• Save
SYN507: Reducing desktop infrastructure management overhead using “old school” tactics
Upcoming SlideShare
Loading in...5
×
 

SYN507: Reducing desktop infrastructure management overhead using “old school” tactics

on

  • 20,510 views

SYN507: Reducing desktop infrastructure management overhead using “old school” tactics

SYN507: Reducing desktop infrastructure management overhead using “old school” tactics
Slides from #CitrixSynergy 2013 #GeekSpeak

Statistics

Views

Total Views
20,510
Views on SlideShare
839
Embed Views
19,671

Actions

Likes
1
Downloads
0
Comments
0

20 Embeds 19,671

http://blog.itbubble.ru 19565
http://translate.googleusercontent.com 51
https://www.google.com 20
http://131.253.14.125 7
http://yandex.ru 4
https://www.google.ca 3
http://3292261839445459442_aa589a531e8d6f0fe4c5561cfa0b95555ca55215.blogspot.com 3
https://www.google.com.au 2
http://prlog.ru 2
https://www.google.co.in 2
https://www.google.co.za 2
https://www.google.co.uk 2
http://131.253.14.98 1
http://www.google.com.au 1
http://translate.yandex.net 1
https://www.google.ro 1
http://www.newsblur.com 1
https://www.google.com.lb 1
https://www.google.co.il 1
http://cloud.feedly.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • I’m going to talk about old school, so let’s make slides look older first!
  • We will talk about Tools that are available from MicrosoftTools that will help you in your day-to-day workTools that will help with Windows XP Migration
  • Disclaimer:Free software doesn’t mean that it’s totally free, please read EULA each time when you download anything from any website
  • Disclaimer:Free software doesn’t mean that it’s totally free, please read EULA each time when you download anything from any website
  • Hard to find required info
  • Query for combining PVS Logs
  • EVENTS: Find All Remote Logons
  • Typical output of XenServer logging
  • Query that transform unreadable XenServer output into CSV format
  • Event Comb allows you to:Define either a single Event ID, or multiple Event IDs to search forDefine a range of Event IDs to search forLimit the search to specific event logsLimit the search to specific event message typesLimit the search to specific event sourcesSearch for specific text within an event descriptionDefine specific time intervals to scan back from the current date and timeFor a complete set of featureshttp://support.microsoft.com/kb/308471/en-us
  • Gather specific events from event logs from several different computers into one central location Specifying the Event Logs and Event Types to SearchEvent LogsSystemApplicationSecurityEvent typesError Informational WarmingFor more details on Auditing and monitoringhttp://www.microsoft.com/technet/security/topics/auditingandmonitoring.mspx
  • Xpirience Windows XP and Metaframe XP delivering Microsoft Office XP Running on AMD Athlon XP Processor
  • Everyone need to migrate from Windows XP
  • Can we migrate to MacOS or Linux??
  • No, we can’t migrate to fancy-looking OS, there is no LOB apps there
  • Ok, we trying to migrate, first problem that we see there is installation failure
  • If installer built using MSI, try to enable logging and use Wilogutl.exe from SDK
  • When you will find the root cause of error, use orca to edit MSI
  • When ORCA is not enough, use WiX toolset
  • Example of WiX file for creating msi with a root cert
  • Use free tools to edit XML
  • Use the same free tools for creating UPM Cross-Platform files
  • requireAdministratorThe application runs only for administrators and requires that the application be launched with the full token of an administrator asInvokerThe application runs with the same token as the parent processhighestAvailableThe application runs with the highest privileges the current user can obtain
  • Windows ADK OverviewKey Messages:Collection of assessment and deployment tools to aid in the deployment of Windows 8Required for any automated Windows 8 operating system deployment using the MDT and/or the Operating System Deployment (OSD) feature in System Center 2012 Configuration Manager Keep the discussion brief as this is not the primary focus of the sessionThe Windows ADK is a collection of assessment and deployment tools that aid in the deployment of Windows 8.These tools are required for any automated Windows 8 operating system deployment using the MDT and/or the OSD feature in System Center 2012 Configuration Manager.Each of the tools in the Windows ADK will be discussed in separate slides.
  • So, there a tons of shims, how to choose the right one?
  • Use SUA
  • Or LUABudLight from Aaron Margosis
  • How to deal with slow logons?
  • Xperf command line for troubleshooting slow logons. Not easy?
  • Use WPA
  • Windows Assessment Console Create consistent metrics from systems with reproducible targeted testsAssessmentsShow the results and issuesDemoStartStart > All Programs>Windows Kits>Windows ADK>Windows Assessment ConsoleHome tab Introduce Jobs, Details, Results, and RunRun a jobResults tab Introduce Chart and Table, Issues and detailsLink to Windows Performance Analyzer
  • Easily create a collection of most useful assessments Start a new jobSelect assessments Configure the settingsSave
  • There is a lot of free tools available from Microsoft, some of them are well-known, such as Resource Kits and Support tools for Windows. Lot of tools like where.exe, ktlist, robocopy or taskkill were included with the latest version of windowsResource Kits, Support Tools, Administration Kits and RSATSysinternals http://live.sysinternals.com/procmon.exeSoftware Development Kits (SDK)Blah Kits and Yada YadaYada ManagerWindows Assessment and Deployment Kit (ADK)Windows Automated Installation Kit (AIK)Application Compatibility Toolkit (ACT)Enhanced Mitigation Experience Toolkit (EMET)Deployment Toolkit (MDT)Business Desktop Deployment (BDD)Security Compliance Manager (SCM)Assessment and Planning (MAP) Toolkit

