November 15, 2010
Forward:
I’m admittedly new to XenDesktop and many of the related Citrix applications. Over the past few months, however, I've been working on configuring, testing, and deploying a XenDesktop environment. In doing so I've run into many road blocks and I’d like to share how I’ve overcome one of these such road blocks. While the end solution was not overly complicated, I’ve tried to be fairly detailed and list things I’ve tried and learned that I felt worth sharing during this particular challenge.
If you would like to skip the details and just get to the point, I have a quick summary at the end that lists how to apply this process.
Scenario:
· Old Windows box, need to repurpose as XenDesktop client.
· Users need to log into a particular desktop group depending on computer location. Each computer, however, will always log into the same desktop group.
Problem:
Using Citrix Desktop Appliance Lock, the first desktop group (alphabetically listed) will always launch upon login. This cannot be changed.
Not using the Appliance Lock meant users would have to log into the desktop and either launch the desktop icon for the appropriate group if the online receiver is installed or they would have to log into the portal and launch it that way. Granted there are some work a rounds and variations to this but generally there was no transparent way for the user to log in and immediately be entered into their appropriate virtual desktop. I tried several things to try and automate it as much as possible and this is what evolved into my solution below.
Solution:
Part 1 - the batch file
The first major evolution I had in creating a fix was a batch file. Now before I go much further let me state for the record. I am not a programmer. I know without a doubt that another programming language could make this simple script look much better and if one of you programmers out there would like to convert my process into a program that would look much better than my dos screen I welcome it. I just ask that you would share the code back with me as a courtesy.
Now I’ve wrote a couple variations of this bat file to do a few different things just testing ideas and possible improvements. In the script below, as the session logs off, the bat file simply logs off the computer. Additionally I have a variation (not shown here) that would prompt the user to transfer/open their session if they are the same person as the user who is logged on the computer or if they would like to log off the computer. The idea here was if a XD session was transferred from computer A to computer B, when the user walked back to computer A they could hit Y and pull their session right back instead of logging off and back in again in order to transfer the session. If a different user walked up they would hit N to say no that is not my username log off. Then they could log on as them. This essentially just involves adding an IF THEN statement to the script and is pretty easy to do. Of course there are plenty of variations that using this method allows for so you can get as creative as you’d like here.
The bat file does the following:
Prevents itself from being closed
If an admin (or specified user) logs in, it launches explorer and closes
If a user logs in it launches the XenDesktop (desktop group specified in path)
Finally it logs off the computer to prepare for the next login
If an admin (or specified user) logs in, it launches explorer and closes
If a user logs in it launches the XenDesktop (desktop group specified in path)
Finally it logs off the computer to prepare for the next login
Here is the Batch file and I’ll explain some more below:
@echo off
TITLE Loading Desktop....
TITLE Loading Desktop....
mode con:cols=25 lines=5
noclose
IF "%username%" == "administrator" GOTO EXPLORER
cls
"C:\Program Files\Citrix\ICA Client\pnagent.exe" /CitrixShortcut: (2) /QLaunch "XDFarm:GroupNameHere"
sleep 5
TITLE Click and press any key to Logoff
mode con:cols=120 lines=55
echo.
echo Logging off...
echo.
echo.
echo Click this window, then press any key to logoff
pause > nul
shutdown -l -f
exit
:EXPLORER
explorer.exe
exit
noclose – you can take this out if you desire but here is what it is and why it’s there. If the bat file were closed the user would be left looking at a blank screen and I didn’t want this. Noclose is a small application that simply disables the X button on the cmd window. This was a bit hard for me to find online so I’m sharing it here again. As stated before, I’m not a programmer and Google is my friend. This program was found here (http://www.computing.net/answers/windows-xp/how-to-prevent-a-cmd-window-from-being-closed/180624.html) and the code is below:
#define _WIN32_WINNT 0x0500
#include <windows.h>
int main()
{
DeleteMenu(GetSystemMenu(GetConsoleWindow(), FALSE), SC_CLOSE , MF_GRAYED);
DrawMenuBar(GetConsoleWindow());
return 0;
}
The site also lists a compiled version here (http://www.megaupload.com/?d=XCH3FBWS). Please refer to the link above if you have questions or issues with this particular code.
Sleep – this stalls the commands in the file long enough for the XD to launch before moving on. This way, all the user sees is the small black screen saying launching desktop. Granted, if it takes to long for it to launch they will see the screen change, increase in size and prompt for logoff so this time can be tweaked as needed. Also note that the sleep command is not present in all versions of windows and may need to be added. Both sleep and noclose commands were copied to the system32 directory on computers where this process was deployed.
