Alt+Tab Does Not Pass Through the VDI in ICA Session

Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

To resolve this issue change the following registry key on the client machine:

32-bit OS:

Key: HKEY_LOCAL_MACHINESOFTWARECitrixICA ClientEngineLockdown ProfilesAll RegionsLockdownVirtual ChannelsKeyboard

Type: REG_SZ

Name: TransparentKeyPassthrough

Value: Remote

64-bit OS:

HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeCitrixICA ClientEngineLockdown ProfilesAll RegionsLockdownVirtual ChannelsKeyboard

Type: REG_SZ

Name: TransparentKeyPassthrough

Value: Remote

Related:

App Layering Recipe for Java

Licensing Considerations

There are no licensing considerations with Java.

Layering Naming and Versioning

Unidesk recommends including the OS Type and OS bit level in the name, for Example Java Win7x32. For versions remember that when choosing a layer you can see the version name but not the version description. Use naming that will allow you to differentiate versions appropriately. Java is updated frequently so it is recommended to use a format of Date and Time for versions. For example while still in development/testing “2/6/2013 9:57AM QA ONLY”, but when ready for production “2/6/2013 9:57AM”.


Installation Steps

Java can easily be downloaded from http://www.java.com. You can also download the installer and install from a network share if desired.


Updates

Java, by default, will want to automatically update itself. If Java is allowed to do this, the updates will go into the personalization layer and thereby bloat the personalization with unnecessary updates. It is best to turn off automatic updates completely.

Unidesk recommends using Group Policy to disable automatic updates or you can manually set the flag in the registry when building the application layer. If you are using 32-bit Java on a 32-bit system or 64-bit Java on a 64-bit system the key is HKEY_LOCAL_MACHINESoftwareJavaSoftJava UpdatePolicy. The entry is called EnableJavaUpdate and is a DWORD value. Setting the value to 0 will disable automatic updates. If you are using 32-bit Java on a 64-bit system the key is a little different. It can be found at HKEY_LOCAL_MACHINESoftwareWoW6432NodeJavaSoftJava UpdatePolicy. The value is still the same as above.

There is also a java scheduled updater that gets added to the registry that needs to be removed or the updater will still run. It’s in HKLMSoftwareMicrosoftWindowsCurrentVersionRun it runs the jusched.exe file at startup and should be pulled for VDI images or any image that shouldn’t be auto updating.

So the scheduled tasks that sometimes get added would need to be disabled.


Considerations for Non-Persistent Desktops

None

Related:

Error: “Error getting status – Cannot find license file”

To resolve this issue, run the following command from the command prompt. Ensure that the complete path of the MyFiles folder is specified:

lmstat -a -c “C:Program Files (x86)CitrixLicensingMyFiles”

Or

lmstat -a -c “C:Program FilesCitrixLicensingMyFiles”

Note: On 64-bit versions of Windows, there are two folders for application files. All 32-bit applications are installed in Program Files (x86) folder. All 64-bit applications are installed in the Program Files folder.

Related:

Questions on Memory Exploit Mitigation

I need a solution

Hello there,

We are planning to enable MEM protection in our environment with on-prem SEPM. I have gone through a few articles listed below for Memory exploit mitigation but still have a few queries. Can someone please help me on this ? Thanks.

1.  Currently MEM policy is conifgured as “Set the protection action for all techniques to log only” but I don’t find any logs related to MEM in SEPM (Monitors > Logs > Network and Host Exploit Mitigation log type > Memory Exploit Mitigation log content > View Log). Does that mean MEM doesn’t see any exploits from the listed applications ?

2. Does MEM protects both 32 bit & 64 bit applications running on 32 bit or 64 bit operating systems ?

3. I see some posts and articles where MEM blocks the legitimate applications, causing the applications to crash etc.. So MEM detections are more of false positivies ?

4. Is it advisable to enable MEM protection in production environment ?

Articles I checked so far:

https://support.symantec.com/us/en/article.howto127047.html

https://support.symantec.com/us/en/article.howto127057.html#v121578842

https://support.symantec.com/us/en/article.HOWTO127178.html

https://support.symantec.com/us/en/article.TECH251437.html

Let me know if there are any other MEM articles which will be helpful. 

0

Related:

  • No Related Posts

Web Management Console

I need a solution

I am having trouble getting web access to the SEPM console.  I get this warning page when I go to the web access site.  I have tried using Chrome as well and I am still being told I am using a 64-bit version of IE.  How can I use the web console on a 64-bit client?

0

Related:

32 bit SNMP interface counter fetches an invalid response.

32-bit SNMP interface counters (ifInOctets/ifOutOctets) are sourced by hardware statistics retrieved from interface registers.

These counters are valid for MPX/SDX, loopback interface and legacy-emulated(E1000) interfaces in ESX-VPX. But are not valid for VMXNet3 interfaces.

Since hardware statistics retrieval was not supported for PV drivers (VMXNet3), these counters will show Zero for PV interfaces (VMXNet3).

As per RFC2233, High capacity octet counters (expanded 64-bit counters) were adapted for high capacity interfaces operating at speeds higher than 20 million bits per second, in which 32-bit counters do not provide enough capacity and wrap too fast.

“For interfaces that operate at 20,000,000 (20 million) bits per

second or less, 32-bit byte and packet counters MUST be used. For

interfaces that operate faster than 20,000,000 bits/second, and

slower than 650,000,000 bits/second, 32-bit packet counters MUST

be used and 64-bit octet counters MUST be used. For interfaces

that operate at 650,000,000 bits/second or faster, 64-bit packet

counters AND 64-bit octet counters MUST be used.”

Related: