Advertisements

XenApp 6.5 Full Desktop – Hide PVS System Tray

While working on a new XenApp 6.5 Deployment with Citrix Provisioning Services, I noticed the Citrix PVS Target Tools icon in the system tray when connecting to a Full Desktop session, this could be confusing or useless information for users.

Environment:

  • Windows 2008 R2
  • Citrix XenApp 6.5 Hotfix Rollup Pack 2
  • PVS 6.1.16
  • StoreFront 2.0

pvs_tray_icon

After researching the web a bit, I came across this HKLM key from Jack Cobben described in his blog Hide Virtual Disk Tray Icon where it simply stated to add the reg hive below.

HKLM\Software\Citrix\ProvisioningServices\Status “ShowIcon” (DWORD) 0

This however will disable to all users, even Admins, and I wanted to be able give administrators the option to see the icon.

Solution:

Apply the HKCU key below to your profile solution  based on Group membership

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Citrix\ProvisioningServices]
“StatusTray”=dword:00000000

Once that is in place the icon will go away.

Advertisements

Hide XenApp Full Desktop/XenDesktop icons from WI 5.4 Services site

While working on a new XenApp 6.5 implementation, we decided to deploy “XenApp Full Desktops” (AKA Poor Man’s VDI) with published apps, and XenDesktops all talking to a single XenApp Service Site (AKA PNAgent) -> behind multiple Services Site load balanced by the NetScaler that is 🙂

When you use single XenApp Services site to manage both XenApp and XenDesktop environments, or you’re providing published desktop and applications from your XenApp farm and XenDesktops, you’ve probably noticed that your users will get the Full Desktop icon and/or XenDesktop in their start menu.

Picture below shows me connected to a XA 6.5 Full Desktop running Citrix Receiver 3.4 Enterprise (I know 30MBs per user session).  The issue here is why should I see the XenApp Desktop icon when I am already connected to it?

full_desk_pna

Environment:

  • Windows 2008 R2
  • Citrix XenApp 6.5 Hotfix Rollup Pack 2 / XenDesktop 5.6 <- (I know, not XD 7 yet)
  • PVS 6.1.16
  • StoreFront 2.0 / Web Interface 5.4

Solution:

Follow the instructions on CTX123969  which shows how to hide Published Applications, however keep in mind the goal here is not to hide published apps, but rather hide desktops from both XenApp and XenDesktop.

Replace the code with the following:

java.util.ArrayList filtered = new java.util.ArrayList();

 for (int i=0; i<resources.length; i++) {
 if (!(resources[i] instanceof com.citrix.wing.webpn.DesktopInfo)) {
 filtered.add(resources[i]);
 }
 }
resources = (ResourceInfo[]) filtered.toArray( new ResourceInfo[0] );

XenDesktop User/Device manually release a license

Many companies are switching to XenDesktop User/Device licenses vs. the traditional concurrent model.  The main reason… well they are are just about half the cost.  So it make sense from a budget perspective.

This does create a bit of additional administrative IT overhead. In theory the license server “takes care of” managing licensing”, etc… however,  Every now and then you’ll find that you might need to delete/release a few licenses on your XenDesktop installation, generally due to over usage, this will prevent a user getting “not enough licenses available” error.

Environment:

  • Windows 7
  • Citrix XenDesktop 5.6
  • PVS 6.1.16
  • Citrix Receiver 13.4

Differences between the two: (Detailed info @ CTX135501

Concurrent:

A concurrent XenDesktop license is tied to a XenDesktop session, not to a specific user or device. When a user launches a session, a license is checked out to that session

User / Device:

XenDesktop User/Device licenses provide customers with the maximum flexibility of assigning a single license to either a user or a device and supports both license types in the same environment.

Solution:

Head over to your license server

Run the following command from C:\Program Files (x86)\Citrix\Licensing\LS (default license location)

udadmin -list

udadmin_list_command

This command displays who is currently using a license and when it is due to expire.

Find the user who you want to delete and then type the following command.

udadmin -f XDT_ENT_UD -user druiz -delete

Some other command examples

udadmin -list
Displays all the users and devices.

udadmin -list -a
Lists all features, versions, counts of licenses, and the users and devices for each feature.

udadmin -f XDT_ENT_UD -user druiz -delete
Releases one user from one feature.

udadmin -f XDT_ENT_UD -device druiz_xdwin7_64 -delete

Hide Client Drive mappings for ICA sessions

Client Drive mappings is a great feature of XenApp / XenDesktop, although this presents a security concern depending on the environment, it is sometimes necessary to allow local file access for your XenApp and/or XenDesktop as part of the work flow.

