-get upgrade
Maybe you just need some extra details on a package in use on this computer
apt-cache show {package_name}


Great reference for this: https://help.ubuntu.com/community/AptGet/Howto

Citrix Universal Print Server/Driver

 

The Universal Print Server uses the Universal print driver, which is installed with the XenDesktop agents. It is so easy I cant believe everyone isn’t doing it.

The Universal Print Server transfers the print job in a highly optimised and compressed format, minimising network use and improving the user experience.

The Universal Print Server includes the following:

• The client UPClient which is installed via the XenDesktop agent software
• The UPServer which is a simple MSI install that accepts connections from the clients to the printers on the print server.

Generally in XenDesktop, it is recommended to use Universal print driver. The Universal print driver is a device-independent driver that supports MOST print device. This reduces the number of dedicated drivers required.

The Universal Print Server and Universal print driver have the following policies:

Universal printing optimization[sic] defaults. Specifies default settings for the Universal Printer when it is created for a session:

• • Desired image quality specifies the default image compression limit applied to universal printing.
  • Enable heavyweight compression enables or disables reducing bandwidth beyond the compression level set by Desired image quality, without losing image quality.
  • Image and Font Caching settings specify whether or not to cache images and fonts that appear multiple times in the print stream, ensuring each unique image or font is sent to the printer only once.
  • Allow non-administrators to modify these settings specifies whether or not users can change the default print optimisation settings within a session.
  • Universal printing image compression limit. Defines the maximum quality and the minimum compression level available for images printed with the Universal print driver.

Universal printing print quality limit. Specifies the maximum dots per inch (dpi) available for generating printed output in the session.

Windows RUNAS Command Restrictions

 

Understanding RunAs or ‘Run as different User’

http://technet.microsoft.com/en-us/library/cc771525.aspx

The command “runas /user:domain\user appName” or,

the use of SHIFT-Right-Click “Run as different User” from the context menu applications can be started with different user logons.

When you do either of these an authentication occurs and a new Windows process will be created with the specified user account. Unless defined, a temporary Windows profile will be loaded. This is not typical user logon process, so no GPO will be applied.

You can still restrict the RunAs / Run as different User function by removing the access to it.

There are two steps to remove the RunAs and Run as different User:

1. Restrict the access to runas.exe:
- Remove the user permission from C:\Windows\System32\runas.exe

2. The second step is to remove the Run as different User entry from the context menu. Delete the following registry keys
- HKEY_CLASSES_ROOT\exefile\shell\runasuser
- HKEY_CLASSES_ROOT\batfile\shell\runasuser
- HKEY_CLASSES_ROOT\cmdfile\shell\runasuser
- HKEY_CLASSES_ROOT\mscfile\shell\runasuser
- HKEY_CLASSES_ROOT\Msi.Package\shell\runasuser

 

Thanks to http://blogs.citrix.com/2013/10/15/the-almost-forgotten-hardening-runas-run-as-different-user for this information

Citrix StoreFront v2 password expiry notice

 

You can enable the Receiver for Web site users to change their passwords at any time. Users passwords that are about to expire are shown a warning when they log on.

The notification period is determined by the Windows Group Policy setting. To set a custom notification period for all users, you edit the configuration file for the authentication service.

1. On the StoreFront server, use a text editor to open the web.config file for the authentication service, in the C:\inetpub\wwwroot\Citrix\Authentication\ directory.
2. Locate the following element in the file.

   <explicitBL ... allowUserPasswordChange="Always"
     showPasswordExpiryWarning="Windows" passwordExpiryWarningPeriod="10" ... >

   
   



3. Ensure that the allowUserPasswordChange attribute is set to Always to enable password expiry notifications.
   
   
   Change the value of the showPasswordExpiryWarning attribute to Custom to apply a specific password expiry notification period to all users.
   
   
   Use the passwordExpiryWarningPeriod attribute to set the password expiry notification period in days.

Receiver for Web site users connecting from the local network whose passwords are due to expire within the specified time period are shown a warning when they log on.

Copy configuration changes you make on the primary server are propagated to the the other servers.

 

This information comes from here:

http://support.citrix.com/proddocs/topic/dws-storefront-20/dws-configure-conf-password.html

Browser Market Share Changing Over Time

 

Firstly I don't run an analytics company but I found one on the web (www.netmarketshare.com) and as a part of planning which browsers should be tested for a terminal services project I wanted to know the winners, losers and where IE6 still is.

Below are the last twelve months of browser change. Overall I will be testing on IE10. The others will all be tier 2 for business.

The big winners here are IE10 and losing out are IE8 and IE9. IE7 is still in slow decline, but what scares me is IE6 is static at 6% (Siebel use ActiveX controls). The total of IE releases is around 54%

Chrome with auto update is always the current release about 12% and the others falling away to a total 17%

Firefox is much the same around the 14% mark

Safari, Opera, Sleipnir, Maxthon, Comodo are ALL in the other 18% – here, have one www.browserchoice.eu/BrowserChoice/browserchoice_en.htm

Changing the Citrix Provisioning Server TFTP IP/NIC

 

If it works (it did not for me) there is a control panel applet…

C:\Program Files\Citrix\Provisioning Services\tftpcpl.cpl

And just make the change, easy (if it works)

 

or

 

If that did not work, do it via the registry.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards

Find the network card you want to use and copy the ‘ServiceName’ data

Export the key as you need one of the ‘ServiceName’

HKLM\SYSTEM\CurrentControlSet\services\BNTFTP\Parameters

Change the data for "Adapter" with what you just copied

Restart the "Citrix PVS TFTP Service"

Check you got the right adaptor, if not try again…

To find what port is listening look for UDP:69

netstat -an -p udp | find ":69"

This is it working on a VM guest

You can test this by using the Windows TFTP client

tftp Computer.Name.or.IP GET ardbp32.bin ardbp32.bin

 

Thanks for the insight:

http://1bitatatime.blogspot.com.au/2012/01/change-which-nic-provisioning-servers.html