Blog on John Billekens | Notes from the field

Citrix WorkspaceApp Update Script: Check and Alert for Security Risks

Wed, 28 Aug 2024 19:50:19 +0000

It’s crucial to regularly update your Citrix WorkspaceApp to an up-to date version. Many environments still use outdated versions with significant security vulnerabilities (CVEs). Too often, I encounter environments that are still running old versions, including the antiquated “Receiver” versions. Not updating to a non-vulnerable or recent supported version poses a real security risk!
In many environments, users have company-managed devices, for example managed via Microsoft Intune, which can be updated centrally. These devices are typically kept up to date. The greatest risk lies with non-company-managed devices, such as privately owned laptops or bring-your-own-device (BYOD) systems, where users are responsible for maintaining updates themselves.

Manipulate the 'NameID' SAML content - part 1

Thu, 28 Oct 2021 15:22:45 +0000

Some companies want to allow other (guest) companies to connect to their environment and for example allow them to open a Citrix Desktop. This can be achieved by Connecting an existing Citrix environment to the guest company via SAML (and yes there are other possibilities). SAML is an authentication method based on a two-way trust. Two Microsoft products that can offer SAML authentication are ADFS (Active Directory Federation Services, an on-premises solution) and the other is and Enterprise App you can configure from the Azure portal. The other requirement is Citrix FAS (Federated Authentication Services). In this article I will show you a way to connect a guest (company) via SAML to allow them access to your Citrix environment without the need for adding the guest companies suffix to your domain.

Manage Native OTP tokens via Windows, Part 2

Tue, 20 Apr 2021 19:31:56 +0000

A couple weeks ago someone asked me if OTP4ADC could also support encrypted tokens. And at that time I hadn’t done anything with encrypted tokens on a Citrix ADC. And if you not have heard of the OTP4ADC tool/script you can read my initial blog article from when I released the first version and the basics of how it works.

Manage Native OTP tokens via Windows

Tue, 29 Sep 2020 20:36:32 +0000

Today I want to release an early (beta) version of a new tool I created, “OTP4ADC” With this tool you can add, remove or change the native OTP tokens used within your Citrix ADC, previously called NetScaler.

How to use FSlogix AppMasking on Intune managed devices

Sun, 05 Jul 2020 09:50:02 +0000

A while ago I was asked to apply FSLogix App Masking at a company to hide MS Office for certain users. Normally with just Active Directory that’s a done deal. But the targets were Intune managed. And since FSLogix Application Masking Is not yet supporting AzureAD we had to find other options.

GenLeCertForNS New Update

Wed, 19 Feb 2020 16:42:40 +0000

A lot of new users used my script after writing my first blog article for Citrix. Since then I made some improvements and continuing to add new features. Today I released the latest version of my “GenLeCertForNS” script. Within this version I solved some issues and improved the overall speed (especially with larger orders).

Some Nutanix AHV PowerShell Commands I found useful

Tue, 29 Jan 2019 18:46:13 +0000

Recently I needed to script some actions for a VM on Nutanix AHV. I wanted to share with you some of the commands I found and used. I created a small function (Wait-NTNXTask) that verifies the task and waits until the task is finished. Pleas note that this is optional and not required to run the commands specified in this blog.

View NVIDIA GRID license details via PowerShell

Thu, 08 Nov 2018 10:08:30 +0000

I recently needed to get some NVIDIA GRID license details in PowerShell for a customers monitoring solution. Unfortunately there was no PowerShell script available and also there is no available api to get these details. But I still needed the data in PowerShell, so I created a script that will just do that. It will retrieve the website with details, clean it up and present you with an object with data. Just run the script on you license server (or from another server, but remember to open the firewall port first) and you will get the details. You can find the script here:

Office Online apparently only supports TLS 1.0

Thu, 20 Sep 2018 19:57:00 +0000

Recently I had to configure a new ~~NetScaler~~ Citrix ADC for a new ~~ShareFile~~ Citrix Files deployment. Two Storage Zone Controllers load balanced via a Citrix ADC with a Content switch. Nothing out of the ordinary. It was when I activated the Office Online functionality on the Storage Zone Controller configuration page the error messages appeared. Each time as we tried to open an office document we got an error “Sorry, there was a problem and we can’t open this document. If this happens again, try opening the document in Microsoft Word.” for Word documents and “We couldn’t find the file you wanted. It’s possible the file was renamed, moved or deleted.” for Excel documents. I followed all the necessary checks as described in a Citrix Files Article. But everything turned out okay, it worked as expected. What could it be? As it turned out to be the NetScaler SSL configuration was configured to high!? I always want that A+ on SSL Labs, the same with this setup. It was when I reverted the Content Switch to it’s default SSL parameters (TLS1.0 and the default Cipher suite) that Office Online started functioning. It could not retrieve the documents from the Storage Zone Controllers and thus it gave me this error messages. Luckily I had a separate Content Switch for internal and external traffic. I only had to lower the SSL settings on the internal Content Switch, this is the Content Switch the Office Online server was communicating with. So I hope Microsoft will add support for TLS 1.2 in Office Online (and give it some updates)

Hide or change "domain user or username@domain.com" text in Storefront, part 2

Tue, 26 Jun 2018 21:08:27 +0000

A while ago I wrote a blog about how to change the “domain\user or username@domain.com” text in Citrix StoreFront. Now I’ve create a small PowerShell script that can do that for you.

My very first GUI tool: CtxToolbox!

Fri, 27 Apr 2018 08:39:10 +0000

When I started with C# in my spare time I needed a goal, something to build. I have several PowerShell scripts and wanted to add a GUI and so CtxToolbox was born! So what to implement first? I started with the basics and worked up from there, and added the Drain functionality. The idea behind this functionality was born in an 24/7 hospital environment. At that time I was building a new XenDesktop 7.x infra for this customer. And when it went to production they needed a way to gradually get machines into maintenance mode to do maintenance without troubling the users. I created a PowerShell script where you could select the machine catalogs (we had a machine catalog per hyper-visor host) and “drain” them into maintenance mode

Making a remote PowerShell connection

Thu, 26 Apr 2018 15:16:44 +0000

In this article I will make a short description how to make a remote PowerShell connection. I needed this for a job once, tried to make a remote PowerShell connection from a Non Domain Joined machine to a Domain Joined server. I needed to re-configure the server first before making a connection. With the following code you can try and test the connection:

Hide or change "domain user or username@domain.com" text in Storefront.

Mon, 15 Jan 2018 12:05:16 +0000

The following was tested om 3.10+ versions, not sure if it works on older or 2.x versions.

Hide the default text
#

You can hide the default text “domain\user or username@domain.com” in the storefront username field. This can be done by simply editing the “custom style.css” file. This file is located in “C:\inetpub\wwwroot\Citrix\Store>Web\custom”. Replace “<Store>” with your own store name. You need to edit each store separately. Add the following to hide the text (1):

Let's Encrypt Certificates on a NetScaler

Thu, 06 Apr 2017 21:25:51 +0000

For a while now it’s possible to use Let’s Encrypt certificates, they are trusted (cross signed), secure and most of all FREE! There are already a lot of tools available to generate these certificates. I haven’t come across a tool or script to generate these certificates and upload them to a Citrix NetScaler. So I thought why not build it myself. I already tried it in a previous attempt, but I wanted more automation and thus I created this version. To learn more about the Let’s Encrypt, check how it works.. What my script does in very basic steps (for example you want a certificate for www.domain.com): Ask LE (Let’s Encrypt) to validate “www.domain.com” (1) LE returns data (2) among them:

Create offline backups of the NetScaler config

Thu, 06 Apr 2017 19:07:59 +0000

I’ve created a PowerShell script that can be used to generate an (offline) backup of a Citrix NetScaler. If you want you can use the supplied batchfile for example to schedule the backup in Scheduled Tasks to run everyday. Some more information about the parameters used:

Spontaneously changing default printer

Sat, 18 Mar 2017 13:53:21 +0000

Yesterday I was at a Customers location and they had an issue with their printers on the XenDesktop VDI environment. Some users are using Exact to print all kinds of labels, in this case a Zebra label printer. And while they were printing labels, the label printer was set automagically as default. They started noticing this because when they wanted to print other (A4) reports, the layout was wrong and some information fell of the report. They could change the default printer back to the MFP, but when they printed labels again, you’ll get it right? I recently helped them move from Windows 10 LTSB 2015 (1507) to Windows 10 LTSB 2016 (1607) and they started noticing this issue after the switch to the new Windows version. So what could it be? Turned out to be a setting in Windows… After changing this, the issue was gone. You can change it in “Settings”, “Devices”, “Printers & Scanners” and change the setting “Let Windows manage my Default printer” to off. Or you can set the following registry key:

Disconnect issues on NetScaler MPX

Fri, 03 Mar 2017 12:08:31 +0000

Recently I upgraded a couple of MPX NetScalers to a recent 11.1 build at a customers location. During the following day the customer experienced a lot of disconnecting citrix sessions. I did not experience this issue on a VPX appliance. Turned out to be an issue with the “TLS1.2-ECDHE-RSA-AES256-GCM-SHA384” cypher. And because I want to strive for an A+ rating at ssllabs (Scoring an A+ at SSLlabs.com with Citrix NetScaler – 2016 update) this one is in the list. After removing this cypher from the cypher group the customer didn’t experience any disconnects. So I thought to share this one as you may experience it for your self. Please also note this Citrix article: https://support.citrix.com/article/CTX220994

Windows 10 LTSB 2016 (Build 1607) stuck at Other User while logging in

Fri, 27 Jan 2017 13:57:48 +0000

While testing with the latest Windows 10 LTSB 2016 version I found out in 9 of 10 logins failed, it was stuck on the message “Welcome other user”… I used the same deployment steps as with LTSB 2015 and not working, what was wrong? After reading the Citrix forum I found out that more users were experiencing this issue. After some testing I found out that my issue was caused by a disabled Service named “Device Association Service”. This is one of the optimizations in the “Technical Note – Optimize Windows 10” guide from Citrix. Don’t disable this service but leave it on Automatic. Since I found out I haven’t seen this issue since.

Convert Server 2016 Evaluation version to Production version

Fri, 27 Jan 2017 08:55:30 +0000

I’ts possible to convert your Server 2016 evaluation version to a production version using one of the following commands depending on your version: Standard:

DISM /online /Set-Edition:Serverstandard /ProductKey:WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY /AcceptEula /Norestart

Datacenter:

RES ONE Workspace on Windows 10 lessons learned

Sun, 07 Aug 2016 18:40:54 +0000

For a while now Windows 10 is supported with RES ONE Workspace 2015 and up. More and more companies are switching from their old versions (Yes, some of them are still using Windows XP) to Windows 10. I’ve done a couple of implementation now and thought to share some of the knowledge I found during these implementations.

