Disable Adobe auto update on terminal server

Posted on March 10th, 2010 in Microsoft, Server 2008 by Gil Kreslavsky

 

When you have limited size profile or limited user permission on Terminal Server.

Even if Autoupdate is running user will be unable to install it and will get stuck in some temporary folder.

To disable Adobe autoupdate you have 2 oprions.

First is:Go to c:Program Files\Common Files\Adobe\UpdaterX (where X can be a number depending on you Adobe version)
Rename the following files Adobe_Updater.exe and AdobeUpdaterInstallMgr.exe

Second is:By deploying the following registry file via GPO

Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Updater]
"bShowAutoUpdateConfDialog"=dword:00000000
"bShowNotifDialog"=dword:00000000
"iUpdateFrequency"=dword:00000000

Change the [HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Updater according to your Acrobat version

TS 2008 Session Broker opens multiple sessions for single user

Posted on March 9th, 2010 in Microsoft, Server 2008 by Gil Kreslavsky

 

Scenario:

User is not been reconnected to same Terminal Server session.

The consequences can be duplicated sessions, profile location lose, locked files on storage and more.
After few hours I found that Microsoft have A HotFix that addresses the issue

KB article is: KB977541

Terminal Server 2008 Easy Print Feature

Posted on January 20th, 2009 in Microsoft, Server 2008 by Gil Kreslavsky

Terminal services 2008 easy printing is a new feature announced in windows 2008 server.

It enables remote users to print from a Terminal Services session to the local connected printers without the need to install drivers on the Terminal Server.

User will see the full printer properties of the local printer in the session and have access to all printer functionality. The Easy Print universal driver acts as a proxy and redirects all User Prints to local device

To use the Terminal Services Easy Print feature in Terminal Services on Windows Server 2008, remote clients must run RDP (RDC) 6.1 client and have.NET Framework 3.0 Service Pack 1 installed. Both included with Windows Server 2008 and will be available for download for Windows Vista.

For full guide on how to use Terminal Services 2008 Easy print feature follow MS tech net article here

Change default save as location for Office 2007 via GPO

Posted on January 15th, 2009 in Microsoft, Office 2007, Outlook 2003, Outlook 2007, Server 2003 by Gil Kreslavsky

When user is trying to save attachment from outlook or save word/excell file usualy hi is directly redirected to his “My Documents”  folder set in his profile.
When you work on Terminal server and want to restrict C: drive access it becomes a problem . User receives multiple errors when he try’s to save file or email attachment.

  • To change default save location for office applications via GPO you first must download office 2007 GPO ADM to your Domain Controler .
  • Extract files to a local folder.
  • Go to group policy by running gpo.msc from run.
  • Navigate to User Configuration\ Administrative Templates.
  • Pres Right Click on Administrative Templates and chose “Add/Remove templates”
  • Press on “Add” and navigate to localy extracted ADM file.
  • Now you should see Office 2007 settings in GPO.

To change default save location for for Excell 2007

  • Navigate to Microsoft Office Excell 2007\Excell Options\Save
  • On the right menu locate “Default file location” change setting to enabled and insert your save path.

To change default save location for for Power Point 2007

  • Navigate to Microsoft Power Point 2007\Power PointOptions\Save
  • On the right menu locate “Default file location” change setting to enabled and insert your save path.

To change default save location for for Project 2007

  • Navigate to Microsoft Power Project 2007\Tools | Options\Save\File Locations
  • On the right menu locate “Projects and User Templates ” change setting to enabled and insert your save path.

To change default save location for for Word 2007

  • Navigate to Microsoft Word 2007\Word Options\Advanced\File Locations
  • On the right menu locate “Default file location ” change setting to enabled and insert your save path.

Outlook 2007 is little bit tricky you can’t set options via Outlook GPO , you can do that via registry or by changing default system “save in” location.

To change Outlook 2003/2007  save path via registry

To change default system “save in” location.

