ipconsult bv manual xp unlimited software - version 6 x

Version 6.x – Enterprise W2k8 – 1 7 June 2010

XP Unlimited software

ContentsXP Unlimited software......................................................................................................................1Installation of XP Unlimited..............................................................................................................5

Setup program name...................................................................................................................6Administrator...........................................................................................................................6No other users should be active while installing......................................................................632 bits versus 64 bits..............................................................................................................6W2k8 and R2..........................................................................................................................6Installation Procedure.............................................................................................................7Result of the installation........................................................................................................13

Additional steps before using XP Unlimited...............................................................................14Un-install....................................................................................................................................15

No other users should be active while un-installing...............................................................15Manual activity after un-install...............................................................................................15

Setup Problems.........................................................................................................................16Example 1.............................................................................................................................16Example 2.............................................................................................................................17Final screen in case of Setup problems................................................................................18

Upgrade of XP Unlimited...........................................................................................................19Windows Server :: Application Mode.........................................................................................20

Operations of XP Unlimited............................................................................................................21Maintenance tool.......................................................................................................................22Advanced Terminal Services Control and Settings....................................................................24

Monitoring using Taskmanager.............................................................................................24Microsoft Management Console............................................................................................24Portnumber...........................................................................................................................25Require Membership of the group Remote Desktop Users...................................................25

Monitoring using Taskmanager..................................................................................................26Processes.............................................................................................................................26Performance.........................................................................................................................28Users.....................................................................................................................................29

xpuViewUsers...................................................................................................................29Send Messages................................................................................................................29Disconnect and logoff.......................................................................................................29

Remote Control.....................................................................................................................30Advanced settings using Microsoft Management Console.........................................................32

Terminal Services.................................................................................................................32Reboot required....................................................................................................................33Users and Groups.................................................................................................................34

Terminal Services tips from IPConsult.......................................................................................38Performance.........................................................................................................................38

Enforce Removal of Remote Desktop Wallpaper..............................................................38Limit maximum color depth...............................................................................................38

IPConsult BV Manual XP Unlimited software 1


Remove Disconnect option from Shut Down Dialog.........................................................38Security.................................................................................................................................38

Encryption and Security \ Always prompt client for password upon connection................38Sessions \ Time outs........................................................................................................38

Users and Groups tips from IPConsult......................................................................................39Membership of the group Administrators..............................................................................39

Application Control.........................................................................................................................41Modes........................................................................................................................................42Administrator and Application Control........................................................................................42Users, Groups and Applications................................................................................................43Scrolling through the list of Domain Groups...............................................................................44Read, Verify and Save...............................................................................................................45Adding Applications...................................................................................................................46Selecting Applications................................................................................................................46Delete Applications....................................................................................................................46Assigning Applications to an user or group................................................................................47Removing Applications from user or group................................................................................47Zero Assigned Applications.......................................................................................................48One Assigned Application..........................................................................................................48Several Assigned Applications...................................................................................................49Sub menus................................................................................................................................49

Only 1 level of sub menus.....................................................................................................50Restrictions................................................................................................................................50Apply strict or relaxed Application Control.................................................................................51Hidden Applications...................................................................................................................52Nag screen................................................................................................................................52Command line parameters and Startup Folder..........................................................................53

Environment variables in Command line Parameters and Startup folder..............................53Examples how to use Environment variables........................................................................54Environment variables , Escape character &.........................................................................55Test tool “How Am I Started” .................................................................................................56Windows Character Map.......................................................................................................57

Startup Options..........................................................................................................................58Application Control and Explorer / Desktop....................................................................................59

Assign Explorer.exe...................................................................................................................60Explorer.exe is always auto started.......................................................................................60Default Start Menu of the desktop is replaced by XPU Start Menu.......................................61

Next: do some tuning with Policies............................................................................................64Do not test it in a production environment.................................................................................65Special Application Control Directives.......................................................................................66

$xpu Apply Relaxed Control..................................................................................................66$xpu Apply Restrict Control...................................................................................................67$xpu Windows Menu.............................................................................................................67$xpu DockDesktop menu......................................................................................................68

Example how to use Special Application Control Directives......................................................71Auto Logon.....................................................................................................................................73

Console.....................................................................................................................................74Domain Authorization.....................................................................................................................75



Introduction................................................................................................................................76Add your Windows Server to the Domain..................................................................................76Identify your domain..................................................................................................................77Test the connectivity to your Domain.........................................................................................78IPC$........................................................................................................................................... 78Samba and Netlogon.................................................................................................................78Enter the Domain Settings.........................................................................................................79

Reboot recommended...........................................................................................................79Domain Server......................................................................................................................80Trouble shooting Domain Server...........................................................................................80

Example configuration......................................................................................................81PDC..................................................................................................................................81BDC..................................................................................................................................81XPU server.......................................................................................................................81

Local group Remote Desktop Users.....................................................................................82Application Control and Domain Authorization...........................................................................83

Only Domain Groups, no Users............................................................................................84SSL Gateway.................................................................................................................................85Integrated Web server....................................................................................................................87

Introduction................................................................................................................................88Supported browsers...................................................................................................................88Editing the HTML.......................................................................................................................88Starting the web server..............................................................................................................89Location of the WWW folder......................................................................................................90Security / Limitations of the integrated web server....................................................................91

Indexing a folder....................................................................................................................91Traversing.............................................................................................................................91

ContentTypes.cfg.......................................................................................................................92Parameters in HTML-pages.......................................................................................................92Logfile........................................................................................................................................92Using the Web Server for updating of the client software..........................................................93

Disable updates of client software from the Web Server.......................................................93Use the Web Server ONLY for updating the client software..................................................93

Integrated PostScript / PDF Printer................................................................................................94Introduction................................................................................................................................95

Load Balancing / Farm...................................................................................................................98Introduction................................................................................................................................99Objective of the Farm................................................................................................................99Definition: Preferred server........................................................................................................99Specific client software..............................................................................................................99Mirror XP Unlimited Servers....................................................................................................100Typical configuration of a Farm................................................................................................101

Configuration Example 1.....................................................................................................101Configuration Example 2.....................................................................................................102

Settings....................................................................................................................................103IP Address of the server......................................................................................................103TCP Port number................................................................................................................103Broadcast Address and UDP Port number..........................................................................104



Advise of IPConsult.............................................................................................................104Example XPU-Server 3:..................................................................................................104

Advise of IPConsult.............................................................................................................106Block multiple logins............................................................................................................106Create logfiles for Logon-, Disconnect and Logoff events in the Farm................................106

Load Balancing Parameters among the Farm.........................................................................108Show Running Servers............................................................................................................110Show Users.............................................................................................................................112Other Servers and Farms........................................................................................................113

Load Balancing :: Seamless Client software................................................................................115Client software for Windows....................................................................................................116First time use of the Load Balancing :: Seamless client...........................................................118

Settings...............................................................................................................................119Examples of a Seamless desktop, no Application Control.......................................................120Examples of a Seamless desktop, using Application Control...................................................121

Remark about themes.........................................................................................................121RDP+.......................................................................................................................................122

RDP+ only available with XPU Enterprise...........................................................................122Printjobs..............................................................................................................................122When to use RDP+ Printjobs...............................................................................................123

Save My Password (in a RDP-file)...........................................................................................124Pre-defined RDP-file...........................................................................................................124

Logfile......................................................................................................................................124Support....................................................................................................................................125Connections.............................................................................................................................126Multiple Farms.........................................................................................................................127Command line parameters.......................................................................................................128

Example how to use these 4 command line parameters:....................................................128Client software for Linux..........................................................................................................129

Load Balancing client for Linux / Apple, based on perl........................................................129GUI Load Balancing client for Linux (GTK+).......................................................................129Requirements / dependencies.............................................................................................130License................................................................................................................................130

How to test-drive the Farm...........................................................................................................131Minimized Test Environment....................................................................................................131Advised Test Environment.......................................................................................................132

Test Tools....................................................................................................................................134xpuViewUsers..............................................................................................................................135

What can xpuViewUsers do.....................................................................................................136xpuDockDesktop..........................................................................................................................139

Config options of xpuDockDesktop..........................................................................................141Windows Menu........................................................................................................................146INI-file......................................................................................................................................147

Path.....................................................................................................................................148Command-line parameters......................................................................................................149

All contents copyrighted by IPConsult BV....................................................................................151



Installation of XP Unlimited



Setup program nameThe installation program is called xpunlimitedfullXX.exe or xpunlimiteddemoXX.exe, depending on which version of XP Unlimited – Enterprise you are installing.

Administrator

Only an user with Administrator access on the system can install the XP Unlimited software.

No other users should be active while installing

Be sure that nobody is logged in except for the Administrator. In case other users are logged in, system files and settings are locked and can not be updated by XP Unlimited.

32 bits versus 64 bits

The 32 bits version of XPUnlimited Enterprise for Windows Server 2008 has the version 6.0 in its name.

The 64 bits version of XPUnlimited Enterprise for Windows Server 2008 has the version 6.1 in its name.