The case of the empty Start Menu (Windows 10)

Sat, 06 Aug 2016 16:31:33 +0000

During a project I’m currently working on, with Windows 10, Citrix Xendesktop 7.9, XenServer 7.0 and RES ONE Workspace 2015 SR2 I stumbled upon a issue with RES ONE Workspace and the pinning of items in the Start Menu. I noticed that sometimes my Start Menu was empty, while I had items pinned when I logged off!? After some investigation with an engineer from RES Software, we managed to reproduce the issue in a closed test environment. At this point RES can try to fix the issue and at the time of writing no known solution is available. We still need to verify but as far as we know the issue is also still in the new version RES ONE Workspace 2016. We still needed a filled Start Menu for the time being, because currently there is no known date for the possible fix… So I created a PoSh script that will fill the Start Menu. (for the 2nd time, after the RES composer is finished) Yes I know not very pretty solution but it gets the job done and it’s a temporary fix. So here is the script I’ve made. (Building block is also available at the end for download)

Generate an Let's Encrypt certificate what can be used on the NetScaler

Sun, 03 Jul 2016 18:32:28 +0000

Edit 07-04-2017: Check out my new and updated version! I’m trying to create an (PowerShell) script to automate the Let’s Encrypt certificate creation. Specifically for the Citrix NetScaler. Currently still Work In Progress… It’s not yet finished. The prerequisite is that you have a configured NetScaler (http) Content Switch vServer. The script will present you with the required configuration rules (it will also be copied to your clipboard so you only have to copy it in the cli of the NetScaler) For the meantime you can find it on GitHub: GenCertForNS on GitHub More soon (I hope)…

Remove AppX (Modern) Apps

Sun, 22 May 2016 07:47:15 +0000

With the following PowerShell script you can remove AppX Apps in Windows 8(.1) and 10. Note: The apps will be removed for the Current and New users only!

<#
 To skip a AppX app while removing change "Remove" to "NoChange", the app will not be removed.
#>
$arrAppxApps = @()
$arrAppxApps += ,@('Remove','6.4|10.0','*3DBuilder*') # Uninstall 3D Builder
$arrAppxApps += ,@('Remove','6.4|10.0','*Appconnector*') # Uninstall 
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*bingfinance*') # Uninstall Money
$arrAppxApps += ,@('Remove','6.2|6.3','*BingFoodAndDrink*') #
$arrAppxApps += ,@('Remove','6.2|6.3','*BingHealthAndFitness*') #
$arrAppxApps += ,@('Remove','6.2|6.3','*BingMaps*') #
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*bingnews*') # Uninstall News
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*bingsports*') # Uninstall Sports
$arrAppxApps += ,@('Remove','6.2|6.3','*BingTravel*') #
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*bingweather*') # Uninstall Weather
$arrAppxApps += ,@('Remove','6.2|6.3','*Camera*') #
$arrAppxApps += ,@('Remove','6.2|6.3','*OneDrive*') #
$arrAppxApps += ,@('Remove','6.4|10.0','*getstarted*') # Uninstall Get Started
$arrAppxApps += ,@('Remove','6.2|6.3','*HelpAndTips*') #
$arrAppxApps += ,@('Remove','6.4|10.0','*officehub*') # Uninstall Get Office
$arrAppxApps += ,@('Remove','6.4|10.0','*solitairecollection*') # Uninstall Microsoft Solitaire Collection
$arrAppxApps += ,@('Remove','6.2|6.3','*Media.PlayReadyClient.2*') # 2x
$arrAppxApps += ,@('Remove','6.2|6.3','*Media.PlayReadyClient.2*') #
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*onenote*') # Uninstall OneNote
$arrAppxApps += ,@('Remove','6.4|10.0','*people*') # Uninstall People
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*skypeapp*') # Uninstall Get Skype
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*photos*') # Uninstall Photos
$arrAppxApps += ,@('Remove','6.2|6.3','*Reader*') #
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*windowsalarms*') # Uninstall Alarms and Clock
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*windowscalculator*') # Uninstall Calculator
$arrAppxApps += ,@('Remove','6.4|10.0','*windowscamera*') # Uninstall Camera
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*windowscommunicationsapps*') # Uninstall Calendar and Mail
$arrAppxApps += ,@('Remove','6.4|10.0','*windowsmaps*') # Uninstall Maps
$arrAppxApps += ,@('Remove','6.4|10.0','*windowsphone*') # Uninstall Phone Companion
$arrAppxApps += ,@('Remove','6.2|6.3','*WindowsReadingList*') #
$arrAppxApps += ,@('Remove','6.4|10.0','*soundrecorder*') # Uninstall Voice Recorder
$arrAppxApps += ,@('Remove','6.2|6.3','*WindowsScan*') #
$arrAppxApps += ,@('Remove','6.4|10.0','*windowsstore*') # Uninstall Store
$arrAppxApps += ,@('Remove','6.4|10.0','*xboxapp*') # Uninstall Xbox
$arrAppxApps += ,@('Remove','6.2|6.3','*XboxLIVEGames*') #
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*zunemusic*') # Uninstall Groove Music
$arrAppxApps += ,@('Remove','6.2|6.3|6.4|10.0','*zunevideo*') # Uninstall Movies & TV

Write-Host -ForegroundColor White "Removing Appx Apps"
Write-Verbose '' 
foreach ($AppxApp in $arrAppxApps) {
 Write-Host -NoNewline -ForegroundColor Gray " -" $AppxApp[2]
 Switch ($AppxApp[0]) {
 "NoChange" {
 Write-Host -ForegroundColor Yellow " (skipped) No changes made"
 }
 "Remove" {
 if ($AppxApp[1] -Match ($varWinVer)) {
 Try {
 Get-AppxPackage | Where-Object {$_.PackageFullName -like $AppxApp[2]} | Remove-AppxPackage -ErrorAction SilentlyContinue | Out-Null
 Get-AppxPackage -allusers | Where-Object {$_.PackageFullName -like $AppxApp[2]} | Remove-AppxPackage -ErrorAction SilentlyContinue | Out-Null
 Get-AppxProvisionedPackage -Online | Where-Object {$_.packagename -like $AppxApp[2]} | Remove-ProvisionedAppxPackage -Online -ErrorAction SilentlyContinue | Out-Null
 } Catch {
 Write-Host -ForegroundColor Red (" (error)")
 $FailedItem = $_.Exception.ItemName
 Write-Verbose ('Caught an error')
 Write-Verbose ('ErrorMessage: ' + $ErrorMessage)
 Write-Verbose ('FailedItem: ' + $FailedItem)
 continue
 } Finally {
 Write-Host -ForegroundColor Green (" (done)")
 }

 } Else { Write-Host -ForegroundColor Yellow " (skipped) not applicable to this OS" }
 
 }

 }
}

OptimizeEndpoint

Mon, 16 May 2016 13:40:44 +0000

I’ve been using my “Windows optimize script” for a while now. Most issues are resolved and it’s been tested thoroughly. So I thought why not give it back to the community, so here it is: OptimizeEndpoint. It can be used to optimize Windows 7, 8, 8.1 and 10. (It can also be used for Windows Server versions, but this is not tested) I used the script made by Ingmar Verheij, and made some changes. It contains most of the Citrix XenDesktop Best Practices. Please don’t run the script without reviewing the options, it can damage you master image if you’re not careful! At the top of the image there are some parameters that can be set. Read the comments. Run it on your own risk. If you have issues or questions let me know.

Provisioning Target Device Unattended Deployment

Sat, 05 Mar 2016 18:57:44 +0000

When deployoing the Citrix PVS Target Device software with for example SCCM or RES ONE Automation, this fails. As it turns out “CFsDep2.sys” is missing from the System32\Drivers directory. This is because during the (unattended) installation of the Target Device software the installation of “CFsDep2” fails. When you install the software by hand, everything is works as it should. This can be solved to run the following command after the installation of the Target Device Software.

CtxVdDrain Script

Thu, 14 Jan 2016 21:52:54 +0000

I released also my CtxVdDrain Script, this script will put any selected XenDesktop Machine catalog in maintenance mode and turn it of where possible. It won’t kick users out of their desktops, it will wait and try again. You can download it here

CtxVdContinuousShutdown Script

Thu, 14 Jan 2016 19:28:42 +0000

For a customer we needed a solution to recycle “old” PVS Virtual Desktops. And because Citrix XenDesktop doesn’t use the oldest desktops first (without using power options), we had to come up with a solution. And so my Shutdown Script was born. The script basically checks which Virtual Machines are the oldest, puts them in maintenance mode so no user can use it anymore. After this is done the vm’s are given a shutdown command. When their down , maintenance mode will be turned off. You can get it here.

CtxVdStatus Script

Thu, 22 Oct 2015 20:37:44 +0000

Today I decided to put my CtxVdStatus script on GitHub. With this script you can get an overview of your Citrix XenDesktop environment. It helped me to troubleshoot some issues. You can download/view it here

Citrix Provisioning Services Versions 7.x (current) Available Updates

Sat, 03 Oct 2015 11:03:47 +0000

Here you will find a list of the latest Citrix Provisioning Services Updates. I will do my best to update the list as soon as there are new updates available. Citrix Provisioning Services 7.6 (Server) Provisioning Services 7.6 Cumulative Update 1 for Server and Console x86 http://support.citrix.com/article/CTX142613 Replaces: None (yet) Provisioning Services 7.6 Cumulative Update 1 for Server and Console x64 http://support.citrix.com/article/CTX142614 Replaces: None (yet) Citrix Provisioning Services 7.6 (Target) Provisioning Services 7.6 Cumulative Update 1 for Target Device x86 http://support.citrix.com/article/CTX142615 Replaces: None (yet) Provisioning Services 7.6 Cumulative Update 1 for Target Device x64 http://support.citrix.com/article/CTX142616 Replaces: None (yet) Citrix Provisioning Services 7.1 (Server) Hotfix PVS710ServerConsoleWX86004 for PVS Server and Console 7.1 x86 http://support.citrix.com/article/CTX142336 Replaces: All Other Versions Hotfix PVS710ServerConsoleWX64004 for PVS Server and Console 7.1 x64 http://support.citrix.com/article/CTX142406 Replaces: All Other Versions Citrix Provisioning Services 7.1 (Target) Hotfix PVS710TargetDeviceWX86004 for PVS Target Device 7.1 x86 http://support.citrix.com/article/CTX142333 Replaces: All Other Versions Hotfix PVS710TargetDeviceWX64004 for PVS Target Device 7.1 x64 http://support.citrix.com/article/CTX142397 Replaces: All Other Versions

Profile

Thu, 10 Sep 2015 10:54:04 +0000

Hex Mask Dec. Description 0001 1 Profile is mandatory. 0002 2 Update the locally cached profile. 0004 4 New local profile. 0008 8 New central profile. 0010 16 Update the central profile. 0020 32 Delete the cached profile. 0040 64 Upgrade the profile. 0080 128 Using Guest user profile. 0100 256 Using Administrator profile. 0200 512 Default net profile is available and ready. 0400 1024 Slow network link identified. 0800 2048 Temporary profile loaded.

