Welcome to RESguru

You have reached the home of the RESguru Blog. This is a technical blog dedicated to the products of RES Software, namely Workspace Manager, Automation Manager, VDX and The IT Store. Although this blog has been been around since early 2009,  I eventually figured out it would make  sense to write a short intro to our new visitors :-).  The old hands who have frequented the site over the years know where to go, so the following  intro is for you, our new prospective patrons.

PS: If you like what you find here, please consider giving the site a Google +1 at the bottom of the page. Click the Read More link below to get a tour of the site

Read more »

New Utility: DB Cleanup Tool

By Max Ranzau

 

From the Community Hero Dept. It is my pleasure today to present to you a cool new addition to the community toolset surrounding RES Software products. I want to highlight this one in particular as it addresses a situation which has needed attention for a while. It’s about the logfiles in RES Workspace Manager. Back in 2009 I addressed how to clear individual logs, by doctoring the RES WM datastore directly – not something for the SQL inexperienced nor something that is recommended, but nevertheless necessary as the individual logs cannot be cleared from the Workspace Manager console as of yet.

The ability to do this is crucial as, when deploying the software, especially the security components – one needs to repeatedly clear the logs to be able to identify and address potential authorizations. I have described the workflow for this in the article How to roll out security in a production environment.

patrickThe SQL Database Logging Cleanup tool, AKA the DB Cleanup Tool was developed by my RES colleague Mr. Patrick van Grinsven. As the tool name indicates, it serves the purpose of cleaning up the RES Workspace Manager logs, however it does this in an intelligent way, as it will only present you with a limited 1.000 record preview in the tool interface, second it will clear logs out in batches of 20.000 records, to prevent overloading the DBMS unnecessarily.

dbcleanuptool-e

While the interface is designed to be as self-explanatory as possible, here is a brief description of the tool:

  1. Enter your SQL server credentials – Windows authentication is also possible, the checkmarks appear when a value has been entered into the required field. NOTE: Only SQL Server 2005 and up are supported at this moment, so the tool cannot be used for SQL express, Oracle, DB2 or other databases.
  2. When all fields are validated the Analyze button will become available and an analysis of the logging database can be started.
  3. To see the result of the analysis select a log which you would like to query (output is 1000 records max), or to clear.
  4. Before clearing begins, the number of records of the selected log will be determined and cleared. When clearing has finished, the logging table will be analyzed again: A query on the selected log will be done, to see if records were added after the clearing.
  5. The SQL database will need to be shrunk after the operation, which will physically purge the unwated records. There is a technet article here on how to do this. Patrick tells me that this is a feature he may be implementing in the future.

The tool requires .NET Framework 3.5 or newer to be installed (written in C#). The tool has been tested with 300k+ entries in the errors log and it took approx. 1½ min to clear. For performance purposes, it’s best to run the tool on a computer located on the same network as where the SQL server is situated.

And before I let you on to the goodies, let’s just agree to the following: The tool is provided to the community as-is. There is no warranty nor is it supported. For any legal dispute, both Patrick and I will kindly refer you to the M.O.A.D.

Click here to download DBCleanupTool: Download-icon-cropped

 

 

The beginning of the end – for PwrGate

By Max Ranzau

 

einFrom the NostraRanzau Dept. This article describes some very interesting developments which I came across in in the recent Service Release 4 for Workspace Manager 2012. To be accurate the feature we’re discussing today was already available in the SR3.6 updatepack, but since it’s rolled into the official SR4, that doesn’t matter much. 

Anyway, back to the matter at hand. For eons, the way Workspace Manager has created Managed Applications was – and still is to create a shortcut that indirectly refers to the applications executable, by way of a AppID reference. A command line on a RES created explorer shortcut, would look something like this PWRGATE.EXE <AppID>. The AppID number is an integer that refers to a unique number in the RES Workspace Manager datastore, assigned to each application upon creation/import.

