Home » Scripts, Commands, Registry

Category: Scripts, Commands, Registry

Script a custom AWS AppStream image

Scenario

Lets script a custom aws appstream image

A customer wanted to setup AWS AppStream 2.0 Image Automation for their AppStream image creation especially as there were situations where two or more images were potentially required including monthly updates (minimum) so they needed a repeatable, consistent solution for this.

 

Solution

You can only automate this so far within the current AppStream 2.0 limitations.

Creation of the image builders, the builder image itself, creation or the fleets and stacks then based on this image.

Short of joining your image builder to a domain that launches a script at computer startup – there is no immediate way to call a ‘zero touch build’ for AppStream images, and no current way to automate the Image Builder test and optimize wizard (the wizard you run to seal and snapshot the image)

Things to Consider Scripting / Adding

  • IEES Disable for all users
  • Local Timezone and Regional Settings (particularly if outside the US and your regional settings are not available for selection from the End User interface) (for example UK English and Timezone)
Set-WinSystemLocale en-gb
Set-Culture en-GB
Set-WinSystemLocale en-GB
Set-Timezone "GMT Standard Time"
  • If your images wont be domain joined then
    • Create a login script to apply user settings at ‘login’
    • If you manipulate local Group Policy (gpedit.msc) use the microsoft tool  LGPO.exe to backup and restore the settings easily
    • You can publish Windows Explorer in the Image Assistanc via a batchfile with content
cd %userprofile%\my files\temporary files -Force
start .

Examples

You can automate the image builder application injection using sqlite.exe per below

example.sql file to pass into C:\ProgramData\Amazon\Photon\PhotonAppCatalog.sqlite

INSERT INTO Applications (Name, AbsolutePath, DisplayName, IconFilePath, LaunchParameters) VALUES (“My Intranet Website”, “C:\Program Files (x86)\internet explorer\iexplorer.exe”, “Intranet”, “C:\ProgramData\Amazon\Photon\AppCatalogHelper\AppIcons\ie.png”, “https://www.myintranet.org.uk”)

Any questions or comments get in touch using the social media links at the top of the website and we will do out best to help! 😉

 

Scripts for AWS S3 powershell Upload and Download of Folders and Subfolders

UPLOAD LOCAL FOLDER and SUBFILES to S3

#Load AWS Powershell Extensions
import-module "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSPowerShell.psd1"

#Set AWS Creds to connect to S3. The S3 user should have a specific IAM policy to lock them down to this specific bucket only. See here for example s3 policy
Set-AWSCredentials -AccessKey <BUCKETUSERACCESSKEY> -SecretKey <SECRETKEY> -StoreAs default

#Upload AWS bucket folder using AWS Powershell Tools
#usage example write-s3object -BucketName <BUCKETNAME> -Folder <LOCALPath> -keyprefix <REMOTE> -recurse
write-s3object -BucketName mys3bucket -Folder d:\folder1\ -keyprefix folder1\ -recurse

#Remove AWS Credentials
Remove-AWSCredentialProfile -ProfileName default -Force

 

DOWNLOAD LOCAL FOLDER and SUBFILES to LOCAL

#Load AWS Powershell Extensions
import-module "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSPowerShell.psd1"

#Set AWS Creds to connect to S3. The S3 user should have a specific IAM policy to lock them down to this specific bucket only. See here for example s3 policy
Set-AWSCredentials -AccessKey <BUCKETUSERACCESSKEY> -SecretKey <SECRETKEY> -StoreAs default

#Download AWS bucket folder called 'build' using AWS Powershell Tools
#read-s3object -BucketName <MYBUCKETNAME>  -Folder <LOCALPATH> -keyprefix <REMOTE>
read-s3object -BucketName <MYBUCKETNAME>  -Folder c:\Build\ -keyprefix Build

#Remove AWS Credentials
Remove-AWSCredentialProfile -ProfileName default -Force

 

 

Citrix Storefront Filtering

How to configure filtering for Citrix Storefront

From our initial testing the Citrix Storefront Filtering are STORE specific, if you want different filters or one store for apps and another store for desktops you need to configure another separate store.

  1. From elevated PS prompt
    • set execution-policy = unrestricted
    • c:\program files\citrix\receiver storefront\scripts\ImportModules.ps1

Note: the siteid is ‘1’, but if you have modified the configuration of IIS you can check it by running “%windir%\system32\inetsrv\appcmd.exe list site” just to be sure

SET FILTERING

(substitute your settings with those in in BOLD, ours below are based on a default single store install)

Set-DSResourceFilterKeyword -SiteId 1 -VirtualPath “/Citrix/Store“-IncludeKeywords @(“Include“)

Set-DSResourceFilterKeyword -SiteId 1 -VirtualPath “/Citrix/Store”-ExcludeKeywords @(“Exclude”)

RESET FILTERING

Set-DSResourceFilterKeyword -SiteId 1 -VirtualPath “/Citrix/Store” -IncludeKeywords @(“”)

SHOW/GET

Get-DSResourceFilterKeyword -SiteId 1 -VirtualPath “/Citrix/Store”

 

FILTER DESKTOPS OR APPLICATIONS COMPLETELY

Set-DSResourceFilterType -SiteId 1 -VirtualPath “/Citrix/Store” -IncludeTypes @(“Applications”)

Set-DSResourceFilterType -SiteId 1 -VirtualPath “/Citrix/Store” -IncludeTypes @(“Desktops”)

Set-DSResourceFilterType -SiteId 1 -VirtualPath “/Citrix/Store” -IncludeTypes @(“Documents”)

 

citrix storefront filtering powershell windows

Note: You can enable SSO for the PNAgent by performing the following command

PS C:\Program Files\Citrix\Receiver StoreFront\Scripts> .\EnablePnaForStore.ps1 -Siteid 1 -ResourceVirtualPath “/Citrix/Store” -logonmethod sson

 

 

Dynamically display the PVS environment detail on users desktop with BGINFO

I want all PVS servers to dynamically display their environment on the desktop when a users logs into the desktop.

This can be achieved by:

1) adding a new ‘personality’ variable to each device in PVS

2) scripting the import of the variables from the c:personality.ini file to the windows registry

3) setting BGINFO to display the registry information at each user logon.

Process:

1) Edit the properties of the Target Device > Personality Tab > and Add your variables

PVS_Personality_variable

2) Script the import with VB and run as a computer startup script in the GPO

Set objShel = CreateObject(“WScript.Shell”)
objShel.Run “C:Progra~1CitrixProvis~1GetPer~1.exe Environment /r=HKEY_LOCAL_MACHINESOFTWAREMYCOMPANYPVSEnv”

3) Download BGINFO from sysinternals and setup the new desktop display

BGINFO_PVS_ENVIROMENTVIEW BGINFO_PVS_ENVIROMENT_registryssetup

bginfp_pvs_examplebginfp_pvs_example_prod

 

VBSCRIPT to merge multiple text files

Const ForReading = 1

Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objOutputFile = objFSO.CreateTextFile(“output.txt”)

strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\” & strComputer & “rootcimv2”)

Set FileList = objWMIService.ExecQuery _
(“ASSOCIATORS OF {Win32_Directory.Name=’c:temp’} Where ” _
& “ResultClass = CIM_DataFile”)

For Each objFile In FileList
Set objTextFile = objFSO.OpenTextFile(objFile.Name, ForReading)
strText = objTextFile.ReadAll
objTextFile.Close
objOutputFile.WriteLine strText
Next

objOutputFile.Close

List of common Citrix Netscaler session policy expressions

My (non exhaustive) list of helpful Netscaler session policies expressions for EPA.

SCAN REGISTRY (Advanced free-form)

CLIENT.REG(‘HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters_Domain’).VALUE == domain.local

CLIENT.REG(‘HKEY_LOCAL_MACHINE_64\\SOFTWARE\\McAfee\\AVEngine_AVDatVersion’).VALUE == 6198.

