SYN507: Reducing desktop infrastructure management overhead using “old school” tactics


Published on

SYN507: Reducing desktop infrastructure management overhead using “old school” tactics
Slides from #CitrixSynergy 2013 #GeekSpeak

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • I’m going to talk about old school, so let’s make slides look older first!
  • We will talk about Tools that are available from MicrosoftTools that will help you in your day-to-day workTools that will help with Windows XP Migration
  • Disclaimer:Free software doesn’t mean that it’s totally free, please read EULA each time when you download anything from any website
  • Disclaimer:Free software doesn’t mean that it’s totally free, please read EULA each time when you download anything from any website
  • Hard to find required info
  • Query for combining PVS Logs
  • EVENTS: Find All Remote Logons
  • Typical output of XenServer logging
  • Query that transform unreadable XenServer output into CSV format
  • Event Comb allows you to:Define either a single Event ID, or multiple Event IDs to search forDefine a range of Event IDs to search forLimit the search to specific event logsLimit the search to specific event message typesLimit the search to specific event sourcesSearch for specific text within an event descriptionDefine specific time intervals to scan back from the current date and timeFor a complete set of features
  • Gather specific events from event logs from several different computers into one central location Specifying the Event Logs and Event Types to SearchEvent LogsSystemApplicationSecurityEvent typesError Informational WarmingFor more details on Auditing and monitoring
  • Xpirience Windows XP and Metaframe XP delivering Microsoft Office XP Running on AMD Athlon XP Processor
  • Everyone need to migrate from Windows XP
  • Can we migrate to MacOS or Linux??
  • No, we can’t migrate to fancy-looking OS, there is no LOB apps there
  • Ok, we trying to migrate, first problem that we see there is installation failure
  • If installer built using MSI, try to enable logging and use Wilogutl.exe from SDK
  • When you will find the root cause of error, use orca to edit MSI
  • When ORCA is not enough, use WiX toolset
  • Example of WiX file for creating msi with a root cert
  • Use free tools to edit XML
  • Use the same free tools for creating UPM Cross-Platform files
  • requireAdministratorThe application runs only for administrators and requires that the application be launched with the full token of an administrator asInvokerThe application runs with the same token as the parent processhighestAvailableThe application runs with the highest privileges the current user can obtain
  • Windows ADK OverviewKey Messages:Collection of assessment and deployment tools to aid in the deployment of Windows 8Required for any automated Windows 8 operating system deployment using the MDT and/or the Operating System Deployment (OSD) feature in System Center 2012 Configuration Manager Keep the discussion brief as this is not the primary focus of the sessionThe Windows ADK is a collection of assessment and deployment tools that aid in the deployment of Windows 8.These tools are required for any automated Windows 8 operating system deployment using the MDT and/or the OSD feature in System Center 2012 Configuration Manager.Each of the tools in the Windows ADK will be discussed in separate slides.
  • So, there a tons of shims, how to choose the right one?
  • Use SUA
  • Or LUABudLight from Aaron Margosis
  • How to deal with slow logons?
  • Xperf command line for troubleshooting slow logons. Not easy?
