Access

CTX-Blog

powered by Ecki's Place

March 31, 2007

Bilingual Blog

After a couple of modifications to the used theme and some WordPress files i can now proudly present CTX-Blog in two languages. Most of the posts are translated in the meantime and are available in German and English.

Since no one is perfect, i ask every visitor to tell me about errors in the translations in a comment to this post.

Regards
Ecki

March 28, 2007

Remove Outlook Express from the start menu

If you have ever published a terminal server desktop, you have seen this happening almost for sure. Even if there is no Outlook Express icon in the All Users or Default Users folder, the icon appears in the start menu after a user logs on for the first time.

Why is this happening? And much more interesting, how can you avoid this?

To delete the icon from every users profile is not a viable option. So it’s best to look for the root cause of this problem. As often, the solution can be found in the registry.

Below the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\

you can find a REG_SZ entry with the name “StubPath“. If you delete this entry, the terminal server will never again create this icon at user logon. Existing icons however will not be deleted.

A post in the DCUG describes a similar procedure but simply renames the entry to “HideStubPath“. The effect is the same, but it is much easier to revert back.

Regards
Ecki

March 14, 2007

Registry Scan (Watermark) for CAG 4.5.x Advanced

Most people who know Citrix Access Gateway (CAG) with Advanced Access Control (AAC) for a while, especially version 4.2, know the “Citrix Watermark” End Point Analysis Scan (EPA Scan). A possibility to configure the security group membership of a PC withe a simple registry key. In contrast to MAC or Domain filters, this scan made it very easy to change the security context of a PC, very handy for product demonstrations, where you want to visualize different access scenarios.

The update to AAC version 4.2.5, eg. version 4.5 introduced a massive change for EPA Scans. Since then, every EPA Scan has to be signed, which renders the unsigned “Watermark” scan worthless. Every EPA Scan delivered with AAC 4.5 is now already signed by Citrix and if you try to create your own EPA Scans, you have to sign them too and build your own specific EPA Scan MSI package. Lots of customers try to avoid this effort and the costs associated with signing certificates. For Citrix partners, trying to build just a demo site, the effort and the costs are too high as well. If you do not intend to spend money on Custom Scans for example from EPAFactory, you are stuck with the scans provided by Citrix:-(

I will therefore show a way, how you can accomplish a working registry scan with the means provided by a standard setup of AAC. Most EPA Scans do in fact nothing else than reading predefined keys in the registry of the client PC. Therefore almost any EPA Scan can be used as registry scan. As an example i will use the “Citrix Scans for Windows Update” shipped with AAC. This scan reads on a client PC recursively all keys beneath:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\

and reports back the KB-numbers found. It must be pointed out, that keys directly below the “Updates”-key are NOT delivered back to the AAC server. You should therefore use an existing key like “SP2” to create your own KB-number key. Knowing that, it is fairly simple to create your own registry scan. A detailed description with screen shots of this process can be found here (german only).

Regards
Ecki

March 13, 2007

PNAgent Filter for Web Interface 4.5

Most of you will know the Web Interface addons and modifications from Thomas Kötzing. I use them myself quite often in customer projects. Until now, a badly needed modification was available only for WI 4.2. I am talking about the

Program Neigborhood Agent Filter

This modification gives an administrator the power to hide Published Applications from the user. The only thing he has to do is adding a “#” sign in front of the application description. Very handy, if you use PNAgent to populate the Desktop and Start Menu and do not want the published Desktop to appear in the context menu of the PNAgent in the taskbar.

Because i needed this modification for a customer, i adapted the code of the existing modification for WI 4.5 and invite everyone interested in this modification to download it.

Download FilterApps4.5

Regards
Ecki

March 4, 2007

High availability with PS 4.5

Sorry, this post is not available in English

Regards
Ecki

March 3, 2007

Presentation Server 4.5 released

Sorry, but this post is not available in English

Regards
Ecki

|