Archive for February 2008

Domain Upgrade – Windows 2008 RTM


Jeg valgte her i weekenden, at opgradere mit eksisterende test domæne “win.local” (Windows 2003) til RTM versionen af Windows 2008.
Af nye spændende features i Windows 2008 kan nævnes:
Read-Only Domain Controllers (RODC) – Fine-Grained Password Policies – AD DS Auditing – Server Core – Group Policy (Preferences) – Network Access Protection mfl.
For mere info omkring de nye features se nedenstående link.
Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008:
http://www.microsoft.com/downloads/details.aspx?familyid=173E6E9B-4D3E-4FD4-A2CF-73684FA46B60&displaylang=en

Min plan for selve opgraderingen var som følger: Se også nedenstående link.
http://technet2.microsoft.com/windowsserver2008/en/library/9c91be5f-df14-40b2-b176-2b1852a51e611033.mspx?mfr=true

På de eksisterende Windows 2003 Domain Controllere, backup System State.
Hvis ikke det er gjort, så “raise domain and forest functional Level” til Windows 2003 (http://support.microsoft.com/kb/322692).
Kør følgende “Diagnostic tools” mod det eksisterende Windows 2003 domain (Netdiag – DCdiag – Repadmin – Gpotool – Event Viewer).
For repadmin kørte jeg kommandoen repadmin.exe /replsum /bysrc /bydest /sort:delta.
Udvid schema på den eksisterende Windows 2003 Schema Master DC. Kør Adprep /forestprep og vent til ændringerne er replikeret ud.
Kør Adprep /domainprep på den den eksisterende Windows 2003 Infrastructure Master DC.
Kør Adprep /rodc, hvis du ønsker at implementere Read-Only Domain Controllers.

Installer en ny Windows 2008 Std. member server med fast IP adresse. Jeg vælger her ikke at udføre en in-place upgrade.
Disable Antivirus og den indbyggede firewall.
Kør dcpromo /adv og vælg DNS og Global Catalog. Afslut med at genstarte serveren.

Installer DHCP og WINS service på den nye Windows 2008 DC. Disable DHCP for en kort periode.
Flyt FSMO rollerne til den nye Windows 2008 DC’er. Jeg valgte her at gøre det med et PowerShell script.
http://jravn.dk/?p=35
Eksporter DHCP databasen fra den eksisternede Windows 2003 DC/Server (http://support.microsoft.com/kb/325473).
Enable DHCP på den nye 2008 DC og importer den med samme kommando (netsh dhcp server import). Tilret Scope Options.
Disable DHCP servicen på den gamle DC/Server.
Move WINS databasen fra den gamle DC og over på den nye 2008 DC (http://support.microsoft.com/kb/875419/en-us)
Kør DCDIAG på den nye Windows 2008 DC og tjek eventloggen. Support Tools er nu inkluderet i Windows 2008.

Jeg havde en Enterprise Certificate Authority kørende på en af min eksisterende Windows 2003 DC’er.
Den havde til formål at udstede Maskine certifikater til VPN validering, samt Outlook Web Access.
Jeg ønskede at migrere den eksisterende CA over til den nye Windows 2008 DC og bibeholde mine public/private keys.
Måden jeg gjorde det på, var som følger:
Backup “Private key, and the certificate that the CA uses for digitally signing” fra den eksiterende  CA server.
http://technet2.microsoft.com/windowsserver/en/library/69e3aa8e-800c-435e-920a-f5eb2ac2a9ed1033.mspx?mfr=true
Afinstaller herefter CA på den gamle Windows 2003 DC. Afslut med at genstarte den.
Installer AD CS på den nye 2008 DC + CA Web Services. Vælg Enterprise CA. Genstart serveren.


Vælg “Use existing private key”.

Import herefter den tidligere lavet backup fil.

Nedenstående viser det importerede Rod Certifikat fra backup filen.

Angiv de brugere og computer objekter, som må connecte op mod den nye CA. Dette gælder for gruppen “Certificate Service DCOM Access”.