Except for a small detail related to the SSL Gateway, which is described in the manual of SSL Gateway, there are no differences between the 32 and 64 bits versions of XPUnlimited.

W2k8 and R2

XP Unlimited is suitable for both• Windows Server 2008 (based on Vista), and • Windows Server 2008 – R2 (based on Windows 7)



Installation Procedure

In the first screen of the “Demo Version” you are requested to read the Terms of use and acknowledge them.

The demo version also contains a “check for update” button in the first screen:

The reason behind the Update button is that old versions of XP Unlimited seem to wander around on the Internet. With this Update button you can verify whether or not this version of XP Unlimited is uptodate or outofdate.

The Demo version needs to access the internet for obtaining a temporary license. The Demo will run for 60 days.



In the first screen of the “Unlimited version” you are requested to enter your license code. You are also requested to read the terms of use and acknowledge them.

After entering you license code and the acknowledgement of the Terms of use, the Next-button becomes available.

The two fields for the HTTP Proxy are optional. The entries as shown are just an example.

A HTTP-request and reply is sent to our license servers in order to validate your license.



The Setup program checks whether or not the installation of XP Unlimited is possible. In case it is possible, you can click on Next in order to install XP Unlimited. If you click on Exit now, nothing will be installed.

Note: when installing the full unlimited version, your server needs to be connected to the Internet for validating (once) of your license.



When your server is part of a Domain, the following screen will be shown:

XP Unlimited will contact the domain and do all appropriate settings for joining the domain and enabling Domain Users to use this XP Unlimited server.

Please read the paragraph about Domain Authorization. This paragraph shows screen-dumps of what you should enter in the 4 fields as shown here in our Setup program.



The XP Unlimited software is installed In a couple of steps.

The full version can be re-installed on the same hardware in case of a problem.



The software is installed. You are one reboot away from using the XP Unlimited software.

Don't forget the actions as described in chapter “Additional steps for using XP Unlimited”.



Result of the installation

A program entry will be made in the Administrative section of the Start menu of the system.



Additional steps before using XP UnlimitedAfter the installation of the XP Unlimited software, and after the reboot of the system, you need to perform a couple of steps in order to use the XP Unlimited software:

• Read the paragraph about the Farm and Load Balancing. It is not difficult to setup.• Read the paragraph about Domain Authorization. Let XP Unlimited handle the Domain

Authorization.• Create users that can login. If your Windows system has only one user, you will hardly use the

benefits of the XP Unlimited software.• Make sure that all users have a password. It is not possible to have a remote desktop session

with an user ID that has no password. This is simply to unsafe.• Make sure that all users are member of the Windows Group "Remote desktop users", or

disable this requirement. If an user is not a member of the Windows group "Remote desktop users", and such is required, the user will not be allowed to have a remote desktop session. You can also use our Maintenance Program to give any verified user access to the XP Unlimited server. A verified user is an user who has entered his username and password.

• Open your firewall for remote desktop sessions. The port that needs to be open is TCP port 3389. Default this port is closed, so your Windows system does not allow you to have any remote desktop session.

Please visit our website, specific the support-pages. You will find detailed examples and howto's between our FAQ's which describes how you can perform these steps. It is not difficult at all; most likely you can perform these steps in a couple of minutes.



Un-install

Using the Maintenance tool you can un-install the XP Unlimited software. Prior to un-installing this notification is shown.The Maintenance tool is described in paragraph “Operations of XP Unlimited”.

No other users should be active while un-installing

Be sure that nobody is logged in except for the Administrator. In case other users are logged in, systemfiles and settings are locked and can not be restored by XP Unlimited.

Manual activity after un-install

After the un-install of the XP Unlimited software you should perform the following actions:• Configure your firewall in such a way that remote desktop sessions are not possible.• Remove all users form the group Remote Desktop users.



Setup Problems

Example 1

The Setup program does a checking of the system for requirements. In case the requirements are not met, you will be informed what the problem is.

XP Unlimited W2k8 can only be installed on Windows Server 2008.



Example 2

The FAQ about the problems does also contain a link to a REG-file which might fix the problem.



Final screen in case of Setup problems

In case the Setup program decides that installation is not possible, it will finish as shown.

If you need support on the problem, you are requested to supply us with the ZIP Support File. This will assist us with analysing the problem. You can use the ZIP-button to create the ZIP-file. It will be placed on your desktop.



Upgrade of XP UnlimitedThe Setup program always behaves as if it is doing an upgrade. This implies that it will respect the settings that are already done.

An upgrade from the Demo version to a Full version is therefore quite simple:• Buy the Full version,• Run the Setup of the Full version,and that's it.

The Upgrade behaviour does apply to:• An upgrade from XPU Classic to XPU Enterprise,• An upgrade from Demo to the Full version,• An upgrade from XPU old version 1.2.3 to XPU new version 1.2.4.

and it applies to:• A downgrade from XPU version 3.2.1 to XPU version 1.2.3

It is possible to downgrade XPU, although we would not know why you would want to do that. If you downgrade from Full version to Demo version, the result will be that your server is again limited to 3 users.

If you do not want the Setup program to do an upgrade of your current XPU server, you must first un-install the current XPU software, and after the un-install run the Setup program.



Windows Server :: Application ModeWhen Terminal Services are enabled on Windows Server, you might see the following popup when installing XP Unlimited:

You can immediately click on Cancel or Close this popup. The functionality of this popup is not relevant for software like XP Unlimited.



Operations of XP Unlimited



Maintenance tool

The Operation of XP Unlimited can be monitored and controlled using our Maintenance tool:

The first tabpage can be used to Start and Stop the functionality of the XP Unlimited software.

You can also first tabpage for un-installing the XP Unlimited software.



The Update-check button opens a website-page of the XP Unlimited website. This page will inform you whether or not you are running the most recent version of XP Unlimited, or an old version.

The Verify-button does the same check that is done while installing. Sometimes during a Windows-Update or because of the installation of other third-party software, important settings or files are replaced. By running a verify, you will be informed what is wrong. Most of times a re-install of the XP Unlimited software using the Setup-program will fix all settings.

The ZIP-button creates a ZIP-file on your desktop. This ZIP-file contains the information IPConsult needs for giving you support.



Advanced Terminal Services Control and SettingsThe third tabpage of the Maintenance tool contains two buttons in order to monitor the users and to do advanced settings.

Monitoring using Taskmanager

Monitoring of Remote Desktop Users can be with the Taskmanager. See the paragraph “Monitoring using Taskmanager”.

Microsoft Management Console

Advanced Settings is done using the Microsoft Management Console. When installing XP Unlimited using the Setup program, several default Terminal Server settings are applied in order to make things work. You can do some fine-tuning, but you are advised to be carefully with changing the default settings. You might render your system unusable.

Please read the paragraph “Tips from IPConsult”. We have compiled some advices about the Advanced Settings you might consider useful.



Portnumber

You can change the default portnumber which is used by the XP Unlimited Terminal Server for listening for Remote Desktop Sessions. The default number is TCP portnumber 3389.The range of the custom value is 1000 – 65534. Although a number lower then 1000 might be technical possible, this is disabled in order to prevent problems.

If you change the portnumber to another value:• You will also have to change your firewall settings.• If you use some kind of router to connect to the Internet, most likely you have defined a NAT-

entry in your router in order to forward a port to the XP Unlimited Terminal Server. You must also update this NAT-entry in your router.

• You must inform all you users, because the client software they use for connecting to the XP Unlimited Terminal Server needs to know about the changed portnumber. On our website we have some FAQ's about the client software for clients running Windows and clients running Linux.

Please note: a reboot is required before the new portnumber is used by the XP Unlimited Terminal Server.

Require Membership of the group Remote Desktop Users

Default only users who are member of the group Remote Desktop Users can login. You can remove this requirement by selecting “verified users”. A verified user is an user who has a valid username and password defined locally in the W2k8 Server or in the Domain.



Monitoring using Taskmanager

Processes

The processes tabpage of the Taskmanager shows you the running processes of all users.



In case you do not see all columns, use the menu of the Taskmanager to get more columns:

We like to see at least the following columns:

After enabling the “User Name” and “Session ID”, you can sort all processes using the column User Name and / or Session ID. By doing this you can see what a specific user is doing.



Performance

The performance tabpage of the Taskmanager shows you how your system is performing. A couple of simple rules are the following:• The cpu-load should not be high continuously. A continuously high cpu load does not indicate

that your system is to slow, but most of the times it indicates that a single user is running some kind of cpu-intensive application (like a silly screensaver) and consuming all cpu power. Go back to the previous tabpage and use the column cpu (percentage) to determine which user and which process is consuming all cpu power.

• The amount of memory “Commit Charge, Total” should be lower then “Physical Memory, Total”. The amount of memory “Commit Charge, Limit” is allowed to be higher then “Physical Memory, Total”, however only for a short or special moment. It is desirable to have more memory then needed by all users, because a shortage of memory implies that Windows starts to use it swapfile, and that will make the system slow.



