Disable Local Drive Mapping On Windows Server 2003

This post will show on how to disable local drive mapping via GPO for Windows Server 2003 environment. Considering GPO will take precedence over Citrix policy, this setting will work on both RDP and ICA sessions.

Description :
Disable local drive mapping via GPO (the same setting can be applied to local policy too)

How To Do :

1. Open your Group Policy Object, and browse to this setting ( Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Client/Server data redirection 
   
   
   
   
2.  Let's focus on Do not allow drive redirection. Right click at it, and click at Properties
   
   
   
   
3.  Choose Enabled, press Apply and OK.
   
   
   
   
   
   
4.  This will be the outcome.
   
   
   
   
5. This is the explanation on this setting by Microsoft.  
   
   
   
   
6. Drive mapping is now disabled, and users are not able to change it.
   
   

Read More

Adding AD User Groups Into Computer Local Groups (Microsoft Server 2003)

Description :
There are multiple ways to do add AD user groups into computer local groups - manual way or using GPO. To me, it is always GPO way - it is easier (sort of) as the configuration will be persistent across all servers where the GPO being applied to.

How To Do :

1.  At your GPO, right click at it, and choose Edit...
   
   
   
2.  Expand to Computer Configuration > Windows Settings > Security Settings > Restricted Groups. Right click at it, and choose Add Group...
   
   
   
3.  Click at Browse... as we want to choose the AD user Group.
   
   
   
4.  Type your AD User Group
   
   
   
5.   Click at Check Names to ensure the group is correct. Once it is confirmed, click at OK.
   
   
   
6. The User group will be listed here. You can choose as many user groups as you want, it will be listed here. Press OK again.
   
   
   
7.  In here, click at the Add button under This group is a member of: option.
   
   
   
8.  Click at Browse to choose the local group to be assigned to.
   
   
   
9.  Type your desired local group name. In this example, I chose Remote Desktop User. As always, press Check Names, and OK once confirmed.
   
   
   
10.  Press OK.
    
    
    
11.  So the local group will be listed here. Press Apply and OK.
    
    
    
12.  You can see a new entry listed in Restricted Groups option.
    
    
    
13.  To ensure the policy enforced to the servers, RDP to the servers and run GPUPDATE /FORCE command
    
    
    
14. You can see the AD user group will be listed in local Group.
    

Read More

Failed to Delete / Move Organizational Unit in Active Directory

I think I rarely touch about Active Directory, so let's start with a basic one. Let say, one day you want to housekeep your OU structure, delete or maybe move some OUs to different locations, but you got an error :

You do not have sufficient privilages to delete <OUName>, or this onject is protected from accidental deletion.

or

Windows cannot move object <OUName> because:

Access is denied.

Well, if we look at the first error, it is clear cut, the object is protected from accidental deletion, so the object needs to stay there. Whereas for second error, it just mentioned "access is denied". 

Issues :

• Can't delete or move OU, either one of above errors prompted.

Troubleshooting 

1.  Right click at the target OU, and click at Properties
   

Read More

How To Sysprep Windows Server 2003

This maybe one of my last posts for Windows Server 2003, as we all know its EOL is on July 2015 (14th of July, 2015 to be exact). This post may become handy to some, may not to the others, as they already moved to Windows Server 2008, or perhaps Server 2012.

Description :
How To Sysprep Windows Server 2003.


How To Do :

1.  Mount the Windows Server 2003 installer (take note on the version). Once done, browse to Support\Tools folder. Double click at DEPLOY.CAB
   
   
   
2. Highlight all files, right click, and choose Extract.
   
   
   
   
3. Select a destination. In this case, it is C:\Sysprep.
   
   
   
   
4. Once done, you will see all these files inside the folder.
   
   
   
   
   
5.  Double click at sysprep.exe
   
   
   
6. This screen will pop up. Press OK.
   
   
   
   
7. Based on your preference, choose all needed options accordingly. If you want to customize the installation using INI file, choose Factory, or else Reseal.
   
   
   
   
8. For this post, I chose Reseal, and wants Sysprep to regenerate security identifier (SID). Hence, this message pop up. Choose OK.
   

Read More

How To Set up Configuration Logging for XenApp 5 for Server 2003

In this Kb, Citrix explains on how to set up a Configuration Logging for XenApp 6.5. In this 
post, I will show on how to set up the same for XenApp 5 for Server 2003.

Description :
Set up Configuration Logging for XenApp 5 for Server 2003.



How To Do :

1.  Launch Citrix Console, right click at <FarmName>, and choose Properties.
   
   
   
   
   
   
2.  Browse to Farm-Wide > Configuration Logging.
   
   
   
   
   
   
3.  Click at Configure Database.
   
   
   
   
   
4.  Choose connection type (in this case, it is SQL Server), DB Server name, and credential (in this case, I used Windows Integrated security). Press Next
   
   
   
5.   Speficy the database name, and press Next
   
   
   
6.  Leave all settings as default, but change "Use encryption" to No. Press Next
   
   
   
7.  Press Test Database Connection in order to test the connection
   
   
   
   
   
   
8.  You will see this screen if the testing is successful. Press OK
   
   
   
   
9. Now we are good, Configuration Logging properly set up. press OK.
   

Read More

Invalid Short Date Format on Registry

This is somehow not directly related to Citrix; it is more towards on how application reads information in registry. One of our application relies on Short Date format in Control Panel. Users will face error if the short date format is different with required format.

Issues :

• Short Date format is different with application required setting. User won't be able to proceed with their tasks.
  

Troubleshooting 

1.  Before proceed, ensure the user is not logging into the server (ICA or RDP). Go to Start > Run...
   
   
   
2.  Type regedit, and press enter
   
   
   
3.  Browse to My Computer > highlight the HKEY_USERS
   
   
   
4.  Go to File > Load Hive...
   
   
   
5.  Browse to user's profile ( %Documents and Settings%\<User ID> or %Users%\<User ID> ) and open NTUSER.DAT
   
   
   
6.  Put a Key Name, and press OK
   
   
   
7.  Browse to My Computer > HKEY_USERS > <Key Name> > Control Panel > International
   
   
   
8.  Search for sShortDate, and check the format of the Data. In here, yo ucan search for Long Date and Time Format too.
   
   
   

Resolution :

1.  Right click at sShortDate > choose Modify
   
   
   
2. Configure correct format. In this case it is dd/MM/yyyy
   
   
   
3.  This is the outcomes
   
   
   
   
   
4.  Once done, browse to My Computer > HKEY_USERS > highlight the <Key Name>
   
   
   
5.  Go to File > Unload Hive...
   
   
   
6.   Choose Yes at the Confirm Unload Hive message box
   
   
   
7.  Hive key is no longer there,
   
   
   
8.  This is the difference (before and after change).
    

Read More