Windows Server 2008, TS profile path and Citrix published Apps

Recently something very strange happened to me when launching a citrix published application. Instead of launching the application, I was presented with a server desktop. Not quite what you would expect!

Anyway, after some troubleshooting I discovered that the problem was to be found in my AD user object. After adjusting the terminal services profile path with a Windows Server 2008 ADUC console, the attribute named "UserParameters" became corrupted.
Basically, there are 2 options to recover from this problem:
1. Recreate the user account, which is far from ideal.
2. Clear the "UserParameters" property, using this script:

Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _("LDAP://cn=MyUser,ou=MyOU,dc=MyDomain,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "userParameters", 0
objUser.SetInfo

 

I sure hope this issue gets documented and/or solved soon.

VMware Fusion v1.0

A while ago I posted an article comparing VMware Fusion (beta) with Parallels virtualization software.
Recently, VMware released version 1.0 of Fusion, so I decided to take the software for another test run.

I noticed immediately that VMware invested lots of energy in optimizing the beta version:
- Fusion now supports virtual SMP, and performance was really stunning! It's hard to notice you're not running natively.
Also, pausing and resuming a VM only takes a few seconds.
- Fusion makes it also possible to unify a Windows VM with Mac OS. You can easily drag and drop, and launch Windows applications from the dock.
- If you have an existing boot camp partition, Fusion will detect it and make it available as a virtual machine.
- Snapshotting is also added to the list of features.

Conclusion is that VMware did a great job with the final release of Fusion, and it has finally become difficult to choose your virtualization software for Mac.

Migrate esxRanger Professional

If you want to migrate your esxRanger configuration to a different server, there's a very easy way to do so. Just install esxRanger on the new server, and copy these 4 files from the existing server to the new one :
%ProgramFiles%\vizioncore\esxRanger Professional\smtp.dat
%ProgramFiles%\vizioncore\esxRanger Professional\vcenter.dat
%ProgramFiles%\vizioncore\esxRanger Professional\servers.dat
%ProgramFiles%\vizioncore\esxRanger Professional\yourlicense.lic

Make sure you don't forget to copy your scheduled tasks as well...

Restore bkf files in Windows Vista

Together with the release of Windows Vista, Microsoft decided to replace NTBackup with a newly built backup and restore program. You can access the Backup and Restore Center in the System and Maintenance menu in Vista.

Beware though that there is no support for restoring NTBackup files (bkf) with this new solution. Microsoft did release a tool to cope with this, check it out : http://www.microsoft.com/downloads/details.aspx?FamilyID=7da725e2-8b69-4c65-afa3-2a53107d54a7&displaylang=en

Migrate Double-Take for Windows

If you want to migrate your double-take configuration to a different server, there's a very easy way to do so. Just install the same version of double-take, and copy these 3 files from the existing server to the new one :
%ProgramFiles%\DoubleTake\connect.sts
%ProgramFiles%\DoubleTake\DblTake.db
%ProgramFiles%\DoubleTake\schedule.sts

Also make sure that you add every double-take admin to the local security group "Double-Take Admin", otherwise even local admin's won't have the necessary permissions.

SMS Advanced Client Setup Problems

I recently had problems installing an sms advanced client. During setup, it failed while creating the necessary WMI namespaces.
Error: failed to create WMI namespace CCM, code 80041002.

Solution:
- Stop WMI service (winmgmt)
- Delete folder "%systemroot%\system32\wbem\Repository"
- Start WMI service
- Rerun client setup

Netbackup SQL Restore Problems

Using the Netbackup MS SQL Gui client:
If you install a new SQL server, and try to restore database backups from an existing SQL Server, the message "Error encountered trying to read database images" shows.

The issue is that the sql agent from the new netbackup client is not allowed to list the existing backups from other SQL servers.

To resolve, go to the master Netbackup server, and copy all the files from <install_path>\netbackup\db\images\<client_name>\*.* to <install_path>\netbackup\db\images\<new_client_name>\*.*.
Leave the SQL host field pointed to the existing server, and point the source client field to the new SQL server.

Works perfect!

Windows Server 2003 Access-based Enumeration

Ever had the annoying problem that users can see files and folders in shares, even when they have no rights to access them? Install the Windows Server 2003 access-based enumeration add-on for 2003 SP1.