  • Use WPA
  • Windows Assessment Console Create consistent metrics from systems with reproducible targeted testsAssessmentsShow the results and issuesDemoStartStart > All Programs>Windows Kits>Windows ADK>Windows Assessment ConsoleHome tab Introduce Jobs, Details, Results, and RunRun a jobResults tab Introduce Chart and Table, Issues and detailsLink to Windows Performance Analyzer
  • Easily create a collection of most useful assessments Start a new jobSelect assessments Configure the settingsSave
  • There is a lot of free tools available from Microsoft, some of them are well-known, such as Resource Kits and Support tools for Windows. Lot of tools like where.exe, ktlist, robocopy or taskkill were included with the latest version of windowsResource Kits, Support Tools, Administration Kits and RSATSysinternals Development Kits (SDK)Blah Kits and Yada YadaYada ManagerWindows Assessment and Deployment Kit (ADK)Windows Automated Installation Kit (AIK)Application Compatibility Toolkit (ACT)Enhanced Mitigation Experience Toolkit (EMET)Deployment Toolkit (MDT)Business Desktop Deployment (BDD)Security Compliance Manager (SCM)Assessment and Planning (MAP) Toolkit
  • SYN507: Reducing desktop infrastructure management overhead using “old school” tactics

    1. 1. Denis GundarevSenior ConsultantEntisys SolutionsSYN507: Reducing desktopinfrastructure managementoverhead using “old school” tactics
    2. 2. SYN507: Reducing desktopinfrastructure managementoverhead using “old school”tacticsDenis GundarevSenior ConsultantEntisys Solutions
    3. 3. About meC:>whoami /allUSER INFORMATION----------------User Name Twitter E-Mail============== ============ ==================ENTISYSdenisg @fdwl DenisG@entisys.comGROUP INFORMATION-----------------Group Name Type SID====================================== ================ =================BUILTINGeeks Mandatory group S-1-5-32-540Mandatory LabelCrazy Russian Label S-1-16-8192COMMUNITYBay Area Citrix User Group Well-known group S-1-5-32-544COMMUNITYRussia Citrix User Group Well-known group S-1-5-32-545
    4. 4. AgendaOverviewLog file analysisWindows migrationWindows InstallerUser Account ControlApplication CompatibilityPerformance and Assessment ToolkitsQ&A
    5. 5. Old School != Outdated
    6. 6. “Free” Tools DisclaimerTANSTAAFL**"There aint no such thing as a free lunch"
    7. 7. “Free” Tools DisclaimerTANSTAAFL**"There aint no such thing as a free lunch"
    8. 8. Log File Analysis
    9. 9. Log Analysis• Tons of data– i.e. PVS logs can produce 10 Mb/minute• Different sources and formats– CDF Tracing– Windows Event Logs– Procmon– Wireshark– Text log Files
    10. 10. Log Parser Input Formats• IIS log files (W3C, IIS, NCSA, Centralized Binary Logs, HTTPError logs, URLScan logs, ODBC logs)• Windows Event Log• Generic XML, CSV, TSV and W3C - formatted text files• Windows Registry• Active Directory Objects• File and Directory information• NetMon .cap capture files• Extended/Combined NCSA log files• ETW traces
    11. 11. SQL-Like EngineSELECTEXTRACT_FILENAME (Filename) as FileName,date as date,level as level,message as messageINTO [OUTPUTFILE]Errors.csvFROM [LOGFILEPATH]order by date DESC
    12. 12. SQL-Like EngineSELECTtimegenerated,EXTRACT_TOKEN(Strings,1,|) AS Domain,RESOLVE_SID(EXTRACT_TOKEN(Strings,0,|)) AS User,EXTRACT_TOKEN(Strings,3,|) AS SessionName,RESOLVE_SID(EXTRACT_TOKEN(Strings,4,|)) ASClientName,EXTRACT_TOKEN(Strings,5,|) AS ClientAddress,EventIDFROM SecurityWHERE EventID=4624 /* xp/2003 = 682 */ORDER BY timegenerated