Powershell Gui Basic

Sat, 29 Aug 2015 13:09:59 +0000

#PUT XAML BELOW between the @" "@ 
$inputXML = @"
<Window x:Class="WpfApplication1.MainWindow"
 xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
 xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
 xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
 xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
 xmlns:local="clr-namespace:WpfApplication1"
 mc:Ignorable="d"
 Title="MainWindow" Height="350" Width="525">
 <Grid>
 
 </Grid>
</Window>
"@
 
$inputXML = $inputXML -replace 'mc:Ignorable="d"','' -replace "x:N",'N' -replace '^<Win.*', '<Window'
[void][System.Reflection.Assembly]::LoadWithPartialName('presentationframework')
[xml]$XAML = $inputXML

#Read XAML
 
$reader=(New-Object System.Xml.XmlNodeReader $xaml) 
try{
 $Form=[Windows.Markup.XamlReader]::Load( $reader )
}catch [System.Management.Automation.MethodInvocationException] {
 Write-Warning "We ran into a problem with the XAML code. Check the syntax for this control..."
 write-host $error[0].Exception.Message -ForegroundColor Red
 if ($error[0].Exception.Message -like "*button*"){
 write-warning "Ensure your &lt;button in the `$inputXML does NOT have a Click=ButtonClick property. PS can't handle this`n`n`n`n"
 }
}catch{
 Write-Host "Unable to load Windows.Markup.XamlReader. Double-check syntax and ensure .net is installed."
}
 
#===========================================================================
# Store Form Objects In PowerShell
#===========================================================================
 
$xaml.SelectNodes("//*[@Name]") | %{Set-Variable -Name "WPF$($_.Name)" -Value $Form.FindName($_.Name)}
 
Function Get-FormVariables{
if ($global:ReadmeDisplay -ne $true){Write-host "If you need to reference this display again, run Get-FormVariables" -ForegroundColor Yellow;$global:ReadmeDisplay=$true}
write-host "Found the following interactable elements from our form" -ForegroundColor Cyan
get-variable WPF*
}
 
Get-FormVariables
 
#===========================================================================
# Use this space to add code to the various form elements in your GUI
#===========================================================================
 
 
#Reference 
 
#Adding items to a dropdown/combo box
 #$vmpicklistView.items.Add([pscustomobject]@{'VMName'=($_).Name;Status=$_.Status;Other="Yes"})
 
#Setting the text of a text box to the current PC name 
 #$WPFtextBox.Text = $env:COMPUTERNAME
 
#Adding code to a button, so that when clicked, it pings a system
# $WPFbutton.Add_Click({ Test-connection -count 1 -ComputerName $WPFtextBox.Text
# })
#===========================================================================
# Shows the form
#===========================================================================
write-host "To show the form, run the following" -ForegroundColor Cyan
'$Form.ShowDialog() | out-null'

Source

Basic PowerShell start

Fri, 28 Aug 2015 12:09:17 +0000

<#
.SYNOPSIS 
 A summary
.DESCRIPTION 
 A more in depth description
.NOTES 
 Additional Notes
 File Name : xx.ps1
 Author : First Last - e@mail.com
 Requires : ...
.LINK
 A hyper link
.EXAMPLE
 The first example
.EXAMPLE
 The second example
.PARAMETER xxx
 text
#>

[CmdletBinding()]
param ( 
 [Parameter(Position=0, Mandatory=$true, ValueFromPipeline=$true)][int64] $xxx=42 
) 
 
#Script

VCSA 6 CLI Install

Sun, 21 Jun 2015 12:15:31 +0000

1. Make sure a DNS A and PTR record exists for the VC and the ESXi hosts. 2. Create a installation parameter file. E.g. “example_embedded.json” 3. Run “vcsa-deploy <your_json_file_location_and_name>” E.g. “vcsa-deploy c:/temp/example_embedded.json” 4. Wait (20 a 30min) fot the message " Login as: Administrator@vsphere.local" appears “example_embedded.json” file:

Backup Windows Credentials

Sat, 20 Jun 2015 14:08:11 +0000

rundll32.exe keymgr.dll, KRShowKeyMgr

* *

Windows 8 Maintenance jobs

Wed, 15 Apr 2015 11:27:08 +0000

Windows 8 has some new maintenance jobs. These are great when you have an physical machine. But not when you’re using Citrix PVS to stream the OS. To disable these tasks enter the following commands:

RES Training Notes

Tue, 24 Mar 2015 08:28:44 +0000

Prerequisites

RES: .NET 2
only for Cached User Settings is .NET 4 required.

Tips

Always try to reproduce an issue in an empty database.
Always configure re-branding.

Best Practices:

Split database is new production environments, keep the default name the wizard returns “<name pri db>_2nd”.
Reserve a Named Licenses for laptop users when mixing the licenses.
Define the Home drive in AD (user/gpo etc.) even-though it’s possible to configure in RES.
Email Settings:
- Always set the setting create once
- When setting the “Enable offline use” setting, make sure the folder exists on the target device (E.g. GPO or Automation Manager)
- Signatures, make sure you select the correct version!
Make drive reservations for dives used. (E.g. C: / D: / H:-Home Drive)
- Set the “Do not perform mapping operation”
Don’t redirect AppData
When testing with zero profile, make the user member of “local guests” a temp profile will be used and this wil make your live easier.
Try to capture the user settings as much as possible on application level instead of global level.
Always enable Memory optimization.
Always enable Instant Logoff for XenApp

SCCM Deployments Export key HKLM\SOFTWARE\RES\Workspace Manager, this can be used for SCCM deployments. Admin bypass Set the follwoing advanced setting, “Bypass composer for accounts matching: DOMAIN*admin*”. If the user is member of the local Administrators group RES personalisation will not be applyed. Splash Screen Composition > Desktop > Lockdown and Behavior > “splash”

Secure Deployment Guide for NetScaler MPX, VPX, and SDX Appliances

Fri, 06 Mar 2015 15:29:41 +0000

http://support.citrix.com/article/CTX129514

Citrix StoreFront Domain passthrough not working when base url is different from machine domain

Tue, 03 Mar 2015 12:17:44 +0000

When using a different base url for storefront than your storefront is member of you might run into this one. When logging on to a machine configured for Domain Passthrough you need to enter the credentials again in Windows. To resolve this issue enter on your StoreFront server the following command:

Optimize StoreFront 2.x

Wed, 25 Feb 2015 13:58:53 +0000

Socket Pooling.
#

In StoreFront we need to configgure socket polling in the config files, while in Web Interface we could configure this in the console. Storefront maintaines a pool of sockets instead of creating a socket each time a new user connects, when enabled it will give a better performance for SSL traffic. To change this, edit C:inetpubwwwrootCitrix<STORE>web.config (as Administrator) and find:

Exchange config for the NetScaler

Sat, 21 Feb 2015 20:54:22 +0000

Below is the NetScaler configuration for an Exchange environment. You need a Standard licence for this.

Below is the NetScaler configuration for an Exchange environment.

You need a Standard licence for this.

#--- Replace the text below with the actual data---#

#Exchange server hostname and IP
<EXCH01.DOMAIN.LOCAL>
<EXCH01IP>
<EXCH02.DOMAIN.LOCAL>
<EXCH02IP>
<EXCHANGEWEBMAILURL>
#Content Switch IP
<CSVIPIP>
#Domain FQDN
<DOMAIN.LOCAL>
#Certiicatename as installed in the NetScaler, e.g. a wildcard certificate
<WILDCARDCERTIFICATE>
#Test user for the POP monitor
<POPTESTUSER>
<POPTESTPASSWD>


#--- NS Config below this line ---#

enable ns feature LB CS CMP SSL REWRITE RESPONDER

set ns httpProfile nshttp_default_profile -dropInvalReqs ENABLED
set ns httpParam -dropInvalReqs ON

add server Srv_<EXCH01.DOMAIN.LOCAL> <EXCH01IP>
add server Srv_<EXCH02.DOMAIN.LOCAL> <EXCH02IP>

add serviceGroup SvcGrp_exchange_owa SSL -CMP YES -comment "Outlook Web Access"
add serviceGroup SvcGrp_exchange_oa SSL -CMP YES -comment "Outlook Anywhere or RPC over HTTPS"
add serviceGroup SvcGrp_exchange_ews SSL -CMP YES -comment "Exchange Web Services"
add serviceGroup SvcGrp_exchange_eas SSL -CMP YES -comment "ActiveSync Service for Mobile Mail clients"
add serviceGroup SvcGrp_exchange_ecp SSL -CMP YES -comment "Exchange Control Panel"
add serviceGroup SvcGrp_exchange_oab SSL -CMP YES -comment "Offline Address Book"
add serviceGroup SvcGrp_exchange_autodiscover SSL -CMP YES -comment "Autodiscover Service"
add serviceGroup SvcGrp_exchange_pop3 TCP-cltTimeout 9000 -svrTimeout 9000
add serviceGroup SvcGrp_exchange_imap4 TCP-cltTimeout 9000 -svrTimeout 9000

add lb vserver LbVip_exchange_owa SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -comment "Outlook Web Access"
add lb vserver LbVip_exchange_ews SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -comment "Exchange Web Service"
add lb vserver LbVip_exchange_autodiscover SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -comment "Autodiscover Service"
add lb vserver LbVip_exchange_ecp SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -comment "Exchange Control Panel"
add lb vserver LbVip_exchange_eas SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -comment "ActiveSync Service for Mobile Mail clients"
add lb vserver LbVip_exchange_oab SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -comment "Offline Address Book"
add lb vserver LbVip_exchange_oa SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -comment "Outlook Anywhere or RPC over HTTPS"

add lb vserver LbVip_exchange_imap4 SSL_TCP <CSVIPIP> 993 -persistenceType SSLSESSION -cltTimeout 9000
add lb vserver LbVip_exchange_pop3 SSL_TCP <CSVIPIP> 995 -persistenceType SSLSESSION -cltTimeout 9000

add cs vserver CswVip_https_<DOMAIN.LOCAL> SSL <CSVIPIP> 443 -cltTimeout 180 -caseSensitive OFF -httpProfileName nshttp_default_strict_validation
add cs vserver CswVip_http_<DOMAIN.LOCAL> HTTP <CSVIPIP> 80 -cltTimeout 180 -caseSensitive OFF -httpProfileName nshttp_default_strict_validation

add cs action CswAct_ews -targetLBVserver LbVip_exchange_ews
add cs action CswAct_owa -targetLBVserver LbVip_exchange_owa
add cs action CswAct_ecp -targetLBVserver LbVip_exchange_ecp
add cs action CswAct_eas -targetLBVserver LbVip_exchange_eas
add cs action CswAct_oab -targetLBVserver LbVip_exchange_oab
add cs action CswAct_oa -targetLBVserver LbVip_exchange_oa
add cs action CswAct_autodiscover -targetLBVserver LbVip_exchange_autodiscover

add cs policy CswPol_ews -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ews")" -action CswAct_ews
add cs policy CswPol_owa -rule "HTTP.REQ.HEADER("User-Agent").SET_TEXT_MODE(IGNORECASE).CONTAINS("Mozilla")" -action CswAct_owa
add cs policy CswPol_ecp -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ecp")" -action CswAct_ecp
add cs policy CswPol_eas -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/Microsoft-Server-ActiveSync")" -action CswAct_eas
add cs policy CswPol_oab -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/oab")" -action CswAct_oab
add cs policy CswPol_oa -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/rpc")" -action CswAct_oa
add cs policy CswPol_autodiscover -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/AutoDiscover")" -action CswAct_autodiscover

add responder action ResAct_exchange_ToOwa redirect ""/owa""
add responder policy ResPol_exchange_ToOwa "HTTP.REQ.URL.STARTSWITH("/owa").NOT" ResAct_exchange_ToOwa

add responder action ResAct_ToHTTPS_301 respondwith q{"HTTP/1.1 301 Moved Permanentlyrn" + "Location: https://" + HTTP.REQ.HOSTNAME + HTTP.REQ.URL.PATH_AND_QUERY + "rnrn"} -bypassSafetyCheck YES
add responder policy ResPol_RedirToHTTPS true ResAct_ToHTTPS_301

add responder action ResAct_ToHTTPS_404 respondwith q{"HTTP/1.1 404 Not Foundrn"} -bypassSafetyCheck YES
add responder policy ResPol_RespondWith404 true ResAct_ToHTTPS_404

bind lb vserver LbVip_exchange_owa SvcGrp_exchange_owa
bind lb vserver LbVip_exchange_oa SvcGrp_exchange_oa
bind lb vserver LbVip_exchange_ews SvcGrp_exchange_ews
bind lb vserver LbVip_exchange_eas SvcGrp_exchange_eas
bind lb vserver LbVip_exchange_ecp SvcGrp_exchange_ecp
bind lb vserver LbVip_exchange_oab SvcGrp_exchange_oab
bind lb vserver LbVip_exchange_autodiscover SvcGrp_exchange_autodiscover
bind lb vserver LbVip_exchange_pop3 SvcGrp_exchange_pop3
bind lb vserver LbVip_exchange_imap4 SvcGrp_exchange_imap4

bind lb vserver LbVip_exchange_owa -policyName ResPol_exchange_ToOwa -priority 100 -gotoPriorityExpression END -type REQUEST
bind cs vserver CswVip_http_<DOMAIN.LOCAL> -policyName ResPol_RedirWebmailToHTTPS -priority 100 -gotoPriorityExpression END -type REQUEST
bind cs vserver CswVip_http_<DOMAIN.LOCAL> -policyName ResPol_RespondWith404 -priority 10000 -gotoPriorityExpression END -type REQUEST

bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_autodiscover -priority 100
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_eas -priority 110
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_ews -priority 120
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_oab -priority 130
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_oa -priority 140
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_ecp -priority 150
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_owa -priority 160

add lb monitor Mon_imap4 TCP-ECV -send "GET /" -recv "The Microsoft Exchange IMAP4 service is ready." -LRTM ENABLED -interval 30 -destPort 143
add lb monitor Mon_pop3 POP3 -scriptName nspop3.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -userName <POPTESTUSER> -password <POPTESTPASSWD> -LRTM ENABLED -interval 30

