Customising Logon points in Advanced Access Control is a fairly easy process. Customisation allows you to add a corporate look and feel to the user interface. However, removing and redeploying the Logon Point will remove all customisations - the Logon Point is just a bunch of HTML and graphic files. Here’s how to customise the source files so that redeployed and new Logon Points will already have your customisations.
If you run CITRIX_ADMIN_MONITOR.EXE and after you enter the username and password the Access Gateway does not display, this could be related to proxy settings in Internet Explorer. Even adding the address of the Access Gateway to the proxy bypass list does not solve the issue. Disable proxy settings in Internet Explorer and the Access Gateway desktop displays immediately. In our case we have ISA Server 2004 as our firewall. ISA Server does not allow protocols other than HTTP to be tunnelled over SSL by default and if you check the log files you will see the connection being denied. So the solution here is to either, disable proxy settings when using CITRIX_ADMIN_MONITOR or enable port 9001 to be tunnelled over SSL.
System Center Configuration Manager (SMS4) will be able to act as a remediation server in a NAP environment, which we would expect of course. Given that, with 3rd party agents, SMS can support operating systems other than Windows, all you need is a NAP system health agent (SHA) for your OS of choice and you can support that OS in your NAP/SMS environment.
Advanced Access Control 4.5 includes a session viewer to enable the administrator to view logged in sessions, either directly to Advanced Access Control or view the Access Gateway (existing versions require you to connect to the Access Gateway desktop to view sessions). Click the link for a full view, note the copy button, this allows you to copy the details of the session to the clipboard.
Martijn Kools has very kindly let me repost his instructions for enabling SSH on the Access Gateway and scheduling a reboot. WARNING: This is a totally unsupported method for enabling SSH. Be sure to have a backup of the config of the AG and access to the Access Gateway CD to be able to perform a reinstall if required.
Today’s entrant into the Hall of Shame is Esker Tun PLUS which can be used to provide an ActiveX based terminal emulator via the web. This product downloads no less than 11 ActiveX controls and then wants the user to run an application named TRUST.EXE from a page that has the following text:
After performing two Exchange disaster recoveries in as many months, I’ve come up with a list of
Fifteen Ten Commandments for Exchange Server 😉
Windows Vista and Windows Server 2008 introduce a number of new user profile paths and environment variables that differ from earlier versions of Windows and these changes may have an impact on scripts such as logon scripts and application install scripts. Most scripts should work correctly - VBScript scripts that use system functions to find folder paths should work as expected, however batch scripts that use environment variables or hard codes scripts will require modifications. Here’s a short run down of the changes.
I’ve recently updated a few WSUS servers with WSUS SP1. The admin tool shows build numbers but does not state if the version is RTM or SP1. For reference these build numbers are:
Like all ridiculously expensive software we love to hate, the SAP GUI does not use standard Windows print queues to send print jobs, but implements a printing method they call SAPLPD instead. This is launched by a process that looks to be external to the SAP GUI component and does not respect the working directory key in each users registry. This process will attempt to write a file named
LPRINT.NUM to the working directory of it’s parent process, the SAP GUI. If user does not have rights to write to this location the SAP GUI will exit completely without warning.