Way back in the old days, Windows policy management was done with "poledit", it would "tatoo" the registry; I remember teaching that a lockdown policy for the regular users was a type of "poison", and you had to be very careful to create the perfect "antidote" to the "poison" you were creating; it was an un-lockdownpolicy, reversing everything the lockdown policy did, and applied to the administrator. Without it, deleting the policy wouldn't help, you would never get back in to the controls, and the solution was re-install.
Two of the CNS engineers this week remembered their Windows 2000 & 2003 MSCE training, and insisted that the "tatooing" of the registry ended in the NT4 / Windows 95 days. Two other engineers, embedded in troubleshooting hours still in the puzzle stage, insisted that it must be happening, right here in the year 2009.
A request had called for a change to a large business' Active Directory Group Policy for the Citrix Servers. Most of our Citrix implementations are powerfully locked down with a combination of Group Policy and Script Logic's "Desktop Authority" login scripts. An Active X control running on the SQL server had failed to load on the Citrix server's published desktop, when the users tried to print from a SQL reporting services web page. The Microsoft tech article told us we could load the dll's into the Citrix server manually, and declare the reporting server as a "trusted site", allow Active X from trusted sites, and we'd be all set. The change was made right away, and the test users - copies of typical user accounts, both admin and non-admin - started getting the print dialog box, as exepcted.
But when the customer opened the gates to let in the masses, for published application and desktop testing, there were several calling in to our help desk, disappointed with the error that they had seen all too many times before, telling them they would be unable to print, because the ActiveX control had failed to load.
Resultant Set of Policy said we were applying the same GPO's to the users who had it working, and the users who had the error. So of course we looked at the user accounts: what was special about them, why wasn't the GPO applying?
This is when a couple of engineers in the group suggested the concept of "tatooing" the registry, and two other engineers repeated their training, saying it couldn't happen.
Turns out everybody was right.
The users who had the issue all had roaming profiles. Not all users had roaming profiles, and those who didn't, did not have the issue. We tried renaming the profile to .OLD and having the user log in again. That worked every time.
So the GPO's did not tatoo the REGISTRY, in the sense that they did with Windows NT 4/95, but it apparently did tatoo the PROFILES. So either way, it's something else we all need to be aware of.
tech article - Windows 2003 GPO's and "tatooing"
Citrix Provisioning 5.0 with XenDesktop 2.0?
Citrix released Provisioning server 5.0 on Aug. 21 and has many different features worth upgrading, such as the database can now be an Microsoft SQL database, and uses Microsoft VHD format. The one problem I have seen so far is the last one, Microsoft VHD is not seen by Citrix XenDesktop.
Citrix will be releasing a newer version of XenDesktop 2.1?? but will it work with Provisioning server 5.0? Not sure, but why wait? You can still use Provisioning 4.5, but more importantly here is a way to use both!
If you have a Provisioning 4.5 server create another Provisioning 5.0 server and set your targets to use the correct server via DHCP. Meaning migrate your vDisk to the new format if you want to just keep your XenDesktops using the old Provisioning 4.5 server or install a Provisioning 4.5 server just for your XenDesktop 2.0 server. As a best practice you should already be creating an DHCP Reservation for your targets, just make sure to create one for your XenDesktop targets and modify the “Configuration Options” for the target’s DHCP Reservation to include the correct DHCP options:
066 Boot Server Host Name “hostname of Provision Server 4.5”
067 Bootfile Name ARDBP32.bin
Make sure that you have don’t have any “Scope Options” or “Server Options” set and your targets set to use DHCP and you are good to go. Then again you could also create a boot iso as a fall back!
Citrix Presentation 4.5 - Unattended installation file
As we all know the faster that you can install and configure systems and/or applications the more billable we can be. Not to mention save yourself sanity!
Using the Citrix Presentation Server 4.5 UnattendedTemplate.txt can save you some of this much need billable time provided you have all of your prerequisites.