While assisting an old coworker at my last company, he was presented with the challenge of allowing client drive mappings, however only allow to show specific drive.

Environment:

  • Windows 2003 SP3/Windows 2008 R2
  • Citrix XenApp 5.0 / 6.5
  • PVS 6.1.16
  • Citrix Receiver 13.x
  • Web Interface 5.4

Issue:

Disable specific Client Drive Mappings from enumerating within an ICA session.

Solution:

Registry:

  • Log on to a client machine with Receiver 13.x installed, as a user with administrative rights.
  • For 64bit operating systems, navigate to registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive
  • For 32bit operating systems, navigate to registry path: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive
  • At the DisableDrives string value, add the value data as the Client Drive letter\s to be disabled. Do not add commas between drive letters while disabling multiple drives.

 

 

Web Interface Site

  • Navigate to C:\inetpub\wwwroot\Citrix\NAME OF SITE\conf.
  • Open default.ica with notepad.
  • Under the section [WFCLIENT] add DisableDrives=DriveLetter.
  • All ICA sessions launched from the corresponding Web Interface Browser Site has the specified Client Drive disabled.

 

XenDesktop Windows 7 Optimization and GPO’s Settings

As organizations start to migrate to Windows 7, it is expected many will leverage desktop
virtualization to simplify and streamline the migration and ongoing maintenance process. Delivering
a Windows 7 system as a virtual desktop requires proper planning and configuration to provide the
users with an optimized and functional desktop environment.

I been working with VDI technologies for some time now… favoring Citrix XenDesktop as the overall solution.  By following the best practices article from Citrix as well as my personal experience, I figure I gather as much information as possible and paste into this post.

Environment

  • Windows 7 64bit
  • XenDesktop 5.6 FP1
  • UPM 4.1
  • vSphere 5.1 (now supported by Citrix, see article CTX131239 as well as CTX136291  for updates/ known issues)
  • Citrix Receiver 3.x

Disable following services:

This can be done on the VM itself or via GPO added the settings to the below section.

Background Intelligent Transfer Service

Desktop Windows Manager Session Manager

Function Discovery Resource Publication

HomeGroup listener

HomeGroup provider

Offline Files

Security Center

SuperFetch

System Restore

Windows Defender

Windows Media Player Sharing Service

 

Group Policies applied to Windows 7 VM – Computer

Error Reporting: Administrative Templates – Windows Components – Windows Error Reporting Disable Windows Error Reporting: Enabled

Windows Update: Administrative Templates – Windows Components – Windows Updates Configure Automatic Updates: Disabled

System Restore: Administrative templates – System – System Restore Turn off System Restore: Enabled

 

Group Policies applied to Windows 7 VM – Users

Screensaver :Administrative Templates – Control Panel – Personalization

Enable screen saver: Enabled

Prevent changing screen saver: Enabled

Password protect screen saver: Enabled

Screen saver timeout: Enabled – 600 seconds

Force specific screen saver: Enabled – scrnsave.scr

Force folder redirection: Enabled (Include AppData, Desktop, Documents, Downloads, Favourites and Pictures and Music depending on how strict we want to be.)

Add following via registry preferences through a GPO

Force Offscreen Composition for Internet Explorer: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] “Force Offscreen Composition”=dword:00000001

Reduce Menu Show Delay: [HKEY_CURRENT_USER\Control Panel\Desktop] “MenuShowDelay”=”150”

Disable all Visual Effects:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects] “VisualFXSetting”=dword:00000003

[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] “MinAnimate”=”0”

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ListviewAlphaSelect”=dword:00000000 “TaskbarAnimations”=dword:00000000 “ListviewWatermark”=dword:00000000

“ListviewShadow”=dword:00000000

[HKEY_CURRENT_USER\Control Panel\Desktop] “DragFullWindows”=”0” “FontSmoothing”=”0” “UserPreferencesMask”=binary:90,12,01,80 ,10,00,00,00

 

Citrix Profile Manager GPO – Version 4 and above

IMPORTANT: make sure the version of the ADM added to the GPO is exactly the same as the version of the installation that is in the image.

