Citrix (other than Jay Tomlin) have finally got their act together and started blogging. You can view the blogs at http://citrite.org/blogs/.

Customising Logon points in Advanced Access Control is a fairly easy process. Customisation allows you to add a corporate look and feel to the user interface. However, removing and redeploying the Logon Point will remove all customisations - the Logon Point is just a bunch of HTML and graphic files. Here’s how to customise the source files so that redeployed and new Logon Points will already have your customisations.

If you run CITRIX_ADMIN_MONITOR.EXE and after you enter the username and password the Access Gateway does not display, this could be related to proxy settings in Internet Explorer. Even adding the address of the Access Gateway to the proxy bypass list does not solve the issue. Disable proxy settings in Internet Explorer and the Access Gateway desktop displays immediately. In our case we have ISA Server 2004 as our firewall. ISA Server does not allow protocols other than HTTP to be tunnelled over SSL by default and if you check the log files you will see the connection being denied. So the solution here is to either, disable proxy settings when using CITRIX_ADMIN_MONITOR or enable port 9001 to be tunnelled over SSL.

System Center Configuration Manager (SMS4) will be able to act as a remediation server in a NAP environment, which we would expect of course. Given that, with 3rd party agents, SMS can support operating systems other than Windows, all you need is a NAP system health agent (SHA) for your OS of choice and you can support that OS in your NAP/SMS environment.

Advanced Access Control 4.5 includes a session viewer to enable the administrator to view logged in sessions, either directly to Advanced Access Control or view the Access Gateway (existing versions require you to connect to the Access Gateway desktop to view sessions). Click the link for a full view, note the copy button, this allows you to copy the details of the session to the clipboard.

Martijn Kools has very kindly let me repost his instructions for enabling SSH on the Access Gateway and scheduling a reboot. WARNING: This is a totally unsupported method for enabling SSH. Be sure to have a backup of the config of the AG and access to the Access Gateway CD to be able to perform a reinstall if required.

Today’s entrant into the Hall of Shame is Esker Tun PLUS which can be used to provide an ActiveX based terminal emulator via the web. This product downloads no less than 11 ActiveX controls and then wants the user to run an application named TRUST.EXE from a page that has the following text:

After performing two Exchange disaster recoveries in as many months, I’ve come up with a list of Fifteen Ten Commandments for Exchange Server 😉

Windows Vista and Windows Server 2008 introduce a number of new user profile paths and environment variables that differ from earlier versions of Windows and these changes may have an impact on scripts such as logon scripts and application install scripts. Most scripts should work correctly - VBScript scripts that use system functions to find folder paths should work as expected, however batch scripts that use environment variables or hard codes scripts will require modifications. Here’s a short run down of the changes.

I’ve recently updated a few WSUS servers with WSUS SP1. The admin tool shows build numbers but does not state if the version is RTM or SP1. For reference these build numbers are: