Home » powershell

Tag: powershell

Script a custom AWS AppStream image

Scenario

Lets script a custom aws appstream image

A customer wanted to setup AWS AppStream 2.0 Image Automation for their AppStream image creation especially as there were situations where two or more images were potentially required including monthly updates (minimum) so they needed a repeatable, consistent solution for this.

 

Solution

You can only automate this so far within the current AppStream 2.0 limitations.

Creation of the image builders, the builder image itself, creation or the fleets and stacks then based on this image.

Short of joining your image builder to a domain that launches a script at computer startup – there is no immediate way to call a ‘zero touch build’ for AppStream images, and no current way to automate the Image Builder test and optimize wizard (the wizard you run to seal and snapshot the image)

Things to Consider Scripting / Adding

  • IEES Disable for all users
  • Local Timezone and Regional Settings (particularly if outside the US and your regional settings are not available for selection from the End User interface) (for example UK English and Timezone)
Set-WinSystemLocale en-gb
Set-Culture en-GB
Set-WinSystemLocale en-GB
Set-Timezone "GMT Standard Time"
  • If your images wont be domain joined then
    • Create a login script to apply user settings at ‘login’
    • If you manipulate local Group Policy (gpedit.msc) use the microsoft tool  LGPO.exe to backup and restore the settings easily
    • You can publish Windows Explorer in the Image Assistanc via a batchfile with content
cd %userprofile%\my files\temporary files -Force
start .

Examples

You can automate the image builder application injection using sqlite.exe per below

example.sql file to pass into C:\ProgramData\Amazon\Photon\PhotonAppCatalog.sqlite

INSERT INTO Applications (Name, AbsolutePath, DisplayName, IconFilePath, LaunchParameters) VALUES (“My Intranet Website”, “C:\Program Files (x86)\internet explorer\iexplorer.exe”, “Intranet”, “C:\ProgramData\Amazon\Photon\AppCatalogHelper\AppIcons\ie.png”, “https://www.myintranet.org.uk”)

Any questions or comments get in touch using the social media links at the top of the website and we will do out best to help! 😉

 

Scripts for AWS S3 powershell Upload and Download of Folders and Subfolders

UPLOAD LOCAL FOLDER and SUBFILES to S3

#Load AWS Powershell Extensions
import-module "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSPowerShell.psd1"

#Set AWS Creds to connect to S3. The S3 user should have a specific IAM policy to lock them down to this specific bucket only. See here for example s3 policy
Set-AWSCredentials -AccessKey <BUCKETUSERACCESSKEY> -SecretKey <SECRETKEY> -StoreAs default

#Upload AWS bucket folder using AWS Powershell Tools
#usage example write-s3object -BucketName <BUCKETNAME> -Folder <LOCALPath> -keyprefix <REMOTE> -recurse
write-s3object -BucketName mys3bucket -Folder d:\folder1\ -keyprefix folder1\ -recurse

#Remove AWS Credentials
Remove-AWSCredentialProfile -ProfileName default -Force

 

DOWNLOAD LOCAL FOLDER and SUBFILES to LOCAL

#Load AWS Powershell Extensions
import-module "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSPowerShell.psd1"

#Set AWS Creds to connect to S3. The S3 user should have a specific IAM policy to lock them down to this specific bucket only. See here for example s3 policy
Set-AWSCredentials -AccessKey <BUCKETUSERACCESSKEY> -SecretKey <SECRETKEY> -StoreAs default

#Download AWS bucket folder called 'build' using AWS Powershell Tools
#read-s3object -BucketName <MYBUCKETNAME>  -Folder <LOCALPATH> -keyprefix <REMOTE>
read-s3object -BucketName <MYBUCKETNAME>  -Folder c:\Build\ -keyprefix Build

#Remove AWS Credentials
Remove-AWSCredentialProfile -ProfileName default -Force

 

 

How to find an AWS AppStream 2.0 users homedrive path

Scenario

AWS AppStream 2.0 generates a SHA-256 hash of the users NameID for their Home Drive – when using SAML (aka Federated) authentication. This can potentially make it difficult to find the users home share if browsing from AWS S3 or for support teams when supporting users or uploading documents to the users ‘home drive’.

Example

In this document is an example of a federated users home drive autocreated in S3 after the user has accessed AppStream 2.0 for the first time.

