On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go;
Solution
If you do not already have one, create a group for your users.
Add the users, (as appropriate).
On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your users are in multiple OU’s, then after you have created the policy simply ‘Link‘ it to the applicable OUs).
Edit the policy.
User Configuration > Preferences > Windows Settings > Drive Maps > New > Mapped Drive > Action = Create > Location = Set the UNC path to the mapped drive > Tick ‘reconnect’ > Label as ‘What you want the user to see it called’ > Select the drive letter you want > Apply > OK > Close the policy editor.
With the policy selected > Delegation. > Advanced > Authenticated Users > REMOVE ‘Apply Group Policy’.
ThinApp is an “Odd” VMware product, insofar as it’s got nothing to do with virtual machines or virtual technology. It’s a product that turns applications into “Stand alone” thin applications, that can be sent to a user and ran without the need for that user to have administrative access, or the need to install anything.
ThinApp was a product called Thinstall that VMware purchased and “re-badged”, you get a free copy with VMware View 5 (Premier Edition). And it ships with a copy of VMware workstation. (Not because it needs a copy, but VMware recommends you use a clean virtual machine to create your ThinApps on).
If you’ve ever used sysdiff in the past or Novell Zenworks for Desktops, you will be familiar with the process, take a ‘scan’ of a clean machine, then install application(s), then carry out another ‘scan’. The software then works out the ‘difference’ and uses that information to build a software package.
In the example below I’m going to create a stand alone version of Google Chrome, that is pre configured, and has Java already installed, and finally deploy that as a single executable file.
Solution
1. It’s recommended that you create your ThinApp on the oldest operating system that it might be deployed on, so here I’m creating a virtual machine in VMware workstation that’s running Windows XP.
2. When built remove any hardware that will not be needed, like the floppy drive, and the USB Controller (Edit > Settings).
3. Installing ThinApp is pretty straightforward, simply run the executable and follow the on screen prompts the only thing to note is; when you enter your licence key, be aware the name you enter will display on the “splash screen” as your ThinApp loads (as shown).
4. Once your reference machine is setup, take a snapshot of it, so you can roll back to this point to create further ThinApps on this clean machine (VM > Snapshot > Take Snapshot).
5. Run the ThinApp Setup Capture > Next > Prescan > This will take a few minutes > When finished simply minimise the window you are finished with it for now. Note: Don’t worry if the application you are installing requires a reboot, ThinApp is clever enough to cope with that.
6. Now install and configure the application you require, in this case Google Chrome. I’m also installing Java, and setting the default homepage to the Google search page.
7. When the application is installed to your liking, maximise (or open the capture if you’ve rebooted) and select ‘Postscan’ > OK.
Note: Before running Postscan make sure you delete any installer files downloaded, any icons from the desktop you do not want deployed in the ThinApp, and empty the recycle bin (you don’t want all that stuff captured, when creating your ThinApp).
8. Make sure only the executable you require is ticked as an entry point > Next > At the Horizon App Manage Page > Next.
9. In a domain environment you can restrict ThinApp access to particular users or groups > Next.
10. Set the isolation mode as required, for most cases it will be ‘Full’ > Next.
11. Select the option to store the sandbox in the user profile > Next > Select whether you want to provide statistics to VMware > Next.
12. You will see this screen ONLY of you are capturing a browser. This is used if you have a particular website that will only run in IE6, or Firefox etc. So that only when URL’s enters listed here are accessed (either directly or from a hyper link) the ThinApp browser will open them, all other URL’s will be opened by the default browser. It’s a cool feature but not one I’m using > Next.
13. Give your ThinApp a name > Next.
14. I’m choosing the option to embed everything into my executable, selecting this may cause a warning about icons, but I ignored and deployed with no problems > Save.
Note: You can use this page to create an MSI file to deploy via group policy if you wish.
15. After ThinApp generates the files it needs > Build.
16. Finish
17. Heres my ThinApp executable file.
18. To test I’ve copied it to a Windows 7 machine.
19. While it’s loading this is what you will see.
20. And here is my ThinApp version of Google Chrome running and pre configured.
Related Articles, References, Credits, or External Links
The last time I wrote about deploying applications with ThinApp, it was geared towards getting standalone applications onto client PC’s for non admins to run, or putting them in a network share. But if you have a portable application the advantage is you can run it from portable media (Like a USB drive).
Like before I’ll convert Google Chrome to a ThinApp, but the difference is I will set the applications ‘sandbox’ to live in the same location (on the USB). Then I’ll try it out on a different machine.
Solution
1. It’s recommended that you create your ThinApp on the oldest operating system that it might be deployed on, so here I’m creating a virtual machine in VMware workstation that’s running Windows XP.
2. When built remove any hardware that will not be needed, like the floppy drive, and the USB Controller (Edit > Settings).
3. Installing ThinApp is pretty straightforward, simply run the executable and follow the on screen prompts the only thing to note is; when you enter your licence key, be aware that the name you enter will display on the “splash screen” as your ThinApp loads.
4. Once your reference machine is setup, take a snapshot of it, so you can roll back to this point to create further ThinApps on this clean machine (VM > Snapshot > Take Snapshot).