CLIENT.REG(‘HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\AVEngine_AVDatVersion’).VALUE == 6198.

CHECK FOR FILE EXISTENCE

CLIENT.FILE(‘C:\\WindowsCompany_Laptop.txt’)

CHECK FOR RUNNING PROCESS

CLIENT.APPLICATION.PROCESS(firewall.exe) EXISTS

CHECK OS VERSION (Match any expresssion)

CLIENT.OS(winxp).SP == 2

CLIENT.OS(win7) EXISTS

DETECT (or not) CITRIX RECEIVER (Match any)

REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver || REQ.HTTP.HEADER User-Agent CONTAINS ‘CitrixReceiver-iPad’

REQ.HTTP.HEADER User-Agent CONTAINS Android

REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver

CHECK SYMANTEC ENDPOINT PROTECTION, DEF FILE 5 DAYS, SERVICE RUNNING

CLIENT.FILE(‘C:\\ProgramData\\Symantec\\Symantec\ Endpoint\ Protection\\CurrentVersion\\Data\\Definitions\\VirusDefs\\definfo.dat’).TIMESTAMP != 5dy && CLIENT.REG(‘HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters_Domain’).VALUE != domain.local && CLIENT.SVC(SepMasterService) NOTEXISTS

EPA SCAN RESULTS

The results of the EPA scan can be found in the following locations:
Windows XP: C:Documents and SettingsAll UsersApplication DataCitrixAGEEnsepa.txt
Windows Vista and Windows 7: C:UsersAll UsersCitrixAGEEnsepa.txt

Use Appsense Personalisation to capture Windows Automatic and Custom destinations

To backup the New windows 7 start menu ‘jump lists’ links for things like recent items for Word, excel etc open the EM Agent and get it to copy the following folders at log on and logoff

At Logon copy the following
\homeservershare%username%WINDOWSRecentAutomaticDestinations and \homeservershare%username%WINDOWSRecentCustomDestinations (including subfolders)
TO
%APPDATA%MicrosoftWindowsRecentAutomaticDestinations and %APPDATA%MicrosoftWindowsRecentCustomDestinations

At logoff
Reverse the above process

Default user registry keys for citrix User Profile manager or Appsense Hive in and Out

These are the keys we imported and exported before finally using Appsense Personalisation

These were used in conjunction with a mandatory profile. Remember that a mandatory profile will not work well with I.E or user based certificates. There is another post here about changing the user to look like a ‘non mandatory’ user for the duration of their session so certificates work.

COMMON SETTINGS

“HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows Messaging Subsystem”

“HKEY_CURRENT_USERSoftwareMicrosoftExchange”

“HKEY_CURRENT_USERSoftwareAdobe”

“HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer”

“HKEY_CURRENT_USERSoftwareMicrosoftOffice”

“HKEY_CURRENT_USERSoftwareMicrosoftShared Tools”

 

DESKTOP SETTINGS

“HKEY_CURRENT_USERPrinters” “HKEY_CURRENT_USERSoftwareMicrosoftActive Setup”

“HKEY_CURRENT_USERSoftwareMicrosoftIdentityCRL”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAutoComplete”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerBitBucket”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerCIDOpen”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerCIDSave”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerCLSID”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerControlPanel”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerDiscardable” “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIcons” “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrder”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerModules” “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerNewShortcutHandlers” “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerSearchPlatform” “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerSessionInfo”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerStreamMRU”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerStreams”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerStuckRects2”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerTaskband”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoam”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerDontShowMeThisDialogAgain” “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerTypedPaths”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist”

“HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0”

“HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows”

Recreate or Publish the Windows Printers Folder (Win7 or 2008)

The following commands will recreate or open a ‘Printers’ folder

rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder

%windir%explorer.exe /e,::{2227A280-3AEA-1069-A2DE-08002B30309D}

control.exe printers

This can be used to publish a printers folder via Citrix XenApp

%windir%explorer.exe /e,::{2227A280-3AEA-1069-A2DE-08002B30309D