#Not needed for Exchange 2007-2010
add lb monitor Mon_owa TCP-ECV -send "GET /owa/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_ecp TCP-ECV -send "GET /ecp/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_ews TCP-ECV -send "GET /ews/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_eas TCP-ECV -send "GET /Microsoft-Server-ActiveSync/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_oab TCP-ECV -send "GET /oab/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_oa TCP-ECV -send "GET /rpc/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_Autodiscover TCP-ECV -send "GET /Autodiscover/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES

bind serviceGroup SvcGrp_exchange_owa Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_owa Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_owa -monitorName Mon_owa
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_owa -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_oa Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_oa Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_oa -monitorName Mon_oa
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_oa -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_ews Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_ews Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_ews -monitorName Mon_ews
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_ews -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_eas Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_eas Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_eas -monitorName Mon_eas
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_eas -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_ecp Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_ecp Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_ecp -monitorName Mon_ecp
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_ecp -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_oab Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_oab Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_oab -monitorName Mon_oab
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_oab -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_autodiscover Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_autodiscover Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_autodiscover -monitorName Mon_Autodiscover
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_autodiscover -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_pop3 Srv_<EXCH01.DOMAIN.LOCAL> 110 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_pop3 Srv_<EXCH02.DOMAIN.LOCAL> 110 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_pop3 -monitorName Mon_pop3

bind serviceGroup SvcGrp_exchange_imap4 Srv_<EXCH01.DOMAIN.LOCAL> 143 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_imap4 Srv_<EXCH02.DOMAIN.LOCAL> 143 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_imap4 -monitorName Mon_imap4

set ssl vserver LbVip_exchange_owa -ssl3 DISABLED
set ssl vserver LbVip_exchange_ews -ssl3 DISABLED
set ssl vserver LbVip_exchange_autodiscover -ssl3 DISABLED
set ssl vserver LbVip_exchange_ecp -ssl3 DISABLED
set ssl vserver LbVip_exchange_eas -ssl3 DISABLED
set ssl vserver LbVip_exchange_oab -ssl3 DISABLED
set ssl vserver LbVip_exchange_oa -ssl3 DISABLED
set ssl vserver LbVip_exchange_imap4 -ssl3 DISABLED
set ssl vserver LbVip_exchange_pop3 -ssl3 DISABLED
set ssl vserver CswVip_https_<DOMAIN.LOCAL> -ssl3 DISABLED

add ssl cipher HighSecurity
bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-DES-CBC3-SHA
bind ssl cipher HighSecurity -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-AES-256-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher HighSecurity -cipherName SSL3-DES-CBC3-SHA

bind ssl vserver LbVip_exchange_owa -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_ews -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_autodiscover -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_ecp -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_eas -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_oab -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_oa -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_imap4 -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_pop3 -certkeyName "<CERTIFICATE>"
bind ssl vserver AaaVip_<AUTHVIPFQDN> -certkeyName "<CERTIFICATE>"
bind ssl vserver CswVip_https_<DOMAIN.LOCAL> -certkeyName "<CERTIFICATE>"

unbind ssl vserver LbVip_exchange_owa -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_ews -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_autodiscover -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_ecp -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_eas -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_oab -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_oa -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_imap4 -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_pop3 -cipherName DEFAULT
unbind ssl vserver AaaVip_<AUTHVIPFQDN> -cipherName DEFAULT
unbind ssl vserver CswVip_https_<DOMAIN.LOCAL> -cipherName DEFAULT

bind ssl vserver LbVip_exchange_owa -cipherName HighSecurity
bind ssl vserver LbVip_exchange_ews -cipherName HighSecurity
bind ssl vserver LbVip_exchange_autodiscover -cipherName HighSecurity
bind ssl vserver LbVip_exchange_ecp -cipherName HighSecurity
bind ssl vserver LbVip_exchange_eas -cipherName HighSecurity
bind ssl vserver LbVip_exchange_oab -cipherName HighSecurity
bind ssl vserver LbVip_exchange_oa -cipherName HighSecurity
bind ssl vserver LbVip_exchange_imap4 -cipherName HighSecurity
bind ssl vserver LbVip_exchange_pop3 -cipherName HighSecurity
bind ssl vserver AaaVip_<AUTHVIPFQDN> -cipherName HighSecurity
bind ssl vserver CswVip_https_<DOMAIN.LOCAL> -cipherName HighSecurity

Exchange config for the NetScaler with AAA Authentication

Sat, 21 Feb 2015 20:20:55 +0000

Below is the NetScaler configuration for an Exchange environment. You need an Enterprise licence to activate AAA.

#--- Replace the text below with the actual data---#

#Domain Controller hostname and IP
<DC01.DOMAIN.LOCAL>
<DC01IP>
<DC02.DOMAIN.LOCAL>
<DC01IP>
#Exchange server hostname and IP
<EXCH01.DOMAIN.LOCAL>
<EXCH01IP>
<EXCH02.DOMAIN.LOCAL>
<EXCH02IP>
#Active Directory data
<LDAPPATH>
<LDAPREAD@DOAMIN.LOCAL>
<LDAPREADPASSWD>
#Client subnet marked save for private profile
<CLIENTSUBNET>
#AD group for always use of the private profile
<ADEXCHPRIVATEGRP>
#AAA Server FQDN and IP
<AUTHVIPFQDN>
<AUTHVIPIP>
#Content Switch IP
<CSVIPIP>
#Domain FQDN
<DOMAIN.LOCAL>
#Certiicatename as installed in the NetScaler
<CERTIFICATE>
#Test user for the POP monitor
<POPTESTUSER>
<POPTESTPASSWD>

#--- NS Config below this line ---#

enable ns feature LB CS CMP SSL AAA REWRITE RESPONDER

set ns httpProfile nshttp_default_profile -dropInvalReqs ENABLED

add server Srv_<EXCH01.DOMAIN.LOCAL> <EXCH01IP>
add server Srv_<EXCH02.DOMAIN.LOCAL> <EXCH02IP>

add serviceGroup SvcGrp_exchange_owa SSL -CMP YES -comment "Outlook Web Access"
add serviceGroup SvcGrp_exchange_oa SSL -CMP YES -comment "Outlook Anywhere or RPC over HTTPS"
add serviceGroup SvcGrp_exchange_ews SSL -CMP YES -comment "Exchange Web Services"
add serviceGroup SvcGrp_exchange_eas SSL -CMP YES -comment "ActiveSync Service for Mobile Mail clients"
add serviceGroup SvcGrp_exchange_ecp SSL -CMP YES -comment "Exchange Control Panel"
add serviceGroup SvcGrp_exchange_oab SSL -CMP YES -comment "Offline Address Book"
add serviceGroup SvcGrp_exchange_autodiscover SSL -CMP YES -comment "Autodiscover Service"
add serviceGroup SvcGrp_exchange_pop3 TCP-cltTimeout 9000 -svrTimeout 9000
add serviceGroup SvcGrp_exchange_imap4 TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000

add authentication ldapAction AuthLdapSrv_<DC01.DOMAIN.LOCAL> -serverIP <DC01IP> -ldapBase "<LDAPPATH>" -ldapBindDn <LDAPREAD@DOAMIN.LOCAL> -ldapBindDnPassword <LDAPREADPASSWD> -ldapLoginName samAccountName -groupAttrName memberOf -subAttributeName CN
add authentication ldapAction AuthLdapSrv_<DC02.DOMAIN.LOCAL> -serverIP <DC02IP> -ldapBase "<LDAPPATH>" -ldapBindDn <LDAPREAD@DOAMIN.LOCAL> -ldapBindDnPassword <LDAPREADPASSWD> -ldapLoginName samAccountName -groupAttrName memberOf -subAttributeName CN

add tm formSSOAction AaaSsoPro_exchange_public -actionURL "/owa/auth.owa" -userField username -passwdField password -ssoSuccessRule "HTTP.RES.SET_COOKIE.COOKIE("cadata").VALUE("cadata").LENGTH.GT(70)" -nameValuePair "flags=0&trusted=0" -responsesize 60000 -submitMethod POST
add tm formSSOAction AaaSsoPro_exchange_private -actionURL "/owa/auth.owa" -userField username -passwdField password -ssoSuccessRule "HTTP.RES.SET_COOKIE.COOKIE("cadata").VALUE("cadata").LENGTH.GT(70)" -nameValuePair "flags=4&trusted=0" -responsesize 60000 -submitMethod POST

add tm trafficAction AaaTrafPro_exchange_public -appTimeout 1 -SSO ON -formSSOAction AaaSsoPro_exchange_public -persistentCookie OFF -InitiateLogout OFF -kcdAccount NONE
add tm trafficAction AaaTrafPro_exchange_private -appTimeout 1 -SSO ON -formSSOAction AaaSsoPro_exchange_private -persistentCookie OFF -InitiateLogout OFF -kcdAccount NONE
add tm trafficAction AaaTrafPro_exchange_logoff_global -appTimeout 1 -SSO ON -persistentCookie OFF -InitiateLogout ON -kcdAccount NONE

add authentication ldapPolicy AuthLdapPol_<DC01.DOMAIN.LOCAL> ns_true AuthLdapSrv_<DC01.DOMAIN.LOCAL>
add authentication ldapPolicy AuthLdapPol_<DC02.DOMAIN.LOCAL> ns_true AuthLdapSrv_<DC02.DOMAIN.LOCAL>

add tm trafficPolicy AaaTrafPol_exchange_public "HTTP.REQ.URL.CONTAINS("owa/auth/logon.aspx") && CLIENT.IP.SRC.IN_SUBNET(<CLIENTSUBNET>).NOT" AaaTrafPro_exchange_public
add tm trafficPolicy AaaTrafPol_exchange_private "HTTP.REQ.URL.CONTAINS("owa/auth/logon.aspx") && CLIENT.IP.SRC.IN_SUBNET(<CLIENTSUBNET>) || HTTP.REQ.USER.IS_MEMBER_OF("<ADEXCHPRIVATEGRP>")" AaaTrafPro_exchange_private
add tm trafficPolicy AaaTrafPol_exchange_logoff_global "HTTP.REQ.URL.CONTAINS("owa/logoff.owa")" AaaTrafPro_exchange_logoff_global