Users

The Users tabpage of the Taskmanager shows you all users.

xpuViewUsers

Whatever is possible with this tabpage, is also possible with the tool xpuViewUsers. It is installed in C:\Program Files\XPunlimited

Send Messages

Each user can send messages to the another users.

Disconnect and logoff

The Administrator can also disconnect or logoff an user.

When a user gets disconnected, his desktop and all of his applications keep on running. When the user connects again (entering his userID and password) he will get his own desktop back with all the active applications. This is useful for the user, but it might not be desirable for all the other users. A running desktop with applications consumes memory and cpu. Therefore it would be better if the user logoffs, because then his desktop and applications will be terminated. This saves memory and cpu.



Remote Control

Note:• Remote Control is not available on Windows Server 2008, based on Vista.• Remote Control is available on Windows Server 2008 - R2, based on Windows 7.

When working behind the console of the XP Unlimited Server, it is not possible to “shadow” or to “remote control” another session.However, when working using a Remote Desktop Session, an Administrator can “shadow” or “remote control” another session:

Using the Taskmanager, an Administrator or an user with Administrator privileges can Remote Control the other users.



The following dialog is shown:

The hot-key Ctrl-* (found on the numeric keypad) is a good default hot-key to exit the Remote Control Session. The user can not use this hot-key. Only the Administrator can use the hot-key to terminate the Remote Control Session.

Terminating a Remote Control Session means that both the Administrator and the user continue to work with their own session; terminating a Remote Control Session does not imply that the user or Administrator get disconnected.

The user which session is about to be “remotely controlled” by an Administrator, has to acknowledge it:

Using the Advanced Terminal Settings (see next paragraph) it is possible to configure the XP Unlimited server in such a way that a Remote Control Session is possible without acknowledgement of the user.



Advanced settings using Microsoft Management Console

Terminal Services

The initial screen of the XP Unlimited Terminal Services using MMC is as follows:

Please note: initial it can take several seconds to show this screen. When opening the “Administrative Templates” it might take several seconds depending on the cpu-speed of your system. This is normal; this is the way it works.

This screen gives you access to• Advanced Settings of Terminal Services.• Users and Groups.

The Advanced Settings of Terminal Services can be used for some fine-tuning. Please read the paragraph “Tips from IPConsult”. We have compiled some advices about the Advanced Settings you might consider useful.

The Users and Groups can be used to give users a password, to make them member of the group “Remote Desktop Users”, etc. You can find some examples on Users and Groups between our FAQ's in our website.



By opening the Administrative Templates / Windows Components you can find the Advanced settings of Terminal Services:

You can do some fine-tuning, but you are advised to be carefully with changing the default settings. You might render your system unusable.

When you click on an option, extra text will appear that explains this option. You are advised to read this text carefully prior to changing an option.

Reboot required

Changing an Advanced Setting of the Terminal Services might require a reboot of the Windows Server; the change will be in effect after a reboot.



Users and Groups

Using Users and Groups you can do the following tasks:

Select Users in the left panel. Use the right mouse button on the “white space” in the right panel. A sub-menu will be shown, including New User...

Please note: When the Server 2008 is also a Domain Controller, you can not use the screen above for the users. You will need to use the Active Directory Tools.



Use the right mouse on a user. The sub-menu that is shown contains the option for giving the user a password.

Users without a password can not have a remote desktop session. This is to unsafe.



Select Groups in the left panel. Use the right mouse on the group Remote Desktop Users. The sub-menu that is shown contains the option for adding an user to the group.Removing a user's membership of the group Remote Desktop Users is also done using the “Add to Group” menu options. When clicking on the sub-menu “Add to Group”, a dialog is shown that can be used for both adding and removing users.



Only users who belong to the group Remote Desktop Users can have a remote session.



Terminal Services tips from IPConsult

Performance

Enforce Removal of Remote Desktop Wallpaper

Enable this setting and “fancy” desktop wallpapers will not be shown on remote desktops. This will make the remote desktop session faster.

Limit maximum color depth

Set this setting to 15 bit. This will give decent colours for all your applications. Using 24 bit colours will make the remote desktop session (a bit) slower and request more resources from the server, while the user will not really notice the difference between 24 bit colours or 15 bit colours

Remove Disconnect option from Shut Down Dialog

By removing the Disconnect option, a user can not choose to disconnect his session, but only to logoff. A session that is only disconnected consumes resources from the server because the desktop of the (disconnected) user keeps on running and all applications keep on being active. By forcing the user to logoff, the resources of server become available for the other users.Currently there are some problems related to disconnected sessions. It is better to logoff then to disconnect.

Security

Encryption and Security \ Always prompt client for password upon connection

A user can save his userID and password in his remote desktop client. Doing so, a user only can do a “double click” on his remote desktop client, and he is logged in. He does not have to enter his name of password, because those two are saved in his remote desktop client.When he leaves his desk, somebody else could just “double click” on his remote desktop client and logging in on the server.Using this setting all users are forced always to enter their password.

Sessions \ Time outs

Several time-out options are possible. Short time-outs is always a good thing from a security point of view.

Sets a time limit for active but idle Terminal Services sessionsThis one should be for instance 30 minutes. After 30 minutes of doing nothing, the remote desktop session will be disconnected or logged off.

Terminate Session when time limits are reachedWhen the time limit of 30 minutes is reached, the remote desktop session will not be disconnected, but completely logged off. This saves resources on the server and is also saver from a security point of view.



Users and Groups tips from IPConsult

Membership of the group Administrators

From a security point of view not one remote desktop users should be member of the group Administrators. When a remote desktop user is member of the group Administrators, he can change all kind of Terminal Services settings.

Normal users are not a member of Administrators. Only the user Administrator self is member of the group Administrators.



Remote desktop users should have only membership of the group “Normal” users:

The normal users 'RbR” is member of “Users” and “Remote Desktop Users”.



Application Control



ModesApplication Control has 3 different modes op operation:

The default mode is “No Application Control”. Every remote user always sees a complete desktop.

The second and third option turns on the Application Control. The difference between the second and third option is what a user sees in case no applications are available for the user. The second option will give the user a complete desktop without any restriction. The third option will show the remote user a message that the Administrator has not made any application available for the user. The remote user is not able to continue to work:

Administrator and Application ControlApplication Control does also apply to the users who belong to the group Administrators. The only one that is not under control of Application Control, is the user Administrator.

It is important that the user Administrator can not be restricted using Application Control, because if he gets restricted, he can not start the Maintenance program any more in order to fix his restrictions......



Users, Groups and ApplicationsExample:

The domain group “Domain users” have the following applications:• Notepad• Firefox• WordPad• Open Office Writer



Scrolling through the list of Domain GroupsA Domain can have a few thousand groups. Scrolling through this long list works as follows:

• Use PageDown-key. When you use the PageDown key, each time the selection is on <...more...>, the next batch of 100 Domain Groups is shown.

• Click on <...more...>. The next batch of 100 Domain Groups is shown.

Searching:• Press the Enter-key while the selection is on <...more...>

• Type in the Domain Group you would like to search and press Enter.• The list will start with this group.



Read, Verify and SaveThe button bar contains the following buttons:

• The Read button reads the configuration as it is saved in the Registry. Any recent changes the Administrator has made without using the Save button, will be lost when reading the settings from the registry.• You can use the Read button to “reset” any changes you just made which should not have

been made.• You can use the Read button to “re-read” the users and groups in case you made some

changes like defining new users.• The Verify button checks the consistency of the settings. For example, in case users are

deleted, they will be shown with a red cross. In case a File\Pathname of an application does not exist, you will be informed.

• The Save button will save the configuration including all changes the Administrator has made. Please note that, prior to the actual saving, a Verify will be done. In case of inconsistencies like non-existing applications, these inconsistencies will be fixed automatically.

• The Backup button saves all settings in a backup-file.• The Restore button reads all settings from a backup-file.• The button “Send to Farm” distributes all Application Control settings to the other servers in the

Farm. Please read the chapter Farm for more details.



Adding ApplicationsThe table with Application behaves like a table in your word processor. Using the TAB-key you can jump through the fields. When you use the TAB-key while the cursor is in the most-right, most-bottom location, a new line for a new Application will be made available.

An Application has a name and a Path\Filename. You can use the F3-key or double-click for browsing for executables. The name will be shown in the Startmenu of the remote user.

Do not forget to save the new settings using the Save button.

Selecting ApplicationsThe first column is used for selecting Applications. By clicking on the first column you can (de-) select any Application.By using the right-mouse on the first column, a small popup menu appears for some smart select options:

Delete ApplicationsDeleting an Application implies that it will be deleted from the table. It will not be deleted, removed, un-installed, etc, from the server.

Select the Applications that should be deleted using the first column and click on the Delete button. Example:

App1 and App4 will be deleted from the table.




Assigning Applications to an user or group1. Select the Applications2. Select the user or group3. Click on the Assign button

Example:

App 1 is selected. User test2 is selected. By clicking on the Assign button, user test2 gets the Application FireFox.


Removing Applications from user or group1. Select the Application.2. Click on the Remove button.