SYN507: Reducing desktop infrastructure management overhead using “old school” tactics SYN507: Reducing desktop infrastructure management overhead using “old school” tactics Presentation Transcript

  • Denis GundarevSenior ConsultantEntisys SolutionsSYN507: Reducing desktopinfrastructure managementoverhead using “old school” tactics
  • SYN507: Reducing desktopinfrastructure managementoverhead using “old school”tacticsDenis GundarevSenior ConsultantEntisys Solutions
  • About meC:>whoami /allUSER INFORMATION----------------User Name Twitter E-Mail============== ============ ==================ENTISYSdenisg @fdwl DenisG@entisys.comGROUP INFORMATION-----------------Group Name Type SID====================================== ================ =================BUILTINGeeks Mandatory group S-1-5-32-540Mandatory LabelCrazy Russian Label S-1-16-8192COMMUNITYBay Area Citrix User Group Well-known group S-1-5-32-544COMMUNITYRussia Citrix User Group Well-known group S-1-5-32-545
  • AgendaOverviewLog file analysisWindows migrationWindows InstallerUser Account ControlApplication CompatibilityPerformance and Assessment ToolkitsQ&A
  • Old School != Outdated
  • “Free” Tools DisclaimerTANSTAAFL**"There aint no such thing as a free lunch"
  • “Free” Tools DisclaimerTANSTAAFL**"There aint no such thing as a free lunch"
  • Log File Analysis
  • Log Analysis• Tons of data– i.e. PVS logs can produce 10 Mb/minute• Different sources and formats– CDF Tracing– Windows Event Logs– Procmon– Wireshark– Text log Files
  • Log Parser Input Formats• IIS log files (W3C, IIS, NCSA, Centralized Binary Logs, HTTPError logs, URLScan logs, ODBC logs)• Windows Event Log• Generic XML, CSV, TSV and W3C - formatted text files• Windows Registry• Active Directory Objects• File and Directory information• NetMon .cap capture files• Extended/Combined NCSA log files• ETW traces
  • SQL-Like EngineSELECTEXTRACT_FILENAME (Filename) as FileName,date as date,level as level,message as messageINTO [OUTPUTFILE]Errors.csvFROM [LOGFILEPATH]order by date DESC
  • SQL-Like EngineSELECTtimegenerated,EXTRACT_TOKEN(Strings,1,|) AS Domain,RESOLVE_SID(EXTRACT_TOKEN(Strings,0,|)) AS User,EXTRACT_TOKEN(Strings,3,|) AS SessionName,RESOLVE_SID(EXTRACT_TOKEN(Strings,4,|)) ASClientName,EXTRACT_TOKEN(Strings,5,|) AS ClientAddress,EventIDFROM SecurityWHERE EventID=4624 /* xp/2003 = 682 */ORDER BY timegenerated
  • SQL-Like EngineSELECT strFileName,dEventtime,strEventtype,strHostname,intThreadid,strThreadname,strThreadmessage,strSessiontype,strSessionid, strModule,strEventdataUSINGEXTRACT_FILENAME (logfilename) AS strFilename,EXTRACT_SUFFIX(Text,0,]) AS strEventdata,EXTRACT_SUFFIX(EXTRACT_PREFIX(Text,0,]),0,[) AS unparsedMeta,EXTRACT_TOKEN(unparsedMeta,0,|) AS unparsedDate,TO_TIMESTAMP(unparsedDate,yyyyMMdd?hh:mm:ss.ll?) AS dEventtime,EXTRACT_TOKEN(unparsedMeta,1,|) AS strEventtype,EXTRACT_TOKEN(unparsedMeta,2,|) AS strHostname,EXTRACT_TOKEN(EXTRACT_TOKEN(unparsedMeta,3,|),0, ) AS intThreadid,EXTRACT_TOKEN(EXTRACT_TOKEN(unparsedMeta,3,|),1, ) AS unparsedthreadname,CASE unparsedthreadnameWHEN NULL then N/AELSE unparsedthreadnameEND AS strThreadname,EXTRACT_TOKEN(unparsedMeta,4,|) AS unParsedThreadmessageAndSessionID,REPLACE_IF_NOT_NULL(LAST_INDEX_OF(unParsedThreadmessageAndSessionID,D:),1) AS