Angiv til sidst hvilke bruger og computer der kan anmode/Enroll et Computer eller Domain Controller Certifikat, udfra de indbyggede CA templates.

 

Installer nummer 2 Windows 2008 DC med DNS, WINS og Global Catalog.
Tilret DNS settings på de eksisterende servere, så de peger hen mod de nye Windows 2008 Domain Controllers.
Demote de eksisterende Windows 2003 DC’ere og luk dem ned. Tjek at de rydder op efter sig i DNS manageren.
Raise Domain and Forest functional level til Windows 2008.
http://technet2.microsoft.com/windowsserver2008/en/library/4e703a77-d9ba-4a26-b756-eba5499f15581033.mspx?mfr=true


Test de eksisterende systemer som er afhængig af Active Directory (Exchange 2003/2007 – Sharepoint – Antispam/LDAP  – Single Sign-on for Citrix Web Interface mfl.)
Afslut hele Domain upgrade processen med at migrere eksisterende ADM templates om til ADMX.

For mere info se nedenstående link.

Managing Group Policy ADMX Files Step-by-Step Guide – Create a Central Store.
http://msdn2.microsoft.com/en-us/library/bb530196.aspx#manageadmxfiles_topic6

Convert the existing ADM templates to ADMX and move them to the Central Store.
http://www.microsoft.com/downloads/details.aspx?familyid=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en

Inside ADM and ADMX Templates for Group Policy.
http://www.microsoft.com/technet/technetmag/issues/2008/01/Layout/?loc=en&rss=http://www.microsoft.com/technet/technetmag/issues/2008/01/Layout/?loc=en

Opsætning af ny Citrix XenApp farm

Denne blog-post er mit bud på hvordan du opsætter en ny Citrix XenApp farm (tidligere Citrix Presentation Server).
Som udgangspunkt vælger jeg altid at opsætte en ny farm, frem for at opgradere.
Det betyder at man kører med to farme parallelt med hinanden og migrere brugerne over stepvis i den nye farm.
Jeg vælger ligeledes altid at opsætte følgende enheder i den nye farm.

Active Directory – Citrix Admin brugere/grupper:
Opret her en bruger som du feks. kalder CTX_Sql, som anvendes til at connecte til data storen.
Opret her en bruger som du feks. kalder CTX_Admin, som anvendes til at logge på citrix serverne.

Active Directory – Citrix Group Policies – Deny til Domain Admins:
CTX_Profiles – http://www.msterminalservices.org/articles/Managing-Terminal-Services-Group-Policy.html
CTX_Lockdown – http://support.microsoft.com/kb/278295
CTX_Office2007 – http://www.microsoft.com/downloads/details.aspx?FamilyId=92D8519A-E143-4AEE-8F7A-E4BBAEBA13E7&displaylang=en
CTX_IE7 – http://jravn.dk/?p=51

Microsoft SQL Server 2005 (hvis ikke der er en eksisterende. Små installationer kan nøjes med Express udgaven).
Første server i farmen (Data Collector – Hoster ikke applikationer).
Applikations Servere + Virtual test server + Evt. Silo server.
2 x Interne Web Interfaces i et NLB setup med et SSL certifikat. (jeg vælger kun at benytte WI og PNA klinter for at opretholde en central styring af klienterne i citrix miljøet).
2x Eksterne Web Interfaces i et NLB setup med Secure Gateway + SSL certifikat og 2 faktor validering som feks SMSpasscode – Safeword – RSA.

Microsoft SQL Server 2005 + SP2:
Citrix Presentation Server and Microsoft SQL 2005 Configuration
http://support.citrix.com/article/CTX112524

Første server i farmen:
Denne afvikles på en Virtual server med følgende roller:
Windows 2003 + SP2 + Fuld Windows Security Update + .NET framework 2.0.
Member server i det eksisterende domæne. Denne server hoster ingen applikationer.
IIS 6.0.
Terminal Server + MS Terminal License Server.
Citrix License server (typisk laver man her fulfillment via mycitrix.com og samler alle sine licenser en licensfil og angiver det nye hostnavn).
XenApp server + Data Collector + nyeste Citrix hotfixes.
Konfigurering af flere Citrix Policies – Turn off Visual effects – Turn off Audio og COM ports – Drive – Printers – Shadow – Encryption.