add lb vserver LbVip_exchange_owa SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -AuthenticationHost <AUTHVIPFQDN> -Authentication ON -authnVsName AaaVip_<AUTHVIPFQDN> -comment "Outlook Web Access"
add lb vserver LbVip_exchange_ews SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_<AUTHVIPFQDN> -comment "Exchange Web Service"
add lb vserver LbVip_exchange_autodiscover SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_<AUTHVIPFQDN> -comment "Autodiscover Service"
add lb vserver LbVip_exchange_ecp SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -AuthenticationHost <AUTHVIPFQDN> -Authentication ON -authnVsName AaaVip_<AUTHVIPFQDN> -comment "Exchange Control Panel"
add lb vserver LbVip_exchange_eas SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_<AUTHVIPFQDN> -comment "ActiveSync Service for Mobile Mail clients"
add lb vserver LbVip_exchange_oab SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_<AUTHVIPFQDN> -comment "Offline Address Book"
add lb vserver LbVip_exchange_oa SSL 0.0.0.0 0 -persistenceType SSLSESSION -cltTimeout 180 -authn401 ON -authnVsName AaaVip_<AUTHVIPFQDN> -comment "Outlook Anywhere or RPC over HTTPS"

add lb vserver LbVip_exchange_imap4 SSL_TCP <CSVIPIP> 993 -persistenceType SSLSESSION -cltTimeout 9000
add lb vserver LbVip_exchange_pop3 SSL_TCP <CSVIPIP> 995 -persistenceType SSLSESSION -cltTimeout 9000

add authentication vserver AaaVip_<AUTHVIPFQDN> SSL <AUTHVIPIP> 443 -AuthenticationDomain <DOMAIN.LOCAL>
add cs vserver CswVip_https_<DOMAIN.LOCAL> SSL <CSVIPIP> 443 -cltTimeout 180 -caseSensitive OFF -httpProfileName nshttp_default_strict_validation
add cs vserver CswVip_http_<DOMAIN.LOCAL> HTTP <CSVIPIP> 80 -cltTimeout 180 -caseSensitive OFF -httpProfileName nshttp_default_strict_validation

add cs action CswAct_ews -targetLBVserver LbVip_exchange_ews
add cs action CswAct_owa -targetLBVserver LbVip_exchange_owa
add cs action CswAct_ecp -targetLBVserver LbVip_exchange_ecp
add cs action CswAct_eas -targetLBVserver LbVip_exchange_eas
add cs action CswAct_oab -targetLBVserver LbVip_exchange_oab
add cs action CswAct_oa -targetLBVserver LbVip_exchange_oa
add cs action CswAct_autodiscover -targetLBVserver LbVip_exchange_autodiscover

add cs policy CswPol_ews -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ews")" -action CswAct_ews
add cs policy CswPol_owa -rule "HTTP.REQ.HEADER("User-Agent").SET_TEXT_MODE(IGNORECASE).CONTAINS("Mozilla")" -action CswAct_owa
add cs policy CswPol_ecp -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ecp")" -action CswAct_ecp
add cs policy CswPol_eas -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/Microsoft-Server-ActiveSync")" -action CswAct_eas
add cs policy CswPol_oab -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/oab")" -action CswAct_oab
add cs policy CswPol_oa -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/rpc")" -action CswAct_oa
add cs policy CswPol_autodiscover -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/AutoDiscover")" -action CswAct_autodiscover

add rewrite action RewAct_exchange_insert_pback_cookie_1 insert_http_header COOKIE ""PBack=0;""
add rewrite action RewAct_exchange_insert_pback_cookie_2 insert_after "HTTP.REQ.HEADER("COOKIE").INSTANCE(0).SUBSTR(":")" "" PBack=0;""

add rewrite policy RewPol_exchange_insert_pback_cookie_1 "HTTP.REQ.URL.CONTAINS("owa/auth/logon.aspx") && HTTP.REQ.COOKIE.COUNT.GT(2).NOT" RewAct_exchange_insert_pback_cookie_1
add rewrite policy RewPol_exchange_insert_pback_cookie_2 "HTTP.REQ.URL.CONTAINS("owa/auth/logon.aspx") && HTTP.REQ.COOKIE.COUNT.GT(2)" RewAct_exchange_insert_pback_cookie_2

bind rewrite global RewPol_exchange_insert_pback_cookie_2 100 END -type REQ_DEFAULT
bind rewrite global RewPol_exchange_insert_pback_cookie_1 110 END -type REQ_DEFAULT

add responder action ResAct_exchange_ToOwa redirect ""/owa""
add responder policy ResPol_exchange_ToOwa "HTTP.REQ.URL.STARTSWITH("/owa").NOT" ResAct_exchange_ToOwa

add responder action ResAct_ToHTTPS_301 respondwith q{"HTTP/1.1 301 Moved Permanentlyrn" + "Location: https://" + HTTP.REQ.HOSTNAME + HTTP.REQ.URL.PATH_AND_QUERY + "rnrn"} -bypassSafetyCheck YES
add responder policy ResPol_RedirToHTTPS true ResAct_ToHTTPS_301

add responder action ResAct_ToHTTPS_404 respondwith q{"HTTP/1.1 404 Not Foundrn"} -bypassSafetyCheck YES
add responder policy ResPol_RespondWith404 true ResAct_ToHTTPS_404

bind lb vserver LbVip_exchange_owa SvcGrp_exchange_owa
bind lb vserver LbVip_exchange_oa SvcGrp_exchange_oa
bind lb vserver LbVip_exchange_ews SvcGrp_exchange_ews
bind lb vserver LbVip_exchange_eas SvcGrp_exchange_eas
bind lb vserver LbVip_exchange_ecp SvcGrp_exchange_ecp
bind lb vserver LbVip_exchange_oab SvcGrp_exchange_oab
bind lb vserver LbVip_exchange_autodiscover SvcGrp_exchange_autodiscover
bind lb vserver LbVip_exchange_pop3 SvcGrp_exchange_pop3
bind lb vserver LbVip_exchange_imap4 SvcGrp_exchange_imap4

bind lb vserver LbVip_exchange_owa -policyName AaaTrafPol_exchange_private -priority 100 -gotoPriorityExpression END -type REQUEST
bind lb vserver LbVip_exchange_owa -policyName AaaTrafPol_exchange_public -priority 110 -gotoPriorityExpression END -type REQUEST
bind lb vserver LbVip_exchange_ecp -policyName AaaTrafPol_exchange_public -priority 100 -gotoPriorityExpression END -type REQUEST
bind lb vserver LbVip_exchange_ecp -policyName AaaTrafPol_exchange_private -priority 110 -gotoPriorityExpression END -type REQUEST

bind lb vserver LbVip_exchange_owa -policyName ResPol_exchange_ToOwa -priority 100 -gotoPriorityExpression END -type REQUEST
bind cs vserver CswVip_http_<DOMAIN.LOCAL> -policyName ResPol_RedirWebmailToHTTPS -priority 100 -gotoPriorityExpression END -type REQUEST
bind cs vserver CswVip_http_<DOMAIN.LOCAL> -policyName ResPol_RespondWith404 -priority 10000 -gotoPriorityExpression END -type REQUEST

bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_autodiscover -priority 100
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_eas -priority 110
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_ews -priority 120
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_oab -priority 130
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_oa -priority 140
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_ecp -priority 150
bind cs vserver CswVip_https_<DOMAIN.LOCAL> -policyName CswPol_owa -priority 160

set ns httpParam -dropInvalReqs ON

add lb monitor Mon_imap4 TCP-ECV -send "GET /" -recv "The Microsoft Exchange IMAP4 service is ready." -LRTM ENABLED -interval 30 -destPort 143
add lb monitor Mon_pop3 POP3 -scriptName nspop3.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -userName <POPTESTUSER> -password <POPTESTPASSWD> -LRTM ENABLED -interval 30

#Not needed for Exchange 2007-2010
add lb monitor Mon_owa TCP-ECV -send "GET /owa/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_ecp TCP-ECV -send "GET /ecp/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_ews TCP-ECV -send "GET /ews/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_eas TCP-ECV -send "GET /Microsoft-Server-ActiveSync/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_oab TCP-ECV -send "GET /oab/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_oa TCP-ECV -send "GET /rpc/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES
add lb monitor Mon_Autodiscover TCP-ECV -send "GET /Autodiscover/healthcheck.htm HTTP/1.1rnHost:<EXCHANGEWEBMAILURL>rnConnection:Closernrn" -recv 200 -LRTM ENABLED -retries 10 -secure YES

bind serviceGroup SvcGrp_exchange_owa Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_owa Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_owa -monitorName Mon_owa
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_owa -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_oa Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_oa Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_oa -monitorName Mon_oa
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_oa -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_ews Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_ews Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_ews -monitorName Mon_ews
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_ews -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_eas Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_eas Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_eas -monitorName Mon_eas
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_eas -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_ecp Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_ecp Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_ecp -monitorName Mon_ecp
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_ecp -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_oab Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_oab Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_oab -monitorName Mon_oab
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_oab -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_autodiscover Srv_<EXCH01.DOMAIN.LOCAL> 443 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_autodiscover Srv_<EXCH02.DOMAIN.LOCAL> 443 -CustomServerID ""None""
#Exchange 2013
bind serviceGroup SvcGrp_exchange_autodiscover -monitorName Mon_Autodiscover
#Exchange 2007-2010
#bind serviceGroup SvcGrp_exchange_autodiscover -monitorName https-ecv

bind serviceGroup SvcGrp_exchange_pop3 Srv_<EXCH01.DOMAIN.LOCAL> 110 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_pop3 Srv_<EXCH02.DOMAIN.LOCAL> 110 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_pop3 -monitorName Mon_pop3

bind serviceGroup SvcGrp_exchange_imap4 Srv_<EXCH01.DOMAIN.LOCAL> 143 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_imap4 Srv_<EXCH02.DOMAIN.LOCAL> 143 -CustomServerID ""None""
bind serviceGroup SvcGrp_exchange_imap4 -monitorName Mon_imap4

set ssl vserver LbVip_exchange_owa -ssl3 DISABLED
set ssl vserver LbVip_exchange_ews -ssl3 DISABLED
set ssl vserver LbVip_exchange_autodiscover -ssl3 DISABLED
set ssl vserver LbVip_exchange_ecp -ssl3 DISABLED
set ssl vserver LbVip_exchange_eas -ssl3 DISABLED
set ssl vserver LbVip_exchange_oab -ssl3 DISABLED
set ssl vserver LbVip_exchange_oa -ssl3 DISABLED
set ssl vserver LbVip_exchange_imap4 -ssl3 DISABLED
set ssl vserver LbVip_exchange_pop3 -ssl3 DISABLED
set ssl vserver AaaVip_<AUTHVIPFQDN> -ssl3 DISABLED
set ssl vserver CswVip_https_<DOMAIN.LOCAL> -ssl3 DISABLED

add tm sessionAction AaaSesPro_sso_exchange -sessTimeout 60 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -ssoDomain Domain -httpOnlyCookie NO -persistentCookie ON -persistentCookieValidity 30
add tm sessionPolicy AaaSesPol_sso_exchange ns_true AaaSesPro_sso_exchange

bind tm global -policyName AaaTrafPol_exchange_logoff_global -priority 100

bind authentication vserver AaaVip_<AUTHVIPFQDN> -policy AuthLdapPol_<DC01.DOMAIN.LOCAL> -priority 100
bind authentication vserver AaaVip_<AUTHVIPFQDN> -policy AuthLdapPol_<DC02.DOMAIN.LOCAL> -priority 110
bind authentication vserver AaaVip_<AUTHVIPFQDN> -policy AaaSesPol_sso_exchange -priority 100