sessD,REPLACE_IF_NOT_NULL(LAST_INDEX_OF(unParsedThreadmessageAndSessionID,R:),2) AS sessR,COALESCE(sessD,sessR,0) AS intSessionType,case intSessionTypeWhen 0 THEN N/AWhen 1 THEN DynamicWhen 2 THEN RealEND AS strSessiontype,case intSessionTypeWhen 0 THEN unParsedThreadmessageAndSessionIDWhen 1 THEN EXTRACT_TOKEN(unParsedThreadmessageAndSessionID,0, D:)When 2 THEN EXTRACT_TOKEN(unParsedThreadmessageAndSessionID,0, R:)END AS strThreadmessage,case intSessionTypeWhen 0 THEN N/AWhen 1 THEN EXTRACT_TOKEN(unParsedThreadmessageAndSessionID,1, D:)When 2 THEN EXTRACT_TOKEN(unParsedThreadmessageAndSessionID,1, R:)END AS strSessionid,EXTRACT_TOKEN(unparsedMeta,5,|) AS strModuleINTO [OUTPUTFILE]XenServer.csvFROM [LOGFILEPATH]WHERE dEventtime is NOT NULLORDER BY dEventtime
  • Log Parser Output Formats– Write data to text files in different formats(CSV, TSV, XML, W3C, user-defined, etc.)– Send data to a SQL database– Send data to a SYSLOG server– Create charts and save them in either GIF or JPGimage files– Display data to the console or to the screen
  • How To Use Log Parser• From command line– check the help file• From PowerShell– http://bit.ly/LogParserPowerShell• As scheduled task• In your scripts– Set oLogQuery = CreateObject("MSUtil.LogQuery")• From Log Parser Studio– http://bit.ly/LogParserStudio
  • EventCombMT
  • EventCombMT
  • Account Lockout Management
  • Log Analysys• Log Parser 2.2 -http://bit.ly/LogParser• Log Parser Studio -http://bit.ly/LogParserStudio• EventCombMT and AccountLockout tools -http://bit.ly/ALTools
  • Windows Migration
  • Once upon a time…
  • 12 years later…..
  • 31
  • 32
  • Installation
  • 34Wilogutl.exe• Assists the analysis of log files from a Windows Installerinstallation, and it displays suggested solutions to errors that arefound in a log file• Available in the Windows SDK• Msiexec /i BadApp.msi /l*v c:tempBadApp.log
  • 35Wilogutl.exe
  • 36Wilogutl.exe
  • 37Wilogutl.exe
  • 38Orca
  • 39Orca
  • 40Windows Installer Transforms• Generic way to customisean installation• A Transform describes the delta between the original MSIpackage and the customised version– Saved to an .MST file– Is applied on the fly
  • 41Orca• MSI Database Editor• When to use?– Removing launch conditions– Un-advertising shortcuts– Changing install levels for features– Creating transforms– http://bit.ly/OrcaMSI
  • 42WiX Toolset• Builds Windows Installer (MSI) packages from XML• Integrates with Visual Studio• Can decompile MSI• Can be used to repackage your apps• Create packages for Merchandising Server– http://bit.ly/MerchMeta• GUI is available– http://bit.ly/WiXEditors
  • 43WiX’s Simple Syntax <?xml version="1.0" encoding="utf-8"?><Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"><Product Id="{2445FCA1-F833-4C97-87A2-618A4AE1EAB7}" Language="1033" Manufacturer="IT Bubble" Name="IT BubbleCertificates" UpgradeCode="{2A124791-AAD0-4BE9-A719-3DEED3A49041}" Version="1.0.0.0"><Package Comments="This installer database contains the logic and data required to install IT BubbleCertificates." Compressed="yes" Description="IT Bubble Root Certs" InstallerVersion="200" Languages="1033"Manufacturer="IT Bubble" Platform="x86" /><Binary Id="ITB.cer" SourceFile="binBinaryITB.cer" /><Directory Id="TARGETDIR" Name="SourceDir"><Directory Id="ProgramFilesFolder" Name="PFiles"><Directory