Note til flytning af eksisternede MS Terminal License Server (Windows 2003):
In order to move or replace an existing license server, perform the following tasks:
Install and activate a license server on the new computer.
Install the number and type of TS CAL tokens, equal to the number and type installed on the original license server that is being replaced.
You might use any of the three available connections methods available.
Depending on how you purchased your TS CALs, it might be necessary to phone a Microsoft Customer Service Representative if both the Automatic and Web methods fail.
Ensure that the new license server is discoverable by your terminal servers. For example, if you previously configured your terminal servers to request tokens from the old license server, you need to modify them
to request tokens from the new license server.
Uninstall or deactivate the old license server if you are replacing an active license server.
Clients that were issued tokens by the retired license server will continue to use those tokens until they expire. As tokens expire, clients will be assigned new tokens from the new license server.

Konfigurering Applikations Servere:
Disk opsætning = RAID1 + Single Partition (C:).
Installer Windows 2003 + SP2 + Fuld Windows Security Update.
Member server I domænet.
Installer Terminal Services: Full Security – Angiv IP nummer på den nye TS License server – Per user.
Stop følgende services:
Automatic Updates(D) – Computer Browser(M) – Error Reporting Service (M) – Help and Support(D) – Windows Audio(D) – Wireless Configuration(D).
Tilret herefter følgende, som vist på nedenstående billeder:

RDP-TCP properties:

Performance Options:

File and Printer Sharing:

Print Server Properties:

Kør RunOncEx.cmd, som efter genstart installere følgende applikationer:
Java – Adobe Flash Player – Adobe Shockwave – Adobe reader – UPHClean – ThreadMaster – Office 2007 + SaveAsPDFandXPS + Office 2007 SP1

Genstart serveren og installer herefter Citrix XenApp server.

Installer Antivirus og exclude i henhold til nedenstående.
Antivirus Software Configuration Guidelines for Presentation Server:
http://support.citrix.com/article/CTX114522

Kør RunOncEx _Cleanup.cmd, som sletter uønsket foldere og genvejs ikoner i All og Default User Profile. Endvidere bliver der også tilrettet en række registry settings.
For mere info omkring RunOnceX.cmd og RunOncEx _Cleanup.cmd, se nedenstående link:
http://jravn.dk/?p=55
http://jravn.dk/?p=56

Genstart serveren og login, så RunOncEx _Cleanup.cmd bliver afviklet.
Sæt herefter en Schedule på nedenstående Reboot Script.

@ECHO OFF
net stop spooler /y
del /f/q C:windowssystem32spoolprinters*.*
del /f/q/s C:windowstemp*.*
shutdown.exe /r /t 20 /f

Opsætning af Citrix Web Interface 4.6:

How To: Install and Configure Citrix Web Interface 4.6 and Citrix Secure Gateway.
http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html
http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part2.html

WI og pass-through.
http://support.citrix.com/article/CTX113004

Deploy ICAweb.
http://support.citrix.com/article/CTX114097

NLB with Layer 2 and 3 Switches.
Q. How Do I Configure NLB with Layer 2 Switches?
A. If you are connecting NLB hosts to a switch rather than a hub, you need to make sure that the switch does not associate the cluster MAC address with a particular switch port.
Knowledge Base article Configuration Options for WLBS Hosts Connected to a Layer 2 Switches (http://go.microsoft.com/fwlink/?LinkId=18367) explains how to configure NLB with Layer 2 switches.

Q. How Do I Configure NLB with Layer 3 Switches?
A. Layer 3 switches need to be specially configured to work with NLB. A VLAN must be established for the hosts in the cluster, and this VLAN must be configured to operate in Layer 2 mode.
All Layer 3 switches may not support this capability, and when they do, the mechanism to setup the Layer-2 VLAN is specific to the particular make and model.
Consult the documentation for the switch before attempting to configure such a system.