    13. 13. SQL-Like EngineSELECT strFileName,dEventtime,strEventtype,strHostname,intThreadid,strThreadname,strThreadmessage,strSessiontype,strSessionid, strModule,strEventdataUSINGEXTRACT_FILENAME (logfilename) AS strFilename,EXTRACT_SUFFIX(Text,0,]) AS strEventdata,EXTRACT_SUFFIX(EXTRACT_PREFIX(Text,0,]),0,[) AS unparsedMeta,EXTRACT_TOKEN(unparsedMeta,0,|) AS unparsedDate,TO_TIMESTAMP(unparsedDate,yyyyMMdd?hh:mm:ss.ll?) AS dEventtime,EXTRACT_TOKEN(unparsedMeta,1,|) AS strEventtype,EXTRACT_TOKEN(unparsedMeta,2,|) AS strHostname,EXTRACT_TOKEN(EXTRACT_TOKEN(unparsedMeta,3,|),0, ) AS intThreadid,EXTRACT_TOKEN(EXTRACT_TOKEN(unparsedMeta,3,|),1, ) AS unparsedthreadname,CASE unparsedthreadnameWHEN NULL then N/AELSE unparsedthreadnameEND AS strThreadname,EXTRACT_TOKEN(unparsedMeta,4,|) AS unParsedThreadmessageAndSessionID,REPLACE_IF_NOT_NULL(LAST_INDEX_OF(unParsedThreadmessageAndSessionID,D:),1) AS sessD,REPLACE_IF_NOT_NULL(LAST_INDEX_OF(unParsedThreadmessageAndSessionID,R:),2) AS sessR,COALESCE(sessD,sessR,0) AS intSessionType,case intSessionTypeWhen 0 THEN N/AWhen 1 THEN DynamicWhen 2 THEN RealEND AS strSessiontype,case intSessionTypeWhen 0 THEN unParsedThreadmessageAndSessionIDWhen 1 THEN EXTRACT_TOKEN(unParsedThreadmessageAndSessionID,0, D:)When 2 THEN EXTRACT_TOKEN(unParsedThreadmessageAndSessionID,0, R:)END AS strThreadmessage,case intSessionTypeWhen 0 THEN N/AWhen 1 THEN EXTRACT_TOKEN(unParsedThreadmessageAndSessionID,1, D:)When 2 THEN EXTRACT_TOKEN(unParsedThreadmessageAndSessionID,1, R:)END AS strSessionid,EXTRACT_TOKEN(unparsedMeta,5,|) AS strModuleINTO [OUTPUTFILE]XenServer.csvFROM [LOGFILEPATH]WHERE dEventtime is NOT NULLORDER BY dEventtime
    14. 14. Log Parser Output Formats– Write data to text files in different formats(CSV, TSV, XML, W3C, user-defined, etc.)– Send data to a SQL database– Send data to a SYSLOG server– Create charts and save them in either GIF or JPGimage files– Display data to the console or to the screen
    15. 15. How To Use Log Parser• From command line– check the help file• From PowerShell–• As scheduled task• In your scripts– Set oLogQuery = CreateObject("MSUtil.LogQuery")• From Log Parser Studio–
    16. 16. EventCombMT
    17. 17. EventCombMT
    18. 18. Account Lockout Management
    19. 19. Log Analysys• Log Parser 2.2 -• Log Parser Studio -• EventCombMT and AccountLockout tools -
    20. 20. Windows Migration
    21. 21. Once upon a time…
    22. 22. 12 years later…..
    23. 23. 31
    24. 24. 32
    25. 25. Installation
    26. 26. 34Wilogutl.exe• Assists the analysis of log files from a Windows Installerinstallation, and it displays suggested solutions to errors that arefound in a log file• Available in the Windows SDK• Msiexec /i BadApp.msi /l*v c:tempBadApp.log
    27. 27. 35Wilogutl.exe
    28. 28. 36Wilogutl.exe
    29. 29. 37Wilogutl.exe
    30. 30. 38Orca
    31. 31. 39Orca
    32. 32. 40Windows Installer Transforms• Generic way to customisean installation• A Transform describes the delta between the original MSIpackage and the customised version– Saved to an .MST file– Is applied on the fly
    33. 33. 41Orca• MSI Database Editor• When to use?– Removing launch conditions– Un-advertising shortcuts– Changing install levels for features– Creating transforms–
    34. 34. 42WiX Toolset• Builds Windows Installer (MSI) packages from XML• Integrates with Visual Studio• Can decompile MSI• Can be used to repackage your apps• Create packages for Merchandising Server–• GUI is available–
