Thursday, November 29, 2012

Password change option also available in RD Web Access on Windows Server 2008 R2

A while back I posted about one of the new features on RD Web Access in Windows Server 2012: an option to change your password by using RD Web Access.
http://microsoftplatform.blogspot.nl/2012/03/rds-in-win8-feature-highlight-no_12.html

It seems that this option can also be made available on RD Web Access based on Windows Server 2008 R2.The option is not there by default but can be enabled by running a patch on your RD Web Access server.

Remember that the password change feature can be accessed by opening the password.aspx page, so for example https://<ServerName>/RDWeb/Pages/en-US/password.aspx. On a RD Web Access server running Windows Server 2008 R2 this file is not there be default.

image

The patch that creates the necessary files is:
http://support.microsoft.com/kb/2648402

Note that the KB Article does not really mention the fact that the password change option is also added. It’s actually related to fix a different, although somewhat related, issue.

The KB Article does however mention the passwords.aspx file.

image

After installing the patch (and a reboot that is required) the password.aspx file is created.

image

To enable the option we need to set a variable in IIS (the same as with RD Web Access Windows Server 2012).

image

After that, we’re able to browse to the password.aspx file and successfully change a password.

image

image

Thanks goes out to Alexey Astashin for pointing this out to me and updating the TechNet Wiki.http://social.technet.microsoft.com/wiki/contents/articles/10755.enabling-the-rd-webaccess-expired-password-reset-option-in-windows-server-2012.aspx

Wednesday, November 28, 2012

Available for download: System Center 2012 Monitoring Pack for Windows Server 2012 Remote Desktop Services.

The Remote Desktop Services Management Pack for System Center Operations Manager has been released a few days ago.

 


Download:
http://www.microsoft.com/en-us/download/details.aspx?id=35812
Documentation: OM2012_MP_RDS.docx

Below some information on the key monitoring scenarios taken from the documentation provided by Microsoft.

“…The Remote Desktop Services Management Pack monitors the availability and performance of the following servers: the RD Session Host server, the Remote Desktop license server, the RD Connection Broker server, the RD Web Access server, the RD Gateway server, and the RD Virtualization Host server. The following table describes the key monitoring scenarios…”

Scenario

Description

RD Session Host server performance

Checks the status of the RD Session Host server by using three key performance monitors that are enabled by default: the number of active sessions, the number of inactive sessions, and the total processor time per session.

When the number of active sessions approaches the performance limit of the computer's hardware, the monitor changes to a critical health state and alerts you.

When a number of inactive sessions exceeds the idle session limit field of either the Remote Desktop Services node in Group Policy or the Remote Desktop Session Host Configuration console, the monitor changes to a critical state and alerts you.

When the total processing time per session exceeds 80 percent of the CPU's total capacity for 15 minutes, the monitor changes to a critical state and alerts you.

RD Session Host server monitoring

Ensures that the Remote Desktop Services service is running, and tests for connectivity to the Remote Desktop license server and the RD Connection Broker server. It also monitors the number of open sessions and disconnected sessions.

Remote Desktop license server monitoring

Ensures that the Remote Desktop Licensing service is running, and that Remote Desktop Services client access licenses (RDS CALs) are installed and available on the Remote Desktop license server. The Remote Desktop Licensing database file is restored when there is a modification to the old database file.

RD Gateway server monitoring

Ensures that the Remote Desktop Gateway service is running, and checks that it is able to connect to the RD Session Host server. Monitors the number of current connections.

RD Connection Broker server monitoring

Ensures that the Remote Desktop Connection Broker service is running. Monitors the availability and configuration of the RD Web Access role service.

RD Web Access server monitoring

Ensures that the RD Web Access server is running. Monitors connectivity between the RD Session Host server and the RD Web Access server.

Monday, November 26, 2012

Predefining and customizing the Modern UI Start Screen on RDS 2012

As you probably know Windows 8 does not have a classic Start Menu anymore. To replace that we now have the Modern UI Start Screen. For Windows Server 2012 this is no different. In fact, as soon as you enable the desktop experience feature on a Windows Server 2012 (RD Session Host) server the Modern UI Start Screen is launched upon logging on.

So when running Remote Desktop Services on Windows Server 2012 that raises the question, how can we control the Start Screen the way we would usually control the Start Menu up until Windows Server 2008 R2. With Windows Server 2008 R2 a method that was commonly used (although it has it’s CON’s) was the redirecting the Start Menu to a central location. And by using Access Based Enumeration on the share that hosted the Start Menu, end users would only see shortcuts they were authorized to see, based on group membership.

So, what happen if we would stick to this solution and redirect the Start Menu using the following well-known GPO setting?

image

This is what a new user would see upon first logon:

image

That’s right, a completely empty Start Screen, whoops!
Why is that? This is because the Start Screen can simply not be redirected using folder redirection the way the Start Menu was redirected in Windows Server 2008 R2. Instead, what happens is the All Apps section of the Start Screen is redirected to the folder we specified in the folder redirection GPO.

As you might know you can access that by right clicking on the Start Screen (or by pressing CTRL-TAB).

image

Here the user is able to see shortcuts to the applications he’s authorized to.

image

From here, a user is able to pin the shortcuts he would like to see to his Start Screen

image

Using this method the end user is able to build his personal Start Screen. The fact that a user is able to customize the Start Screen to meet his needs is great. However, many users will be completely lost upon first logon when they are presented with the completely empty Start Screen.

Let’s build a configuration so that the end-users receive a default pre-defined Start Screen as a starting point at first logon and allow them to customize that to their needs by adding or removing shortcuts and adding sections to group shortcuts together.

Step 1
Logon as a test user and create the Start Screen you’d like to become the default pre-defined Start Screen. Below is an example of what’s possible.

image

Step 2
The Start Screen is stored in a binary file called appsfolder.itemdata-ms and is located in %USERPROFILE%\appdata\local\microsoft\windows\ After creating the Start Screen you want, copy this file to the following location on your RD Session Host Server(s): C:\Users\Default\appdata\local\microsoft\windows\appsfolder.itemdata-ms. If you want to save the current file make sure you create a backup of the exciting file first.

Step 3
Mark the file C:\Users\Default\appdata\local\microsoft\windows\appsfolder.itemdata-as as Read-only.

image

This configuration sets the basics. If a new user now logs in he’ll receive the Start Screen we’ve just created. Basically he received a copy of that file in his profile folder under: %USERPROFILE%\appdata\local\microsoft\windows

As you might have noticed, this folder is under the local section of the profile, meaning it would not roam. However, a copy of the file is created in %USERPROFILE%\ upon log off so that the file roams across different RD Session Host servers.

Also note that because we had to mark the appsfolder.itemdata-ms file in the default users profile to read-only is also marked read-only in the user profile. Meaning that changes a user makes to the Start Screen are not saved. To achieve this follow with step 4.

Step 4
Create a new GPO setting on a GPO that is linked to the OU that hosts your RD Session Host servers. And create the following GPO Registry Preference.

image

Key Path: Software\Microsoft\Windows\CurrentVersion\Run
Value data:: c:\windows\system32\attrib.exe %USERPROFILE%\appdata\local\microsoft\windows\appsfolder.itemdata-ms -R

What that does is it removes the read-only property of the appsfolder.itemdata-ms file inside the current users profile.

This allows the end user to customize his Modern UI Start Screen based on a Default Start Screen we pre-defined !

Wednesday, November 14, 2012

Microsoft RDV Team: Easier User Data Management with User Profile Disks in Windows Server 2012

Rob Leitman, a developer working on the Remote Desktop Virtualization team posted a new blog on MSDN about User Profile Disks. Some of the advantages and thinks to remember below.

“…User profile disks offer several advantages:

  • Configuration and deployment is simpler than roaming profiles or folder redirection.
  • User profiles can be maintained even on pooled virtual desktops that get rolled back after logoff.
  • Logon and logoff times are reduced.
  • Previously, profiles could be corrupted if used simultaneously on multiple computers. User profile disks are specific to the collection, so they can’t be used on multiple computers simultaneously.
  • Administrators can have granular control of exactly which locations get saved to the virtual hard disk (VHDX).
  • User profile disks can be stored on Server Message Block (SMB) shares, cluster shared volumes, SANs, or local storage.
  • In pooled virtual desktop collections, user profile disks work with virtual machines running both Windows 8 and Windows 7 with Service Pack 1 (SP1).