- Update the Windows installer*
- DotNet 2.0*
- Java Runtime*
- JSharp 2.0*
- msvcr71.dll**
The last prerequisite was a little know fact that I discovered just recently and thought I'd share. The Unattended install process does not seem to copy over this certain dll which without it will cause the unattended install to fail.
Keep in mind that additional dll maybe needed based upon your scenario, below is my case study.
- Complete Windows Server 2003 unattended installation using a DVD with Manufacture Support Tools
- Citrix MPS 4.5.1 with local access database
- New Citrix Farm
This scenario is set for minimal touch environment with very few customization needed to fit any environment i.e. Mass drivers, Manufacture Support Tools
[Citrix License Agreement]AcceptLicense=Yes
[Data Store Configuration]
CreateFarm=Yes
LocalDBType=Access
DirectConnect=No;
*Leave this blank to use the default zone name
ZoneName=
[Indirect Connect Settings]
IndirectServerName=
IndirectServerPort=2512
UserName=
DomainName=
****************************************************************
*Farm Settings This section specifies the settings for creating a farm.
*This section is used only if CreateFarm is Yes in the Data
* Store Configuration section.
* In this section you must specify:
* 1. The name of the farm you are creating.
* 2. A Windows NT user (user name and domain) who will be the
* administrator of this farm. This user can later designate
* other users as administrators of the farm using the
* Presentation Server Console.
***************************************************************
[Farm Settings]
FarmName=Farm
FarmAdministratorUsername=Administrator
FarmAdministrator
Domain=citrixtest
****************************************************************
*Shadowing Restrictions
*This section specifies whether or not shadowing is enabled. If
* shadowing is enabled, this section specifies shadowing
* restrictions.
***************************************************************
[Shadowing Restrictions]
AllowShadowing=Yes
ProhibitRemoteControl=No
ProhibitNotificationOff=No
ProhibitLoggingOff=No
[Citrix XML Service]
ExtendIIS=No
*This setting applies only if ExtendIIS is No
DedicatedPortNumber=80 *This setting applies only if ExtendIIS is Yes
EnableVirtualScripts=Yes
[Options]
RebootOnFinish=Yes
LogLevel=*v
LogFile=c:\msi.log
UILevel= BASIC_UI_NO_MODAL
IgnoreMCM=NoRemoveWITurnkey=No
[PresentationServer]
ServerType=Enterprise
[LicenseServer]
LicenseServerChoice=Point
LicenseServerName=citrixlc
LicenseServerPortDefault=Yes
LicenseServerPort=27000
[MFRDP]
DisableRDPPromptForPassword=Yes
[IMAEncryption]
EncryptionEnable=0
KeyType=file
NewKeyPath=
KeyPath=
*Note: D:\Support\
**Note: D:\Citrix Presentation Server\Program Files\Citrix\System32
Installation operation failed -- Note: 1: 1708
Citrix Presentation - Branding
Little know fact about Citrix Presentation Server is how to take advantage of some branding. I will go into that but first lets go into what we do know.
- Citrix Presentation recommends that you should disable Windows Wallpaper
- Windows Wallpaper uses additional resources per user if not disabled
- Default Windows Logon Wallpaper is disabled in a RDP session
- Windows Logon Wallpaper for an ICA session shows Citrix Branding
- Change the registry entry for the HKU\.DEFAULT\Control Panel\Deskto "TileWallpaper" = 1 to Tile =0 to Center
- Renamed the %programfiles%\citrix\system32\ica256.bmp to company logo
- Finished
Find Needles In A Haystack with Instant Search
If you're buried in e-mail (and who isn't?), Instant Search in Outlook 2007 can save the day for you every day.
The new Instant Search helps you quickly find e-mail messages, appointments, contacts, or any Outlook item. You don't even need to know which folder the item is in.
Watch the demo to see how to use this fast search feature, and start finding what you want instantly.
See Demo
8 Signs You Need to Upgrade Your Server
Your server hardware is a ticking time bomb.
Don't be alarmed. It may never actually "blow up" — which is to say, melt down and take lots of data with it. But one day, sooner or later, it will become obsolete. And for your business, that's potentially an explosive liability.
"The older your hardware is, the more likely that a failure and loss of productivity will occur," warns Donald Hess, senior systems engineer at Entre Computer Services, a systems integrator based in Rochester, N.Y. "In general, a company can avoid big expenses by updating its servers every three years. If it waits five years, then there's a big risk of being compelled to upgrade many components simultaneously."
Ouch.
What exactly needs upgrading?
Most small businesses tend to think of their server as a whole, which is to say hardware (the computer it runs on) and software (the application that powers the server, such as Windows Small Business Server) are one.
Talk to experts and you're likely to conclude that this holistic approach to a server is correct for most businesses. Hardware and software generally age at about the same rate. In other words, the machines need to be modernized at roughly the same interval as the server operating system is updated, give or take a few months.
So is your server ready for a once-over?
Here are eight signs.
1.It crawls. "When your server gets slow, it's time for some new iron," says Alan Canton, president of the Adams-Blake Company, an information-technology consulting firm in Fair Oaks, Calif. He recommends taking a look at both disk and CPU (central processing unit) usage. "When you're at about 80%, it's time to start looking around," he advises. Slow servers, of course, mean a less productive work force. Can you afford that?
2.It sucks up your time. "If you're spending more time on dealing with server problems than you are willing to commit, it's time for an upgrade," says David Wilner, president of Rhino Imaging, a New York document imaging company. Ask yourself: If you weren't working on a particular server problem, how much money could you earn by doing something else?
3.It's noisy. "As fan drives and hard drives age, you will notice they will become noisier," says Will Luden, chief executive of Info Partners, a San Mateo, Calif., provider of outsourced IT. "This is typically a good indicator that hardware failure is just around the corner. Computers are like cars; they have only so much mileage before they start falling apart." Luden says if you can't spring for a complete upgrade when you hear funny noises, at least make sure everything is backed up.
4.It's out of warranty. "When the only people who know enough to support your server are retired and collecting Social Security, you know you have a problem," says Michael Bielski, an IT coordinator for the California Society of Enrolled Agents, a tax-professional association in Sacramento, Calif. He's not kidding. If the manufacturer has stopped supporting the hardware and software — which means it's more than three years old — then there's a good chance you need some kind of upgrade.
5.Something doesn't feel right. Maybe your hardware specifications don't match your vendor specs. "Maybe it takes longer and longer to do the same function," says Brent Kuchvalek, who manages infrastructure and security services for Optimus Solutions LLC, an IT services company based in Norcross, Ga. If you, or your IT person, have a sinking feeling about the server, chances are it could be ready for an upgrade of some kind.
6.There's no more room. "If the requirement of the software that runs on the server exceeds the servers' specifications, then you need a new server," says Kendall Tatum, manager of IT services at Frank & Company, an accounting and financial consulting services firm in McLean, Va. He says small-business users shouldn't just try to manage a space or memory crisis in the short term, but to think about the company's long-term needs. "Planning is the key," he says. "Will you be adding more staff that will need access to this machine? Will you be upgrading the software that runs on the server in the near future? These are questions that you have got to ask yourself."
7.Its performance is otherwise impaired. "Does your server seize up often?" asks Ho Lee, general manager for Chicago-based DedicatedCentral, a managed dedicated server hosting provider. "Does the box have problems resolving conflicts?" Even if things run smoothly otherwise, these occasional "hiccups" may be a sign that the server is running up against the limits of its performance. "Most businesses have a hard time tracking these issues until it's too late," Lee adds. "I recommend monitoring tools that report on the health and status of their servers. They provide information for capacity planning and alerts of trouble signs."
8.The big one happens. "There usually isn't a telltale sign that your server needs to be upgraded, in terms of hardware, until a catastrophic failure occurs," explains Robert Cashman, president of Cashman Computer Associates, an Old Lyme, Conn., IT consultancy. After a meltdown, there's normally a "scramble" to replace operating systems and applications. Frequently, those are discontinued, or support has been discontinued, and that's usually when a business discovers that it should have upgraded long ago. "It is much calmer to upgrade in a planned manner than to scramble at the last minute to resolve a crisis," he says.