    35. 35. 43WiX’s Simple Syntax <?xml version="1.0" encoding="utf-8"?><Wix xmlns=""><Product Id="{2445FCA1-F833-4C97-87A2-618A4AE1EAB7}" Language="1033" Manufacturer="IT Bubble" Name="IT BubbleCertificates" UpgradeCode="{2A124791-AAD0-4BE9-A719-3DEED3A49041}" Version=""><Package Comments="This installer database contains the logic and data required to install IT BubbleCertificates." Compressed="yes" Description="IT Bubble Root Certs" InstallerVersion="200" Languages="1033"Manufacturer="IT Bubble" Platform="x86" /><Binary Id="ITB.cer" SourceFile="binBinaryITB.cer" /><Directory Id="TARGETDIR" Name="SourceDir"><Directory Id="ProgramFilesFolder" Name="PFiles"><Directory Id="IT BubbleCert" Name="IT BubbleCert"><Component Id="IT BubbleCert" Guid="{22AA9F50-0CA6-491F-AC1B-B0FD00BEF0A1}" KeyPath="yes"><Certificate Id="Certificate.RootCA" Name="ITB.cer" StoreName="root"StoreLocation="localMachine" Overwrite="yes" BinaryKey="ITB.cer" xmlns=""/></Component></Directory></Directory></Directory><Feature Id="IT BubbleCert" Level="1" Title="IT BubbleCert"><ComponentRef Id="IT BubbleCert" /></Feature><Property Id="ALLUSERS" Value="1" /></Product></Wix>
    36. 36. 44XML Notepad 2007• Free XML Editor with Syntaxcheck•
    37. 37. 45XMLNotepad & Profile Management
    38. 38. 46 |User Account Control
    39. 39. Every time you disable UAC…Steve Ballmer kills a kittenPlease, think of the kittens
    40. 40. Every time you:•Modifying ACLs on Program Files orHKLM•Making user a local admin•Just give usersSeBackup, SeRestore, SeCreateGlobaland SeLoadDriver privileges, but keepthem as standard users
    41. 41. Why Applications Are Asking For Elevation?• Some apps are old and doesn’t have embedded manifest• Some apps trying to write to Program Files or HKLM• App is not signed• Some developers are just lazy
    42. 42. Manifests• XML file that contains parameters required for .exe or .dll to run• May contain list of required components or supported OS• May configure the need for elevation per file:• asInvoker• highestAvailable• requireAdministrator• Can be External or Internal• Use mt.exe from the SDK to inject a manifest• Use SigCheck.exe from SysInternals to view the manifest
    43. 43. UAC Manifests<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity type="win32" processorArchitecture="*" version=""name="MyApplication.exe"/><description>MyApplication</description><ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2"><ms_asmv2:security><ms_asmv2:requestedPrivileges><ms_asmv2:requestedExecutionLevellevel="asInvoker||highestAvailable||requireAdministrator"/></ms_asmv2:requestedPrivileges></ms_asmv2:security></ms_asmv2:trustInfo></assembly>
    44. 44. UAC Virtualization• Applications without manifest will be virtualized by default
    45. 45. File Virtualization Implementation• File system virtualization is implemented in a file system filter driver, luafv.sysLuafv.sysNtfs.sysVirtualizedApplicationUser ModeKernel ModeWindowsApp.iniUsers<user>AppDataLocalVirtualStoreWindowsApp.iniNon-VirtualizedApplicationWindowsApp.iniAccess Denied
    46. 46. Virtualized Files• Redirected file system locations:• %ProgramFiles%• %AllUsersProfile% (ProgramData – what was Documents and SettingsAll Users)• %SystemRoot% (Windows)• %SystemRoot%System32 (WindowsSystem32)• Exceptions:• Files that have executable extensions (.exe, .bat, .vbs, .scr, etc)• Prevents masking of system executables for servicing and security• Exceptions can be added or removed in HKLMSystemCurrentControlSetServicesLuafvParametersExcludedExtensionsAdd or ExcludedExtensionsRemove• Per-user virtual root:• %UserProfile%AppDataLocalVirtualStore• Troubleshooting file virtualization• Event Log: UAC-FileVirtualization• Note: Virtual files do not roam with Roaming Profiles