This method of launching managed applications has been the same for many years and has served us well. With the introduction of Process Interception in early Workspace Manager 2012, we began to move away from this approach: Process Interception, using the built-in filter drivers, was upon launch of a given process name or wildcard, able to inject Configuration Actions and User Settings into the interceptconfig2environment. This however only worked for already existing shortcuts in the target environment, or if the user launched the given process binary directly. That meant you had to run Workspace Manager’s startmenu subsystem in merge Mode and turn off the disabling of process interception (yes, I know…). For each existing app, for which you wanted to apply process interception based configuration, you created a new Managed app and switched on process interception there as well.

pwrgate-appHowever, up until now – if you created new regular managed apps from scratch within Workspace Manager – not using process interception, the resulting explorer shortcut would still contain a PwrGate.exe command line, as described above. This is the important change in SR4. When you enable this setting ( still a registry key at this point), all new shortcuts will be created with the native binary, specified in the command line of the managed app and PwrGate will be used no more.

Now, let’s roll up our sleeves and try this thing out. On top of an existing environment, I’ve installed the Service Release 4, imported some MS Office applications and configured the startmenu mode to Replace mode. As expected the entire start menu is empty except for my office apps. As you can see on the right, the resulting shortcuts for new apps look the just the same as before. According to the SR4 releasenotes on page 14, we need to do the following to stop creating PwrGate shortcuts:

  1. Per agent where this should happen, go to the right registry path HKLM\Software\Wow6432Node\RES\Workspace Manager (x64) or HKLM\Software\RES\Workspace Manager (x86). Create a new REG_SZ string called InterceptManagedApps = Yes. There are some more options for this value we will talk about further down.
  2. Make sure Process Intercept is turned on (or un-disabled) globally, under Applications|Settings
  3. For each managed app, which should not have a pwrgate shortcut, make sure that the app is set to “Intercept process and apply configuration”, as shown on the screenshot above. Tip: If you have many apps, just rightclick somewhere on the startmenu and chose QuickEdit|Properties|Intercept to batch change all the apps within a given start menu.

Next time you login – voilá! The shortcuts are is back to their native explorer state, pointing directly to the executable, but with RES Workspace Manager controling both the vertical and the horizontal!

Note: The InterceptManagedApp value can also include exclusions for certain apps for which you still want to retain the usual PwrGate <AppID> shortcut for, for one reason or another. One reason I can think of is that if you happen to be using Workspace Manager’s licensing and enforcement system – at least for the time being you probably will still need a pwrgate managed shortcut, that’s just my own guess though. In order to exclude managed apps from having Process Intercepted shortcuts created = Regular PwrGate shortcuts, add them to the value of InterceptManagedApp = Yes|winword.exe|excel.exe|somethingelse.exe|…

bug1I tested this feature out in the initial UpdatePack releases and there were a few kinks that needed to be ironed out. Even though the SR4 behaved as expected, you may possibly experience that Win7 explorer throws some errors such as the one shown on the right when you refresh. This was due to Windows trying to create a new AppUserModelID. There is more info on that on MSDN. According to the SR4 release notes; “the AppUserModelID is used for stacking and pinning application shortcut icons on the taskbar and in the Start Menu, generating the list of Recent items in the Start Menu and the Jump Lists. Therefore, the changed command line used by RES Workspace Manager for managed application shortcuts will cause some unwanted side effects and issues”. While it looks like we got this nailed down in SR4 so it works smoothly, do keep a lookout for it and let the friendly folks in support know if it should rear it’s head again.

As the beginning of the article said, this is the beginning of the end for good ol’ PwrGate.exe While it has served our customers nicely for a decade and a half it will soon be time to let process interception take over the job of launching managed apps completely. Keep your eyes peeled for this functionality in future releases.

 

Workspace Manager 2012 SR4 Highlights

By Max Ranzau

 

From the Look-Somebody-Had-To-Write-About-This Dept. It’s been a couple of weeks and fairly unannounced the Service Release 4 was released on Nov 11th. I’ve been up to my eyeballs in training so blogging’s been kinda put on the backburner a while. Anyway, here is an overview of selected items I found interesting in the this SR. You can download the full releasenotes at the end of this article and have a closer look yourself.

