Citrix NetScaler 10.1: Where did the Configuration Wizard go?

Configuration WizardA vanilla Citrix NetScaler shows the configuration wizard right after a users authenticates using the GUI. The configuration wizard enables basic configuration like the NetScaler IP (NSIP), Subnet IP (SNIP), hostname, DNS, Time Zone and Administrator Password.

Sometimes it’s useful to open the configuration wizard after it is closed (for instance if you want to change the host name via the GUI). up to NetScaler 10.0 there was a Setup Wizard button on the System > System Information page.

Read more

Bring Your Own Mac

Bring Your Own MacThe Bring Your Own Device (BYOD) trend is no longer a hype, we see more and more people bringing their (own) Mac to the office. The simplicity of Apple devices combined with the power (and of course the esthetics)  makes them a wanted device. More and more people consider an Apple MacBook to be a serious option to replace their (corporate dictated) Dell / HP / IBM / Lenovo / etc laptop.

From a corporate IT perspective the BYOD trend is a pain in the ass. All of the sudden IT is confronted with unmanaged devices (if you bring your own, support your own) that need to access corporate resources. In real life there is no such thing as unmanaged devices. If your CFO has a problem with his shiny MacBook Pro you fix it.

Read more

MDT: Select operating system based on computer name

Windows VersionsBy default a single operating system is linked to a task sequences in Microsoft Deployment Toolkit (MDT). This means that if you have different operating systems you need to built (and maintain) a task sequence for each operating system.

A customer has different client types and wants to use a single task sequence to deploy different images. For this purpose a custom task is added that selects an operating system based on the prefix of the provided computer’s name.

Read more

MDT: Set default domain in LiteTouch

When a machine boots Microsoft Deployment Toolkit (MDT) LiteTouch via Windows PE it requires credentials to connect to the deployment share. By default the user name, password an domain are required fields. In most environment the domain is equal for most users, making it user friendly to configure a default domain.

User Credentials - DefaultUser Credentials - DOMAIN

Read more

MDT: Secure the Deployment Share

With a default installation of Microsoft Deployment Toolkit (MDT) the Deployment Share is not secure. All users are allowed to read / write which makes it vulnerable to unauthorized access and possibly exposes access to (installation) passwords.

The default permissions on a folder are:

  • Administrators – Full Control
  • CREATOR OWNER – Full Control
  • SYSTEM – Full Control
  • Users – Read & Execute + Create file / write data + Create Folders / append data

Read more

MDT: Filter task sequences on Active Directory group membership

DirectionsBy default task sequences in Microsoft Deployment Toolkit (MDT) are available for all users, there is no access control list (ACL). This means that you can’t filter certain task sequences for a group of users, while you might not want all users to execute all task sequences.

For instance I don’t want all users to run an unattended setup, I only want them to deploy a captured image (MDT can inject model specific drivers, so no harm done). However, the more advanced users Angry smile should be able to run all task sequences, including the unattended installations.

 

Windows Deployment Wizard - Task Sequence - Deploy onlyWindows Deployment Wizard - Task Sequence - All

Read more

MDT: Force users to supply an OSD computer name (MININT)

Machine that are deployed via Microsoft Deployment Toolkit (MDT) are provided with  a computer name that’s provided during installation. By default this is a generated computer name similar to “MININT-79S84T2”.

Since the GUI of MDT is quite slow – and won’t show an hourglass –  I noticed people tend to click [Next] twice on the previous screen. As a result they automatically accept the generated computer name instead of providing their own. It’s more friendly to block the [Next] button on the Computer Details screen so users are force to provide a proper computer name.

Windows Deployment Wizard - Computer Details - MININT-79S84T2Windows Deployment Wizard - Computer Details - !Invullen

Read more

RES Workspace Manager Relay Server explained and demystified

RES Workspace Manager 2012 ArchitectureWith the release of RES Workspace Manager 2012 a new component was introduced: the Relay Server. In this article I’ll explain what the Relay Server is, how it can help you in your Workspace Manager (WM) environment and reveal some of its mysteries.

Read more

Citrix: NetScaler applet hangs at 99% “Logging in”

When a Citrix NetScaler is configured using a graphical interface a browser is used to connect to the Citrix NetScaler. Starting NetScaler release 10 a part of the configuration is migrated from Java Applets to HTML5, but most configuration are still depending on Java Applets.

When you open a more advanced configuration the Java Applet is loaded automatically., If it hangs at 1% “Downloading Applet…” you might want to read this article.If it hangs at 99% “Logging in” continue reading.

Logging in

Read more

Citrix: NetScaler hangs at Downloading Applet….

With the release of Java Runtime Environment (JRE) 7 update 45  new security measurements are introduced. Oracle describes the impact of the updated security baseline in this blog. While security is an important topic (especially when web applications are involved) breaking applications due to raised security could result in the opposite.

In case you’re running JRE 7u51, please read this article with an update.

Downloading applet...Citrix NetScalers are managed with a web interface which uses HTML5 and Java applets. With new security measurements these applets hang at “Downloading Applet…”

At the moment of writing there are two features that need to be disabled to enable the Java Applets of the Citrix NetScaler (as described by Barry Schiffer in this article):

  • Disable Temporary Internet Files
  • Lower Security

While this solves the problem (of not being able to administer a Citrix NetScaler) is potentially creates a new: the security level is lowered for the entire JRE. While Oracle was trying to increase the security for Java Applets with this update the opposite is achieved Sad smile.  Fortunately there is a way to lower the security for specific addresses Smile

Read more