could not block to write registry by application control

I need a solution

Hi.

I made a application control policy.

I want block to write this registry value.

registry key : HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters

value : NV HostName

It is registry about Computer Name.

When it blocked to write if I change the value manually.

But, When I change it on My Computer > Property 

the registry value is change.

Why?

0

Related:

  • No Related Posts

Uncertified Skype for Business audio devices do not behave correctly when used with the HDX RealTime Optimization Pack

Starting with the HDX RealTime Optimization Pack version 2.8, the Realtime Media Engine supplies a way for you to selectively blacklist and whitelist peripherals on the VID: PID level. To do so, find out the correct VID:PID for the HID that you want the RealTime Media Engine to ignore. Once you’ve specified the HID to ignore, that setting works on all RealTime Media Engine platforms: Windows, Linux, Mac, RPi. Functional.

To ignore a specific human interface device, add the following registry string value on the server:

HKEY_CURRENT_USERSOFTWARECitrixHDXRTConnectorMediaEngine

Name: BlacklistedHID

Value format: VID1:PID1;VID2:PID2

Example: 047f:02f7

Example Scenario:

In this scenario, we’re using a Plantronics Savi 720 device. To blacklist this device so it’s not passed to Skype for Business as a composite device, follow these steps:

  1. To locate the VID, connect the headset to any Windows endpoint. In this example, the VID1:PID1;VID2:PID2 is 047f:02f7

User-added image

  1. To ignore the specific human interface device, add this registry string value on server:

    HKEY_CURRENT_USERSOFTWARECitrixHDXRTConnectorMediaEngine

    Name: BlacklistedHID

    Value format: VID1:PID1;VID2:PID2

    For example: 047f:02f7

User-added image

  1. To confirm that you made the change, view the Optimization Pack MediaEngine log.
  2. In the Optimization Pack logs, confirm the device is listed with the correct product ID and blacklist states it’s skipping – Current log location – C:UsersXYZAppDataLocalTempCitrixHDXRTConnectorMediaEngine.Net.20190327.135321175.

    In this example, the line displaying device (047f:02f7 – <USB device path>) is blacklisted in the registry. Skipping… shows that it’s been done.

User-added image

  1. Open Skype for Business and confirm that the SAVI-720 is running as Other Device.

User-added image

Related:

  • No Related Posts

Detection rule off HKEY_CURRENT_ User

I need a solution

I have a detection rule “Registry Key Value” this is looking for:

Registry Key Path: HKEY_CURRENT_USERSoftwareMeditechWrkstnMEDITECH_A

Registry entry: I

Registry Value: MEDITECH_A.chchealth.net

I also have the policy set to run as the current logged on user

One user does have the this reg entry but when logged in as users who don’t have the detection rule still comes back with a success and the policy does not run, any idea why? It seems like its still searching the entire hive instead of just the current user

0

Related:

  • No Related Posts

Virtual Apps – 7.15 Window Server 2016 applications are not launching intermittently after upgrading VMware VM hardware level version from 10 to 13

This issue is resolved by creating below registry key :

This issue disable delete notification using one of these methods:

Using a registry editor, change this key to 1:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlFileSystemDisableDeleteNotification

Use this PowerCLI command:

fsutil behavior set DisableDeleteNotify 1

Related:

  • No Related Posts

Bluefin (Ingenico) IPP320 failing to communicate with Sage Exchange Desktop via ICA Channel Serial COM Port

Configuration consists of 3 parts, Citrix Policies, VDA registry keys and client registry keys.

To configure Citrix Polices:

  1. Navigate to any of the Delivery Controllers in the Site and open Citrix Studio;
  2. In Citrix Studio navigate to the Policies console;
  3. In the Polices console, create new polices or add to existing policy following settings:

3.1 Select Enabled for “Auto Connect client COM ports”

User-added image

3.2 Select Allowed for “Client COM port redirection”

User-added image

3.3 If the policies shows “Disabled”, make sure you enable the policy.

User-added image

On the VDA, using the information from the following Citrix document https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/policies/policies-settings-reference/xad-policies-settings-deprecated.html, create following registry keys:

“AllowComPortRedirection”, and

“AutoConnectClientComPorts”.

On the client machines, please create following registry keys:

HKEY_LOCAL_MACHINESOFTWARECitrixICA Client

Name: CommBufferSize

Type: REG_DWORD

Data: 2048 (maximum value)

As per https://support.citrix.com/article/CTX138197.