Zero Assigned ApplicationsIn case the third Application mode is chosen, and the remote user has no assigned Applications, the remote user will see the following message:

One Assigned ApplicationIn case a user has 1 (one) assigned Application, this application will be started directly after a login and will be shown full screen. When the user closes the Application, the remote session will be terminated.Please note that sometimes an Application can not be shown full screen because the Application does not enable or support full screen. The default calculator of Windows is an example of an Application that can not be shown full screen.

See also Hidden Applications. A Hidden Application does not “count”. In case an user has 1 Application and 3 Hidden Applications, this 1 not-hidden Application will be started directly after the login.



Several Assigned ApplicationsIn case an user has 2 or more assigned Applications, a small Startmenu button will be shown in the upper-left corner of the screen.

This Startmenu button gives the user access to the assigned applications:

The difference between 1 or more Assigned Applications is the Startmenu button. In case of 1 assigned Application, the Startmenu button will not be shown.

Sub menusUsing a \ in the Display name of an application, the System Administrator can create a sub menu:

Example:

The System Administrator has defined 2 sub menus, called Office and Internet. Both sub menus contains each 2 applications.

The menu items can be sorted using the Up- and Down button above the Applications.

The user experience is as follows: (next page)



The user can select the submenus, and the Applications will appear:

The user experience is slightly different then the default Startmenu as shown by Windows. This way showing the applications has the advantage that all applications are also visible and selectable on small devices like PDAs.

Only 1 level of sub menus

Only 1 level of sub menus is possible. Do not specify 2 slashes in a displayname.

RestrictionsIt is not possible for the user to start any application that is not within the list of assigned Applications. In case the user tries to start anything outside the list of assigned Applications, a notification is shown:



Apply strict or relaxed Application ControlStrict Application Control means that your users can only start those programs you have assigned to them. Sometimes this is to strict. It is possible that an application needs to start all kind of other (sub)-applications. When using strict Application Control, this is not allowed.From a security and stability point of view is strict Application Control desirable; it prevents that unwanted programs are started by users.However, if strict Application Control is to strict for your applications, the Administrator can select Relaxed Application Control. This still implies that the user only sees the applications that have been assigned to the user. However, if an application tries to start another (sub-)application, it is allowed.Sometimes this setting is needed for your applications. Please note that from a security and stability point of view it is not as good as strict Application Control.

The next paragraph is about Hidden Applications. By using Hidden Applications, you might be able to avoid the use of relaxed Application Control.



Hidden ApplicationsSometimes an Application starts another Applications. These sub-applications should not appear in the Startmenu of the user, but the user should be allowed to run these sub-applications.Any Application with a name that starts with a $ (dollar sign) is a so called Hidden Application.Example:

User test2 is allowed to start the default Help-programs of Windows. Those help programs can be started by Notepad or by pressing F1.

Hidden implies that the user can run the Application, but it is not shown in the Startmenu of the remote user.

Nag screenThe demo version of XP Unlimited shows a nag screen after a login, in case Application Control is used:

This nag screen is not shown when using the full, unlimited version of XP Unlimited.



Command line parameters and Startup FolderAn Application can have a specific Startup Folder. The default Startup folder is the folder where the programm is located.

You can also specify 1 or more optional Command Line parameters.

Usualy the character “space” is used to separate the parameters. You can use double quotes in case a space is needed within a parameter.

Environment variables in Command line Parameters and Startup folder

If you open a classic Dos-box, you can type the command “set”. It will show you the available “Environment variables”. Most of the environment variables are always available on every windows-system. Sometimes there are a couple of extra environment variables that are only available on your windows-system, because they are the result of some kind of application you installed.



Example of environment variables that are always available:

Examples how to use Environment variables

You can use those environment variables in the command line parameters. Examples:

Command line parameter or Startup folder Result for user rbr

D:\documents\%username% D:\documents\rbr

%userprofile%\some folder D:\Documents and Settings\rbr\some folder



Environment variables , Escape character &

Within a command line parameter you can use the & character for special character in the range $01 .. $FF (hexadecimal between 1 and 255).The & character is used as a so called escape character. Examples:

Command line parameter or Startup Folder Result for user rbr

E:\documents\&25username&25 E:\documents\%username%

E:\documents\&26username&26 E:\documents\&username&

E:\documents\&22username&22 %username% E:\documents\”username” rbr

“E:\documents\username” %username% “E:\documents\username” rbr

Take a good look at the last 2 examples: the first occurrence of username is not considered to be an environment variable because it is not enclosed in %. In the third example it is enclosed in &22. This is the hex-value of the character “, so result will be “username”.The second occurrence of username is considered as an environment variable because it is enclosed in %. Therefore it is replaced with rbr.

The &XX appearance in a command line parameter will always be translated to a character:

Command line parameter or Startup Folder Result for user rbr

E:\documents\&25username&25 E:\documents\%username%

“E:\documents\&25username&25” “E:\documents\%username%”

“E:\documents\&26username” “E:\documents\&username”



Test tool “ How Am I Started”

From our website you can download a free testtool called “How Am I Started. It can assist you in testing and understanding of command line parameters and environment variables:



Windows Character Map

You can use the default available “character map tool” for obtaining the hex-value of characters:



Startup OptionsAn Application can be started as follows:

Autorun The Application will be started directly after the login of the user. Multiple Applications can be flagged as Autorun (as many as you want....)

Maximize When started, the Application will be initially shown Maximized. The user is able to Restore or Minimize the Application.

Minimize When started, the Application will be initially shown Minimized. The user is able to Restore or Minimize the Application.

Visible Default all Applications are shown Visible. An Application can be flagged as “not shown Visible” aka “Hidden”. An user can not interact with a Hidden Application.This option is useful voor starting CMD-files which will start another Application.In combination with Autorun, you can start some kind of Hidden Service application for the user, without showing it. For instance, you might use it to start some Anti Virus client software without showing it to the user.



Application Control and Explorer / DesktopWhen you do not use Application Control as described in the previous chapter, an user does see the default Windows desktop.

Showing the default Windows desktop might be desirable, because this is what the user does expect. However, the desktop should be restricted, because otherwise the users might make a mess of their desktop.

A special combination of Explorer / Desktop and our Application Control is possible, such that the user sees a default desktop, but everything restricted.

This special combination of Explorer / Desktop and our Application Control does assume that you select “Restrict Application Control”:



Assign Explorer.exeIn the following example Explorer.exe is assigned:

• A hidden application is defined, called $Desktop.• Because of the dollar sign in the name it is hidden. The user will not see an entry called

“Desktop” in the Start menu.• Whenever an user has Explorer.exe in it's list, it will always be started. It is not required to select

the Autostart-option. Explorer.exe will be auto started anyway.

Explorer.exe is always auto started

You might want Explorer.exe to be optional, like “explorer.exe” with a commandline parameter containing c:\my documents. This is possible and is described a few pages further.

However, when an user is assingned Explorer.exe, it will always be auto started, because when Explorer.exe is started for the first time, it will always create and show a desktop. This is build in Explorer.exe; this is how Explorer.exe is made by Microsoft. Therefor it is not possible to show the user his documents-folder and not having a desktop with a taskbar, etc.



Default Start Menu of the desktop is replaced by XPU Start Menu

In the example above, the users can only start Notepad, Firefox and Wordpad. The default Windows Start menu is replaced by the restricted XPU Start menu.

In case the user attempts to start something else, the following message will appear:



It is possible to mention Explorer.exe in the menu of an user. Example:

• A menu entry called “Own Folder” is assigned to the group Remote Desktop Users.• Above the menu entry “Own Folder” the hidden menu entry $Desktop is assigned.

• Because of $Desktop (and because of “Own Folder”), the user gets an desktop.

• The menu entry “Own Folder” will appear in the Start menu of the user.• The menu entry “Own Folder” is also flagged as auto start. This is optional and just an

example.



The desktop of the users looks as follows:



Next: do some tuning with Policies

A few policies as an example of restrictions for the users. Some of them are not relevant any more. For example, all those policies related to the Start menu are not relevant any more because the Windows Start menu is not showed at all.



A few policies as an example of restrictions for the users.

Do not test it in a production environmentYou should test this on a separate Test environment before trying it in production. For instance, if you apply to many policies or to many restrictions, you might restrict yourself and you might not be able any more to reverse the restrictions. In such case, a reboot of the XPU-server in Safe Mode is required, which is not desirable in a production environment.



Special Application Control DirectivesThere are a few Special Application Control Directives possible.

$xpu Apply Relaxed Control

When this Special Application Control Directives is assigned to an user or a group, it will overrule the global setting as described above in the manual for Strict or Relaxed Application Control.

Example:

The global setting for Application Control is set to Strict.

However, the user luser001 has Relaxed Application Control:

Note: the parameters Program Name, Startup Folder, Command-line and Startup in the columns next to Display name, are irrelevant for $xpu Apply Relaxed Control and can be left empty.



$xpu Apply Restrict Control

This Special Application Control Directive overrules the global setting. When the global setting is set to “Apply relaxed Application control”, then this Special Application Control Directive can overrule that, and apply strict Application control to an user or group.

