Published on 10 Sep 2012
On 08.09.2012 I held a session at the ice conference in Lingen comparing the new Remote Desktop Services in Windows Server 2012 with Citrix XenApp. A big thank you to my audience for placing me second - after Nils Kacienski who became Speaker of the Year.
Published on 29 Aug 2012
With the release of Windows Server 2012, I wanted to upgrade my test and demo environment as quickly as possible. As with many hosting offerings, I do not have physical access to my dedicated server but do get two hours of remote console access for free. Therefore, I needed a way to deploy Windows Server 2012. This article documents how I successfully installed Windows Server 2012 on the second hard disk from a running Windows Server 2008 R2.
Published on 27 Jul 2012
In a centralized environment such as a XenApp farm, users share resources with one another. A thoroughly designed platform will be able to handle all prospected users as well as provide contingencies for failures and maintenance tasks. When sizing a XenApp farm, resources as well as licenses need to be calculated for the concurrently connected users (CCU) which may well be only a small fraction of the total number of users. From an architectural point of view, it is very desirable to free resources when they are held by idle users to make them available to other sessions.
XenApp offers several timeouts to manage inactivity and free resources. This article explains how they work (including session pre-launch and session lingering) and what this means for your design.
Published on 25 Jul 2012
Windows Recovery Environment (RE) is based on the Windows Preinstallation Environment (PE) and can be extended to be a minimalistic system to recover a somehow broken systen. Windows RE is configured in the boot configuration data to be the failover system for the primary boot entry. If the boot loader fails on the default entry, it will automatically try to boot into the recovery environment.
Published on 11 Jul 2012
I have recently published the shadow key companion which compiles all currently known information about shadow key in a single article. An important piece of information is the flag TS_AWARE for executables causing Windows not to produce shadow keys in install mode. Unfortunately, there is a downside to this flag that may well affect installation scripts.
Published on 03 Jul 2012
The most prominent reason for thinking about booting through UEFI instead of BIOS is the availability of large drives. BIOS requires a MBR (Master Boot Record) formatted drive which is inherently limited to 2 TiB. But there are more very good reasons for making the switch. In this article I will provide a brief comparison of BIOS and UEFI before explaining how to create bootable devices for UEFI and install Windows on an UEFI system.
Published on 22 Jun 2012
I decided to make my clumsiness of yesterday evening public to make myself suffer for the stupid mistake I made. When I was preparing a new VM as a new template, I executed SysPrep as the final step. Unfortunately, I did not realize it was running on the Hyper-V host instead of inside the VM. I’d like to share with you what happened and what I learned from this.
Published on 21 Jun 2012
Shadow Keys have been around for a very long time and many (including myself) have written about this topic. I feel it is time to compile all the information about shadow keys in one place to provide a comprehensive overview. This article will tell you about the concept of shadow keys, how they affect x64 and why some applications get around writing shadow keys at all.
Published on 14 Jun 2012
Traditionally remote desktop connections to Windows servers have been secured by authentication mechanisms based on username and password. Although current target servers provide the client with a certificate to proove their identity, most users are a certificate warning because hardly any server is configured with a certificate that can be successfully verified by the client. This article describes three measures to increase the security of an remote desktop deployment.
Published on 07 May 2012
In today’s world passwords are necessary for almost anything - this is especially true in a managed corporate environment. Whereas in the past a user was required to memorize many passwords for different applications and databases, IT departments are now expected to implement federated authentication mechanisms to reduce the number of passwords per user.
Consequently, Citrix offers Passthrough Authentication in addition to traditional explicit authentication. Unfortunately, the concept is widely misunderstood resulting in unexpected behaviour expecially in external access scenarios. This article provides a detailed description how Citrix passthrough authentication works, what it does and especially what it does not.