Windows

group: “Windows” Certificates are an important part of a modern environment. They make communication safer by encrypting the traffic between the client and server. A safe way to move certificates between servers or store them safely is by exporting the certificate (private and public key) to an encrypted format. A commonly used format is “pfx” (Personal Information Exchange also known as PKCS#12). A pfx file can contain one or more certificates and is encrypted with a password. Without the correct password the pfx is useless. You commonly see that a pfx contains a (web) server certificate and one or more intermediate certificate(s) and a root certificate.

A couple weeks ago someone asked me if OTP4ADC could also support encrypted tokens. And at that time I hadn’t done anything with encrypted tokens on a Citrix ADC. And if you not have heard of the OTP4ADC tool/script you can read my initial blog article from when I released the first version and the basics of how it works.

Yesterday I was at a Customers location and they had an issue with their printers on the XenDesktop VDI environment. Some users are using Exact to print all kinds of labels, in this case a Zebra label printer. And while they were printing labels, the label printer was set automagically as default. They started noticing this because when they wanted to print other (A4) reports, the layout was wrong and some information fell of the report. They could change the default printer back to the MFP, but when they printed labels again, you’ll get it right? I recently helped them move from Windows 10 LTSB 2015 (1507) to Windows 10 LTSB 2016 (1607) and they started noticing this issue after the switch to the new Windows version. So what could it be? Turned out to be a setting in Windows… After changing this, the issue was gone. You can change it in “Settings”, “Devices”, “Printers & Scanners” and change the setting “Let Windows manage my Default printer” to off. Or you can set the following registry key:

While testing with the latest Windows 10 LTSB 2016 version I found out in 9 of 10 logins failed, it was stuck on the message “Welcome other user”… I used the same deployment steps as with LTSB 2015 and not working, what was wrong? After reading the Citrix forum I found out that more users were experiencing this issue. After some testing I found out that my issue was caused by a disabled Service named “Device Association Service”. This is one of the optimizations in the “Technical Note – Optimize Windows 10” guide from Citrix. Don’t disable this service but leave it on Automatic. Since I found out I haven’t seen this issue since.

For a while now Windows 10 is supported with RES ONE Workspace 2015 and up. More and more companies are switching from their old versions (Yes, some of them are still using Windows XP) to Windows 10. I’ve done a couple of implementation now and thought to share some of the knowledge I found during these implementations.