Id="IT BubbleCert" Name="IT BubbleCert"><Component Id="IT BubbleCert" Guid="{22AA9F50-0CA6-491F-AC1B-B0FD00BEF0A1}" KeyPath="yes"><Certificate Id="Certificate.RootCA" Name="ITB.cer" StoreName="root"StoreLocation="localMachine" Overwrite="yes" BinaryKey="ITB.cer" xmlns="http://schemas.microsoft.com/wix/IIsExtension"/></Component></Directory></Directory></Directory><Feature Id="IT BubbleCert" Level="1" Title="IT BubbleCert"><ComponentRef Id="IT BubbleCert" /></Feature><Property Id="ALLUSERS" Value="1" /></Product></Wix>
  • 44XML Notepad 2007• Free XML Editor with Syntaxcheck• http://bit.ly/XMLNotepad
  • 45XMLNotepad & Profile Management
  • 46 |User Account Control
  • Every time you disable UAC…Steve Ballmer kills a kittenPlease, think of the kittens
  • Every time you:•Modifying ACLs on Program Files orHKLM•Making user a local admin•Just give usersSeBackup, SeRestore, SeCreateGlobaland SeLoadDriver privileges, but keepthem as standard users
  • Why Applications Are Asking For Elevation?• Some apps are old and doesn’t have embedded manifest• Some apps trying to write to Program Files or HKLM• App is not signed• Some developers are just lazy
  • Manifests• XML file that contains parameters required for .exe or .dll to run• May contain list of required components or supported OS• May configure the need for elevation per file:• asInvoker• highestAvailable• requireAdministrator• Can be External or Internal• Use mt.exe from the SDK to inject a manifest• Use SigCheck.exe from SysInternals to view the manifest
  • UAC Manifests<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity type="win32" processorArchitecture="*" version="1.0.0.0"name="MyApplication.exe"/><description>MyApplication</description><ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2"><ms_asmv2:security><ms_asmv2:requestedPrivileges><ms_asmv2:requestedExecutionLevellevel="asInvoker||highestAvailable||requireAdministrator"/></ms_asmv2:requestedPrivileges></ms_asmv2:security></ms_asmv2:trustInfo></assembly>
  • UAC Virtualization• Applications without manifest will be virtualized by default
  • File Virtualization Implementation• File system virtualization is implemented in a file system filter driver, luafv.sysLuafv.sysNtfs.sysVirtualizedApplicationUser ModeKernel ModeWindowsApp.iniUsers<user>AppDataLocalVirtualStoreWindowsApp.iniNon-VirtualizedApplicationWindowsApp.iniAccess Denied
  • Virtualized Files• Redirected file system locations:• %ProgramFiles%• %AllUsersProfile% (ProgramData – what was Documents and SettingsAll Users)• %SystemRoot% (Windows)• %SystemRoot%System32 (WindowsSystem32)• Exceptions:• Files that have executable extensions (.exe, .bat, .vbs, .scr, etc)• Prevents masking of system executables for servicing and security• Exceptions can be added or removed in HKLMSystemCurrentControlSetServicesLuafvParametersExcludedExtensionsAdd or ExcludedExtensionsRemove• Per-user virtual root:• %UserProfile%AppDataLocalVirtualStore• Troubleshooting file virtualization• Event Log: UAC-FileVirtualization• Note: Virtual files do not roam with Roaming Profiles
  • Registry Virtualization• Virtualizes most locations under HKLMSoftware• Keys that are not virtualized:• HKLMSoftwareMicrosoftWindows• HKLMSoftwareMicrosoftWindows NT• HKLMSoftwareClasses• Per user location: HKCUSoftwareClassesVirtualStore• Flag on a registry key defines if it can be virtualized• “Reg flags HKLMSoftware” shows flags for HKLMSoftware