  • Several performance enhancements in both the console and the agent. Pretty much all the Composition items have received a noticeable performance overhaul and things load faster into the console in general. License processing, Drivemapping and many other things have received a tune-up. Of special notice is the Context | Directory Services, where there now is a new option to “Get group membership using tokens (faster)”. You’ll want to look into this option for multi-domain environments, especially if there’s cross-domain resolving going on.
  • The App-V integration has also seen several overhauls. When you do a Execute Command configuration|action on an App-V managed app, you now have a checkbox to run outside the virtual bubble. In application UserSettings, it’s now also possible to edit what’s being picked up in the Targeted items to capture. Previously WM would grab everything but the kitchen sink for a virtual app. User Restore of App-V items have also been improved however there’s no details as to the specific improvement.
  • A new Lockdown and Behavior option to hide log off in startmenu has been added. Let’s hope this feature isn’t on per default as hide shutdown on workstations is in SR3 (for further details, see Things WM does per default)
  • Registry modification under Composition now has the ability to ignore registry redirection on x64 platforms. This is quite useful if you want to make sure a given registry key goes where it’s supposed to without interference from the OS.
  • Special registry types like OutputReport, ReportStyle, REG_NONE are now supported. I have no idea what these do just yet, but I guess we’ll find out along the way.
  • User Settings now support a direct path for specifying the location of the Personal Settings folder. Check the releasenotes for further info. This is important.
  • Application Icons either pinned or in the startmenu have received yet another overhaul. Hopefully the old blocky icons are now a thing of the past.
  • New registry setting to control if the User Settings caching process is launched (if you’re not using laptops, use this reghack to turn it off). See the updated WM registry guide here. Note, there are several other registry items in this release under the fixes section. I’ll update the registry guide with these asap.
  • There is however one particular new setting which stands out. Look for InterceptManagedApps in the releasenotes. From SR3 Update 8, an interesting new feature has been added to preserve the original command line of managed applications. This is one to watch as it effectively will no more PwrGate.exe shortcuts. Expect a future article about this particular item once I’ve tested it.

In summary this service release is mostly performance enhancements, and the obligatory bugfixes – yet there are several interesting thing to dig into. For more information, go have a look at the releasenotes.

Click here to download:

 

 

Stupid spammers – Be gone!

spam-verbotenLike most other bloggers, I got hit until recently by my fair share of blog spam-comments, hoping to make it past the incredible effective spamfilters I have installed here on RESguru.com. You, dear reader never get to bother with this crap as the filters catch most of it and nukes them appropriately. I personally can’t be bothered about it either :)

brainHowever, ever once a blue moon I take a curious look in the filters to see what’s hot in blogspam. It ain’t pretty but it sure is entertaining in a weird way: I can’t help being slightly amazed by the variations of poorly written commentary meant to show interest and flatter/threaten/annoy the blogger, in the hopes that they get one extra hit by posting a link in your website field to what ever crud they are peddeling. For some light entertainment, go have a look at the Museum of Comment Spam. and have a giggle or two. Mind you, these guys (the spammers, that is) aren’t exactly the sharpest crayons in the box…

Well, all good things have to come to a close. I made a nice little change, courtesy of a Mr. Gerard McGarry, in particular how to remove the website url field from the comment form. Nobody cares about that anyway. Net result: Presto! No more spam comments! How’dya like them’ apples, you stupid smappers! ;)

 

What’s up with that other WM service?

By Max Ranzau

 

From the Inquisitive Minds Want to Know dept. Since the release of Workspace Manager 2012 SR3, you may have noticed an extra service has been added, besides the well known RES service (aka “Workspace Manager Agent”), which takes care of synchronizing the local DBcache with the SQL datastore. The other service, is seen in the Services.msc as “RES Workspace Manager PE”, shortnamed RESPESVC:

respesvc

I asked one of our software folks what the purpose of this service is. I was told that RESPESVC plays a role in environment variable injection into intercepted processes & injection of DLL’s in Windows processes for logoff scenario’s. If you are wondering about what the PE part is short for, RESPESVC is RES Privileged Execution Service. In SR4 it will also do Dynamic Privileges, moving that over from the RES service, making the technical architecture of that feature a lot simpler.

I know a few of you likeminded professional tinkerers are wondering; can one do anything interesting with this service? Does it’s credentials need to be reconfigured like with the RES service if you are running SQL authentication? In both cases the honest answer is no. There’s nothing to see here, move along :) This service just needs to be left alone, running with it’s default LocalSystem credentials and the world will be a better place, architecture wise. If this changes, I’ll be sure to let you know.