Unattended Cleanup Script til Terminal og Citrix Servere

Efter man har installeret sin Terminal eller Citrix Server, kan man med fordel lave et cleanup script.
Dette script sletter/ændre genvejsikoner – foldere – registry settings, som man ikke ønsker brugerne skal kunne se eller afvikle.
Jeg har udarbejdet et eksempel som nemt kan tilrettes. Se nedenstående billede.

Koden for RunOnceEx_CleanUp.cmd, er som følger:

@ECHO OFF
SET KEY=HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx

REG ADD %KEY% /V TITLE /D “Citrix XenApp – CleanUp” /f

REG ADD %KEY%00 /VE /D “Change User /install” /f
REG ADD %KEY%00 /V 1 /D “\wIN-VS-001XenAPPInstall.cmd” /f

REG ADD %KEY%05 /VE /D “Remove Applications Shortcuts from Programs Group” /f
REG ADD %KEY%05 /V 1 /D “\wIN-VS-001XenAPPCleanUpDelete_Shortcuts.vbs” /f

REG ADD %KEY%10 /VE /D “Delete Outlook Express from Default User Profile” /f
REG ADD %KEY%10 /V 1 /D “\wIN-VS-001XenAPPCleanUpDelete_OE.vbs” /f

REG ADD %KEY%15 /VE /D “Delete ICABAR from Run in Registry” /f
REG ADD %KEY%15 /V 1 /D “\wIN-VS-001XenAPPCleanUpDelete_IcaBar.vbs” /f

REG ADD %KEY%20 /VE /D “Delete Adobe Reader Speed Launcher from Run in Registry” /f
REG ADD %KEY%20 /V 1 /D “\wIN-VS-001XenAPPCleanUpDelete_AdobeR_Speed_Launcher.vbs” /f

REG ADD %KEY%25 /VE /D “Disable Spooler errors from being displayed on the server console” /f
REG ADD %KEY%25 /V 1 /D “\wIN-VS-001XenAPPCleanUpDisable_Spooler_Errors.vbs” /f

REG ADD %KEY%30 /VE /D “Disable Console System Popup Messages” /f
REG ADD %KEY%30 /V 1 /D “\wIN-VS-001XenAPPCleanUpDisable_Console_System_Messages.vbs” /f

REG ADD %KEY%35 /VE /D “Set the Name of the My Computer Icon to the Current User and Machine Name” /f
REG ADD %KEY%35 /V 1 /D “\wIN-VS-001XenAPPCleanUpMy_Computer_Username.cmd” /f

REG ADD %KEY%40 /VE /D “Set Deletion of AutoCreated Printers (http://support.citrix.com/article/CTX051476)” /f
REG ADD %KEY%40 /V 1 /D “\wIN-VS-001XenAPPCleanUpDelete_Client_Printers.vbs” /f

REG ADD %KEY%99 /VE /D “Change User /execute” /f
REG ADD %KEY%09 /V 1 /D “\wIN-VS-001XenAPPExecute.cmd” /f

REG ADD %KEY%100 /VE /D “Reboot Server” /f
REG ADD %KEY%100 /V 1 /D “\wIN-VS-001XenAPPReboot.cmd” /f