Install offers 2 modes: enable abe for all shared folders on a server, or configure it yourself on a per share basis (default). After default install, it shows an extra tab on the properties of a shared folder:

The add-on also includes a command line interface. (abecmd.exe)

VMware Fusion vs Parallels Desktop for Mac OS

Since the release of Intel based Macs, the market is open for virtualization products for Mac OS. I decided to give VMware Fusion (build 36932) and Parallels Desktop (build 3120) a test run on my iMac Core 2 Duo.
Both of them support USB 2.0 and drag&drop functionality, but here's a short overview of the most important differences:

Fusion
- Multiple virtual processors
- 64 bit guest support
Parallels
- Coherence
- Boot Camp support (use bootcamp partition as virtual machine)

Since VMware Workstation 5.x and Server 1.x images can be used in Fusion, Parallels had to come up with a solution: Transporter. It allows easy migration of your real Windows pc, or existing VMware or Virtual PC VMs.
In my case, I decided to install 2 new Windows Vista VMs.

The test results:
First off is guest performance, which is nearly native in Parallels! Fusion beta always runs in debug mode (which decreases performance), but then again, I assigned both CPUs to this VM. The performance didn't even come close!
Pausing and resuming works quite well in both products, but Parallels is still a bit faster.

As for view modes, Coherence is quite impressive, but I doubt I will ever enable it. I'd rather use the VM window or full screen mode.

Maybe the most remarkable feature was the dynamic adjustment of the screen resolution in Parallels. Just resize the VM window, and the screen resolution inside the guest adjusts itself. Nice one!
 
Last thing to mention is the Boot Camp support. Although this works well, I wonder why you need Boot Camp if there's virtualization software like Parallels??

Check out these screenshots:

     

Group Policy Settings Reference

A few weeks ago Microsoft published a new Group Policy Reference spreadsheet. This sheet lists all policy settings for user and computer configurations included in the admx/adml files delivered with Windows Vista.

Most important information in this sheet:
- the admx file that contains the setting
- the required OS for the setting to apply
- the registry location of the setting
- reboot or logoff required

Download it here.

Utility : Group Policy Log View

A few articles ago I discussed the fact that Vista logs all of the group policy events in the event log. Now Microsoft released a tool to export all group policy related events to a text, xml or html file : Group Policy Log View.
The tool even allows to monitor events in real time in a command prompt.

New ADM Templates for IE 7

For those who already migrated to Internet Explorer 7, download the new Group Policy administrative templates here :
http://go.microsoft.com/fwlink/?linkid=77998

Utility : RGPRefresh

At GPOGuy.com, they created a usefull tool for remotely refreshing group policy settings. It requires the .NET Framework 1.1 to be installed for usage.

Have a look : www.gpoguy.com/rgprefresh.htm

Terminal Services in Longhorn Server

During IT Forum I got to see a nice presentation of some of the new features of Terminal Services in Longhorn. Let me sum them up for you:

- Terminal Services Gateway: it's actually the Microsoft version of Citrix Secure Gateway. It provides access to terminal server sessions with the RDP protocol encapsulated in the HTTPS protocol. The session is secure, and only firewall port 443 needs to be open to make a connection. Access through this gateway can be controlled on a per user or workstation basis.

- Remote Programs: the ability to publish programs, in stead of a complete desktop environment. The application will run in a seamless window, so the user will experience no difference with local applications. File type associations can be configured on the clients, so they will automatically launch a terminal server application for certain file types.
These remote programs can be distributed as an MSI package (created in the TS Console), or through TS Web Access.

- Terminal Services Web Access: an interface which makes the terminal services remote programs available to users from a web browser. It's a customizable web part, which can also be integrated in a Sharepoint site.

Also a very nice feature, which makes the user experience even better, is the possibility to copy/paste from the desktop environment to a terminal server session. (and visa versa)
It was already possible for text strings in the past, but this has now been expanded to support complete files.

Group Policy in Vista and Longhorn

The most innovative change in group policies with windows vista and longhorn server is the introduction of admx and adml files. Admx files are xml based policy files, which contain registry based values. Adml files only contain text (per language), and are linked to admx files by using an id attribute for each string.
The location of these admx and adml files is %systemroot%\Policy Definitions. A very nice tool by FullArmor, which has been acquired by Microsoft, is called ADMX Migrator. This allows for the migration of adm files to admx, and the creation of new admx files.

Another improvement is the creation of a Central Store. This is a repository for all admx and adml files in a domain. This ensures that all of your gpo's use the same version of a policy template. The central store has to be created in a specific location : SYSVOL\domain\policies\PolicyDefinitions. If this central store is available, the GPMC will automatically load all of the templates from this location.

Since windows vista, multiple local policies can be created. As you can see in the screenshot below, local policies can be created for specific users, administrators, non administrators, ...

 

In the past it was also pretty difficult for admins to monitor gpo application. Userenv debug logging could be enabled, but not microsoft tools helped in analyzing this information. Since vista, the complete processing of gpo's is logged in the event log.

The last new feature I want to mention, is network location awareness. The main advantage of NLA is the end of the reliance on the ICMP protocol for policy application. It ensures a more accurate determination of network bandwith.