"C:\Program Files\Citrix\ICA Client\pnagent.exe" /CitrixShortcut: (2) /QLaunch "XDFarm:GroupNameHere"
**Important Note** this bat file is using the Citrix online receiver and this must be installed for this to work.
The link above is the path to launch the XenDesktop and specifies the desktop group. When you log into the desktop with the receiver installed as a user that has access to a group, icons for the groups to which the user has access will appear. You can copy the shortcut path of the link to get the appropriate path for your environment. It should be something very similar to the path above.
Step back
Before the next step which is a small but critical one, my bat file above had a few variations. I originally was running this file from the startup folder in the all users profile. I did this initially on one client and then four more as a test phase. It worked fine but it still did one thing I didn’t like. When the user logged in they saw their desktop on the physical computer. The batch file killed the explorer process so that when logging off they didn’t see their desktop (as they know it) anymore. The thing was, they still saw the desktop on the underlying OS for a few seconds every time they logged in prior to XenDesktop launching. As many of us are often impatient, this meant the second they saw that first desktop, they wanted to start clicking away. Surely there was a way to improve upon this and there was. After removing the command to close explorer and a few other small changes (resulting in the file above) I came up with this simple but great solution.
Part 2 – Changing the Windows shell
Explorer.exe is the default Windows shell. My first thought was so simple it seemed too good to be true and while it worked it didn’t work as I would have liked and let me explain.
My first thought in this phase was to simply set the link to the desktop group as the new Windows shell. Now let me say that this is simple to do and it does in fact work. But there are some things to be aware of and for me I didn’t like the way it worked so I chose a different method. If you do this and apply it to the machine there is no way to log back into a different shell to change it. It could likely be done remotely over the network but what a inconvenience that would be. Second, when you log out of the XD session you are left with just a blank screen. I don’t know about your users, but many of mine would be lost for what to do next. Ctrl+alt+del and log off will get you out of this but that can be asking a lot from some users. My theory is to always make things as simple and fool proof as possible for the user.
What I did instead was to use my batch file. I set the shell to the batch file and so far this has worked great! The XenDesktop launches very quickly from login because it doesn’t have to bother loading all the normal junk with explorer. Users are transparently logged into the XD session and it looks like they are logging into a normal desktop for the most part, much like if the appliance lock were installed. In fact, when this setup is deployed, there is very little difference in the experience from this (aside from the underlying ability to choose a desktop group) and the appliance lock with one exception, logoff. When you log off a XD session you are now prompted with a large dos window. Clicking in the window and pressing any key logs you off. There is no other option and nothing else that can be clicked, closed, or opened. The exception would be if additional commands were added to the file for further actions at this time.
The windows shell can be changed for all users with this key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="c:\\vdi.bat"
Part 3 – Putting it all together
I created a folder with four files
1. A registry file that changes the Windows shell to the default explorer.exe
2. A registry file that changes the Windows shell to the bat file
3. A bat file that simply logs off the machine (for convenience only when logged on as admin)
4. A bat file that controls Citrix and all the rest as shown above
The third file is completely optional. I put it there because I’m lazy and it’s faster to click the bat file to log off than to ctrl+alt+del and log off.
The two registry files; with the bat file, when you log in as administrator it simply opens an explorer window. From here you can run the default registry file to change the shell back, perform administrative tasks and when you’re done run the other registry file to re-enable the bat file as the shell.
**Batch file Idea** What if you need the user to be able to choose from different desktop groups instead of setting it for them? Well you could let them do it the traditional way by clicking on a desktop link if the online receiver is installed or by logging into the portal, but maybe you don’t want them to see the desktop or to have to log in more than once. You could still use the method here by simply entering user prompts at the beginning of the batch file to ask which group to launch. For example you could say, press 1 for group A, press 2 for group B and so on then go from there. This method is very versatile and can be used to overcome many scenarios.
Summary
Install Citrix Online receiver
Create bat file from commands provided (or create your own version)
Create registry file with default shell and one with the modified path to the bat file
Place files onto drive and apply registry change
Reboot and login to your XenDesktop session
Batch File: (noclose and sleep may need to be added to system32 dir, path to desktop group should reflect the path for your environment)
@echo off
TITLE Loading Desktop....
mode con:cols=25 lines=5
noclose
IF "%username%" == "administrator" GOTO EXPLORER
cls
"C:\Program Files\Citrix\ICA Client\pnagent.exe" /CitrixShortcut: (2) /QLaunch "XDFarm:GroupNameHere"
sleep 5
TITLE Click and press any key to Logoff
mode con:cols=120 lines=55
echo.
echo Logging off...
echo.
echo.
echo Click this window, then press any key to logoff
pause > nul
shutdown -l -f
exit
:EXPLORER
explorer.exe
exit
Windows Shell: (Modified to run bat file)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="c:\\vdi.bat"
No comments:
Post a Comment