This is mainly of use to people running remote desktop services or citrix xenapp and wanting to hide Libraries or Favorites from Explorer and from file dialog windows for all users.
You can do this a number of ways, but using the tool here is the easiest way I’ve found. It only requires you to log out and log back in again to see the change.
It’s per server, and sets it for all users. You can also easily change it back.
unzip it and run from a command line
wenpcfg /HideLibraries /HideFavorites
If you use Terminal Services (TS) to connect to a virtual machine running a terminal server, and you have the roaming profiles feature enabled, TS caches your profile in the virtual machine for the duration of your TS session. When you log off at the end of the session, TS tries to rewrite your profile to the roaming profile server.
If you also have the VMware shared folders feature enabled in the virtual machine, TS tries to copy the filehgfs.datback to the roaming profile server. This operation fails because VMware Tools keeps the file open with exclusive access; the file cannot be accessed by the Windows guest. This results in the error.
You can work around the problem by changing a value in this registry key:
The workaround disables the VMware shared folders feature in the virtual machine. Since the feature is not supported by ESX Server or GSX Server, disabling it is not a problem. However, if you migrate the virtual machine to Workstation, you will not have access to VMware shared folders unless you re-enable the feature.
Caution: This procedure involves modifying the registry. Incorrect changes to the registry can leave your system unstable or unable to run. Always back up the registry before editing it and exercise caution in making changes to the registry. VMware takes no responsibility for problems that may arise.
- Access the Windows Registry. Click Start > Run, type regedit, then click OK. The Registry Editor window opens.
- Navigate toHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order.
- Right-click ProviderOrder and choose Modify. In the Edit String Value dialog box, edit the value data string and remove the word hgfs, vmhgs, or vmhgfs).
- If the value data string contains LanmanWorkstation,hgfs, LanmanWorkstation,vmhgs, or LanmanWorkstation,vmhgfs, change it to LanmanWorkstation.
- If the value data string contains only hgfs or vmhgfs, erase it and leave the value data string empty.
- Click OK.
- Close the registry editor. Choose File > Exit.
- Reboot the virtual machine.
If you ever want to re-enable the VMware shared folders feature, add ,hgfs, ,vmhgs, or ,vmhgfs to the end of the value data string, or set the string to hgfs, vmhgs, or vmhgfs if it is empty. Alternatively, you can reinstall VMware Tools, using the Complete option to re-enable shared folders.
Why is this so hard to find? I’ll leave it here in case anyone needs it.
When launching an RDP or ICA (Direct) Desktop connection on servers with XenApp 6.0 installed, non-administrative users receive the error listed below.
“The desktop you are trying to open is currently unavailable. Contact your
administrator to confirm that the correct settings are in place for your client
RDP Startup Program connections also fail with a similar error message.
Non-administrative users are able to launch published applications successfully with the Citrix Online Plug-in.
The Citrix default setting that restricts non-administrative users to launching only published applications was moved from the ICA and RDP listener properties in Terminal Services Configuration to Citrix Policies in XenApp 6.0. The new policy settings for ICA connections allow the administrator to limit user connections for desktop as well as published applications.
Change the default unfiltered User policy settings for ICA in the Delivery Services Console as follows:
- Click Policies.
- Click the User tab (you will see the default unfiltered policy).
- Click the Settings tab in the lower pane to access the default policy settings.
- Click ICA in the Categories window.
To allow non-administrative users to connect to the server desktop:
- Click the Add link for Desktop launches.
- Select Allowed and click OK.
To allow non-administrative users to launch any application during client connection:
- Click the Add link for Launching of non-published programs during client connection.
- Select Enabled, and then click OK.
If you’ve been noticing that as soon as you log on you are getting a black screen inside the ICA session window then you can try applying the following registry hack. It worked for me.
Add the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Logon
On a recent visit to what will remain an unnamed office I find not one but three separate signs asking people not to urinate on the toilet seats in the stalls of the gents bathrooms. I have no idea what’s in the ladies.
You think this would be a pretty simple problem to overcome, but the way they have gone about it immediately tells me about the kind of company this is.
Let me start by showing you the signs.
The first one is a passive aggressive cartoon asking you to “man up” and “clean up your mess”. It actually shows a cartoon of young boy sitting down. Apparently he was born to ride. Ride what I’m not too sure.
How you manage to get urine on the seat while sitting is something I haven’t put a lot of thought into, but it’s not something I’ve ever done either.
What this tells me is that even if this company does identify the problem, they don’t seem to have any idea what caused it. It’s pretty obvious that they don’t have young children working for them. It’s also pretty obvious that the problem isn’t created by people sitting down to pee. So why choose that graphic to address the issue?
The second sign is a bit more to the point.
This also tells me something about the company. Namely, there is no collaboration. If there was, we wouldn’t need sign number 1. This sign identifies the problem, offers yet another rhyming solution, and chastises you for being a filthy animal.
By correctly identifying that sitting down to pee is the solution rather than the problem, it just makes sign number 1 look even more stupid. It still doesn’t actually solve the problem though. But then neither does sign number 3.
Sign number 3 is neither rhyming nor passive aggressive. Obviously made by a separate team to signs 1 and 2. Yet another insight into this company, multiple people working to achieve the same outcomes with no knowledge of each other or what they are doing. Sign number 3 does the best job, but it still doesn’t actually solve the problem.
Where they went wrong:
Asking an end user to change their behaviour almost never works. It’s most often easier to design a system that simply does not allow them to perform the action you do not wish them to perform. (in case of urination see The Fly in the Urinal, available for purchase in thermal decal format here)
In this case, the company doesn’t want people to urinate on the seats, which is understandable, as it is disgusting, a fact they have quite correctly picked up on.
Instead of creating an environment where it is difficult to urinate on the seats, they have tried to change the behaviour of multiple individuals using 3 signs delivering mixed messages.
What should they have done:
Replaced the toilet seats with ones that stand up on their own.
I’ve just been reading an article on Asymmetric Insight over on You Are Not So Smart which pretty much perfectly explains why nothing ever gets done in large organisations and why every group thinks they are so much better than every other group.
As soon as you get big enough that you start to silo your workforce off into dedicated teams that never talk to each other, you get this kind of behaviour. Especially when you’re competing for resources, such as IP addresses, bandwidth and open ports.
The only way to combat this kind of thing happening is to hold group exercises where everyone gets to know the people they need to work with in the other groups. Without this, anyone who isn’t in your group tends to be considered the enemy, and once you get to that point things very quickly spiral out of control.
Rather than doing work, your caught up in a game of politics where everyone is trying to score points and put the other side down. I’ve been there more times that I’d like to recall, and it’s not a fun environment to get caught up in.
It’s also incredibly hard to change the way people think, so once it gets to this point you’re pretty much stuck unless you start holding once a month intensive inter group meetings to try and get everyone on the same side, or fighting a common enemy, in this case inefficiency inherent in large systems.
So next time you you read an email from networks as to why they can’t provision you a class A sub-net for your test environment and you write them off as being a bunch of jerks, stop and think why it is that you’ve come to form that opinion. They are probably thinking the same thing about you.
Something that I’ve never really spent a lot of time thinking about is how DFS knows which file server to send you to when you’ve got a bunch of them in different physical locations but all in the same namespace. Turns out, if you haven’t defined these locations in AD Sites and Services, it doesn’t have a clue. Hence people at some of our newest sites are getting randomly sent to inappropriate servers for their location because AD has no idea where they are. Keep your sites up to date or face having to explain why people in one state are saving their files to a server in another.