This script will simply create a function in Windows powershell and allow you to generate the SHA256 hash based on the NameID and so you can discover the users homepath.

Function Get-StringHash([String] $String,$HashName = "MD5")
{
$StringBuilder = New-Object System.Text.StringBuilder
[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|%{
[Void]$StringBuilder.Append($_.ToString("x2"))
}
$StringBuilder.ToString()
}

$myvar = Read-Host –Prompt 'Enter string to hash'
Get-StringHash $myvar "SHA256"

Result

As we know the users NameID being passed into the AppStream session (in this instance its actually my email address)

App-V 5 local publishing of an App-V client package

Here is a quick tip for App-V 5 local publishing of an App-V client package

After packaging an application recently, we wanted to test it locally first before adding to the App-V shared content store, or distributing it via the App-V infrastructure mode servers etc.

You may however come across some errors when trying to add and publish the appv package similar to the below.


add-appvclientpackage : Application Virtualization Service failed to complete requested operation.
Operation attempted: Retrieve Package and Version IDs From Package URL.
AppV Error Code: 0C80070002.
Error module: Streaming Manager. Internal error detail: 74F00F0C80070002.
Please consult AppV Client Event Log for more details.
At line:1 char:1
+ add-appvclientpackage “C:\admin\G&G IP v4.3.2015.49 OSL\G&G IP v4.3.2015.49 OSL. …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (:) [Add-AppvClientPackage], ClientException
+ FullyQualifiedErrorId : RetrieveGuidsFromPackageURL,Microsoft.AppV.AppvClientPowerShell.AddAppvPackage

Some things to keep in mind when publishing from a local source.

  • Run the powershell console as an administrator
  • Ensure your content is pointing to a UNC share path not a direct path (even though direct is apparently supported?)
  • Ensure the Network Service account has permission to access this local folder or path

So, instead of: add-appvclientpackage “C:\folder\ApplicationName\ApplicationName.appv”

Share it and try: add-appvclientpackage “\\server\folder\\ApplicationName\ApplicationName.appv

 

Full command to add a package locally, publish it and mount it:

Add-AppvClientPackage -Path ” \\server\folder\\ApplicationName\ApplicationName.appv ” | Publish-AppvClientPackage -Global | Mount-AppvClientPackage

 

Citrix Storefront Filtering

How to configure filtering for Citrix Storefront

From our initial testing the Citrix Storefront Filtering are STORE specific, if you want different filters or one store for apps and another store for desktops you need to configure another separate store.

  1. From elevated PS prompt
    • set execution-policy = unrestricted
    • c:\program files\citrix\receiver storefront\scripts\ImportModules.ps1

Note: the siteid is ‘1’, but if you have modified the configuration of IIS you can check it by running “%windir%\system32\inetsrv\appcmd.exe list site” just to be sure

SET FILTERING

(substitute your settings with those in in BOLD, ours below are based on a default single store install)

Set-DSResourceFilterKeyword -SiteId 1 -VirtualPath “/Citrix/Store“-IncludeKeywords @(“Include“)

Set-DSResourceFilterKeyword -SiteId 1 -VirtualPath “/Citrix/Store”-ExcludeKeywords @(“Exclude”)

RESET FILTERING

Set-DSResourceFilterKeyword -SiteId 1 -VirtualPath “/Citrix/Store” -IncludeKeywords @(“”)

SHOW/GET

Get-DSResourceFilterKeyword -SiteId 1 -VirtualPath “/Citrix/Store”

 

FILTER DESKTOPS OR APPLICATIONS COMPLETELY

Set-DSResourceFilterType -SiteId 1 -VirtualPath “/Citrix/Store” -IncludeTypes @(“Applications”)

Set-DSResourceFilterType -SiteId 1 -VirtualPath “/Citrix/Store” -IncludeTypes @(“Desktops”)

Set-DSResourceFilterType -SiteId 1 -VirtualPath “/Citrix/Store” -IncludeTypes @(“Documents”)

 

citrix storefront filtering powershell windows

Note: You can enable SSO for the PNAgent by performing the following command

PS C:\Program Files\Citrix\Receiver StoreFront\Scripts> .\EnablePnaForStore.ps1 -Siteid 1 -ResourceVirtualPath “/Citrix/Store” -logonmethod sson