“Please wait for User Profile Services” – Logon delay


Environment

  • Windows Server 2008 R2
  • Citrix XenApp 6.5 RU5

Issue

During users logon to XenApp published applications and published desktops there can be a lengthy delay on “Please wait for the User Profile Services”, it can hang on this for up to 30 secs.

Solution

In the Group Policy Management browse to:

  • Computer Configuration
    • Administrative Templates
      • System
        • User Profiles

Modify the policy setting “Set maximum wait time for the network if a user has a roaming user profile or remote home directory” to “Enabled” and set the value Wait for network for maximum (seconds) to 0.

Slow Logon’s when using Folder Redirection


Environment Windows Server 2008 R2 Citrix XenApp 6.5 RU5

Issue Slow logon speeds into XenApp Published desktop/applications, hangs for a period of time on ‘Applying Folder Redirection Settings’

Resolution On the XenApp Servers, apply the following registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer FolderRedirectionWait (REG_DWORD) = 0

Further details – http://support.citrix.com/article/CTX133595/

Automatically deploy SSL Certificates to Users profile


1. Deployment ScriptsUpdate the variables between <……>

Script 1 – ImportPFX.vbs

Set objShell = CreateObject(“Wscript.shell”)objShell.run(“powershell -executionpolicy bypass -windowstyle hidden -file \\<domain>\netlogon\Certificates\ImportPFX.ps1”)

 

Script 2 – ImportPFX.ps1

function Import-PfxCertificate {

param([String]$certPath,[String]$certRootStore = “CurrentUser”,[String]$certStore = “My”,$pfxPass = $null)

$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

if ($pfxPass -eq $null) {$pfxPass = read-host “Enter the pfx password” -assecurestring}

$pfx.import($certPath,$pfxPass,”Exportable,PersistKeySet”)

$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)

$store.open(“MaxAllowed”)

$store.add($pfx)

$store.close()

}

#*=============================================================================

#* SCRIPT BODY

#*=============================================================================

# Call the “Import-PfxCertificate” function.

Import-PfxCertificate “<path to certificate>\<Certificate.pfx>” “CurrentUser” “My” “<password>

Import-PfxCertificate Command Syntax

Import-PfxCertificate

<path to certificate>\<Certificate.pfx>” = Location of the Certificate File

“CurrentUser”                                                        = Personal User Store

“My”                                                                           = Personal Cert Store

<Password>”                                                       = Password of the PFX Certificate

2. Deploy Script via GPO

I created an additional GPO and modified the Logon Script path to run the vbs file above.

User Configuration > Policies > Windows Settings > Scripts > Logon

– Script Name: \\<domain>\NETLOGON\Certificates\ImportPFX.vbs

2a. Apply Security to GPO

In our case we wanted to deploy the certificates to users in a certain AD Group.

Follow this procedure exactly otherwise the GPO won’t apply

  1. Under Security Filtering leave Authenticated Users, do not remove!!
  2. Click Delegation tab
  3. Click Advanced button
  4. Select Authenticated Users, untick ‘Apply Group Policy’ under Allow only
  5. Add in AD Group, tick ‘Apply Group Policy’ under Allow
  6. If you go back to Security Filtering you’ll notice Authenticated Users has now gone and your AD Group is listed, don’t worry about this..

“The display settings can’t be changed from a remote session”


Issue

When selecting “Make text and other items larger or smaller” the option is greyed out and displays “The display settings can’t be changed from a remote session”.

Yet another option Microsoft has removed the ability to do. This option was available in Windows 2003 Terminal Services.

Resolution

Microsoft have released a hotfix that re-enables this option again for users

http://support.microsoft.com/kb/2726399

Hide ‘Administration Tools’ from users Start Menu


Add the following keys into GPO Perferences

HKEY_LOCAL_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

“StartMenuAdminTools”=dword:00000000

“Start_AdminToolsRoot”=dword:00000000