  • Useful tools• Microsoft Windows Software Development Kit (SDK)• mt.exe – embed manifests• signtool.exe – Sign Executables
  • Assessment and Deployment Kit
  • 59Assessment and Deployment Kit
  • 60Assessment and Deployment Kit• Combines Windows Automated Installation Kit(AIK) and OEM Preinstallation Kit (OPK)• Integrates tools that used to be separatedownloads• Adds new assessment tools• Contains lots of stuff…• http://bit.ly/ADKToolkit
  • 61ADK Tools• Application Compatibility Toolkit– Application Compatibility Manager– Compatibility Administrator– Standard User Analyzer• Deployment Tools– BCDBoot, BCDEdit, Bootsect– DISM (and ImageX)– OSCDImg– WDSMCAST– Windows System Image Manager• User State Migration Tool– Scanstate– Loadstate– UsmtUtils• Volume Activation ManagementTool• Windows PE– CopyPE– SetSANPolicy– MakeWinPEMedia• Windows Performance Toolkit– Wpa– Wpr– XBootMgr• Windows Assessment Services• Windows Assessment Toolkit
  • 62What is in ACT?• Application Compatibility Manager– Helps to create and analyse applications• Standard User Analyser– Easy to use GUI to create shims• Windows Application Verifier– Checks application for potential compatibility issues• Windows Compatibility Administrator– helps you select and apply compatibility fixes
  • 63Application Compatibility Manager
  • 64Application Verifier
  • 65Introduction to Shims
  • 66What Are Shims?• Applied to specific apps– Configured with Compatibility Administrator in the App Compat Toolkit– Deployable to enterprise• Changes what the app thinks it sees• Does not change what app is allowed to do
  • 67What Are Shims Good For?• Great for many kinds of bugs:– Bad Windows version checks– Writing to HKCR at runtime– Unnecessary checks for “am I admin?”– Writing to WRP-protected keys and files– Windows thinks your app is an installer– File/Registry redirections
  • 68Version Lie Shims• Win95VersionLie• WinNT4SP5VersionLie• Win98VersionLie• Win2000VersionLie• Win2000SP1VersionLie• Win2000SP2VersionLie• Win2000SP3VersionLie• WinXPVersionLie• WinXPSP1VersionLie• WinXPSP2VersionLie• Win2K3RTMVersionLie• Win2K3SP1VersionLie• VistaRTMVersionLie• VistaSP1VersionLie• VistaSP2VersionLie• Win7RTMVersionLie
  • 69Most Used Shims• VirtualRegistry– Fixes the problem withreading/writing registry value– AddRedirect ( HKLMKey ^HKCUKey ^ HKLMKey2 ^HKCUKey2)• CorrectFilePaths– Fixes the problem withreading/writing a file– c:Program.ini=%AppData%Program.ini• WRPRegDeleteKey– Lie when app tries to deleteprotected OS registry key• ForceAdminAccess– Spoofs queries of administratorgroup membership• VirtualizeDeleteFile– Spoofs deletion of global file• LocalMappedObject– Forces global section objects intouser’s namespace• VirtualizeHKCRLite, VirtualizeRegisterTypeLib– Redirects global registration of COMobjects
  • 70Compatibility Administrator
  • 71Warning MessagesCitrix Confidential - Do Not
  • 72Compatibility Administrator• Used to create advanced shims• Can be used to create a warning messages• Windows 8 contain 7239 apps in a AppCompat database• Shims can be installed using %windir%system32sdbinst.exeutility• About 400 shims available