EXIT

Delete_Shortcuts.vbs:
Option Explicit
Dim StrAllUsers, StrDefaultUsers, objFSO
StrAllUsers = “C:Documents and SettingsAll UsersStart Menu”
StrDefaultUsers = “C:Documents and SettingsDefault UserStart MenuPrograms”
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
If objFSO.FileExists (StrAllUsers & “Windows Catalog.lnk”) Then objFSO.DeleteFile (StrAllUsers & “Windows Catalog.lnk”)
If objFSO.FileExists (StrAllUsers & “Windows Update.lnk”) Then objFSO.DeleteFile (StrAllUsers & “Windows Update.lnk”)
If objFSO.FileExists (StrAllUsers & “ProgramsAdobe Reader 8.lnk”) Then objFSO.DeleteFile (StrAllUsers & “ProgramsAdobe Reader 8.lnk”)
If objFSO.FolderExists (StrAllUsers & “ProgramsAccessories”) Then objFSO.DeleteFolder (StrAllUsers & “ProgramsAccessories”), True
If objFSO.FolderExists (StrDefaultUsers & “Startup”) Then objFSO.DeleteFolder (StrDefaultUsers & “Startup”), True
If objFSO.FolderExists (StrDefaultUsers & “Accessories”) Then objFSO.DeleteFolder (StrDefaultUsers & “Accessories”), True
If objFSO.FileExists (StrDefaultUsers & “Remote Assistance.lnk”) Then objFSO.DeleteFile (StrDefaultUsers & “Remote Assistance.lnk”)

Delete_OE.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1, strKeyPath2
Dim strValueName1
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SOFTWAREMicrosoftActive SetupInstalled Components{44BBA840-CC51-11CF-AAFA-00AA00B6015C}”
strKeyPath2 = “SOFTWAREMicrosoftActive SetupInstalled Components{7790769C-0471-11d2-AF11-00C04FA35D02}”
strValueName1 = “StubPath”
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.DeleteValue HKEY_LOCAL_MACHINE, strKeyPath1,strValueName1
objReg.DeleteValue HKEY_LOCAL_MACHINE, strKeyPath2,strValueName1

Delete_IcaBar.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1
Dim strValueName1
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SOFTWAREMicrosoftWindowsCurrentVersionRun”
strValueName1 = “IcaBar”
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.DeleteValue HKEY_LOCAL_MACHINE, strKeyPath1,strValueName1

Delete_AdobeR_Speed_Launcher.vbs:
Samme som ovenstående, men udskift IcaBar med “Adobe Reader Speed Launcher”

Disable_Spooler_Errors.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1
Dim strValueName1
Dim DisableDWord
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SYSTEMCurrentControlSetServicesSpooler”
strValueName1 = “ErrorControl”
DisableDWord = 00000002
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath1
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName1,DisableDWord

Disable_Console_System_Messages.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1
Dim strValueName1
Dim DisableDWord
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SYSTEMCurrentControlSetControlWindows”
strValueName1 = “ErrorMode”
DisableDWord = 00000002
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath1
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName1,DisableDWord

My_Computer_Username.cmd:
@ECHO OFF
ECHO Set the Name of the My Computer Icon to the Current User and Machine Name
START /WAIT regedit /s \win-vs-001XenAppCleanUpMy_Computer_Username.reg

My_Computer_Username.reg: (Username on Servername)
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
@=”My Computer”
“LocalizedString”=hex(2):25,00,55,00,53,00,45,00,52,00,4e,00,41,00,4d,00,45,00,
25,00,20,00,6f,00,6e,00,20,00,25,00,43,00,4f,00,4d,00,50,00,55,00,54,00,45,
00,52,00,4e,00,41,00,4d,00,45,00,25,00,00,00

Delete_Client_Printers.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1
Dim strValueName1, strValueName2
Dim EnableDWord
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SYSTEMCurrentControlSetControlCitrixClientPrinterProperties”
strValueName1 = “fPurgeAnyWay”
strValueName2 = “fNotInheritKeepPrintedJobs”
EnableDWord = 00000001
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath1
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName1,EnableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName2,EnableDWord

Unattended Install Script til Terminal og Citrix Servere

Nedenstående lister et unattended install script (RunOnceEx.cmd) til Terminal/Citrix servere. De fleste registry settings er taget fra www.appdeploy.com.
Det kan nemt udvides til andre applikationer. Dette script sikre en ensartet installationsrutine for alle serverne.
Kør scriptet efter du har installeret Terminal Services og genstart serveren. Næste gang man logger ind på serveren, vil scriptet blive afviklet.
For mere info omkring RunOnceEx.cmd, se dette link http://unattended.msfn.org/unattended.xp/view/web/31/.
Forinden har jeg lavet et network share på en given server (\WIN-VS-001XenApp). Her ligger jeg alle mine ønskede software pakker.
I forbindelse med Application Deployment skal man altid benytte såkaldte DFS path for at bevare UNC navnet til ens software reposetory.
Nedenstående billede viser scriptet der bliver afviklet når man logger ind på serveren.