$xpu Windows Menu

When this Special Application Control Directive is applied to an user of group, the usual default Windows Menu is shown and not the limited XPUnlimited Application menu. However, if strict Application Control is in effect, most of the programs as shown in the usual default Windows Menu can not be started.

Example:

The user luser001 has only 2 applications, and strict Application Control is applied to this user.The desktop of the user shows as follows:



A complete, full, default Desktop is shown. However, when attempting to start an application that is not assigned, an error is shown:

$xpu DockDesktop menu

For a full description of DockDesktop, see the separate paragraph on this subject.When the Special Application Control Directive is assigned to an user of group, the limited menu shown by XPUnlimited Application Control is shown using xpuDockDesktop.

Example:



The desktop of user luser001 will be as follows:

The assigned applications do appear in a xpuDockDesktop window.



There can be multiple Special Application Control Directive for $xpu DockDesktop menu.For example:

$xpu DockDesktop menu Sales$xpu DockDesktop menu Finances

Each variation can have 2 commandline parameters in the column Commandline:

What those command-line parameters do, is described in the paragraph about xpuDockDesktop.The 1th INI-file is a personal INI-File. The user can change the settings in the personal INI-File.The 2th INI-file is a system INI-File. The settings in the system INI-File do overrule the personal settings, and can not be changed by the user.

The logical group Finan and the logical group Sales do each have their own system INI-file.



Example how to use Special Application Control Directives• It is recommended that the default setting for Application Control is strict. For the group

Administrators it can be set to relaxed.• Administrators do prefer to use xpuDockDesktop, because they use a seamless session and the

desktop icons of the Remote Desktop should not interfere with the desktop icons of the client.

The session of the Administrator looks like follows:

(next page)



• The Remote Desktop is shown seamless.• The bottom taskbar is from the Client.• The second taskbar is from the Remote Desktop.• The icons on the left are from the Client Desktop.• The icons on the right are shown by xpuDockDesktop and are from the Remote Desktop.



Auto Logon



ConsoleThe Administrator can enter an Auto Logon UserID and password for the Console. When the XP Unlimited server is rebooted, this user is logged on automatically:



Domain Authorization



IntroductionDomain Authorization should not be handled by Windows, but by XP Unlimited. We have our own modules for this. By having our own modules for Authorization, XP Unlimited is able to handle more the Domain and perform Application Control for Domain Users.

Add your Windows Server to the DomainBefore you start with Domain Authorization, be sure that the Domain does accept computers:

Four Windows Systems are already part of the Domain called testxp.intern

XP Unlimited will try to add automatically the computer to the Domain.



Identify your domainIn the example below, the domain is called testxp.intern. The server running the domain is called testw2k3:



Test the connectivity to your DomainBefore you proceed with configuring XP Unlimited, be sure that both the Domain name and the Domain Server name are reachable from the XP Unlimited server. You can open a DOS-box and use the ping command:

IPC$Windows servers do have a so called IPC$ share. The XP Unlimited Terminal Process uses the IPC$ on the Domain Server for requests about users. So, be sure that the IPC$ of the Domain server can be accessed by the XP Unlimited server.

Samba and NetlogonIn case you use Samba as a Domain Server, be sure to read the appropriate “howto's” and (online) manuals about Samba. For instance, you will have to define a “netlogon” share in order to mimic a Microsoft Domain Server.



Enter the Domain SettingsThe tab page Domain / Workgroup is the place where you enter the relevant Domain information:

Click on verify, and the entered information will be verified. A separate window will show the progress.

Click on Apply when done. After clicking on Apply, the Reboot button will be enabled.

Reboot recommended

It is recommended to reboot the XPUnlimited Terminal Server after applying the Domain settings.



Domain Server

The field “Domain Server” is optional. Preferable you should not use it.

In case you do not use the field “Domain Server”, the XPU server will automatically determine which PDC and / or BDC is available.

If you enter a netbios name of a PDC or of a BDC, the XPU server will only use this one PDC/BDC for its domain functions. The XPU server will not fallback to another PDC or BDC in case the assigned PDC / BDC is not available.

When the Domain, the network and the XPU server are correctly configured, the XPU server is always able to determine the Primary Domain Controller (PDC) and the Backup Domain Controller(s) (BDCs).However, if the network is not configured correctly, the XPU server might have a problem:• The XPU server is using a DNS-server, which does know the name of the PDC, but which does

not know the name of the BDC. This is a DNS problem which does impact the XPU server. The XPU server is not able to use the BDC because the assigned DNS server can not tell the XPU server what the netbios name is of the BDC.

• The XPU server is using 1 or more default gateways, which do know how to route network traffic to the PDC but not to the BDC(s). This is a network problem which does impact the XPU server. The XPU server can not use the BDC(s) because the assigned default gateway is not able to route the network traffic to the BDC(s).

In this case you can consider to enter a netbios name in the Domain Server field, in order to compensate for the mis-configuration of the network.

Trouble shooting Domain Server

When the XPU server reboots, it joins the domain. If this does not work correctly, examine the following:• Can you ping the netbios name of the PDC from the XPU server ?• Can you ping the netbios name of the BDC(s) from the XPU server ?• Which DNS server(s) are assigned to the XPU server ?

• Do these DNS server(s) know the PDC and / or BDCs ?• Which default gateway(s) are assigned to the XPU server ?

• Do these DNS server(s) know the PDC and / or BDCs ?

Examplenext page



Example configuration

PDC

• netbios name TESTW2k3• IP address 192.168.200.210• The PDC does also act as DNS-server

BDC

• netbios name TESTW2k3b• IP address 192.168.200.211• The BDC does also act as DNS-server

XPU server

Network card of XPU Server:

• The XPU server uses both the PDC and BDC for its DNS-settings and for its default gateway.• The XPU server has nothing entered in the field Domain Server, because it is always able to

determine which PDC and / or BDC is available.



Local group Remote Desktop Users

The Domain Group “Domain Users” will be added to the local group Remote Desktop Users:



Application Control and Domain AuthorizationAfter applying the Domain settings, and after the reboot, Application Control does also show the Domain Groups that have been selected:



Only Domain Groups, no Users

When it comes to Domain Authorization, we have limited Application Control to Domain Groups. It would be possible to include users in the tree view, but this might result in performance problems.

Despite our product name, XP Unlimited, we can not offer the option of showing users, because large Domains can contain several thousand users. Showing them all and manage them all on a XP Unlimited system might result in performance problems.



SSL Gateway



The SSL Gateway is described in a separate manual which can be downloaded from our website.



Integrated Web server



IntroductionThe integrated web server offers browser based access to a XP Unlimited server. Remote desktop access is possible using only a browser.

Supported browsersUnfortunately not any browser can be used; only Microsoft Internet Explorer can be used. This is caused by the fact that the integrated web server is based on Active-X components, and Active-X is only possible using Microsoft Internet Explorer.

A so called java based RDP client is available and using this it should be possible to have a web server that is based on Java. However, there are many small but important details related to the strict security within Java that prohibits us to deliver an easy and usable web server based on a java object.

Editing the HTMLThe demo version of XP Unlimited does limit your options for changing the layout of the pages as served by the integrated web server. The full version does give you the possibility to change the layout in any way you want.

Please note: the support of IPConsult is limited to XP Unlimited. We will not support you on “how to write HTML, CSS, or other web page issues”. It is OK with us if you change the HTML-pages as served by our web server, but it is your responsibility to ensure you write valid, usable and working HTML-pages.

We do appreciate the books from O'Reilly. Go to to their website and search for HTML-books.

http://www.oreilly.com/


http://www.oreilly.com/


Starting the web serverWithin our Maintenance Program is tab-page for the web server:

When changing a parameter, click on Apply. The parameters will be immediately applied. So, if you select the checkbox, and click on Apply, the web server will be started right away.

When you click on Apply, the web server will be stopped, and depending on the checkbox started again. Stopping and starting the web server does NOT affect current remote desktop session with the XP Unlimited server.

When the checkbox is checked, the web server will also be started when the XP Unlimited server is rebooted.



Location of the WWW folderThe default folder for the HTML-pages is below the Program Files folder of the XP Unlimited software:

When you change the location to something else, and click on the Apply button, the default HTML-files will be created in this new location.



Security / Limitations of the integrated web serverThe integrated web server is limited to:• HTTP Get and Head command. Anything else like HTTP Post is not supported.This implies that the integrated web server can not be used for “accessing”, “updating” or “writing” to the www-folder. There is no logic within the integrated web server to do such thing.

Our integrated web server has nothing to do with Microsoft Internet Information Server (IIS) and is not based on IIS; it does not use any IIS code; it is a completely self-developed web server. Updates from Microsoft related to IIS are not required for a XP Unlimited server.

The objects / files in the WWW folder are accessed by the web server using “Read and Share right”. This implies that the WWW folder can be made read only and that the web server does not try to get write, lock or update access to the WWW folder.The only exception to the previous statement is, when the web server is restarted with a new WWW folder path, it does write to the WWW folder, because then the www server and Maintenance Program will write the default HTML-objects in the new WWW-folder.

