If you are starting to deploy Windows Vista you may have noticed that any user who has administrative access to their workstation will not receive mapped drives or printers. This is due to the new privilege model introduced in Windows Vista with User Account Control.

Upgrading our Access Gateway last night proved to be a bit of a challenge where perhaps it should not have been. The problem was not with the product, more due to the time between installs. Access Gateway is generally requires little administration after deployment and it’s certainly not a product I get to work with every day. So what problems did I run into? Well, things that should have been quite obvious from the start, so here’s how I got there and fixed them and how I won’t make the same mistakes twice.

Microsoft have pulled the PolicyMaker Regsitry Extension download. This product is part of what is now known as Group Policy Preferences, a new feature of Windows Server 2008 and 2008 R2.

The Endpoint Analysis feature of Citrix Access Gateway Advanced allows you to scan the client machine for specific criteria before the user is allowed access to internal network resources. One of these scans is machine membership of your internal domain. When configuring this scan you specify the NetBIOS name of your domain and apply this scan to a logon point or filter.

I came across a Windows Sidebar gadget the other day which is actually proving to be useful - the Microsoft Office 2007 Recently Used Documents gadget. It’s quite handy having a list of your recent documents available without having to go through the Start Menu. I recommend checking this one out.

I’ve spent some time in the past couple of days working out how to do an unattended install of Web Interface and Advanced Access Control and certainly been a challenge. Whilst I haven’t worked everything out, I thought that I would outline what I’ve found out thus far. Why would we want to automate the installation of AAC? Just like your Terminal Servers, the servers running AAC should be stateless, so an unattended installation will provide a method for replicating servers and for disaster recovery.

I’ve been speedlinking some interesting Network Access Protection links in the past (which you can find here, here, here and here) and as speedlinking is so very 2006, I thought that I would rebrand these types of posts to ‘The Short NAP’. So here’s The Short NAP for Tuesday 20 March 2007.

In my previous article on customising the Presentation Server Client, I outlined the steps required to make a custom package for deployment to your client machines. That just article covers creating the custom package using the packager, but there a few other customisations you might be interested in:

Here’s an easy way to crash the Microsoft Firewall service in ISA Server - create a server publishing rule that allows all high ports inbound to an internal NATed IP address.

Now that Service Pack 2 for Windows Server 2003 has been released, I thought that I would take a brief look at what’s new for Terminal Servers: