Tag Archive for RES Software

RES Automation Manager: Add fonts on Windows Server 2008 R2

Today while working on an unattended installation for a Citrix XenApp 6 on Windows Server 2008 R2 installation the customer asked me to add some fonts to the default installation. After some searching I found a VBS script that could do this, I had to change the script a bit because it gave some errors:

Read more

RES Automation Manager: Time sync issues

One of my customers had some time sync issues, we’ve build a new domain based on Windows 2008 R2 and all the DC’s in the new domain where configured with the core switch(es) as NTP server and the time on these switches where right. So we went on searching and apparently somebody turned on the following feature:

Read more

RES Workspace Manager and Change Password dialog

One of our customers noticed that the balloon that pops up when a password is about to expire isn’t displayed properly while using RES Workspace Manager. I send them an old powershell script that checks Active Directory and sends an email when the password expire date is within 14 days.

Read more

RES: Automation Manager and Service Orchestration

A couple of weeks ago I went to a training for two days where I’ve been drilled by Anne Plancius who’s Solution Architect at RES Software. Subject was Service Orchestration; this software creates an interface for users, key users, administrators to different systems without knowledge of the back end that delivers the functionality to the end user.

Read more

RES Workspace Manager: Launch after Citrix published desktop

Because one of our customers was planning to use the Citrix Desktop Appliance Lock, we needed to publish a Citrix desktop and start RES Workspace Manager after the launch of the desktop. While Microsoft has GPO’s for running a program after logging in, Citrix prohibits this.


Upon installation, Citrix adds tabs to the RDP-TCP Listener Properties in the Terminal Services Configuration. By default, the Environment tab has the “Run initial program specified by user profile and Remote Desktop Connection or Terminal Services client” radio button selected. Also, the Citrix Settings tab has “Only allow administrators to create desktop connections” selected.



When leaving this setting default you will get an error message when logging in:

“To log on to this remote computer, you must have Terminal Server User Access permissions on this computer. By default, members of the Remote Desktop Users group have these permissions. If you are not a member of the Remote Desktop Users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually.”

To correct this you can manually clear the “Only allow administrators to create desktop connections” check box like stated in CTX109925 but you can also create a custom ADM template to clear this check box. The key that’s used for this is:

HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\ICA-tcp\fDisableExe

Where 0 is cleared and 1 is checked.

To create a custom ADM file I used the following PDF, the ADM template contained the following information:

;Configure The only allow admins to create desktop connections settings.
CLASS Machine

CATEGORY “Server Based Computing”
CATEGORY “Citrix Presentation Server”

KEYNAME “SYSTEM\ControlSet001\Control\Terminal Server\WinStations\ICA-tcp”
POLICY !!fDisableExe
EXPLAIN !!ExplainWords
PART “Disable the only allow admins to create desktop connections settings?” TEXT
PART “Clear the ‘Only allow administrators to create desktop connections’ check box?”
VALUENAME “fDisableExe”


fDisableExe=”Allows published desktops for users”
ExplainWords=”This policy enables/disables published desktops with autostart programs for users”

I’ve applied this policy to my Windows 2003 w/ XenApp 5 farm and the check box is cleared and I can start a Citrix published desktop (while using the Desktop Appliance Lock) and start RES Workspace Manager after the desktop launch.  This way I can have the best of both worlds!

I denied the GPO on the Administrator accounts so when somebody with an administrator accounts connects via this Citrix Desktop they won’t get this policy and thus Workspace manager won’t get started.

If you’re using XenApp 6 you can use the following policies:

  • ICA\Desktop launches : “Allows or prevents non-administrative users to connect to a desktop session on the server.
    When allowed, non-administrative users can connect. By default, non-administrative users cannot connect to desktop sessions.”
  • ICA\Launching of non-published programs during client connection : “Specifies whether to launch initial applications or published applications on the server. By default, only published applications are allowed to launch.”

Your policies should look like the following image:




Desktop Appliance Lock:Windows 7 Embedded, Citrix and log off local client #2

After posting RES Workspace Manager: Windows 7 Embedded, Citrix and log off local client I got pointed to the Desktop Appliance Lock by Michel Helderman on Twitter. This is an MSI on the XenDesktop DVD which can be installed on a thin client with Windows 7 embedded:

Supported Windows Operating Systems:

  • Windows 7, 32-bit and 64-bit editions (including Embedded Edition)
  • Windows XP Professional, 32-bit and 64-bit editions
  • Windows XP Embedded
  • Windows Vista, 32-bit and 64-bit editions
  • Windows Server 2008 R1, 32-bit and 64-bit editions (not supported by XenDesktop connections)
  • Windows Server 2008 R2, 64-bit edition (not supported by XenDesktop connections)
  • Windows Server 2003, 32-bit and 64-bit editions (not supported by XenDesktop connections)

Important: For XenDesktop connections, be aware that the Desktop Appliance Lock is only supported on Windows XP Professional and Windows XP Embedded.

Prerequisite for this is a Citrix Online plugin (Full) that’s properly configured with a Citrix Services Site. Keep in mind that there’s a shell replacement so when the Desktop Appliance Lock is installed it can only be un-installed by the same account that was used for the installation (the shell of the install account won’t be changed).

As we’re using RES PowerFuse 2010 at this customer we first tried this with a RES PowerFuse desktop but this wouldn’t work because it’s a published application and not a published desktop like the Desktop Appliance Lock expects. If you want this to work you have to publish a desktop and if you’re using RES PowerFuse (or Workspace Manager) you have to configure it so it starts at the user log on process. You can do this by using Group Policy or by using the RES Console:

Configuring Agents

If you choose not to run the Workspace Composer automatically after installation of the .msi, you may choose to change the shell later via the RES Workspace Manager Console at Setup > Agents.

The Run Workspace Composer column reflects whether an Agent was configured to start the Workspace Composer automatically when users log on to the Agent. This information does not apply to Agents running on Terminal Servers.

  • If the column shows the value Automatic (pending) or Manual (pending), the Agent cache has not been updated yet.

The Settings tab of the Edit RES Workspace Manager Agent window, which is shown when editing the settings of a RES Workspace Manager Agent features the option Run Workspace Composer. This option, which is not available for Agents running on a server, makes it possible to choose whether the Workspace Composer should run automatically when a user logs on to the computer on which the Agent runs.


Like I said earlier, the shell is modified and when the Citrix Online plugin is configured the right way the session will be started automatic and when logging off the Windows 7 Embedded client will be logged off as well.