We should mention the following: because of the Active-X object as served by the web server, only the browser Microsoft Internet Explorer is supported. This browser does have its peculiar non-standard, proprietary behaviour. For instance, sometimes this browser sends the command OPTIONS to a web server. This command is a non-standard, proprietary command that is used between Microsoft Internet Explorer and Microsoft Internet Information Server (IIS).Our integrated web server has nothing to do with Microsoft IIS and is not based on IIS. Therefore our integrated web server does not support this non-standard, proprietary OPTIONS command. The result will be 4xx errors in the logfile of our web server.

Indexing a folder

• Our web server does not index a folder like IIS or Apache can do.• When a client enters an URL which contains a folder and not an object, our web server

appends index.html to the URL.• When index.html does not exist in the requested folder, a 404-error is generated.

If you want to have a folder indexed, do create a file called index.html inside this folder and keep it up-to-date with the contents of the folder.

If you do NOT want to index a folder, and do NOT want to confront your users with a 404-error, create an index.html file in every folder. The contents of the index.html can be a nice message and some kind of javascript-refresh statement that loads the default index.html as located in the root of the www-folder.

Traversing

Our web server only serves objects inside or below the WWW-folder as entered in the Maintenance Program. Your users might want to try ../../.. in URL with the objective to traverse beyond the WWW-folder. This is not allowed or supported by our www server.



ContentTypes.cfgIf you change the HTML-pages and starts to serve filetypes like EXE, BIN, DMG, MP3, AVI, SWF, etc, be sure to edit the file ContentTypes.cfg. In case the web server serves an object and its filetype is not found in ContentTypes.cfg, the default filetype reported to the browser of the client is “application/octet-stream”. The impact of this is that the browser will show a message to the user, asking “where to save this file”.

Parameters in HTML-pagesIt is possible to include parameters within the HTML-pages as served by the web server. The default Error pages do use them and can be interpreted as an example for these parameters.A FAQ on our website describes the full list of parameters and their meaning.

LogfileAs usual with the XP Unlimited products, there is a logfile. It is located in \Windows\Temp and it is called XP Unlimited_www_Server.log.

The logfile shows the following info:• date / time• Info, Warning or Error• IP Address of the client• HTTP-result code:

• 200 is OK• 4XX is an error related to the client• 5XX is an error related to the server

• Hostname as entered by the client in the address bar of the browser:• The web server can be accessed using the IP Address of the server, or DNS-name.

• object served:• In case of the Demo version of XP Unlimited, the objects are server from internal memory

and not from the WWW-folder, although they must exist in the WWW-folder.

The logfile is a wrap-around logfile and will overwrite itself. The maximum size is 1 MB. If auditing is important, the Administrator should schedule some kind of automatic backup of this logfile.



Using the Web Server for updating of the client softwareThe client software is called xpuWin32client.exe, and is installed in 2 locations:

• c:\program files\xpunlimitedand• c:\program files\xpunlimited\www

The next time when you install an update of XPUnlimited on the XPU Server, a new version of the client is also updated in the WWW-folder.

When an client connects to the XPUnlimited-server, it requests the version of the client as served by the Web Server. When the version of the client as served by the Web Server differs from the client itself as it is running on a remote PC, the client software on this remote PC will update itself with the version of the client as server by the Web Server.

Client software is “signed”. After downloading the client software from the Web Server, the signature is verified before the new client software is used on the remote PC.

Disable updates of client software from the Web Server

When you do not want that the Web Server does also offer the client software, delete xpuWin32client.exe from the WWW-folder.

Use the Web Server ONLY for updating the client software

It is also possible to configure the Web Server such that it ONLY provides updates of the client software but it does NOT offer Remote Desktop Sessions for browsers. If this is desired, proceed as follows:

• Delete the following files from the WWW-folder• xpu_connectdirect.html• xpu_settings.html• msrdp.cab

Do not delete other files like the 4xx-HTML error messages or CFG-files.

Place the following index.html file in the WWW-folder (overwrite the index.html that is already in the WWW-folder):

<html><head><title>Nothing to see here...</title></head><body>Nothing to see here...</body></html>



Integrated PostScript / PDF Printer



IntroductionWhen the PostScript / PDF printer is enabled, automatically a XPUnlimited Printer is created. Users can select and use the printer. Result will be a printed file in their Personal Folder.

When either, or both PostScript and / or PDF is selected, the XPUnlimited Printer will be available.When neither PostScript or PDF is selected, the XPUnlimited Printer will be removed.

The location of where the PDF / Postscript files are placed, can be changed.If this is changes, for instance, on a different server, please note that the the user must have create and write rights on this different server.



The printer queue can be viewed in the usual way:

Detailed settings are also possible, although the default settings will be OK in most cases:



Users can select the XPUnlimited Printer for a printjob:

Result of the print job is a file in the folder XPUnlimited Printer Files, in the Personal folder of the user:



Load Balancing / Farm



IntroductionThe Farm solution assumes that a central repository is used for the user data. An example of a central repository is Domain Authorization and Roaming Profiles. For the remaining of this manual such is assumed.

When you think about it, it is obvious that a central repository is needed for the user data, because the whole concept of the Farm is based on:

• An user can work on any of the XP Unlimited servers in the Farm.

However,• An user always expect his / her own desktop, own files, the known applications, etc.

In order to be able to give the user his / her own desktop, independent of the XP Unlimited server in the Farm, roaming profiles are required.

Objective of the Farm

The objective of the Farm is to:• Distribute the load of the users among multiple XP Unlimited servers. The load is distributed,

based on the number of users, cpu load, memory load and number of processes on each server.

• Give the users always the same desktop, their own data, etc, independent of the XP Unlimited Server they are working on.

Definition: Preferred serverThe preferred server is the server with the least load. Which server this is, is automatically determined. Clients will get a Remote Desktop from the preferred server.

Specific client softwareUse of the Farm requires the use of specific client software. The specific client software asks with the servers in the Farm about the preferred server, prior to starting the Remote Desktop Session for the user.

XP Unlimited client software is available for• Windows XP and higher• Linux / Apple



Mirror XP Unlimited Servers• The System Administrator should install every application on all XP Unlimited servers.

• Our Maintenance Program does not install Office, Firefox, email software, etc.• Settings done using our Maintenance Program with regard to Application Control can be

distributed among the Farm:



Typical configuration of a Farm

Configuration Example 1

• Three XP Unlimited servers are working together in a Farm.• The name of the Farm is the name of the Domain Server.• All three XP Unlimited servers do have the same applications installed. This is done by the

System Administrator:• Office• Email• Browser• etc

• There should be a fileserver which holds all the user data. Users should not be allowed to use one of the XP Unlimited servers for their data.

The clients can use any of the XP Unlimited servers, without noticing any difference in their user experience, desktop, applications and data.

You can mix XP Unlimited running on WXP and running on Windows Server.

A central fileserver is required. When you think about it, it is obvious that a central fileserver required. In case an user would use the disk of XPU-Server 1 for its data, he / she can not access the data when, due to the Load Balancing algorithms, the user is directed to XPU-Server 2 or 3.



Configuration Example 2

• The XP Unlimited servers are connected to both the “Client” network and the “Server” network.• The clients do not directly access the servers. Depending on the configuration of the servers,

direct access from the clients can be prohibited.• The XP Unlimited servers are configured in such a way that their internal network

communication related to the Farm and related to the Load Balancing, is done using the “Server” network and is not done using the “Client” network.



Settings

The Settings page is used for enabling the participation in the Farm. After enabling the Administrator can select some communication parameters.

IP Address of the server

Each client negotiates with the servers in the Farm for the preferred server. This is the IP Address as advertised by the server to all clients for the Remote Desktop connection.

TCP Port number

This is the port number of the server that will be accessed by the Load Balancing :: Seamless clients while requesting “who is the preferred server”. Any XP Unlimited server can be asked “who is the preferred server”.



Broadcast Address and UDP Port number

The servers in the Farm keep all the other servers informed about their users and load. The server uses this IP Address for broadcasting. The protocol is UDP.

Advise of IPConsult

As shown in Example 2. it is possible to have 2 network cards in each XP Unlimited server. 1 network card can be used for connecting the server to the company network. The other network card can be used by a small private network that is only shared by the servers in the Farm and other important equipment.Having 2 network cards implies that the IP Address of the network for the users will be different then the IP Address of the small server network.

Example XPU-Server 3:

See next page for the interpretation of these settings.



Client Network:• XPU-Server 3 can be reached by the clients on IP Address 192.168.200.58• The Client software uses TCP Port 3390 to request the server for the preferred server.

• Each XPU-server in the Farm answers the request of the clients “who is the preferred server”.

• XPU-server 3 can and will answer to the client with the name of the XPU-server that is the preferred server. That can be XPU Server 3 itself, but it can also be any of the other XPU-servers.

So, when a client asks XPU-Server 3 “who is the preferred server”, the answer of XPU-Server 3 might be “XPU-Server 1”, (or 2, or 3, etc, etc).