  • 73Citrix Confidential - Do Not
  • 74Standard User AnalyzerCitrix Confidential - Do Not
  • 75Standard User AnalyzerCitrix Confidential - Do Not
  • 76LUABudLightCitrix Confidential - Do Not
  • 77Why Applications Are Asking For Elevation?• Some apps really need it
  • Performance and AssessmentToolkits
  • Assessment and Deployment Kit
  • Xperf• Was a part of Windows 7 SDK• Grab process lifetimes• Captures and analyzes information to help troubleshoot Windowsperformance issues– Slow boot– GPO processing delays– Application performance issues– Slow services– Ugly minifilter drivers
  • Xperf
  • Xperf
  • Xperf
  • XperfC:>xperf -on base+latency+dispatcher+NetworkTrace+Registry+FileIO -stackWalk CSwitch+ReadyThread+ThreadCreate+Profile -BufferSize 128 -startUserTrace -on "Microsoft-Windows-Shell-Core+Microsoft-Windows-Wininit+Microsoft-Windows-Folder Redirection+Microsoft-Windows-UserProfiles Service+Microsoft-Windows-GroupPolicy+Microsoft-Windows-Winlogon+Microsoft-Windows-Security-Kerberos+Microsoft-Windows-UserProfiles General+e5ba83f6-07d0-46b1-8bc7-7e669a1d31dc+63b530f8-29c9-4880-a5b4-b8179096e7b8+2f07e2ee-15db-40f1-90ef-9d7ba282188a" -BufferSize 1024-MinBuffers 64 -MaxBuffers 128 -MaxFile 1024
  • Windows 8 ADK• Windows PerformanceAnalyzer replaces xperview• Windows PerformanceRecorder replacesxbootmgr– Also replaces xperf tracecapture functionality• xperf command line actionsremain in WPT
  • Windows ADK
  • Windows Assessment Console and Engine
  • Windows Assessment Console and Engine
  • System assessment basics• System assessment is a process that uses the ADK tools tomeasureand analyze a PC• Assessments are core functionality tests• Combinations of these tests provide additional measures of theentire PC experience• Quality expectations are changing• Software + hardware + Windows = PC experience• The way we measure PC quality must also change
  • System assessments• CheckLogo and driver assessments• File handling• Photo handling• Internet Explorer launch/tab create• Hybrid boot• On/off assessments (boot/shutdown/S3/S4)• Browser assessment• Media transcode performance• Metro performance• Memory footprint• First boot experience• Media streaming• WinSAT comprehensive• Battery life (and idle efficiency analysis)• MiniFilter driver performance impact(option for other assessments)• Internet browsing workload for batterylife assessment• Windows Media Player performanceand quality
  • What Metrics are captured by the Assessment• Both Boot and Shutdown durations are captured using Event Tracingfor Windows (ETW)..• Process level details such as CPU and Disk utilization are alsoprovided.• Assisted Performance Diagnostics identifies potentially problematicperformance issues.
  • • Run the assessments on computers withoutdownloading the ADK on all systems.
  • • Use Log Parser to combine or transform log files• Use Manifests to control UAC behavior and enable UACVirtualization• Use Application Compatibility Administrator to “patch” yourapplications• Use Assessment Engine to compare performance of yourdesktops and servers• Use Performance Recorder and Analyzer to optimize bootKey Takeaways
  • Confidential – Internal Use Only
  • Confidential – Internal Use OnlyQ&A• @fdwl• denisg@entisys.com• http://BayCUG.com• http://blog.itbubble.ru