Published on 11 Jul 2012
I have recently published the shadow key companion which compiles all currently known information about shadow key in a single article. An important piece of information is the flag TS_AWARE for executables causing Windows not to produce shadow keys in install mode. Unfortunately, there is a downside to this flag that may well affect installation scripts.
Published on 03 Jul 2012
The most prominent reason for thinking about booting through UEFI instead of BIOS is the availability of large drives. BIOS requires a MBR (Master Boot Record) formatted drive which is inherently limited to 2 TiB. But there are more very good reasons for making the switch. In this article I will provide a brief comparison of BIOS and UEFI before explaining how to create bootable devices for UEFI and install Windows on an UEFI system.
Published on 22 Jun 2012
I decided to make my clumsiness of yesterday evening public to make myself suffer for the stupid mistake I made. When I was preparing a new VM as a new template, I executed SysPrep as the final step. Unfortunately, I did not realize it was running on the Hyper-V host instead of inside the VM. I’d like to share with you what happened and what I learned from this.
Published on 21 Jun 2012
Shadow Keys have been around for a very long time and many (including myself) have written about this topic. I feel it is time to compile all the information about shadow keys in one place to provide a comprehensive overview. This article will tell you about the concept of shadow keys, how they affect x64 and why some applications get around writing shadow keys at all.
Published on 14 Jun 2012
Traditionally remote desktop connections to Windows servers have been secured by authentication mechanisms based on username and password. Although current target servers provide the client with a certificate to proove their identity, most users are a certificate warning because hardly any server is configured with a certificate that can be successfully verified by the client. This article describes three measures to increase the security of an remote desktop deployment.
Published on 07 May 2012
In today’s world passwords are necessary for almost anything - this is especially true in a managed corporate environment. Whereas in the past a user was required to memorize many passwords for different applications and databases, IT departments are now expected to implement federated authentication mechanisms to reduce the number of passwords per user.
Consequently, Citrix offers Passthrough Authentication in addition to traditional explicit authentication. Unfortunately, the concept is widely misunderstood resulting in unexpected behaviour expecially in external access scenarios. This article provides a detailed description how Citrix passthrough authentication works, what it does and especially what it does not.
Published on 23 Mar 2012
Last year I started out on a quest for a new laptop. I had two important requirements for a new device: mobility and tablet capabilities. Why is that you may ask yourself.
Published on 13 Mar 2012
Since I have begun working in the virtualization business, customers have been asking for reasons why to spend money for Citrix XenApp and whether Remote Desktop Services (RDS) cuts it for them. For a long time, the answer was easy as hosted sessions on Windows Remote Desktop Services – formerly Terminal Services – have only provided basic functionality. But beginning with Windows Server 2008, Microsoft has put a lot of effort into that space. The underlying roles were steadily improved in every version, e.g. to support rich graphics and virtual desktops. With the public beta of the next Windows Server (8), Microsoft has improved the performance of RDP and built new management capabilities into Server Manager.
Published on 16 Feb 2012
Lately, I have been working on a lot of new reports for EdgeSight along my previous posts about building custom reports. This involves writing SQL query against the EdgeSight database and incorporating EdgeSight parameters to react to user input. Recently I have become annoyed by starting my virtual machine for these jobs and thought that I would be really neat to have an EdgeSight database available at all times. So I decided to migrate my EdgeSight database to the cloud.
Published on 12 Jan 2012
After I have spend several parts of this series discussing the theory of certificates, certificate authorities, certificate requests and file formats, this article focusses on Windows and how it handles certificates. I will also present several pitfalls that can make your life miserable when working with certificates and what tools are available by Microsoft.