• The Remote Desktop Session itself uses TCP port 3389:



Server Network:• The IP Address of XPU-server 3 on the Server Network is 10.0.0.3.• XPU-server 3 uses the broadcast address 10.0.0.255, UDP port 3391, for informing the other

XP Unlimited servers about its load, users, status, etc.

Advise of IPConsult

The configuration in the previous pages has the advantage that the broadcast traffic of the XP Unlimited servers is not send out in the company network and can not be compromised by whatever is done on the client network.

Block multiple logins

It is quite important to block multiple logins from users. The reason behind this strong advice, is the use of roaming profiles. When a user is allowed to login twice or more, he might get in trouble with his roaming profile. Therefore it is strongly advised to block multiple logins among the Farm.

Create logfiles for Logon-, Disconnect and Logoff events in the Farm

If required, each server in a XPU Farm can create logfiles, per month for user activity. Purpose of these logfiles is auditing if such is required.The format of the logfiles is fixed, with exception of the date/time stamp, which can be local time or UTC time.The logfiles are located in:

Win32: \Program Files\XPUnlimited\UserActivitiesWin64: \ProgramData\XPUnlimited\UserActivities

For each monty a new logfiles will be created. The current month-number and year are used for the naming of the logfiles:

xpu_YYYYMM_UserActivities.log

The first line of the logfile denotes the format:

'Activities','Server','Domain','Username','Date (YYYY-MM-DD)','Time (HH:MM:SS)'



The next lines contain the user activity:

'Activities','Server','Domain','Username','Date (YYYY-MM-DD)','Time (HH:MM:SS)''Active','WXP4','TESTXP','domain001',2010-01-14,19:01:24'Disconnected','WXP4','TESTXP','domain001',2010-01-14,19:01:58'Active','W2K8-R2-Server','TESTXP','domain011',2010-01-14,19:02:01'Active','WXP4','TESTXP','domain001',2010-01-14,19:02:08'LoggedOff','WXP4','TESTXP','domain001',2010-01-14,19:02:32

The column 'Activities' can contain 4 types of information:Active User is connected and loggedDisconnected User is disconnected but has an open session on a server in the FarmLoggedOff User did a logoffUnknown will be reported in case of technical or software problems, but should never occur

The example above describes a Farm with the netbios name TESTXP.This Farm contains 2 servers, called WXP4 and W2K8-R2-Server.The user-activity of 2 users is shown in the example, being user domain001 and user domain011.

Redundancy in the Farm: let each server generate the logfiles

Each server in the Farm is able to generate the same logfile. From a redundancy point of view it is indeed better to let each server in the Farm generate the same logfile about the user activities.



Load Balancing Parameters among the Farm

All the servers in the Farm use the same settings for CPU, Users, Memory and Processes. When you change the settings on one server, the settings will be distributed to the other servers in the Farm.The “importance” of the four parameters can be changed by changing the Load Factor (percentage).



The columns of each server do have the following meaning:

Server The name of the server

Users The current number of logged in users. This includes both “Active” users and “Disconnected” users

CPU The current cpu load.• Default “measure” time is every 5 seconds

Memory The current use of the available physical memory• Default “measure” time is every 5 seconds• Please note: the number represent the physical memory, because this is

important with regard to the load and performance of a server. It does not include virtual memory or pagefile memory.

Processes The current number of processes:• Default “measure” time is every 5 seconds

Time out Each server in the Farm expect at least once every 90 seconds a status message from the other servers in the Farm. When a status message is not received in the past 90 seconds, that specific server is considered to be off line and does, apparently, not participate any more in the Load Balancing.The second number is the number of seconds when the last status message was received. Normally every 5 seconds a status message is sent. So, the second number of seconds should, normally, not exceed 5 seconds.

DT Sent This is the date / time of the last message as sent by the other server. The other server states that it did send the message at this specific date / time

DT Received This is the date / time of the last status message received from the other server, by this server.In case all the clocks of all the servers in the Farm are synchronized, then DT Sent and DT Received will be identical. In case the clocks are not synchronized, you will see a difference in the date / time.



Show Running Servers

Select one of the servers in the Farm, and a history of the load is shown. Every 5 seconds the graphs are updated. The most recent load is shown on the left in the graphs, and is mentioned by the numbers in the upper right corner of the graphs.



A difference between running XP Unlimited on WXP and Windows Server is that Windows Server makes it possible to login with the same userID multiple times. This is not recommended, because lots of applications do not understand that they are started more then once by the same user.If this policy is enabled on Windows Server, it will show:



Show Users

All the Active and Disconnected users in the Farm are shown. The Administrator can select 1 or more users, or 1 or more columns, and perform the following action on the users:• Disconnect them• Log them off• Send them a message.

Because Disconnect and Logoff should be use carefully, those options do require that the Administrator first enables both buttons.



Other Servers and Farms

The “clou” of this information is related to the following:

Suppose you have configured several XP Unlimited servers. However, when using the tabpage “Show Running Servers”, you do not see them.• First, check the settings on the tabpage “Settings”. Be sure that all servers do use the same

UDP port and that the broadcast IP Address does end with, for example 255, so the broadcast will be reachable by all servers.

• Check you firewall settings on each server. Be sure that the XP Unlimited servers are allowed to communicate with each other.

A second reason why the tabpage “Show Running Servers” does not show all servers, is because some XP Unlimited servers are not in the same Domain. Those servers will be shown in the tabpage “Other Servers and Farms”.• Use the Tabpage “Domain / Workgroup and verify that all XP Unlimited servers are member of

the same Domain.



Another reason why you might be interested in the tabpage “Other Servers and Farms” is the following situation:

Suppose you have multiple Farms. Each Farm has its own network and its own IP Addresses. In case other Farms and Servers do appear in the tabpage “Other Servers and Farms”, you might reconsider all your network settings, firewalls, IP Addresses, etc, because apparently it is not configured in an optimal way.

Their is no problem or harm when a server shows up in the tabpage “Other Servers and Farms”; you servers and Farms will work fine. This tabpage is just a way of informing the Administrator about possible mis-configurations or possible optimizations in his network.



Load Balancing :: Seamless Client software



Client software for WindowsThe client-software is default installed on the server. The Administrator can copy the client-software to all of the Client PC's by copying the file xpuWin32client.exe to the clients.

It provides the user with the following interface:

• In case load balancing is not used:

In case load balancing is not used, one can enter the domain and the address of the XPUnlimited Server. This is similar to the default Microsoft Remote Desktop client.



• In case load balancing is used:

The user can enter his / her name and password.

The current preferred server is shown. Which server this is, can change at any moment because of the dynamic behaviour of the load balancing concept.



First time use of the Load Balancing :: Seamless clientThe very first time the Load Balancing :: Seamless Client is used, is does not know any server in the Farm. Therefore it will request the user for an name or IP Address, and port number of a server.

The Load Balancing :: Seamless Client asks the server for a list containing every server in the Farm.

The next time the the Load Balancing :: Seamless Client is used, it will try each of the servers in the list for an update of the serverlist. The Load Balancing :: Seamless Client does 'remember' the list because it write the list in a short file in the Local Settings-folder of the user.

In case a small red cross between the client and the servers in the Farm is shown, it indicates that this client had no connection with the Farm and is not able to get a serverlist from the Farm.

You can click on the “Other Farm” button in case you would like to connect to a different Farm.



Settings

The first settings are typical for XPUnlimited and can not be found in the default Microsoft RDP client.• Use Load Balancing or not. The first checkbox determines whether or not this client will connect

to a stand-alone server or to a Farm.• In case Load Balancing is used, the very first time the client needs to know at least 1 server

of the Farm. The question for the address of at least 1 server of the farm, can be surpressed.

The remaining settings on this tabpage do show the same options as know by the default Microsoft RDP client:

The setting RDP+ has its own Tabpage with settings



Examples of a Seamless desktop, no Application Control

• The taskbar at the bottom of the screen belongs to the client. Its theme is Windows classic.• The second taskbar belongs to the remote desktop. Its theme is Windows XP default.• Notepad runs on the client.• Mediaplayer runs on the server, inside the Remote Desktop Seamless client.• The desktop icons on the left belong the the client.• The desktop icons on the right belong to the Remote Desktop Session.



Examples of a Seamless desktop, using Application Control

Using the Seamless client capabilities of XPUnlimited together with our Application Control makes more sense:

• The Application Control menu of the XPUnlimited server is shown at the top of the client.• The user has 4 Published Applications.• In the example above, 1 notepad is running on the client. The client has as desktop theme

Windows Classic.• 1 notepad is running inside the Remote Desktop Session. The Remote Desktop Session has a

desktop theme Windows XP.

Remark about themes

In the 2 examples above, themes are used to make clear when an application is running on the client or running inside the Remote Desktop Session. Of course it is up to the customer to decide which theme is used on the client or inside the Remote Desktop Session.



RDP+

RDP+ only available with XPU Enterprise

Please note that RDP+ features are only available when connecting to a XPU Enterprise Server.A XPU Classic Server does not offer RDP+ features.