Jeg har valgt at installere følgende applikationer:
Java – Adobe Flash Player – Adobe Shockwave – Adobe reader – UPHClean – ThreadMaster – Office 2007 + SaveAsPDFandXPS + Office 2007 SP1.

@ECHO OFF
SET KEY=HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx

REG ADD %KEY% /V TITLE /D “Citrix XenApp – Deploy Applications” /f

REG ADD %KEY%00 /VE /D “Change User /install” /f
REG ADD %KEY%00 /V 1 /D “\WIN-VS-001XenAppInstall.cmd” /f

REG ADD %KEY%05 /VE /D “Java Runtime Environment 6 Update 3” /f
REG ADD %KEY%05 /V 1 /D “\WIN-VS-001XenAppJava16_3Java16_3.cmd” /f

REG ADD %KEY%10 /VE /D “Adobe Flash Player” /f
REG ADD %KEY%10 /V 1 /D “\WIN-VS-001XenAppFP9FP9.cmd” /f

REG ADD %KEY%15 /VE /D “Adobe Shockwave” /f
REG ADD %KEY%15 /V 1 /D “\WIN-VS-001XenAppSWP10_1SWP10_1.cmd” /f

REG ADD %KEY%20 /VE /D “Adobe Reader” /f
REG ADD %KEY%20 /V 1 /D “\WIN-VS-001XenAppAdobeR812AdobeR812.cmd” /f

REG ADD %KEY%25 /VE /D “User Profile Hive Cleanup Service” /f
REG ADD %KEY%25 /V 1 /D “\WIN-VS-001XenAppUPHCleanUPHClean.cmd” /f

REG ADD %KEY%30 /VE /D “ThreadMaster” /f
REG ADD %KEY%30 /V 1 /D “\WIN-VS-001XenAppThreadMasterTM.cmd” /f

REG ADD %KEY%35 /VE /D “Office 2007 Prof” /f
REG ADD %KEY%35 /V 1 /D “\WIN-VS-001XenAppOffice2007Office.cmd” /f

REG ADD %KEY%40 /VE /D “SaveAsPDFandXPS” /f
REG ADD %KEY%40 /V 1 /D “\WIN-VS-001XenAppSaveAsPDFandXPSSaveAsPDFandXPS.cmd” /f

REG ADD %KEY%45 /VE /D “Office 2007 SP1” /f
REG ADD %KEY%45 /V 1 /D “\WIN-VS-001XenAppOffice2007SP1Office2007SP1.cmd” /f

REG ADD %KEY%99 /VE /D “Change User /execute” /f
REG ADD %KEY%09 /V 1 /D “\WIN-VS-001XenAppExecute.cmd” /f

REG ADD %KEY%100 /VE /D “Reboot Server” /f
REG ADD %KEY%100 /V 1 /D “\WIN-VS-001XenAppReboot.cmd” /f

EXIT

Java16_3.cmd:
@ECHO OFF
ECHO Java Runtime Environment 6 Update 3
START /WAIT \WIN-VS-001XenAppJava16_3jre-6u3-windows-i586-p-s.exe /s ADDLOCAL=jrecore IEXPLORER=1 MOZILLA=1 JAVAUPDATE=0 AUTOUPDATECHECK=0 REBOOT=Suppress /L %SYSTEMROOT%TEMPJRE6setup.log
START /WAIT \WIN-VS-001XenAppJava16_3Java.vbs