Profile Management – Enable Profile Management – Enabled

Profile Management – Processed groups: Enabled (add AD groups containing required users)

Profile Management – Process logons of local Administrators: Disabled

Profile Management – Path to Store: Enabled (specify path to store)

Profile Management – Active write back: Enabled

Profile Management – Profile Handling – Template profile: Enable (if we want to standardise user profiles)

Profile Management – Advanced settings – Process Internet cookies files on logoff: Enabled

Profile Management – Log Settings – Enable logging: Enabled

Profile Management – File System – Exclusion list – Directories

$Recycle.Bin

AppData\LocalLow

AppData\Local\Microsoft\Windows\Temporary Internet Files

AppData\Local\Microsoft\Windows\Burn

AppData\Local\Microsoft\Windows Live

AppData\Local\Microsoft\Windows Live Contacts

AppData\Local\Microsoft\Terminal Server Client

AppData\Local\Microsoft\Messenger

AppData\Local\Microsoft\OneNote

AppData\Local\Microsoft\Outlook

AppData\Local\Windows Live

AppData\Local\Temp

AppData\Local\Sun

AppData\Local\Google\Chrome\User Data\Default\Cache

AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images

AppData\Roaming\Microsoft\Windows\Start Menu

AppData\Roaming\Sun\Java\Deployment\cache

AppData\Roaming\Sun\Java\Deployment\log

AppData\Roaming\Sun\Java\Deployment\tmp

Profile Management – File System – Synchronization – folders to mirror: Enabled (AppData\Roaming\Microsoft\Windows\Cookies)

Profile Management – Streamed user profile – Profile Streaming: Enabled

 

Changes applied directly to VM

Disable Large Send Offload :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNNS\Parameters] “EnableOffload”=dword:00000000

Disable TCP/IP Offload :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]  “DisableTaskOffload”=dword:00000001

Increase Service Startup Timeout [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] “ServicesPipeTimeout”=dword:0002bf20

Hide Hard Error Messages [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows] “ErrorMode”=dword:00000002

Disable CIFS Change Notifications :[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] “NoRemoteRecursiveEvents”=dword:00000001

Disable Logon Screensaver :[HKEY_USERS\.DEFAULT\Control Panel\Desktop] “ScreenSaveActive”=”0”

Modify C:\ProgramData\Microsoft\Windows\Start Menu to reflect a “tidy” start menu

 

Optimizer

If we are using a PVS in an environment ensure that the PVS optimizer is run at least once on image or at the end of each image update process just to be on the safe side.

 

One time changes

Disable Boot Animation: bcdedit /set bootux disabled

Remove unused Windows components : Windows Media Center, DVD Maker, Tablet Components

Page file : Minimum and maximum the same

 

Final actions to be performed at each image update process.

Disk Cleanup

Run defragmentation

Optimize Antivirus

Clear event logs

Run a windows updates (potential)

Rerun PVS optimizer if client is using a PVS

 

XenApp 6.5 Session Limits

This seems to be a bit confusing,  and I think Citrix needs to do a much better job explaining/providing details how this works.  Since session policies do not apply to XenApp 6.x and only XenDesktop 5.x, there are multiple forums detailing how Citrix Admins are experiencing challenges with session handling.

Why are they there then? My gut feeling tells me that the reason why you see these policies in place, but they actually don’t work for XenApp, is that they are made for the new version of XenApp, which based on the information that is available, it will communicate to the backend via the Virtual Desktop Agent (VDA) and will be managed via the Desktop Director in the same way XenDesktop is currently managed.

Environment:

  • Windows 2008 R2
  • Citrix XenApp 6.5

Issue:

Session policies do not apply to XenApp 6.5 applications

Background:

In previous versions of XenApp, configuring the Idle and Disconnected session limits was done either from the ICA listener, or through Microsoft Terminal Services group policies.  If you have a GPO set up for your XenApp Servers (located under “Windows Components/Remote Desktop Services/Remote Desktop Session Host/Session Time Limits”) you will see that the “Override user settings” is grayed out.  If that is the case, make sure you take a look at the GPO and disable it.

GPO Session settings

Important:

The session limits settings in a user policy only apply to XenDesktop! so when things are not working and you scratching your head, it is not you, it is the way that things work for now.

From Citrix Support “In XenApp 6, Disconnected Session policies cannot be configured on the Console since they only apply to XenDesktop

Session policies only apply to XenDesktop

Solution:

  • Click the Start menu, select All ProgramsCitrixAdministration Tools, and ICA Listener Configuration.
  • Select the ICA listener, and click the Edit option.
  • On the Session Limits tab, configure the desired value for disconnected sessions in the drop down menu in the End Disconnected Sessionsection. Click the Apply button and then click Ok.

Head over to CTX126775 to read further information and additional registry information