One last disclaimer: "Oftentimes," says Michael Crowe, director for IT consulting firm Plante & Moran in Chicago, "there may be no signs or warnings that are apparent to the users on the network." But the time bomb is still ticking.
By Christopher Elliott
Reprinted with permission from Microsoft Small Business Center
Exchange 2007 — What you need to know
Many of today's small to mid-sized businesses operate in a Microsoft Exchange environment. Most of these businesses have invested in Exchange and Exchange-compatible systems over the years, and now they are both loyal to and dependent upon Exchange for email. Now that Microsoft Exchange Server 2007 has finally been released, you might be wondering if it's worth the time, effort, and cost to migrate to 2007 from your current platform. Find out what's new with Exchange 2007, and what security issues to consider before you migrate.
Long time coming
Prior to 2007, the last release of Exchange was in 2003. Exchange Server 2007 includes many new enhancements and features that improve upon the 2003 platform. Here are some of the improvements that come with Exchange 2007:
More access — Email inbox, calendar, contact information, and voicemail can be accessed virtually anywhere, anytime using a browser.
Better availability — New data replication capabilities drive increased availability at a lower cost.
Richer email experience — Improved user experience and better manageability. Desktop features such as quick flags, sophisticated calendaring, and fast search are now available on mobile devices.
Unified messaging — Employees can receive their email, -voicemail, and faxes through a single inbox that can be accessed from anywhere. This means lower cost and complexity through consolidation of voicemail infrastructure.
Promotes compliance — Features are specifically designed to help comply with corporate, regulatory, and legal requirements.
Improved Web access — Outlook Web Access (OWA) 2007 gives a rich, Outlook 2007-like experience from a browser anywhere. No VPN is required.
Management help — Updated graphical management console with a more intuitive user interface, and a toolbox work center integrates diagnostics, monitoring, and troubleshooting tools.
One of the most prominent changes is that Exchange 2007 only runs on 64-bit servers. Even though 64-bit servers enable higher performance, it's been one of the biggest obstacles to migrating for small to mid-sized businesses because it means replacing existing 32-bit servers with new ones that cost twice as much
Managing email security
Email is mission-critical to most small to mid-sized businesses, so while Exchange 2007 boasts many new features, migrating to a new email system is not a task to be taken lightly. If you decide to migrate, you also must consider how you will secure, manage, and archive all aspects of the messaging environment while also ensuring compliance with IT policies and government regulations. Symantec has two important solutions that are compatible with Microsoft Exchange Server 2007:
- Continuous backup and recovery: Email applications contain vast amounts of information that must be backed up and stored. Symantec Backup Exec11d for Windows Servers is our leading recovery solution that provides continuous disk-to-disk-to-tape backup and recovery for Microsoft Exchange 2007 servers. It eliminates the need for daily backups and enables quick recovery of individual mailboxes, messages, and folders. Backup Exec also protects stored data with 128-bit and 256-bit encryption to ensure the security of data that is backed up.
- Messaging security: Email not only needs to be backed up — it also needs to be protected. IT administrators must protect email from virus threats, spam, and other security risks, while ensuring that internal policies are being enforced. Symantec Mail Security for Microsoft Exchange 2007 provides advanced antivirus and antispam protection, integrated content filtering with advanced policy rules, and fast scans that reduce the load on the Exchange server. SMS is easy to administer and its user interface provides a consistent, high performance administration experience.
Conclusion
The Microsoft Exchange Server 2007 boasts many new features that make accessing and managing email easier than ever for IT administrators and employees. What it doesn't do is back up or recover email messages, or protect them from outside threats. Your email system is a critical component of your business — you can't afford to risk your messaging data. That's where Symantec's solutions can help.
from Symantec
Posts