 

How to roll Workspace Security into a production env

Animated, Gears, boxprod-envFrom the Industrial Might & Logic Dept: Once in a while you may come across the scenario where you need to take control over an existing production environment. While new VDI implementations are sprouting up all over the place, it’s not within everyones budget to put in new plumbing and start building from scratch. Over the years I’ve dealt with several customers who had a beat-up production environment where they were spending their workdays putting out fires (and fighting off Ogres) instead of being anywhere near a proactive state. Proactive is a much abused word, but in my context it simply means being ahead of the curve instead of trying to catch up and never emptying out an ever-growing inbox of trouble. While this may sound like a happy story of rainbows and robot-unicorns to some, I assure you a proactive state of secure workspace management is a reality within your grasp, when you consider using the RES Workspace Manager. Let me share a story on how I did it and give you some useful tips on how you can do it too:

doc-icon2<<< Click here to read the article

Things Workspace Manager does per default

defaultAnimated, Gears, boxFrom the I-Wonder-What-Happens-When-I-Press-This-Button Dept. An existing article has been moved to the Technote Library. This one covers some interesting behavior of the RES Workspace Manager, which you as an integrator need to be aware of. Out of the box the Workspace Manager does not change anything on the target environment, when you roll the software out. However, when you enable the Workspace Composer, several changes are in fact applied to the target computer, which you would do well to familiarize yourself with.

doc-icon2<<< Click here to read the article.

 

Appsense vs. RES round II – Shortcuts!

By Paul Newton

 

h2hThis is the second article in a series (read #1 here), which highlights important differences between how AppSense DesktopNow and RES Workspace Manager 2012 works in practice. This time we will have an in-depth look at how simple or hard it is to create shortcuts for the users in the respective products. While it was suggested in the commentary on the previous article that I had to search for a topic where RES Workspace Manager had the biggest difference to AppSense DesktopNow, I assure you that this was not the case: There are plenty of other examples waiting to be written and we’re just getting started… Click below to read article #2 in this series.

doc-icon2 <<< Click here to read RG058

Appsense vs RES article series

TheEditorEditor’s introduction: I have the pleasure today of welcoming Paul Newton as a guest writer here at RESguru.com! Paul has been in IT for 20 years, with the last 15 years spent in the systems management area. Paul is experienced with AppSense, SCCM, AdminStudio, App-V, Citrix and of course RES Software. He has worked in several large and medium sized enterprises in healthcare, energy, and broadcasting.

In the following article, Paul touches on an interesting subject which is sure to get the attention of the usual suspects ;) Over the years, there’s been a couple of more or less useful comparisons between what the merry folks respectively at AppSense and RES Software do, when it comes to managing the user’s persona/profile/environment/workspace (take your pick). The problem with most comparisons is that they basically end up just being a longwinded list of check boxes of who can do what.

The inherent problem with said approach is this: Whoever “dares” to create such a checkbox comparison sheet between any two or more competing vendors, is likely to have at least two vendors breathing down their neck, as the vendors all essentially want to look their best and have every last darn checkbox filled. For a long time, I’ve been advocating another approach: Presuming Vendor X and Vendor Y’s product can do the same things overall – logically the focus must shift from what CAN be done to HOW IT IS DONE.

As for vendor marketeers, this approach is obviously a lot tougher to deal with, especially if your product interface generally speaking is weak, unstructured or down right complicated to use. For the record, I am not referring to any particular vendor indirectly here – these are plain and objective terms to meter by. Of course it is any vendors prerogative to protest that things aren’t being done right, if there is an easier way that has been overlooked. Either way, this cuts the non-technical muglers out of the discussion, so us folks on the factory floor, the engineers can better figure out what product we want to use and recommend.

This is exactly the approach Paul Newton has taken in this article series, which has been moved to the Techlibrary. Let us hand it over to Paul from here: Click below to read the articles:

doc-icon2<<< Part 1: Drivemappings

doc-icon2<<< Part 2: Desktop shortcuts

 

How to manage settings for a software suite

linked-usersettings

Animated, Gears, boxFrom the Mostly Nuts and Bolts Dept. A new article RG056 has been added to the Technote Library. This article describes how to organize settings for a group of applications belonging to the same suite, using RES Workspace Manager 2012. A prime example of a suite is obviously Microsoft Office. The idea is to create a common container object, where all the applications can store their settings in, thus common settings are shared. This article will show you how to accomplish this, using one of the less known configuration items within RES Workspace Manager; namely User Settings Linking. These have traditionally been used to link virtual apps with their local counterparts installed elsewhere, so this article effectively illustrates another way to use them.

doc-icon2<<< Click here to read the article.