HKEY_LOCAL_MACHINESOFTWARE{Wow6432Node}CitrixICAClientEngineConfigurationAdvancedModulesClientComm

Name: WindowSize

Type: REG_SZ

Data: 2048 (maximum value)

Related:

XenApp 7.6 Policy Behavior with PreExisting Registry Keys

Consider the following scenarios:

Version 7.6 LTSR VDA

  • Have no policy setting Legacy Graphics Mode configured
  • Create a REG_DWORD key HKEY_LOCAL_MACHINESOFTWAREPoliciesCitrixGraphicsPoliciesLegacyGraphicsMode and set to 1 on a 7.6 VDA
  • Create a Policy setting to Enable Legacy Graphics Mode and apply it to the VDA
  • Restart the Citrix Desktop Service to force a Policy update
  • SysInternals ProcMon shows that HKEY_LOCAL_MACHINESOFTWAREPoliciesCitrixGraphicsPoliciesLegacyGraphicsMode is queried but no Set action is performed
  • Remove the Policy setting to Enable Legacy Graphics mode
  • Restart the Citrix Desktop Service to force a Policy update
  • ProcMon again shows that HKEY_LOCAL_MACHINESOFTWAREPoliciesCitrixGraphicsPoliciesLegacyGraphicsMode is queried but no Set action is performed
  • HKEY_LOCAL_MACHINESOFTWAREPoliciesCitrixGraphicsPoliciesLegacyGraphicsMode remains set to 1

The registry entry was set prior to the policy engine setting it and once the policy setting no longer applies the registry entry is left unaltered even though no setting in policy currently exists to configure it. This registry entry may be left over from a legacy image where a policy setting it may have applied it or it may have manually been set by script or human interaction. This may result in unexpected behavior until the originating registry key is identified.

Note 1: The LegacyGraphicsMode setting and policy is used as an example here however any computer policy would conceivably experience the same behavior

Note 2: If LegacyGraphicsMode had a policy set to explicitly disable it the registry key would properly be set to 0 which would indeed disable it. This behavior only occurs if the policy setting in question is removed or not defined.

Now compare this to a 7.15 LTSR VDA or later:

Version 7.15 LTSR VDA

  • Have no policy setting Legacy Graphics Mode set.
  • Create a REG_DWORD key HKEY_LOCAL_MACHINESOFTWAREPoliciesCitrixGraphicsPoliciesLegacyGraphicsMode and set to 1 on a 7.15.3000 VDA
  • Create a Policy setting to Enable Legacy Graphics Mode and apply it to the VDA
  • Restart the Citrix Desktop Service to force a Policy update
  • SysInternals ProcMon shows that HKEY_LOCAL_MACHINESOFTWAREPoliciesCitrixGraphicsPoliciesLegacyGraphicsMode is actively set to 1 regardless of its prior setting by CitrixCSEengine.exe
  • Remove the Policy setting to Enable Legacy Graphics mode
  • Restart the Citrix Desktop Service to force a Policy update
  • ProcMon shows that HKEY_LOCAL_MACHINESOFTWAREPoliciesCitrixGraphicsPoliciesLegacyGraphicsMode is deleted by CitrixCseEngine.exe
  • HKEY_LOCAL_MACHINESOFTWAREPoliciesCitrixGraphicsPoliciesLegacyGraphicsMode is removed

In this version regardless of whether the setting was made by an active policy or previously existed in the registry it is deleted if the policy is not configured.

Citrix Engineering evaluated changing the 7.6 behavior to match 7.15 in a future Cumulative Update but has currently decided to instead to document this behavior and leave the 7.6 behavior as is. The reasoning behind this decision is that some customer environments may be unwittingly benefiting from legacy registry entries that the Citrix Policy Engine is not changing because it never set them in the first place. If we were to change this behavior it could cause significant disruption to existing environments if they upgraded to a CU with such a change.

Other mitigations for this behavior are to explicitly set policy settings you want configured in your environment or, under the guidance of Citrix Support, manually delete any Citrix policy registry entries on 7.6 VDA that may have been set outside of the Policy Engine.

As noted above this behavior is also updated in versions 7.15 and higher of the VDA.

Related:

  • No Related Posts

Registry Keys to Check When Published Applications or Desktops Do not Launch or Disappear during Launch

WARNING! Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

Cause 1 – LogoffCheckSysModules registry value incorrectly configured

On the XenApp Server VDA, check the registry for the following key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCitrixwfshellTWI

Name: LogoffCheckSysModules

Type: REG_SZ

Value : (Applications executable name. For example, MYAPP.exe)

If the LogoffCheckSysModules registry value exists, then make sure that it does not contain the executable for the application that the user is trying to launch. If the executable is present in this registry value, remove the executable name from this registry value.

  • This registry value is meant to close out secondary or child processes that a main application will launch but not close upon exit. Putting the main executable for an application under this key can cause it to close out the application before it launches.