With the following PowerShell script you can remove AppX Apps in Windows 8(.1) and 10. Note: The apps will be removed for the Current and New users only! <# To skip a AppX app while removing change "Remove" to "NoChange", the app will not be removed. #> $arrAppxApps = @() $arrAppxApps += ,@('Remove','6.4|10.0','*3DBuilder*') # Uninstall 3D Builder $arrAppxApps += ,@('Remove','6.4|10.0','*Appconnector*') # Uninstall $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*bingfinance*') # Uninstall Money $arrAppxApps += ,@('Remove','6.2|6.3','*BingFoodAndDrink*') # $arrAppxApps += ,@('Remove','6.2|6.3','*BingHealthAndFitness*') # $arrAppxApps += ,@('Remove','6.2|6.3','*BingMaps*') # $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*bingnews*') # Uninstall News $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*bingsports*') # Uninstall Sports $arrAppxApps += ,@('Remove','6.2|6.3','*BingTravel*') # $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*bingweather*') # Uninstall Weather $arrAppxApps += ,@('Remove','6.2|6.3','*Camera*') # $arrAppxApps += ,@('Remove','6.2|6.3','*OneDrive*') # $arrAppxApps += ,@('Remove','6.4|10.0','*getstarted*') # Uninstall Get Started $arrAppxApps += ,@('Remove','6.2|6.3','*HelpAndTips*') # $arrAppxApps += ,@('Remove','6.4|10.0','*officehub*') # Uninstall Get Office $arrAppxApps += ,@('Remove','6.4|10.0','*solitairecollection*') # Uninstall Microsoft Solitaire Collection $arrAppxApps += ,@('Remove','6.2|6.3','*Media.PlayReadyClient.2*') # 2x $arrAppxApps += ,@('Remove','6.2|6.3','*Media.PlayReadyClient.2*') # $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*onenote*') # Uninstall OneNote $arrAppxApps += ,@('Remove','6.4|10.0','*people*') # Uninstall People $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*skypeapp*') # Uninstall Get Skype $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*photos*') # Uninstall Photos $arrAppxApps += ,@('Remove','6.2|6.3','*Reader*') # $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*windowsalarms*') # Uninstall Alarms and Clock $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*windowscalculator*') # Uninstall Calculator $arrAppxApps += ,@('Remove','6.4|10.0','*windowscamera*') # Uninstall Camera $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*windowscommunicationsapps*') # Uninstall Calendar and Mail $arrAppxApps += ,@('Remove','6.4|10.0','*windowsmaps*') # Uninstall Maps $arrAppxApps += ,@('Remove','6.4|10.0','*windowsphone*') # Uninstall Phone Companion $arrAppxApps += ,@('Remove','6.2|6.3','*WindowsReadingList*') # $arrAppxApps += ,@('Remove','6.4|10.0','*soundrecorder*') # Uninstall Voice Recorder $arrAppxApps += ,@('Remove','6.2|6.3','*WindowsScan*') # $arrAppxApps += ,@('Remove','6.4|10.0','*windowsstore*') # Uninstall Store $arrAppxApps += ,@('Remove','6.4|10.0','*xboxapp*') # Uninstall Xbox $arrAppxApps += ,@('Remove','6.2|6.3','*XboxLIVEGames*') # $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*zunemusic*') # Uninstall Groove Music $arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*zunevideo*') # Uninstall Movies & TV Write-Host -ForegroundColor White "Removing Appx Apps" Write-Verbose '' foreach ($AppxApp in $arrAppxApps) { Write-Host -NoNewline -ForegroundColor Gray " -" $AppxApp[2] Switch ($AppxApp[0]) { "NoChange" { Write-Host -ForegroundColor Yellow " (skipped) No changes made" } "Remove" { if ($AppxApp[1] -Match ($varWinVer)) { Try { Get-AppxPackage | Where-Object {$_.PackageFullName -like $AppxApp[2]} | Remove-AppxPackage -ErrorAction SilentlyContinue | Out-Null Get-AppxPackage -allusers | Where-Object {$_.PackageFullName -like $AppxApp[2]} | Remove-AppxPackage -ErrorAction SilentlyContinue | Out-Null Get-AppxProvisionedPackage -Online | Where-Object {$_.packagename -like $AppxApp[2]} | Remove-ProvisionedAppxPackage -Online -ErrorAction SilentlyContinue | Out-Null } Catch { Write-Host -ForegroundColor Red (" (error)") $FailedItem = $_.Exception.ItemName Write-Verbose ('Caught an error') Write-Verbose ('ErrorMessage: ' + $ErrorMessage) Write-Verbose ('FailedItem: ' + $FailedItem) continue } Finally { Write-Host -ForegroundColor Green (" (done)") } } Else { Write-Host -ForegroundColor Yellow " (skipped) not applicable to this OS" } } } }

When ADCS uses sha1 for their certificates, you might want to change it to sha254. NOTE: Make sure all your devices support sha256 sha1 sha256 To achieve this enter the following commands in an elivated DOS-box:

psexec \COMPUTERNAME -u domainuser -sd -i 0 “c:Procmon.exe” /accepteula /backingfile c:output.pml /nofilter /quiet Aanmelden met de gebruiker, en afmelden (kan wat langer duren door de logging) Daarna procmon stoppen (om de log file te sluiten) psexec \COMPUTERNAME -u domainuser -sd -i 0 “c:Procmon.exe” Terminate Sysinternals tools benodigd: psexec procmon

Requirements: At least one Domain Controller running Windows Server 2012 with the Active Directory Administrative Center enabled. All Domain Controllers (or servers running AD LDS) must be running Windows Server 2008 R2 or higher. The Forest must be running at Windows Server 2008 R2 functional level. Import the Active Directory modules in PowerShell

netsh dhcp server mySRV scope 192.168.1.0 add reservedip 192.168.1.111 XXXXXXXXXXXX host.domain.local