add ssl cipher HighSecurity
bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher HighSecurity -cipherName TLS1-ECDHE-RSA-DES-CBC3-SHA
bind ssl cipher HighSecurity -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-AES-256-CBC-SHA
bind ssl cipher HighSecurity -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher HighSecurity -cipherName SSL3-DES-CBC3-SHA

bind ssl vserver LbVip_exchange_owa -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_ews -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_autodiscover -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_ecp -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_eas -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_oab -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_oa -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_imap4 -certkeyName "<CERTIFICATE>"
bind ssl vserver LbVip_exchange_pop3 -certkeyName "<CERTIFICATE>"
bind ssl vserver AaaVip_<AUTHVIPFQDN> -certkeyName "<CERTIFICATE>"
bind ssl vserver CswVip_https_<DOMAIN.LOCAL> -certkeyName "<CERTIFICATE>"

unbind ssl vserver LbVip_exchange_owa -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_ews -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_autodiscover -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_ecp -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_eas -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_oab -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_oa -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_imap4 -cipherName DEFAULT
unbind ssl vserver LbVip_exchange_pop3 -cipherName DEFAULT
unbind ssl vserver AaaVip_<AUTHVIPFQDN> -cipherName DEFAULT
unbind ssl vserver CswVip_https_<DOMAIN.LOCAL> -cipherName DEFAULT

bind ssl vserver LbVip_exchange_owa -cipherName HighSecurity
bind ssl vserver LbVip_exchange_ews -cipherName HighSecurity
bind ssl vserver LbVip_exchange_autodiscover -cipherName HighSecurity
bind ssl vserver LbVip_exchange_ecp -cipherName HighSecurity
bind ssl vserver LbVip_exchange_eas -cipherName HighSecurity
bind ssl vserver LbVip_exchange_oab -cipherName HighSecurity
bind ssl vserver LbVip_exchange_oa -cipherName HighSecurity
bind ssl vserver LbVip_exchange_imap4 -cipherName HighSecurity
bind ssl vserver LbVip_exchange_pop3 -cipherName HighSecurity
bind ssl vserver AaaVip_<AUTHVIPFQDN> -cipherName HighSecurity
bind ssl vserver CswVip_https_<DOMAIN.LOCAL> -cipherName HighSecurity

Citrix Receiver 4.2 & PNAgent Configuration

Mon, 26 Jan 2015 07:22:59 +0000

There is an undocumented regkey setting required to add PNAgent functionality using the new Citrix Receiver 4.2.

[HKEY_LOCAL_MACHINESOFTWARECitrixDazzle]
"PnaSSONEnabled"="true"

Once applied the Citrix Receiver 4.2 can utilise a PNAgent/config.xml configuration. Source

Install StoreFront prerequisites

Mon, 08 Dec 2014 12:05:23 +0000

To install the StoreFront prerequisites, execute the following PowerShell commands on the StoreFront Server.

Import-Module ServerManager
Add-WindowsFeature –Name Web-Server,Web-WebServer,Web-App-Dev,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Security,Web-Basic-Auth,Web-Windows-Auth,Web-Mgmt-Tools,Web-Scripting-Tools,Web-Http-Redirect,Web-Mgmt-Compat,Web-Metabase,Web-WMI,Web-Lgcy-Scripting

Changing Microsoft ADCS from sha1 to sha256

Wed, 05 Nov 2014 13:34:14 +0000

When ADCS uses sha1 for their certificates, you might want to change it to sha254. NOTE: Make sure all your devices support sha256 sha1 sha256 To achieve this enter the following commands in an elivated DOS-box:

procmon remote monitoring

Wed, 27 Aug 2014 19:48:42 +0000

psexec \COMPUTERNAME -u domainuser -sd -i 0 “c:Procmon.exe” /accepteula /backingfile c:output.pml /nofilter /quiet Aanmelden met de gebruiker, en afmelden (kan wat langer duren door de logging) Daarna procmon stoppen (om de log file te sluiten) psexec \COMPUTERNAME -u domainuser -sd -i 0 “c:Procmon.exe” Terminate Sysinternals tools benodigd: psexec procmon

12 Steps to Remotely Manage Hyper-V Server 2012 Core

Sun, 08 Jun 2014 15:47:51 +0000

Install Hyper-V Server 2012 Core and log in to the console.

Configure date and time (select #9).
Enable Remote Desktop (select #7). Also select the ‘Less Secure’ option.
Configure Remote Management (select #4 then #1).

Nested Hypervisor on vSphere

Sun, 08 Jun 2014 08:43:14 +0000

VM Hardware version 9 or Higher VM Advanced settings add:

vhv.enable = “true”
hypervisor.cpuid.v0 = “FALSE” (Hyper-V)

And in vSphere Webclient enable “Expose hardware assisted virtualization to the guest OS” under CPU.

Citrix Desktop Director Auto Fill Domain Name

Wed, 02 Apr 2014 12:11:30 +0000

When logging on to the Citrix Director you have to enter the domain name along with the username and password. If you don’t want to enter the domain name each time you logon you can have it filled in by default. Edit C:inetpubwwwrootDesktopDirectorLogOn.aspx (With admin rights)

Citrix Access Gateway Enterprise Port Configuration

Sun, 30 Mar 2014 19:08:51 +0000

I have put together this blog post about Citrix Access Gateway Enterprise Port Configuration to assist people in setting up their firewalls for implementing Access Gateway in one-arm mode. I have found that almost all of Citrix’s documentation covers the Access Gateway / NetScaler straddling the DMZ and the Internal LAN E.G the VIP sits in the DMZ and the SNIP sits in the internal LAN. In Enterprise deployments firewalls are firewalls and NetScalers are NetScalers and security do not like NetScalers trying to be firewalls; although I’m sure they do perfectly fine job of it. So the below article describes what firewall rules you will need to have in place to get a NetScaler working when all its interfaces reside in the DMZ (one-arm single subnet). You should find the diagram useful even if you are not using the model described above. This is a diagram I like to use to explain NetScalers in an HA pair. It shows all the possible routes that traffic could take, not the way traffic flows during normal operation. The VIP and SNIP “float” between the two devices, in reality they exist on both devices but at any given time are only active on whichever node is the primary in the HA pair.

Citrix NetScaler for XenDesktop Firewall Considerations

Sun, 30 Mar 2014 19:01:37 +0000

The NetScaler Access Gateway uses a number of IP addresses for various purposes. When Access Gateway is deployed in a DMZ, it is important to understand the role of each. The following table summarises the various types of IP addresses and their roles in a deployment: The following diagram illustrates the firewall port requirements for normal operation when the NetScaler Access Gateway platform is deployed in a DMZ in a two arm deployment, where no MIP is required. Source

Citrix NetScaler Access Gateway 10 - Basic Fundamentals

Sun, 30 Mar 2014 18:43:54 +0000

NetScaler Network Connections.
#

At a very high level, considering the actual NetScaler connections to the network, and because of the way that NetScaler functions and can be configured, the NetScaler should be considered a switch, and not a router/firewall. With a switch, you can configure the management IP address on an individual port, responding to just devices reachable through that port, or it can be configured to respond on all ports to devices reachable from every port. With the NetScaler, either in single arm or multi arm deployment scenarios, there is no need to tell the NetScaler that network X is on interface 1/1 and network Y is on interface 1/2 (you can if you wish to, or instructed to by the network security team, by tagging IP addresses to a defined NetScaler VLANs which have specific interfaces assigned), but generally, it will happily use the IP addresses it is configured with on the relevant interfaces. When the NetScaler receives a packet destined for one of its IP addresses, it knows that the network which defines that address is available through the interface on which the request was received. Please Note: I don’t claim to be a NetScaler Guru, or to have the knowledge to make all the bells and whistles of the NetScaler sound into a polyphony, there are others on the Internet who can better provide you with that information. The information here is from my own observations during a standard two arm deployment of Virtual and Physical NetScaler 10 Access Gateways.

Active Directory RecycleBin

Sun, 23 Feb 2014 08:57:10 +0000

Requirements:

At least one Domain Controller running Windows Server 2012 with the Active Directory Administrative Center enabled.
All Domain Controllers (or servers running AD LDS) must be running Windows Server 2008 R2 or higher.
The Forest must be running at Windows Server 2008 R2 functional level.

Import the Active Directory modules in PowerShell

Via NETSH DHCP reserveringen toevoegen

Tue, 12 Nov 2013 02:58:41 +0000

netsh dhcp server mySRV scope 192.168.1.0 add reservedip 192.168.1.111 XXXXXXXXXXXX host.domain.local

ESXi from USB

Mon, 11 Nov 2013 20:37:24 +0000

A USB drive can be set up to boot into any LInux distribution using UNetBootin. Fortunately, ESXi is a Linux distribution. The steps are surprisingly easy.

Download ESXi from VMWare
Download UNetbootin from Sourceforge
Plug your USB drive into your computer.
Double click on the downloaded exe file. UNetbootin is a stand alone executable. No installation is needed.
Select the second radio button, Diskimage. Click the button with the ellipses on it, browse to and select the ESXi iso you just downloaded.
Once UNetbootin is finished, remove your USB drive from your current system. Plug it into the computer you want to install ESXi onto, restart the system and you are off and running.

Everything will work just as if you were installing from any other media.

VSA change MAC vSphere 5.1

Sun, 03 Nov 2013 16:03:22 +0000

edit the vmx file /vmfs/volumes/50bf4d82-31b73571-5543-001e4f378eac/MAS # vi MAS.vmx
ensure you are using generated MACs: ethernet0.addressType = “generated” ethernet1.addressType = “generated”
edit these 3 lines to reflect the MAC you want. this assumes you want to use one of the “VMWARE automagic (00:0c:29)” ones, notice the last 6 chars of the first two lines match the last 3 octets of your MAC uuid.location = “56 4d 74 53 f4 52 bf 03-02 fb 39 13 6b 2b 6c fc” uuid.bios = “56 4d 74 53 f4 52 bf 03-02 fb 39 13 6b 2b 6c fc” ethernet0.generatedAddress = “00:0c:29:2b:6c:fc”
if you want ethernet1 to match something specific instead, you need to subtract 10 (0x0A) from the last octet of the ethernet0 MAC because of this line: ethernet1.generatedAddressOffset = “10”
This will create ethernet1’s MAC with a value of 10 more than ethernet0. I didn’t play around with different values here, but presumably you could calculate & edit this number to get both MACs to match your needs.
remove the VM from inventory, and re-import it (by browsing the datastore to the vmx file)
When starting the VM, answer “I moved it” to the dialog box asking about what happened to your machine