Microsoft Remote Desktop Session Host has a similar registry configuration for the same purpose. Make sure the application executable is not included as a value under this key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerSysprocs

Name: (Application’s executable name. For example, MYAPP.exe)

Type: REG_DWORD

Base: Hexadecimal value

Data: 0

Note: If a key exists with the executable name of the application having launch issues, backup the registry key, and then delete it.

Cause 2 – Application not launching in a timely manner

There are a couple registry values that can be tweaked to give the application more time to launch. For example, if you are publishing Explorer, then Explorer will not launch unless LogoffCheckerStartupDelayInSeconds is set to 10 seconds (hexadecimal) or higher.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCitrixwfshellTWI

Name: LogoffCheckerStartupDelayInSeconds

Type: REG_DWORD

Base: Hexadecimal Value

Data: <An integer for the length of time to wait for application start. – Enter the delay time in seconds, up to 10 minutes (600 seconds)>

Note: Start with 10 seconds and move up from there 10 seconds at a time if needed.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCitrixwfshellTWI

Name: ApplicationLaunchWaitTimeoutMS

Type: REG_DWORD

Base: Decimal Value

Data:<desired additional time-out, in milliseconds >

Note: Start with 10000 milliseconds and move up from there to 30000 milliseconds if needed.

Desktop VDAs have an additional registry value that can be tweaked. If a desktop VDA closes before the logon process completes, you can allocate more time to the process. The default for 7.6 and later versions is 180 seconds (the default for 7.0-7.5 is 90 seconds). On the VDA machine (or the master image used in a Machine Catalog), set the following registry value:

HKEY_LOCAL_MACHINESOFTWARECitrixPortICA

Name: AutoLogonTimeout

Type: REG_DWORD

Base: Decimal Value

Data: <specify a decimal time in seconds, in the range 0 to 3600>

Note: This setting applies only to VMs with desktop (workstation) VDAs; Microsoft controls the logon timeout on machines with server VDAs.

Related:

  • No Related Posts

Issue upgrading from Windows 10 1709 to 1809 with DLP

I need a solution

We are in the process of upgrading on Windows 10 machines from 1709 to 1809 and I’ve come across a few machines where the upgrade fails with the lines below in the setuperr.log file.  Running SetupDiag from Microsoft and it recommends removing this registry item and trying the upgrade again which I haven’t done yet.  This issue has happened on very few machines but I’ve looked at systems that completed succesfully and it seems like most of them have had this same info in the log files.

I’ve searched but haven’t found any documentation on what to do with DLP during upgrades so I guess my question is, is there anything I need to be doing with DLP during an upgrade?  I’ll be doing some more testing with this tonight.

2019-04-20 14:21:24, Error                 MIG    Cannot write security information for registry key HKLMSOFTWAREMicrosoftWindowsCurrentVersionDIFxServicesVFSEnc (error 0x00000005)[gle=0x000003f0]
2019-04-20 14:21:24, Error      [0x080782] MIG    CRegistryDataStore::Create: Failed to set reflection key flags for HKLMSOFTWAREMicrosoftWindowsCurrentVersionDIFxServicesVFSEnc[gle=0x00000005]
2019-04-20 14:21:24, Error      [0x080789] MIG    CRegistryDataStore::Create: Failed to set LUA key flags for HKLMSOFTWAREMicrosoftWindowsCurrentVersionDIFxServicesVFSEnc[gle=0x00000005]
2019-04-20 14:21:24, Error                 SP     Error WRITE, 0x00000005 while gathering/applying object: Registry, HKLMSOFTWAREMicrosoftWindowsCurrentVersionDIFxServicesVFSEnc [RefCount]. Will return 0
2019-04-20 14:21:24, Error                 MIG    Error 5 while applying object HKLMSOFTWAREMicrosoftWindowsCurrentVersionDIFxServicesVFSEnc [RefCount]. Shell application requested abort
2019-04-20 14:21:24, Error      [0x08097b] MIG    Abandoning apply due to error for object: HKLMSOFTWAREMicrosoftWindowsCurrentVersionDIFxServicesVFSEnc [RefCount]

Error: SetupDiag reports Migration Gather/Apply operation failure.
Migration Operation: apply
Migration Obejct: HKLMSOFTWAREMicrosoftWindowsCurrentVersionDIFxServicesVFSEnc [RefCount]
Error:  5
Recommend you move or delete the object specified “HKLMSOFTWAREMicrosoftWindowsCurrentVersionDIFxServicesVFSEnc [RefCount]” and try the update again.
 

0

Related:

  • No Related Posts