  • In group policy go to User Configuration \Administrative Templates\Windows Components\Windows Explorer
    \Common Open File Dialog
  • Click on “Items displayed in Places Bar”
  • Add your Save Location. for example \\servername\sharename ( It can be mounted I:\ folder)

Terminal Server 2008 Sounds and Beeps on errors

Posted on December 25th, 2008 in Microsoft, Server 2008 by Gil Kreslavsky

Disable sound in RDP not working in Windows Terminal Services

OK, the same bug was in Windows 2003sp1 terminal server, MS fixed it in SP 2.
The problem is that even after you disable sound redirection via GPO you still got beeps on error messages.

I found a way to fix it.

  • Click Start, click Run, type regedit, and then click OK.
  • Locate and edit  the following registry subkey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server
  • On the Edit menu, point to New, and then click DWORD Value.
  • Type DisableBeep, and then press ENTER.
  • Right-click DisableBeep, and then click Modify.
  • In the Value data box, type 1, and then click OK
  • Quit Registry Editor.
  • Click Start, click Run, type services.msc and hit enter button.
  • Locate Terminal Services service and press restart (That will drop all users connected to TS server)
  • Reconnect to terminal server

Note You can disable the MessageBeep function by changing the value to 1 to enable back change to 0.

Configure RDP over SSL with SelfSSL

Posted on October 21st, 2006 in Microsoft, Server 2003 by Gil Kreslavsky


Windows 2003 Service Pack 1 included a new feature, RDP over SSL. This feature will allow you to use TLS authentication and encryption with your RDP connections using SelfSSL to create the SSL certificate. It still uses RDP and TCP port 3389 so your firewall rules should not need to be modified.

Before we get started there are a few pre-requisites on both the server side and client side that need to be met first.

Server-side

- The Terminal Server must run 2003 SP1
- The Terminal Server must have a certificate from a Windows CA or a 3rd Party CA
- The certificate must meet the following criteria
- Certificate is a computer certificate
- Certificate is for server authentication
- Certificate must have a private key
- Certificate is stored in the TS personal store
- Certificate has a Crytographic Service Provider that can be used for TLS/SSL

Client-side

- Must run Windows 2000, Windows XP, or Windows 2003
- Must use RDP Client 5.2, this can be found on the 2003 SP1 server under %systemroot%\system32\clients\tsclient\win32\msrdpcli.msi
- Must trust the root CA for the certificate

If you do not have a CA, don’t wish to spend money on a "real" SSL cert, or just want to do some testing, you can use SelfSSL from the IIS 6.0 Resource Kit. Once you have downloaded and installed SelfSSL, run it with the following command

SelfSSL.exe /CN=domain.com /V:365

The command will create and install a certificate for domain.com that is valid for 365 days. If you do not have IIS installed, you may get an error message but you can ignore this message, the SSL certificate is still created and installed. The CN must be the name you will be accessing the TS with.

Next open up Administrative Tools, and launch the Terminal Server Configuration applet. Right-click RDP-Tcp and select properties.

Click Edit next to the Certificate, you will be shown the SSL certificate that SelfSSL created. Select it and click OK

Next, select SSL from the Security Layer drop down box and set the Encryption Level to High.

Now you will need to install the new RDP client on all workstations that will be accessing the Terminal Server. You will notice a new tab under the connection properties called Security. Select this tab and then choose Require Authentication from the drop down.

When you try to connect, you will be denied access because the SSL cert is not trusted. Click View Certificate, and then Install to install the certificate to the local machines certificate store.

Attempt to connect again and the connection will be allowed. You are now connected through RDP over SSL. If you are connected in full screen mode, you will see the SSL lock symbol next to the pushpin in the yellow toolbar.

Source: http://thelazyadmin.com

Download Details: Internet Information Services (IIS) 6.0 Resource Kit Tools
Article ID: 275727 – High Encryption on a Remote Desktop or Terminal Services Session Does Not Encrypt All Information