VBScript ; Set UserPreferencesMask Binary Registry Key

Set UserPreferencesMask Binary Registry Key


An ideal solution for configuring display options for ‘best performance’ on Citrix and Terminal Servers:



Simply add the following code to an existing VB logon script or create a new one to run along side you exusting scrip:

Const HKEY_CLASSES_ROOT  = &H80000000
Const HKEY_CURRENT_USER  = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS         = &H80000003

Set WshShell = CreateObject(“WScript.Shell”)

‘Lookup User Account Name and Logon Domain Name
Set objNetwork = CreateObject(“Wscript.Network”)
currentDomain = objNetwork.UserDomain
currentUser = objNetwork.UserName

Set wmiLocator = CreateObject(“WbemScripting.SWbemLocator”) ‘ Object used to get StdRegProv Namespace
Set wmiNameSpace = wmiLocator.ConnectServer(objNetwork.ComputerName, “root\default”) ‘ Registry Provider (StdRegProv) lives in root\default namespace.
Set objRegistry = wmiNameSpace.Get(“StdRegProv”)

uBinary = Array(&H90,&H12,&H01,&H80)
cmd = objRegistry.SetBinaryValue(HKEY_CURRENT_USER, “Control Panel\Desktop”, “UserPreferencesMask”, uBinary) 

The changes will be applied at second logon (ie first logon the change is written to the users hive, at second logon this setting will be used) 

VBScript ; Find User Group Memberships (+ Nested groups)

VBScript ; Find User Group Memberships (including Nested groups)


This fast, simple logon script will enumerate a user accounts group memberships, including nested groups.


‘Obtain fqdn of domain
Set oRoot = GetObject(“LDAP://rootDSE”)
Set oDomain = GetObject(“LDAP://” & oRoot.Get(“defaultNamingContext”))
fqDomain = oRoot.Get(“defaultNamingContext”)

‘Obtain netbios username, computername and domainname
Set objNetwork = CreateObject(“Wscript.Network”)
currentDomain = objNetwork.UserDomain
currentUser = objNetwork.UserName
strComputerName = objNetwork.ComputerName

‘————————————————- Main Program

‘Find user DistingishedName and bind to user object to find nested group memberships
uCN = findDN
Set objUser=GetObject(“LDAP://” & uCN)

If IsMember(“Domain Admins”) Then
MsgBox “User is a member of the domain admins group….”
‘Perform required functions here.
End If

‘————————————————- Functions

Function IsMember(grpName) ‘Function to find groups to which user is a *DIRECT* member of.
If IsEmpty(grpList) Then
Set grpList = CreateObject(“Scripting.Dictionary”)
grpList.CompareMode = TextCompare

Set colGroups = objUser.Groups
For Each objGroup in colGroups
If NOT CBool(grpList.Exists(objGroup.CN)) Then
grpList.Add objGroup.CN, “-“
End If
End If
IsMember = CBool(grpList.Exists(grpName))
End Function

Function GetNested(objGroup) ‘New Recursive Nested Group Membership Function.
On Error Resume Next
colMembers = objGroup.GetEx(“memberOf”)
For Each strMember in colMembers
If NOT strMember = “” Then
strPath = “LDAP://” & strMember
Set objNestedGroup = GetObject(strPath)
If NOT CBool(grpList.Exists(objNestedGroup.CN)) Then
grpList.Add objNestedGroup.CN, “-“
End If
End If
End Function

Function findDN ‘Funtion to find DistinguishedName of User Object using sAMAccountName
Set objConnection = CreateObject(“ADODB.Connection”)
objConnection.Open “Provider=ADsDSOObject;”

Set objCommand = CreateObject(“ADODB.Command”)
objCommand.ActiveConnection = objConnection

objCommand.CommandText = _
“<LDAP://” & fqDomain & “>;(&(objectCategory=” & “User” & “)” & _
“(samAccountName=” & currentUser & “));samAccountName,distinguishedName;subtree”

Set objRecordSet = objCommand.Execute

If objRecordset.RecordCount = 0 Then
findDN = objRecordSet.Fields(“distinguishedName”).Value
End If
End Function