    47. 47. Registry Virtualization• Virtualizes most locations under HKLMSoftware• Keys that are not virtualized:• HKLMSoftwareMicrosoftWindows• HKLMSoftwareMicrosoftWindows NT• HKLMSoftwareClasses• Per user location: HKCUSoftwareClassesVirtualStore• Flag on a registry key defines if it can be virtualized• “Reg flags HKLMSoftware” shows flags for HKLMSoftware
    48. 48. Useful tools• Microsoft Windows Software Development Kit (SDK)• mt.exe – embed manifests• signtool.exe – Sign Executables
    49. 49. Assessment and Deployment Kit
    50. 50. 59Assessment and Deployment Kit
    51. 51. 60Assessment and Deployment Kit• Combines Windows Automated Installation Kit(AIK) and OEM Preinstallation Kit (OPK)• Integrates tools that used to be separatedownloads• Adds new assessment tools• Contains lots of stuff…•
    52. 52. 61ADK Tools• Application Compatibility Toolkit– Application Compatibility Manager– Compatibility Administrator– Standard User Analyzer• Deployment Tools– BCDBoot, BCDEdit, Bootsect– DISM (and ImageX)– OSCDImg– WDSMCAST– Windows System Image Manager• User State Migration Tool– Scanstate– Loadstate– UsmtUtils• Volume Activation ManagementTool• Windows PE– CopyPE– SetSANPolicy– MakeWinPEMedia• Windows Performance Toolkit– Wpa– Wpr– XBootMgr• Windows Assessment Services• Windows Assessment Toolkit
    53. 53. 62What is in ACT?• Application Compatibility Manager– Helps to create and analyse applications• Standard User Analyser– Easy to use GUI to create shims• Windows Application Verifier– Checks application for potential compatibility issues• Windows Compatibility Administrator– helps you select and apply compatibility fixes
    54. 54. 63Application Compatibility Manager
    55. 55. 64Application Verifier
    56. 56. 65Introduction to Shims
    57. 57. 66What Are Shims?• Applied to specific apps– Configured with Compatibility Administrator in the App Compat Toolkit– Deployable to enterprise• Changes what the app thinks it sees• Does not change what app is allowed to do
    58. 58. 67What Are Shims Good For?• Great for many kinds of bugs:– Bad Windows version checks– Writing to HKCR at runtime– Unnecessary checks for “am I admin?”– Writing to WRP-protected keys and files– Windows thinks your app is an installer– File/Registry redirections
    59. 59. 68Version Lie Shims• Win95VersionLie• WinNT4SP5VersionLie• Win98VersionLie• Win2000VersionLie• Win2000SP1VersionLie• Win2000SP2VersionLie• Win2000SP3VersionLie• WinXPVersionLie• WinXPSP1VersionLie• WinXPSP2VersionLie• Win2K3RTMVersionLie• Win2K3SP1VersionLie• VistaRTMVersionLie• VistaSP1VersionLie• VistaSP2VersionLie• Win7RTMVersionLie
    60. 60. 69Most Used Shims• VirtualRegistry– Fixes the problem withreading/writing registry value– AddRedirect ( HKLMKey ^HKCUKey ^ HKLMKey2 ^HKCUKey2)• CorrectFilePaths– Fixes the problem withreading/writing a file– c:Program.ini=%AppData%Program.ini• WRPRegDeleteKey– Lie when app tries to deleteprotected OS registry key• ForceAdminAccess– Spoofs queries of administratorgroup membership• VirtualizeDeleteFile– Spoofs deletion of global file• LocalMappedObject– Forces global section objects intouser’s namespace• VirtualizeHKCRLite, VirtualizeRegisterTypeLib– Redirects global registration of COMobjects
    61. 61. 70Compatibility Administrator
    62. 62. 71Warning MessagesCitrix Confidential - Do Not