Reset Administrator password from HP Virtual Connect and Onbord Administrator

Thu, 01 Aug 2013 07:06:39 +0000

If you have some guys which makes fun to change password on a virtual connect there is a procedure to reset administrator password to it original setting. This procedure comes from c00865618.pdf file page 28 HP Virtual Connect for c-Class BladeSystem User Guide Resetting the Administrator password and DNS settings —————————————————– If the system maintenance switch 1 is in the ON position on a VC-Enet module, the firmware restores the Administrator account password and DNS settings to the original factory defaults as found on the module label (without disturbing any other local user accounts), and also displays the password on the VC-Enet module management console. For information on accessing the VC-Enet module management console, see the OA user guide. The default password is no longer displayed after switch 1 is in the OFF position. Password restoration is done during each power-up sequence while switch 1 is in the ON position (and reserved switches are in the OFF position) and does not allow changes until the switch is placed back into the OFF position. For switch locations, see the appropriate system maintenance switch (“HP 1/10Gb VCEnet Module system maintenance switch” on page 15, “HP 1/10Gb-F VC-Enet Module system maintenance switch” on page 18, “HP Virtual Connect Flex-10 10Gb Ethernet Module system maintenance switch” on page 22). After switch 1 is returned to the OFF position, users with appropriate privileges can then change the Administrator password. Only reset the password on the module running the Virtual Connect Manager (and/or its backup), and not other modules in the domain. The recommended password recovery procedure is as follows: 1. Remove the Virtual Connect Ethernet module from interconnect bay 1. 2. Remove the access panel from the Virtual Connect Ethernet module. 3. Set switch 1 to the ON position. Ensure that all other switches remain in the OFF position. 4. Install the access panel. 5. Insert the Virtual Connect Ethernet module into bay 1 and allow the module to power up and reach a fully booted and operational state (approximately 1 minute). 6. Remove the Virtual Connect Ethernet module from interconnect bay 2. This causes interconnect bay 1 to become the module running the active VC Manager. Because switch 1 is set, the Administrator password remains at the factory default for interconnect bay 1 (not overwritten by the change of state because of the failover). 7. Wait to ensure that the VC Manager has had time to become active on interconnect bay 1. Log into the VC Manager to confirm it is up and functional on interconnect bay 1. 8. Insert the Virtual Connect Ethernet module into interconnect bay 2 and allow the module to power on and reach a fully booted and operational state (approximately 1 minute). 9. Remove the Virtual Connect Ethernet module from interconnect bay 1. 10. Remove the access panel from the Virtual Connect Ethernet module. 11. Set switch 1 to the OFF position. Ensure that all other switches remain in the OFF position. 12. Install the access panel. 13. Insert the Virtual Connect Ethernet module into interconnect bay 1 and allow the module to power up and reach a fully booted and operation state (approximately 1 minute). 14. Log into the VC Manager using the factory default user name and password to log in to the module (regardless of whether it is running on the module [EDIT MARCH 12 2012] FOR ONBOARD ADMINISTRATOR FOR OA this link http://h30499.www3.hp.com/t5/HP-BladeSystem-Management/Resetting-the-Onboard-Administrator-password/td-p/2304569 explain how to do on OA I re-copy it for everyone: Brian had an Onboard Administrator question: ********************** I have two chassis were the customer has lost the passwords. They are not set to the default. Does anyone have password recovery procedures. Downtime and configuration is not any concern as this is a new install. ********************** Bill had the process down: ******************** From the OA 3.10 user Guide, page 19… Recovering the administrator password If the administrator password has been lost, you can reset the administrator password to the factory default that shipped on the tag with the Onboard Administrator module. The Onboard Administrator resets a lost password to Lost Password/Flash Disaster Recovery (LP/FDR) mode. To recover the password and reset the administrator password to the factory default: 1. Connect a computer to the serial port of the Active Onboard Administrator using a null-modem cable. 2. With a null-modem cable (9600 N, 8, 1, VT100, locally connect to the Onboard Administrator). 3. Open HyperTerminal (in Microsoft(r) Windows(r)) or a suitable terminal window (in Linux), and then connect to the Active Onboard Administrator. 4. Press and hold in the Onboard Administrator reset button for 5 seconds. 5. To boot the system into Lost Password modem Press L. The password appears as the system reboots. ************************ from Ken: ********************* I prefer to use a script on a thumb drive to recover lost OA passwords. I’ve attached 2 scripts. ResetPW resets the “Administrator” account password to “password”. The OA-Add-admin script adds use “admin” password “hpinvent” to the OA, and all ILOs in the enclosure. To run the scripts: Copy the scripts to a thumb drive Place the thumb drive in the active OA Run the script from the Insight Display o USB Menu o Restore Configuration o usb://d1/script-name.cfg Script 1: ADD USER admin hpinvent SET USER ACCESS admin ADMINISTRATOR ASSIGN SERVER ALL admin ASSIGN INTERCONNECT ALL admin ASSIGN OA admin ENABLE USER admin HPONCFG all << end_marker end_marker Script 2: SET USER PASSWORD “Administrator” “password”

Change text password 1 & password 2 on netscaler AG

Fri, 05 Jul 2013 05:50:42 +0000

add rewrite action AD_delete_rewrite_action delete_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" -pattern "document.write(' 1');" -bypassSafetyCheck YES add rewrite action AD_replace_rewrite_action replace_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" ""AD Password'"" -pattern ""Password"" -bypassSafetyCheck YES -refineSearch q/extend(50,50).REGEX_SELECT(re![ ]*'[ ]*+[ ]*_("Password")[ ]*!)/ add rewrite action RSA_replace_rewrite_action replace_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" ""Secure token:'"" -pattern ""Password2"" -bypassSafetyCheck YES -refineSearch q/extend(50,50).REGEX_SELECT(re![ ]*'[ ]*+[ ]*_("Password2")[ ]*!)/ add rewrite policy AD_rewrite_pol "http.req.url.path.endswith("vpn/login.js")" AD_replace_rewrite_action add rewrite policy RSA_rewrite_pol "http.req.url.path.endswith("vpn/login.js")" RSA_replace_rewrite_action add rewrite policy AD_delete_pol "http.req.url.path.endswith("vpn/login.js")" AD_delete_rewrite_action bind rewrite global AD_rewrite_pol 100 NEXT -type RES_OVERRIDE bind rewrite global RSA_rewrite_pol 110 NEXT -type RES_OVERRIDE bind rewrite global AD_delete_pol 120 NEXT -type RES_OVERRIDE

reboot management brocade fc switch

Wed, 26 Jun 2013 11:10:01 +0000

1. Log into the switch as root (not admin) and execute /fabos/libexec/webdconfigure and answer ‘yes’ to the HTTP Restart question. Example: (note: answer yes to http atributes and HTTP Restart, then take defaults for the rest of the prompts) fabbd70:root> /fabos/libexec/webdconfigure http attributes (yes, y, no, n): [no] yes HTTP Restart (yes, y, no, n): [no] yes HTTP enabled (yes, y, no, n): [yes] ErrorLog Enabled (yes, y, no, n): [no] AccessLog Enabled (yes, y, no, n): [no] SSLLog Enabled (yes, y, no, n): [no] HTTP Port: (1..60000) [80] Secure HTTP Port: (1..60000) [443] HTTP IsAlive Check Enabled (yes, y, no, n): [yes] HTTP Max HeapSize: (256..1024) [512] webtools attributes (yes, y, no, n): [no] cal attributes (yes, y, no, n): [no] Now wait a minute or two and do the following command to see if the HTTP processes are restarted: fabbd70:root> ps -ef | grep http root 23369 1 0 10:08 ? 00:00:00 /usr/apache/bin/httpd.0 -f /fabos/webtools/bin/httpd.conf.0 nobody 23370 23369 0 10:08 ? 00:00:00 /usr/apache/bin/fcgi-pm -f /fabos/webtools/bin/httpd.conf.0 nobody 23938 23369 0 10:53 ? 00:00:00 /usr/apache/bin/httpd.0 -f /fabos/webtools/bin/httpd.conf.0 nobody 23949 23369 0 10:54 ? 00:00:00 /usr/apache/bin/httpd.0 -f /fabos/webtools/bin/httpd.conf.0 nobody 23960 23369 0 10:55 ? 00:00:00 /usr/apache/bin/httpd.0 -f /fabos/webtools/bin/httpd.conf.0 root 24060 23978 0 10:55 pts/0 00:00:00 grep http

Firmware for individual components

Fri, 31 May 2013 13:39:49 +0000

Before upgrading any individual components, check the latest compatibility matrix ( in attachment )
Check if a SAN/iQ patch is available for your firmware. This method is always preferred.
Download the Smart Update Firmware DVD 10.10
If additional files need to be added to the Smart Firmware DVD, download the HP USB Key Utility for Windows to create a bootable USB stick instead.

Update de CMC ( eerste beschikbare update in de huidige CMC)
Download all the upgrades from the CMC ( als dit te traag gaat kan u de volgende FTP gebruiken ftp://up_p4k_5:Extreme1@ftp.usa.hp.com/ )

Igv maintenance window had met complete downtime van de iSCSI sessies kan er gewoon in normale modus de upgrade uit gevoerd worden. Worst case scenario, indien de update failed updaten in support mode. http://blog.j81.nl/?p=81 Bijkomende informatie + release notes vindt u op: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StoreVirtualSW

Apply patches and updates in Support Mode

Fri, 31 May 2013 13:37:15 +0000

Shutdown the CMC
Open Users[user].storage_systempreferences.txt
At the top of the file, add the following:

CmcSystemPreference.supportMode=true
CmcUpgradePreference.useOldUpgrades=true
CmcUpgradePreference.userUpgrade=true

Start CMC, under Configuration Summary there will now be a “Support Upgrades” tab.
Browse to the patch
Select the node you want to update
Apply update

AD Defragmentatie (Server 2012)

Tue, 14 May 2013 10:16:42 +0000

Stop de ADDS Service

ntdsutil
activate instance ntds
files
compact to c:

copy "c:ntds.dit" "c:WindowsNTDSntds.dit"

del c:WindowsNTDS*.log

Start de ADDS Service

HP EVA P6000 Service

Tue, 07 May 2013 07:55:43 +0000

Bij CVE ga naar de fieldservice page: -> https://localhost:2372/fieldservice en log in. Kies de juiste EVA. Klik op: Open Command line interface Kies uit de dropdown box : FCS show config. En klik on execute. Op de management server staat in: C:program files(x86)hewlett packardsanworkselement manager for storageworks hsvcacheWWWN van EVAfcs_show_config.txt <- hierin staal alle serienummers van de disken Maar ook met SSSU is met show disk full alle serienummers op te vragen. En in CVE staan ook de juiste. (Dit was vroeger niet zo, maar met de laatste versie CVE en XCS wel)

Startmenu in Windows 8 or not?

Mon, 29 Apr 2013 11:52:50 +0000

I have heard that lots off people are missing the startmenu in Windows 8. I don’t miss it because I normally use the “Run” to enter my command/application and I have pinned my mosy used apps in the taskbar. What I do recommend to my customers is to start using Windows+X. In Windows 7 this would open the Mobility center, but in Windows 8 this opens a smal menu in the bottom left corner: This provides a lot of options for the most. But if you still miss the startmenu and don’t like the new one, I would recommend Classic Shell (http://www.classicshell.net/). This installs a startmenu that you could customize after your needs. If you like the Windows XP look, then just change to that skin. All settings are stored per user in the registry under HKCUSoftwareIvoSoftClassicStartMenu This is a screenshot of my startmenu with Windows 8 look. Notice that is has two folders, one for the Windows 8 apps and one for the classic apps:

Profile Permissions

Mon, 18 Mar 2013 18:40:37 +0000

NTFS Permissions for Roaming Profile Parent Folder User Account : Minimum Permissions Required Creator Owner : Full Control, Subfolders and Files Only Administrator : Full Control (Microsoft actually recommends none but it simplifies things if you give admins full control) Security group of users needing to put data on share : List Folder/Read Data, Create Folders/Append Data - This Folder Only Everyone : No permissions Local System : Full Control, This Folder, Subfolders and Files Share level (SMB) Permissions for Roaming Profile Share User Account : Minimum Permissions Required Everyone : No permissions Security group of users needing to put data on share : Full Control

Send mail through telnet

Mon, 25 Feb 2013 12:04:13 +0000

hello smtp.server.nl mail from:<test@domain.nl> rcpt to:<to@domain.nl> data subject: This is a test mail to: to@domain.nl This is the text of my test mail. . quit

vSphere 5.1 static MAC

Sun, 24 Feb 2013 11:47:18 +0000

Failed to start VM
#

After upgrading an ESX cluster from vSphere 5.0 to vSphere 5.1 a VM failed to reboot.. Instead, an error message was issued: Failed to start the virtual machine. Module DevicePowerOn power on failed. Could not set up “macAddress” for ethernet0. Invalid MAC address specified. 00:0C:29:A0:B0:1D is not an allowed static Ethernet address. It conflicts with VMware reserved MACs.