Java.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1, strKeyPath2
Dim strValueName1, strValueName2, strValueName3, strValueName4, strValueName5
Dim EnableDWord, DisableDWord
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SOFTWAREJavaSoftJava Plug-in1.6.0_03”
strKeyPath2 = “SOFTWAREJavaSoftJava UpdatePolicy”
strValueName1 = “HideSystemTrayIcon”
strValueName2 = “EnableJavaUpdate”
strValueName3 = “NotifyDownload”
strValueName4 = “NotifyInstall”
strValueName5 = “EnableAutoUpdateCheck”
EnableDWord = 00000001
DisableDWord = 00000000
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath1
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath2
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName1,EnableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath2,strValueName2,DisableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath2,strValueName3,DisableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath2,strValueName4,DisableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath2,strValueName5,DisableDWord

FP9.cmd:
@ECHO OFF
ECHO Adobe Flash Player 9.0
START /WAIT MSIEXEC /I “\WIN-VS-001XenAppFP9install_flash_player_active_x.MSI” ALLUSERS=TRUE REBOOT=SUPPRESS /QB

SWP10_1.cmd:
@ECHO OFF
ECHO Adobe Shockwave 10.1
START /WAIT MSIEXEC /I “\WIN-VS-001XenAppSWP10_1sw_lic_full_installer.MSI” ALLUSERS=TRUE REBOOT=SUPPRESS /QB
START /WAIT \WIN-VS-001XenAppSWP10_1SWP.vbs

SWP.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1, strKeyPath2
Dim strValueName1
Dim strValue
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SOFTWAREMacromediaShockwave 10AutoUpdate”
strKeyPath2 = “SOFTWAREMacromediaShockwave 10CollectStatistics”
strValueName1 = “”
strValue = “n”
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath1
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath2
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName1,strValue
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath2,strValueName1,strValue

AdobeR812.cmd:
@ECHO OFF
ECHO Adobe Reader 8.1.2
START /WAIT MSIEXEC /I “\WIN-VS-001XenAppAdobeR812AcroRead.msi” ALLUSERS=TRUE EULA_ACCEPT=YES SUPPRESS_APP_LAUNCH=YES TRANFORMS=Reader8xAdvanced.mst /QB-
START /WAIT \WIN-VS-001XenAppAdobeR812AdobeReader.vbs

AdobeReader.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1, strKeyPath2, strKeyPath3, strKeyPath4,strKeyPath5
Dim strValueName1, strValueName2, strValueName3, strValueName4, strValueName5, strValueName6, strValueName7, strValueName8, strValueName9
Dim EnableDWord, DisableDWord
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SoftwareAdobeAcrobat Reader8.0AdobeViewer”
strKeyPath2 = “SoftwareAdobeAcrobat Reader8.0Downtown”
strKeyPath3 = “SOFTWAREPoliciesAdobeAcrobat Reader8.0FeatureLockdown”
strKeyPath4 = “SOFTWAREPoliciesAdobeAcrobat Reader8.0FeatureLockdowncHostedServicescMeeting”
strKeyPath5 = “SOFTWAREPoliciesAdobeAcrobat Reader8.0FeatureLockdowncHostedServicescProtectPDF”
strValueName1 = “EULA”
strValueName2 = “Launched”
strValueName3 = “bDontShowAtLaunch”
strValueName4 = “bGoOnline”
strValueName5 = “bPurchaseAcro”
strValueName6 = “bShowEbookMenu”
strValueName7 = “bUpdater”
strValueName8 = “bShowMeets”
strValueName9 = “bShowMeets”
EnableDWord = 00000001
DisableDWord = 00000000
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath1
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath2
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath3
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath4
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath5
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName1,EnableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName2,EnableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath2,strValueName3,EnableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath2,strValueName4,DisableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath3,strValueName5,DisableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath3,strValueName6,DisableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath3,strValueName7,DisableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath4,strValueName8,DisableDWord
objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath5,strValueName9,DisableDWord

UPHClean.cmd:
@ECHO OFF
ECHO User Profile Hive Cleanup Service
START /WAIT MSIEXEC /I “\WIN-VS-001XenAppUPHCleanUPHClean-Setup.msi” /QB