Broadcom 43xx Driver Installation HOWTO Under Fedora Core 5

Broadcom 43xx Driver Installation HOWTO Under Fedora Core 5

Having a BCM4306 Based Wireless Card until now has been the bane of my linux use, however I came accross this guide a couple of days ago and I\\”m now running 100% wireless with my Broadcom Card! 🙂


Card drivers which include firmware:
You can get the firmware here: wl_apsta.o


Firmware cutter utility:

bcm43xx-fwcutter i386

bcm43xx-fwcutter x86_64

Simply install the bcm43xx-fwcutter tool:

For i386: rpm -ivh bcm43xx-fwcutter-004-1.fc5.i386.rpm

For x86_64: rpm -ivh bcm43xx-fwcutter-004-1.fc5.x86_64.rpm

Then use the command:

/usr/bin/bcm43xx-fwcutter -w /lib/firmware wl_apsta.o

Then enable the gnome NetworkManager :

/sbin/chkconfig level 5 NetworkManager on

/sbin/service NetworkManager start

The first time network manager connects to your wifi AP it will ask fior a keyring password. I reccomend you set it the same as your logon password, you’ll see why in a future update.

This setup will work with WEP and WPA turned on.

NOTE: To change / reset your keyring password simply bring up a terminal and run the following:

cd .gnome2/keyrings/\r\nrm default.keyring

The next time your machine boots it will ask you to enter a new keyring password

Citrix / Terminal Server Performance Registry Settings

Terminal Server / Citrix Performance Registry Settings

I have gathered a list of registry and operating system tweaks that improve Citrix performance. I use these tweaks on all Citrix servers deployed in order to ensure reliable performance when under heavy user load.


Registry Modifications

Firstly, we disable paging of the NT Executive – this keeps core system components in memory and out of the page file. If there is only one tweak you take away with you today, this should be it:



Next, I configure addition worker threads to increae available CPU threads to users:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive]


Now we increase the functionality of the lanmanserver service which controls file and print resource / access on the server:




Now we configure the lanmanworkstation service which is the file and print client:



Operating System Configuration


Firstly, change the server processing scheduling and memory usage bias towards programs:


Next change the performance bias on the network file and print sharing fr Microsoft networks to maximaise data throughput for network applications:



Performing an Unattended Installation of Active Directory

Performing an Unattended Installation of Active Directory


Automating Domain Controller Deployment (read Active Directory Services and DNS) couldn’t be simlper; allowing you to install and configure AD remotely with virtually no interaction with the server at all.

First, you will need an unattend file that provides Windows Setup with the desired settings for NTDS installation. The Contents of this file should look similar to this:




Save the above into a new file named ad-auto.txt.

Use the above file to create a new forest – set using the CreateOrJoin and ReplicaOrNewDomain options.

The DC will be placed into a new AD site named UK – set using the SiteName option.

The forest root domain will be ‘newdomain.com’ with a NETBios name of newdomain – set using the NewDomainDNSName and DomainNetBiosName options.

SYSVOL and NTDS directories will be installed to their default paths (%systemroot%\) – set using the SYSVOLPath, DatabasePath and LogPath options.

The DSRM password will be set to ‘password’ – using the SafeModeAdminPassword option.

DNS will be automatically installed and configured appropriately – set using the AutoConfigDNS option.

Finally, the forest functionality level will set as Windows Server 2003 native rather than mixed mode – set using the SetForestVersion option.


To install Active Directory services using this unattended file simply run this command: dcpromo /answer:ad-auto.txt

VBScript ; Check Operating System Service Pack Level

VBScript ; Check Op Save erating System Service Pack Level

The script below will output the current service pack of any Windows 2000+ Operating System. This is very useful if you are deploying software via logon script.

Const Impersonate = “winmgmts:{impersonationLevel=impersonate}!\\”
computer = “.”
Set oWMI = GetObject(Impersonate & computer & “\root\cimv2”)
Set QueryWMI = oWMI.ExecQuery(“SELECT * FROM Win32_OperatingSystem”)
For Each oItem In QueryWMI
spVer = oItem.ServicePackMajorVersion

MsgBox “This computer has Service Pack ” & spVer & ” is installed.”