    63. 63. 72Compatibility Administrator• Used to create advanced shims• Can be used to create a warning messages• Windows 8 contain 7239 apps in a AppCompat database• Shims can be installed using %windir%system32sdbinst.exeutility• About 400 shims available
    64. 64. 73Citrix Confidential - Do Not
    65. 65. 74Standard User AnalyzerCitrix Confidential - Do Not
    66. 66. 75Standard User AnalyzerCitrix Confidential - Do Not
    67. 67. 76LUABudLightCitrix Confidential - Do Not
    68. 68. 77Why Applications Are Asking For Elevation?• Some apps really need it
    69. 69. Performance and AssessmentToolkits
    70. 70. Assessment and Deployment Kit
    71. 71. Xperf• Was a part of Windows 7 SDK• Grab process lifetimes• Captures and analyzes information to help troubleshoot Windowsperformance issues– Slow boot– GPO processing delays– Application performance issues– Slow services– Ugly minifilter drivers
    72. 72. Xperf
    73. 73. Xperf
    74. 74. Xperf
    75. 75. XperfC:>xperf -on base+latency+dispatcher+NetworkTrace+Registry+FileIO -stackWalk CSwitch+ReadyThread+ThreadCreate+Profile -BufferSize 128 -startUserTrace -on "Microsoft-Windows-Shell-Core+Microsoft-Windows-Wininit+Microsoft-Windows-Folder Redirection+Microsoft-Windows-UserProfiles Service+Microsoft-Windows-GroupPolicy+Microsoft-Windows-Winlogon+Microsoft-Windows-Security-Kerberos+Microsoft-Windows-UserProfiles General+e5ba83f6-07d0-46b1-8bc7-7e669a1d31dc+63b530f8-29c9-4880-a5b4-b8179096e7b8+2f07e2ee-15db-40f1-90ef-9d7ba282188a" -BufferSize 1024-MinBuffers 64 -MaxBuffers 128 -MaxFile 1024
    76. 76. Windows 8 ADK• Windows PerformanceAnalyzer replaces xperview• Windows PerformanceRecorder replacesxbootmgr– Also replaces xperf tracecapture functionality• xperf command line actionsremain in WPT
    77. 77. Windows ADK
    78. 78. Windows Assessment Console and Engine
    79. 79. Windows Assessment Console and Engine
    80. 80. System assessment basics• System assessment is a process that uses the ADK tools tomeasureand analyze a PC• Assessments are core functionality tests• Combinations of these tests provide additional measures of theentire PC experience• Quality expectations are changing• Software + hardware + Windows = PC experience• The way we measure PC quality must also change
    81. 81. System assessments• CheckLogo and driver assessments• File handling• Photo handling• Internet Explorer launch/tab create• Hybrid boot• On/off assessments (boot/shutdown/S3/S4)• Browser assessment• Media transcode performance• Metro performance• Memory footprint• First boot experience• Media streaming• WinSAT comprehensive• Battery life (and idle efficiency analysis)• MiniFilter driver performance impact(option for other assessments)• Internet browsing workload for batterylife assessment• Windows Media Player performanceand quality
    82. 82. What Metrics are captured by the Assessment• Both Boot and Shutdown durations are captured using Event Tracingfor Windows (ETW)..• Process level details such as CPU and Disk utilization are alsoprovided.• Assisted Performance Diagnostics identifies potentially problematicperformance issues.
    83. 83. • Run the assessments on computers withoutdownloading the ADK on all systems.
    84. 84. • Use Log Parser to combine or transform log files• Use Manifests to control UAC behavior and enable UACVirtualization• Use Application Compatibility Administrator to “patch” yourapplications• Use Assessment Engine to compare performance of yourdesktops and servers• Use Performance Recorder and Analyzer to optimize bootKey Takeaways
    85. 85. Confidential – Internal Use Only
    86. 86. Confidential – Internal Use OnlyQ&A• @fdwl•••