Some things to remember about user profile disks:

  • User profile disks are available only in pooled virtual desktop collections and session collections—not in personal virtual desktop collections.
  • Share permissions are automatically set up by the management tools.
  • Use Server Manager or Windows PowerShell to manage user profile disks.
  • User profile disks are for a single collection only. A user connecting to two different collections will have two separate profiles. If you want to synchronize settings, refer to Microsoft User Experience Virtualization…

Source and complete blog post:
http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx

New KB: Visual elements are displayed incorrectly when you connect to a computer that is running Windows Server 2008 R2 by using the Remote Desktop Protocol (KB2768741)

A new KB has released regarding some visual elements being incorrectly displayed when using the RDP protocol to connect to a Windows Server 2008 R2 (or Windows 7) machine.

“…Assume that you connect to a computer that is running Windows 7 or Windows Server 2008 R2 by using the Remote Desktop Protocol (RDP). The aspect ratio of the computer that you are connected to is displayed wider than a standard display aspect ratio (4:3) in full-screen mode on your local computer. In this situation, some visual elements are displayed incorrectly in the Remote Desktop session. For example, a file in the enhanced metafile format (EMF) cannot be displayed correctly.

This issue occurs because the GetDeviceCaps API returns the incorrect HORSIZE value and VERTSIZE value…”

Source and fix: http://support.microsoft.com/kb/2768741

image

New KB: User profile folder name is displayed as "user name@domain name" when use a UPN to log on (KB2748437)

A new KB article was released today related to a specific situation that leads to a user profile folder being created with the UPN as the name of the folder instead of the sAMAccountname.

“…Consider the following scenario:

  • You have a client computer that is running Windows 7 or Windows Server 2008 R2 in an Active Directory domain.
  • You enable the User must change password at next logon option for the domain users.
  • You log on to a client computer by using a user principal name (UPN).  
  • The user profile folder is created on the client computer.
In this scenario, the format of the user profile folder name is displayed as follows: 

User name@domain name

Notes

  • The expected format of user profile folder name is in the sAMAccountName format.
  • This issue only occurs when you log on to a client computer for the first time. When you log on to the client computer again, the user profile folder is in the sAMAccountName format as expected…”

Source and fix: http://support.microsoft.com/kb/2748437/en-us?sd=rss&spid=14134image

Saturday, November 10, 2012

Upcoming Article Series on Microsoft Windows Server 2012 Remote Desktop Services

We, Kristin Griffin and Freek Berson, (Microsoft MVP’s for Remote Desktop Services), are planning on doing a series of articles focused on Microsoft Windows Server 2012 Remote Desktop Services. The series will guide you through the new features and aspects of session virtualization and VDI deployment, and we’ll talk in depth about some of the underlying technologies. It’s our goal to write an article series that you will want to read so please share your thoughts on topics you would like to see covered. On December 9th we will take your input and use it to create our series Table Of Contents.

Look for this series to start in February 2013; links to the articles will be posted on both of our blogs.