Exchange 2010 reconnect archive mailbox

Thu, 21 Feb 2013 15:43:36 +0000

Find (disconnected) mailbox: Get-MailboxServer | Get-MailboxStatistics | where { $_.DisconnectDate } | fl DisplayName, DisconnectDate Recconnect mailbox: Get-MailboxDatabase | Get-MailboxStatistics | Where-Object {$_.DisconnectDate –and $_.DisplayName –eq “Personal Archive - Tinnus Est”} | Connect-Mailbox –user T.Est –archive

Windows Icons: Full list with details, locations & images

Mon, 18 Feb 2013 09:55:06 +0000

Good quality icons and images, especially ones with an alpha transparency can be time consuming to make, and are often also hard to find. One source of lots of high quality icons in a range of sizes is Windows. Windows 7 includes lots of icons which can be useful as the majority are available in sizes from 16×16 up to 256×256, and come with alpha transparency. You may have noticed that we use some on our downloads page — they’re handy to quickly indicate file type. Windows stores most of its icons inside exe and dll files which makes them inaccessible to standard image manipulation applications like Photoshop. However, once they have been located they can easily be extracted with the freeware utility IcoFX. Tracking some of them down seems to be the trickier part. Below is a quick reference for the locations of many of the icons available on Windows 7. I will periodically add more details and any extra icon libraries I discover to this list.

Creating AD computer accounts from a CSV

Sat, 09 Feb 2013 15:21:43 +0000

This is an updated script that creates computer accounts in Active Directory. This script uses a comma separated values file as an input instead of two text files.

'**************************************Heading*********************************
'create.vbs
'
'Jason Hofferle
'04/12/2007
'
'Script to create AD computer accounts from file
'******************************************************************************
option explicit
 
'**************************************************************************
'Variable Declarations
'**************************************************************************
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Const ForReading = 1
 
dim strInputFile, strOU
dim arrTemp
dim objFSO, objInputFile, objRootDSE, objContainer, objComputer
'**************************************************************************
 
 
'**************************************************************************
'Configuration
'**************************************************************************
strInputFile = "input.csv" 'specifies name of csv input file
strOU = "OU=YourOU,OU=YourOU,OU=YourOU," 'The root will be appended
'**************************************************************************
 
 
'**************************************************************************
'Global Object Initialization
'**************************************************************************
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objInputFile = objFSO.OpenTextFile(strInputFile, ForReading)
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strOU & objRootDSE.Get("defaultNamingContext"))
'**************************************************************************
 
 
'**************************************************************************
'Main Script Execution
'**************************************************************************
Do Until objInputFile.AtEndOfStream
        on error resume next
        err.Clear
    arrTemp = Split(objInputFile.Readline, ",", -1, 1)
    if err <> 0 then
                wscript.echo "Error reading line from input file."
                err.Clear
        end if
    set objComputer = objContainer.Create("Computer", "cn=" & arrTemp(0))
    if err <> 0 then
                wscript.echo "Error creating computer account " & arrTemp(0)
                err.Clear
        end if
    objComputer.Put "sAMAccountName", arrTemp(0) & "$"
    objComputer.Put "description", arrTemp(1)
    objComputer.Put "userAccountControl", ADS_UF_WORKSTATION_TRUST_ACCOUNT
    objComputer.SetInfo
    if err <> 0 then
                wscript.echo "Error creating computer account " & arrTemp(0)
                err.Clear
        end if
    set objComputer = nothing
    on error goto 0
Loop
 
objInputFile.Close
 
set objFSO = nothing
set objInputFile = nothing
set objRootDSE = nothing
'**************************************************************************

Command Line Commands for Control Panel Applets

Fri, 08 Feb 2013 21:50:09 +0000

List of Control Panel Commands in Windows 8, 7, Vista, and XP

Sometimes it’s easier, or maybe even necessary, to open a Control Panel applet from a command line in Windows. Each Control Panel applet can be opened by executing a command, you just have to know what that command is. Control Panel itself can be accessed by executing control from a command line in Windows 8, Windows 7, Windows Vsta, and Windows XP. If you want a way to start a Control Panel applet from a script or from the Command Prompt, the following list of commands for Control Panel applets should help: Note: See my List of Control Panel Applets in Windows for Control Panel applet descriptions and information about changes in applets between the Windows operating systems.

Disable Win+L on client

Sat, 02 Feb 2013 16:26:39 +0000

http://technet.microsoft.com/en-us/library/cc786409%28WS.10%29.aspx

get Cisco config through putty

Thu, 31 Jan 2013 07:54:13 +0000

enable session> logging in putty using connection properties, then term len 0 sh run In this way all the file is placed without need to press for next page then you stop logging and you have your file. To have again pages type: term len 25 Putty saves an header with date and time at the beginning after that you have clean text file.

How to hide shared folders under DFS Namespaces

Wed, 23 Jan 2013 21:57:49 +0000

There is a very well known “trick” to hide shares with Windows and that is to put a $ sign at the end of the share name. The problem is that this doesn’t work if you are using DFS Namespaces (DFSN). The reason why it doesn’t work is because DFSN doesn’t advertise shares – it advertises folders and there is an underlying mechanism to transparently redirect computers trying to connect to those folders to the underpinning shares. So if you have folders in your DFS Namespace that you want to hide just as if they were a share, how do you do it? The answer lies in the fact that they are, indeed, folders. Go to the DFSN root server and open up the folder for your namespace. Right-click on the folder you want to hide and choose Properties. Then select the Hidden attribute and click OK. You will be asked if you want to apply the change to this folder only or to this folder, subfolders and files. You only need to apply the change to this folder only. Be mindful of the fact, though, that this trick of hiding the folders only works so long as users aren’t showing hidden files and folders on their computers. If they are, these folders will still show up. To make it even harder for users to find these “hidden” folders, it is necessary to set the System attribute on the folder. This then prevents the folders from being seen unless the user has unticked “Hide protected operating system files”. Setting the system attribute on a folder requires the use of the attrib command with a very specific sequence of flags: attrib –r +h +s <folder path> The –r flag removes the read-only setting which is normally used by Windows on folders as an indicator that the folder might have customisation on it. Since we are talking about folders in the DFS Namespace, that isn’t going to apply here. The +h flag applies the hidden setting. You need to do this as part of the same command as +s in order to make sure that the folder does actually get hidden and not just set as a system folder. You cannot apply the hidden flag after the folder has got the system flag set. The +s flag applies the system setting. Bron

Headphones

Tue, 01 Jan 2013 15:33:52 +0000

QNAP - Headphones Updating:

/etc/init.d/Headphones.sh stop
cd /share/MD0_DATA/.qpkg/Headphones/
mv headphones/__init__.py headphones/__init__.py.bak
git remote set-url origin git://github.com/rembo10/headphones.git
git pull
git checkout master
/etc/init.d/Headphones.sh start
rm -rf headphones/__init__.py.bak

FSMO

Sat, 29 Dec 2012 16:35:11 +0000

How to place FSMO and Global Catalog roles in Active Directory During installation of Active Directory on a Windows Server 2000/2003/2008 all FSMO roles will automatically be installed on the first server. But Best Practice dictates to move some of theese Flexible Single Master of Operation (FSMO) roles to seperate servers. If you only have one domain controller (not recommended), there is nothing to do since all roles must be on this server, but if you have multiple servers you should move some of theese roles on to more servers. It is also important to be aware of what servers are Global Catalog servers, especially if you have more than one domain and even if only one domain, they will be prefered by applications like Exchange server. It is recommended to place the forest roles on one Domain Controller (DC) and the domain roles on another server. If not all Domain Controllers are Global Catalog servers, it is also important to place the infrastructure master on a server that is NOT a Global Catalog server. Recommended Best Practice setup of FSMO roles. Domain Controller #1 Place the two forest roles on this server.

How To Image, Sysprep and Deploy Windows 7 a Complete Guide – Using sysprep and Imagex

Tue, 04 Dec 2012 15:49:51 +0000

Getting Ready
#

Install Windows 7 from scratch on to your test machine. DO NOT upgrade from Windows XP, this needs to be a fresh install.
Customise Windows 7 with any software, security settings or general settings you wish. When you install from this image all the settings as well as user accounts will be installed by default.
Install WAIK for 7/2008 on the test PC. Download from here (1.7GB).

Create WINPE Disk
#

Right click command prompt run as admin

Change to directory “C:Program FilesWindows AIKToolsPETools”

run command “copype x86 c:winpe”

run command “imagex /mountrw c:winpewinpe.wim 1 c:winpemount”

copy imagex.exe from “C:Program FilesWindows AIKToolsx86imagex.exe” to “c:winpemountwindowssystem32″

Create wimscript.ini in “c:winpemountwindowssystem32″ with following inside

[ExclusionList]
ntfs.log
hiberfil.sys
pagefile.sys
"System Volume Information"
RECYCLER
WindowsCSC

[CompressionExclusionList]
*.mp3
*.zip
*.cab
WINDOWSinf*.pnf

Run Command “imagex.exe /unmount /commit c:winpemount”

Run Command “copy c:winpewinpe.wim c:winpeisosourcesboot.wim /y”

Run Command “oscdimg -n -h -bc:winpeetfsboot.com c:winpeiso c:winpewinpe.iso”

This will create an ISO in c:winpewinpe.iso.

Burn this and keep. Now we need to sysprep our machine. (You can remove WAIK and any files you don’t need, test your iso first!)

Sysprep Your Machine

Citrix Receiver 3.3 installatie

Wed, 28 Nov 2012 13:13:17 +0000

ReceiverInstall.exe /addlocal=“ICA_Client,ReceiverInside,SSON,Flash,USB,DesktopViewer,HDX,Vd3d”

Oversubscription Pros & Cons + how far it should go before it becomes dangerous

Wed, 28 Nov 2012 07:56:06 +0000

Best Practices for Oversubscription of CPU, Memory and Storage in vSphere Virtual Environments Pros and cons of oversubscription and how far it should be taken before it becomes dangerous Scott D. Lowe http://www.vkernel.com/files/docs/white-papers/vsphere-oversubscription-best-practices.pdf vSphere Oversubscription Best Practices

Windows Crash Dump Analysis

Mon, 19 Nov 2012 07:39:36 +0000

Windows Crash Dump analysis is a fairly expansive topic that ranges from simple post mortem analysis of small memory dump files to remote debugging of a live system and probing the failure as it occurs in the operating system. This series of posts will cover analysis and troubleshooting of many common failures faced by end users on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, and Windows 8. This specific post examines memory dumps, how to install/use the tools to analyze them, crashes that appear when KeBugCheckEx is called, and initial steps with most dumps. The blue screen of death in Windows 7 and earlier versions of Windows: “A problem has been detected and Windows has been shut down to prevent damage to your computer.” The blue screen of death in Windows 8 Developer Preview: “Your PC ran into a problem that it couldn’t handle, and now it needs to restart. You can search for the error online: %s.”