TM.cmd:
Jeg har her benyttet det medfølgende install script og ændret følgende for at kunne installere fra en netværks-share:
REM cd /D %~p0
copy /Y \WIN-VS-001XenAppThreadMaster*.* %zInstDir% >NUL
START /WAIT \WIN-VS-001XenAppThreadMasterTM.vbs

TM.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1
Dim strValueName1
Dim strValue
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SYSTEMCurrentControlSetServicesThreadMasterParameters”
strValueName1 = “MainSampleTime”
strValue = “15”
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath1
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath1,strValueName1,strValue

Office.cmd:
@ECHO OFF
ECHO Office 2007 Prof.
START /WAIT \WIN-VS-001XenAppOffice2007Setup.exe
REGSVR32 /U %SYSTEMROOT%SYSTEM32MSCTF.DLL /S
START /WAIT \WIN-VS-001XenAppOffice2007Office.vbs

Office.vbs:
Option Explicit
Dim objReg, strComputer
Dim strKeyPath1, strKeyPath2
const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath1 = “SOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftOfficeCommonUserInfo”
strKeyPath2 = “SOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftOfficeCommon”
strComputer = “.”
Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\”&_
strComputer & “rootdefault:StdRegProv”)
objReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath1
objReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath2

SaveAsPDFandXPS.cmd:
@ECHO OFF
ECHO SaveAsPDFandXPS
START /WAIT \WIN-VS-001XenAppSaveAsPDFandXPSSaveAsPDFandXPS.exe /QUIET

Office2007SP1.cmd:
@ECHO OFF
ECHO Office 2007 SP1
START /WAIT \WIN-VS-001XenAppOffice2007SP1office2007sp1-kb936982-fullfile-da-dk.exe /passive /norestart

Reboot.cmd:
@ECHO OFF
shutdown.exe -r -f -t 60

Nedenstående, lister en række gode links i forhold til ovenstående applikationer:

Java:
Direkte download link til Java Runtime Environment 6 Update 3.
http://javadl.sun.com/webapps/download/AutoDL?BundleId=12798
Lockdown settings for java.
http://www.appdeploy.com/packages/detail.asp?id=923

Adobe flash and Shockwave:
Direkte link til MSI filerne. Kræver en registrering.
http://www.adobe.com/licensing/distribution/

Adobe Reader:
Direkte download link til nyeste offline fil.
http://www.adobe.com/products/acrobat/readstep2.html?type=distrib
Kommando til at upakke exe-filen er som følger:
AdbeRdr812_en_US.EXE -nos_ne – MSI filen vil blive extractet i Documents and Settings<username>Local SettingsTempAdobe Reader.
Lockdown settings for Adobe Reader.
http://www.appdeploy.com/packages/detail.asp?id=915

UPHClean:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

ThreadMaster:
http://threadmaster.tripod.com/
Guide til ThreadMaster.
http://www.msterminalservices.org/articles/ThreadMaster-Rogue-Applications.html

Office 2007 i et Terminal Server miljø:
http://support.microsoft.com/?kbid=823586
http://www.microsoft.com/technet/technetmag/issues/2008/02/OfficeTS/default.aspx
http://technet2.microsoft.com/Office/en-us/library/7e816caa-7c1c-4d78-ac28-693aa4ea58d81033.mspx?mfr=true
Considerations when installing Outlook 2007 in a Terminal Services environment
http://technet2.microsoft.com/Office/en-us/library/ba930d00-dc38-4564-ad00-8304d74f1d8c1033.mspx?mfr=true

Nedenstående billeder viser Outlook settings via Office Customization Tool (OCT). Man gemmer til sidst sin tilrettet MSP-fil i Office Updates folderen.



Alle feature lockdowns styrer jeg via Office 2007 GPO templates.
Her kan bla nævnes, Customer Experience Improvement- Office Diagnostic – Office update – Outlook AutoArchive mfl.