Cheers,

Kristin & Freek

Friday, November 9, 2012

Customize RD Web Access, a drop down server list

As you might know, RD Web Access provides two different ways to allow users to connect. The tab “RemoteApp and Desktops” tab contains the Remote Apps and Desktops that are authorized to user. The tab “Connect to a remote PC” allows users to specify the destination remote client, server of farm by providing the DNS or hostname.
image
In some cases you might want to pre-define the hostname users have to enter. In this blog post I’ll guide you through the process of configuring a drop down list containing destinations we want users to be able to select.
STEP 1. We’ll be editing the desktops.aspx which is located in C:\Windows\Web\RDWeb\Pages\en-US\Desktops.aspx (may differ based on the language of the Server OS). Be sure to create a backup of that file first.
STEP 2. Locate the definition of the function function GetParam(sParam, bReqd, vDefault) and add the following function specified below that function definition. We’ll use this function to retrieve selected value of the dropdown box. We can’t use the existing GetParams function as this returns the number of the select item in de dropdown box. (Uses by for example the Remote desktop size dropdown box).
function GetDestination(sParam, bReqd, vDefault)
{
    var obj = document.getElementById(sParam);
    if(obj != null)
    {
        switch(obj.tagName)
        {
            case "SELECT":
                return obj.options[obj.selectedIndex].value;
                break;
            default:
                break;
        }
    }
    else
    {
        if ((bReqd) && ((vDefault == "") || (vDefault == null) || (obj == null)))
        {
            var L_ErrMsgInvalid_Text = "%ParameterName% is not a valid or available parameter name.";  // {Placeholder="%ParameterName%"}
            var errMsgInvalid = sParam;
            errMsgInvalid = errMsgInvalid.replace("%ParameterName%", sParam);
            var retval = TSMsgBox(errMsgInvalid, vbInformation, L_sTitle_Text);
            return null;
        }
        else
        {
            return vDefault;
        }
    }
}
STEP 3. Replace the following code <input name="MachineName" maxlength="255" id="MachineName" class="textInputField" type="text"
                                    onfocus="updateConnectButtonState(this);" onblur="updateConnectButtonState(this);"
                                    onkeyup="onConnectToKeyUp(this);" onpropertychange="onConnectToPropertyChange(this);"/>
With the code: <select id="MachineName" style="width: 270px" name="MachineName">
                                        <option value="rds01.lab.local" selected="selected">rds01.lab.local</option>
                                        <option value="rds02.lab.local">rds02.lab.local</option>
                                        <option value="rds03.lab.local">rds03.lab.local</option>
                                    </select>

STEP 4. To make sure the connect button is always available find the following string and remove the part disabled="disabled"<button type="button" id="ButtonConnect" name="ButtonConnect" disabled="disabled"
STEP 5. Replace the following piece of code
var RDPstr = "full address:s:" + GetParam("MachineName", true, "") + "\n";
With the code:
var RDPstr = "full address:s:" + GetDestination("MachineName", true, "") + "\n";
STEP 6. The end result should look like something below:

Upon clicking Connect a RDP session to the selected destination is launched.
image




Tuesday, November 6, 2012

Distribution of Remote Apps and desktops in Windows Server 2012

image

My new article “Distribution of Remote Apps and desktops in Windows Server 2012” just got published on VirtualizationAdmin.com

 “…With the Release To Manufacturing (RTM) version of Windows Server 2012 being available (September 4th) many people have been test-driving Windows Server 2012, or will do so in the near future. Windows Server 2012 has been improved in many different areas, Remote Desktop Services being one of them. In this article, we’ll take a look at a common action while using Remote Desktop Services in Windows Server 2012, which is the distribution of Remote Apps and Desktops. In this article, we’ll discuss what has changed, what the consequences of those changes are compared to Windows Server 2008 R2, what’s possible with Windows Server 2012, and what’s not…”

View the complete article:
http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/distribution-of-remote-apps-and-desktops-in-windows-server-2012.html

Thursday, November 1, 2012

Microsoft Desktop Optimization Pack (MDOP) 2012 is now available for download including UE-V

image Karri Alexion-Tiernan announced today that Microsoft Desktop Optimization Pack (MDOP) 2012 is now available for download! This also includes User Experience Virtualization (UE-V) !

“….As a quick refresher, MDOP includes six products. Its virtualization technologies help personalize the user experience, simplify application deployment and improve application compatibility with the Windows operating system, while its management technologies help to manage, monitor, deploy and repair key Windows features such as BitLocker and Group Policy. By using MDOP, IT departments are able to shift desktop repairs from reactive to proactive, save time and remove many challenges associated with troubleshooting and repairing system failures. And with 44 million licenses sold its clear businesses are finding value in the products…”

Source: http://blogs.windows.com/windows/b/business/archive/2012/11/01/mdop-2012-now-available.aspx