5. Run the ThinApp Setup Capture > Next.
6. Prescan > This will take a few minutes > When finished simply minimise the window you are finished with it for now. Note: Don’t worry if the application you are installing requires a reboot, ThinApp is clever enough to cope with that.
7. Now install and configure the application you require, in this case Google Chrome. I’m also installing Java, and setting the default homepage to the Google search page.
8. When the application is installed to your liking, maximise (or open the capture if you’ve rebooted) and select ‘Postscan’ > OK.
Note: Before running Postscan make sure you delete any installer files downloaded, any icons from the desktop you do not want deployed in the ThinApp, and empty the recycle bin (you don’t want all that stuff captured, when creating your ThinApp).
9. Make sure only the executable you require is ticked as an entry point > Next.
10. At the Horizon App Manage Page > Next.
11. In a domain environment you can restrict ThinApp access to particular users or groups > Next.
12. Set the isolation mode as required, for most cases it will be ‘Full’ > Next.
13. As you are storing the App on USB I’d suggest (though you don’t have to) set the application to save its sandbox in the same directory.
14. Select whether you want to provide statistics to VMware > Next.
15. You will see this screen ONLY if you are capturing a browser. This is used if you have a particular website that will only run in IE6, or Firefox etc. So that only when URL’s entered, listed here, are accessed (either directly or from a hyper link) the ThinApp browser will open them, all other URL’s will be opened by the default browser. It’s a cool feature but not one I’m using > Next.
16. Give your ThinApp a name > Next.
17. I’m choosing the option to embed everything into my executable, selecting this may cause a warning about icons, but I ignored and deployed with no problems > Save.
18. After ThinApp generates the files it needs > Build.
You have a Linux client machine, and you want to authenticate to, and log into a Windows domain. I don’t have too much history with Linux, but from what I’ve read this used to be a nightmare. Using Ubuntu (10.10) I did have a couple of hiccups, but I did get there in the end.
Note: The domain controller is a Windows 2008 R2 Server.
Solution
Notes
1. The commands needed to install the “likewise-open5” package, and join the domain, (assuming the FQDN of the domain is domaina.com and the user name you are using to join the domain is administrator).
2. Then to allow users to logon from the Ubuntu welcome screen,
[box]sudo nano /etc/samba/lwiauthd.conf[/box]
3. Add the following line (the file will probably be empty), to Save press CTRL+X, then Y, then {enter}.
[box]winbind use default domain = yes[/box]
4. Then reboot.
[box]sudo reboot[/box]
5. To allow sudo for the domain user(s),
[box]sudo nano /etc/sudoers[/box]
Locate the line that reads “#Members of the Admin group may gain root privileges and do the following:”. Below that, type the following (assuming the domain name is domaina and the user is a member of the domain admins group, domain^users also works).
[box]%domainadomain^admins ALL=(ALL) ALL[/box]/p>
Problem 1
Error: Lsass Error [code 0x00080047]
9502 (0x251E) DNS_ERROR_BAD_PACKET – A bad packet was received from a DNS server. Potentially the requested address does not exist.
This plagued me for a while, I tried everything I read online (like making sure that my time was correct – which it wasn’t (see below), making sure firewalls were off (they were), make sure your DNS has a reverse lookup zone (mine has), and finally make sure there are no existing DNS records for the IP address you are connecting with (mine did so I deleted them). None of these fixed the problem, to fix it is annoyingly simple.
FIX
Firstly make sure that the Ubuntu client is looking at your domain DNS server, for it’s DNS, the following command will tell you,
[box]cat /etc/resolv.conf[/box]
Then get the domain syntax right, in my case the domain name.
If you would like to add your domain user(s) to the welcome screen click here.
Update 04/01/12
Attention: PeteNetLive – Suggestion
Message: Hi,
Thanks very much for you YouTube and description of joining Ubuntu to a domain. There was however one step extra that I needed to do to enable to logon screen to show users other than the local use and the guest account. To do this I had to add the following line to /etc/lightdm/lightdm.conf
greeter-show-manual-login=true
I was joining Ubuntu 12.10 to the domain so maybe it is specific to 12.10 since you didn’t experience it but it would be good to add it to your article along with the other fixes to issues.
Thanks again.
From: Roland Elferink
Related Articles, References, Credits, or External Links
Earlier in the year, I had a problem with Certificate Services, every time it tried to issue a ‘user’ certificate it gave me an error because the user did not have an email address specified on their user object in AD. At the time I thought “I wish I know enough PowerShell, to just put an email address in all the users e-mail attribute”. So while building an 802.1x lab the same problem came up again, this time I had a bit more time to solve the problem.
Solution
OK, I’m the first to admit this is a ‘quick and dirty’ fix, it might not be what you want, but it may send you in the right direction. My test network had about 500 users and no Exchange etc, so my thought was, “Why not see if I can copy all the users UPN’s to the email address fields?”. Because even though they are not email addresses they look like them, and if I did have Exchange, then username@domain-name.domain-extention would work anyway, (unless I’d changed the addressing policy from the default).
1. Lets enumerate all the domain users, and see who has an entry in the email address field.
2. Either download this one, or use the following to create a PowerShell Script, and run it.
Populate “mail” attribute with UPN Import-Module ActiveDirectory.