Troubleshooting Citrix Session Poor Response / High Latency

Troubleshooting Citrix Session Poor Response / High Latency

I was recently tasked with troubleshooting very poor performance on a Citrix Presentation Server 4.5 Advanced Edition Farm.

Hardware Requirements

Your first port of call should be server specification: is the server ‘man’ enough for the task being asked of it? Use the built-in Windows Performance Counters to troubleshoot here.

Check you CPU usage and troubleshoot specific processes if your CPU utilisation is very high. For my environment CPU usage was at < 5%; this was not the governing performance issue.

Memory utilisation can also hinder performance. As a Citrix server runs out of RAM the number of pages /second dramatically increase. Memory usage was circa 50% and the number of pages /second was low.

Network utilisation; whilst ICA is a low-bandwidth application other applications on your environment may be increasing network latency due to saturation of the network link. Use the built-in Windows Performance counters and your switch management tools to ascertain if this is your governing issue. For my environment network usage was < 5% on a 100MB Full-Duplex link.

Network Problems

Are there specific problems with your network that are causing peaks in latency and dropped packets?

Using the Metaframe Servers SDK (MFCOMSDK) v2.3 tool; smcconsole.exe I was able to monitor individual user sessions.


Using this tool you can view individual sessions bandwidth utilisation and latency. This tool is incredibly useful when troubleshooting issues regarding session performance. Session latency can also be viewed using the WMI performance counters for ICA Session that are installed when Citrix is installed on a Windows Server.


The Metaframe Server SDK version 2.3 is available from here


The image above shows a latency figure of 32ms. This equates to 0.03 seconds – a more than acceptable latency figure for an ICA session. When troubleshooting my issues I was receiving figures of 27000ms (yes, 27 seconds!).

Common causes of high latency are:

Ø Network topology issues including port mismatches

Ø MTU issues

Ø Link saturation / QoS


A quick and easy check, which should identify any serious network issues, is to conduct what I call a ‘loaded ICMP echo request’ from a network that is experiencing the latency issues to a server in the Citrix farm. A normal ICMP echo request is 32 bytes; we are able to load the packet with up to 1500 bytes. This is achieved using the following command:

> ping ctxserver1 –t –l 1472 -f


Let me explain the command. The ‘-t’ option forces the ping to repeat until instructed otherwise (i.e. cancelled with Ctrl-C). The ‘-l 1472’ option sets a packet length of 1472 bytes; there is a 28byte packet overhead therefore, the total packet size is 1500.Finally, the ‘-f’ option forces the packet to not fragment over multiple packets.


First, verify that the MTU for your network is in fact 1500 bytes. You can verify this by using the same test to other servers and devices across your network. If you see many dropped packets you know there is a network fault, which may well be the cause of your performance woes.


Using this test I identified that there was a fault. The next step is to identify where this fault is occurring.


Use ‘tracert’ to identify the path that your packets travel in order to reach your citrix server. Then perform this loaded ping test to each of these addresses one at a time.


Configuring & Replicating SpeedScreen in Citrix PS 4.5

Configuring & Replicating SpeedScreen in Citrix PS 4.5

‘Speedscreen’ is a very useful feature built in to all versions of Citrix Presentation Server 4.. Configuring this feature is remarkably easy, but it is also remarkably easy to overlook.

For more information regarding speedscreen functionality and benifits see the ‘Presentation Server 4.5 Bandwidth & Usability Study in Graphics-Rich Scenarios’ whitepaper at the following URL: http://www.citrix.com/English/ps2/products/documents_onecat.asp?contentid=186&cid=White+Papers

To configure SpeedScreen log into a Citrix Server which has the Citrix Toolbar / Administration Tools installed. From the Administrative Toolbar select the following Icon:


You will then be presented with the following window:

You can see that this server has been configured for SpeedScreen on all of the listed executables. To add SpeedScreen functionality to another application simply click ‘New… ‘ you will then be presented with a Wizard which will ask you to browse for the desired executable to utilise SpeedScreen with.

Replicating Configuration Between Servers

If you have more than a couple of Citrix Servers in your environment the last thing you want to do is set this up manually on all servers. There is a very simple and quick way of replicating your SpeedScreen configuration between all servers.

Browse the filesystem of a server which has been configured to utilise SpeedScreen, copy the follwoing folder: %Citrix-Install-Dir%\ss3config to all servers under the Citrix Installation Directory. Note this folder may also be under %windir%\system32\ss3config

Provided you have enabled Speed Screen at the Farm level via the Access Management Console you’re good to go!




Temporarily Increase Exchange 2000 / 2003 16gb DB Limit

Temporarily Increase Exchange 2000 / 2003 16gb Database Limit

This article covers the necessary stps to increase your Exchange 2000 / 2003 SP1 Database limit from 16GB to 17GB to allow you to perform database maintenence.

Temporarily Increase the Exchange 2000/2003 Mailbox Database Size Limit

Locate the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\\Private-

Add a new REG_DWORD Value: ‘Temporary DB Size Limit Extension‘ set it to 1.This can only be used on servers running Exchange 2000 with the September 2003 Post-Service Pack 3 Roll up or Exchange Server 2003 SP1.Once the database is mounted remove unnecessary database content and then perform a defragmentation of the database in order to reclaim the database space.

In order to permanently resolve this issue on Exchange Server 2003 SP2:

First, verify that sufficient hard disk space is available for the larger database.

Always ensure you have 120% of the desired database size in free space for database maintenence.

For a mailbox store, click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Server name\Private-Mailbox Store GUID

For a public folder store, click the following registry subkey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Server name\Public-Public Store GUID

Create a new DWORD Value; ‘Database Size Limit in Gb’ set the value as Decimal, and then an integer from 1 to 75.Note These integer values represent the maximum size of the database in gigabytes (GB). For example, a value of 75 represents a database that has a maximum size of 75 GB.

Restart the Microsoft Exchange Information Store service. To do this, follow these steps:

net stop msexchangeis

net start msexchangeis

In the Event Viewer tool, click Application event ID 1216 to verify that the database size has been set successfully.

Complete Authoritative Restore of Active Directory

Performing a Complete Authoritative Restore of Active Directory

Restart in Directory Services Restore Mode

Simply reboot the server and press F8 during the boot procedures. Select Directory Services Restore Mode. You will require your DSRM password for this procedure. This can be reset as detailed in this guide.

Restore from backup media for authoritative restore

Click the Restore Wizard button, and then click Next.Select the appropriate backup location and ensure that at least the System disk and System State containers are selected.Click the Advanced button and ensure you are restoring junction points. If you do not go through the advanced menu, the restore process will not be successful.Select Original Location in the Restore Files to list.In the Advanced Restore Options window, check the boxes for:Restore security.Restore junction points, and restore file and folder data under junction points to the original location.Preserve existing volume mount points.For a primary restore of SYSVOL, also check the following box. A primary restore is only required if the domain controller you are restoring is the only domain controller in the domain.When restoring replicated data sets, mark the restored data as the primary data for all replicas.Click OK and continue through the restore process. A visual progress indicator is displayed.When asked to restart the computer, do not restart.

Restore system state to an alternate location

Copy the contents of the scripts directory from:

c:sysvolc_winntSysvolDomainscripts and add it to:c:WinntSYSVOLSysvoldomainscripts

Copy the contents of the policies directory from:

c:sysvolc_winntSysvolDomainpolicies And add it to:c:WinntSYSVOLSysvoldomainpolicies

Restore the database

Open a command prompt and type ntdsutil and then press ENTER.Type authoritative restore and then press ENTER.Type restore database and press ENTER.At the Authoritative Restore Confirmation dialog box, click OK.Type quit and press ENTER until you have exited Ntdsutil.exe.

Restart in normal mode

Restart the server. It is now authoritative for the domain, and changes will be replicated to the other domain controllers in the enterprise.

Verify Active Directory restore

When the computer is restarted in normal mode, Active Directory automatically detects that it has been recovered from a backup and performs an integrity check and re-indexes the database. After you are able to log on to the system, browse the directory and verify that all user and group objects that were present in the directory prior to backup are restored.