Printjobs

RDP+ has the ability to transfer a printjob from the server to the client.

Using normal RDP it is possible for the server to print directly to the printer that is connected to a client. However, it is unfortunately also quite common that this does not work as expected due to various reasons like old or incorrect printer drivers on the client, old or incorrect printer drivers on the server, etc.

When RDP+ is used for print jobs, it is expected that the built-in PDF printer is used on the server;The printjob from an application should be printed towards the built-in PDF printer.When the printjob is finished, automatically the printjob can be transferred to the client:

Leave print files on the Server: The PDF-print file will be placed in the personal XPUnlimited Print Files of the user on the server.

Copy print files to this Client: The PDF-print file will be placed in the personal XPUnlimited Print Files of the user in the server, and the PDF file will be copied to the client in a personal folder XPUnlimited Print Files in the client.

Move print files to this Client: The PDF-print file will not be placed in the personal XPUnlimited Print Files of the user in the server. The PDF file will be moved from the server to the client in a personal folder XPUnlimited Print Files in the client.



Print print files to this Client: The PDF-print file will not be placed in the personal XPUnlimited Print Files of the user in the server. The PDF file will be moved from the server to the client in a personal folder XPUnlimited Print Files in the client, and a local print job will be started towards the selected printer.

When to use RDP+ Printjobs

The difference between using the local printer in the standard RDP way of printing, is that in case of the standard RDP way of printing, it is the server which does the print job. And both the server and the client do need the correct printer drivers in order for the server to be able to connect and use the printer that is connected to the client.When using the RDP+ way of printing, the server does print to the built-in PDF printer on the server. That is “an easy printjob” and does not result in problems related to printerdrivers.When the print job is finished, RDP+ does an automatic file-copy (or file-move) of the printed PDF-file from the server to the client, and a local printjob on the client is started.Doing so can bypass those common printer problems when attempting to print as done in the standard RDP way of printing.



Save My Password (in a RDP-file)The Load Balancing :: Seamless Client, like the Microsoft client itself, does have the option to save the password. When this option is selected, the next time the Load Balancing :: Seamless Client is started it will start with the user and password of the previous use.

The password is written in the file “xpu_farm.rdp” in the folder Local Settings of the current logged in user. Please read this carefully; the user mentioned in the previous sentence is not the user that is logged in the Domain, but is the user that is using the local client PC. This client PC can be a WXP-PC or higher, and this client might request a local login before this PC can be used.

So, the password is written in a RDP-file, which is placed in a folder that belongs to the local logged in user. The password in a RDP-file is written in such a way that the password can only be used again on the same PC and same local user. You can copy the RDP-file to another-client-PC, but the password can not be used or interpreted on another client PC.Next to this, the RDP-file is written in the folder Local Settings of the current logged in user. If the Administrator has done a good job, no other users are able to access the folder Local Settings.

Pre-defined RDP-file

It is possible to start the Load Balancing :: Seamless Client with a pre-defined RDP-file; just specify it on the command-line. Every parameter in the pre-defined RDP-file will be used by the Load Balancing :: Seamless Client. In case load balancing is used, the host address and portnumber will be ignored. These two parameters are, off course, dynamic and automatically defined based on the load balancing functionality in the Farm.

The password in the pre-defined RDP-file can only be used in case the RDP-file is generated on the PC where the RDP-file is used. Otherwise, the password in the RDP-file can not be used, and the user will be asked to enter his / her password. This is not a limit of the XPUnlimited or the Load Balancing :: Seamless Client; this is a security feature of Windows. Because the password in the RDP-file can only be used when the RDP-file is created on this specific Windows client, it is not possible to “steal” the password by copying the RDP-file. The obvious disadvantage is that an Administrator can not globally distribute predefined RDP-files with userIDs and passwords to all Windows clients.

When the Load Balancing :: Seamless Client is started with a pre-defined RDP-file it will automatically connect to the Farm. When the user ends the session, the Load Balancing :: Seamless Client will terminate itselves.

LogfileThe Load Balancing :: Seamless Client generates a logfile called xpUnlimited_FarmClient.log in the personal%tmp% folder of each user. The Administrator can use this logfile for analysing problems.



SupportIn case of issues related to xpuWin32client, the 3th tabpage contains a button which will create a ZIP Support File on the desktop, and which can be sent to us by email.



ConnectionsThe client software is able to handle multiple connections to multiple XPU Servers.

• The button Folder can be used to change the location of the multiple RDP-files.• The button Duplicate can be used to copy the selected connection.rdp file to a new one.• The button Rename can be used to rename the selected connection.rdp.• The button Delete can be used to delete the selected connection.rdp.

Changing the settings of a selected RDP file, is done using the other tabpages:• First select one of the rdp files.• Goto the tabpage “Settings” and change whatever needs to be changed.• Goto the 1th tabpage “Authorization” and enter the details like username, etc. These will be

placed into the selected rdp file.



Multiple FarmsIt is possible to specify a so-called v001c001-file on the command line. Default this file is located in the %tmp% folder of each user.In case of multiple Farms, the second command line parameter can be an unique v001c001-file for each unique Farm (the first command line parameter is for a pre-defined RDP file).

See also the next chapter “Command line parameters”.



Command line parametersThe Load Balancing :: Seamless Client understands 4 command line parameters:

1 RDP file Personal RDP-file for the user. See the paragraph above, called 'Pre-defined RDP-file'

Read / Write access

2 v001c001 file Personal v001c001 file which indicates a Farm

Read / Write access

3 RDP file Master RDP file Read access4 v001c001 file Master v001c001 file Read access

Example how to use these 4 command line parameters:

The following 2 shortcuts on the desktop of the user can be created for accessing Farm 1 and Farm 2:

xpuWin32client.exe %homepath%\farm1.rdp %homepath%\farm1_v001c001.txt G:\master\farm1.rdp G:\master\farm1_v001c001.txt

xpuWin32client.exe %homepath%\farm2.rdp %homepath%\farm2_v001c001.txt G:\master\farm2.rdp G:\master\farm2_v001c001.txt

(the examples above are 1 long command line with 4 command line parameters)

Farm 1 explained:

1 RDP file %homepath%\farm1.rdpThis will be the personal RDP file for the user. The environment variable will be expanded. However, the very first time, this file does not exist. In that case the master file in command line parameter 3 will be used.

2 v001c001 file %homepath%\farm1_v001c001.txtPersonal v001c001 file which indicates Farm 1. This fill will be created and updated. The very first time this file does not exist. In that case the master file in command line parameter 4 will be used, and the user will not be prompted for an IP Address of a server in the Farm.

3 RDP file G:\master\farm1.rdpThis RDP file should contain correct initial values for the users of Farm1. It will only be red, once, when the personal RDP file as indicated by command line parameter 1 does not exist.

4 v001c001 file G:\master\farm1_v001c001.txtThis v001c001 farm file should contain initial values for the users of Farm1. It will only be red, once, when the personal v001c001 file as indicated by command line parameter 2 does not exist.

The Administrator can create several shortcuts for accessing the multiple Farms. Each shortcut has it own 4 command line parameters. Each shortcut has its own 2 master files in command line parameter 3 and 4.



Client software for LinuxFor Linux clients we have 3 different clients. The most recent version can be downloaded from our website.

Load Balancing client for Linux / Apple, based on perl

We have 2 clients based on a perl-script. The second perl-client uses some KDE-dialog boxes for interaction with the user.

http://www.xpunlimited.com/faq/index.php?action=artikel&cat=4&id=60

GUI Load Balancing client for Linux (GTK+)

We have also a GUI Load Balancing client for Linux, based on Lazarus, Free Pascal and GTK+.


The detailed working of this client is described online in the FAQ.





Requirements / dependencies

The Load Balancing client for Linux is written using Lazarus and Free Pascal.

* It requires the GTK+ libraries. * It requires rdesktop. Version 1.41 or higher is recommended.

License

Lazarus is a Intergrated Development Environment (IDE) for Pascal and is distributed using GPL. Lazarus can be found here:

http://www.lazarus.freepascal.org/

Using Lazarus it is possible to develop programs based on Pascal. Free Pascal can be found here:

http://www.freepascal.org/

Both Lazarus and Free Pascal do come with libraries. These libraries can be obtained by downloading either Lazarus and / or Free Pascal.

rDesktop is a linux implementation of a RDP-client. rDesktop can be found here:

http://www.rdesktop.org/



How to test-drive the Farm

Minimized Test Environment

• 2 XP Unlimited servers, using the Demo Versions• 1 Domain Server / Fileserver

• Windows Server platform• Samba (www.samba.org)

• 1 or more clients, capable of running (multiple) Remote Desktop Sessions

Please note: you should always have at least 2 XP Unlimited servers; their is no point in having a Farm with only 1 XP Unlimited server.



Advised Test Environment

• 3 or more XP Unlimited servers, using the Full Version (no user limit)• 1 Domain Server / Fileserver

• Windows Server platform• Samba (www.samba.org)

• Several clients, capable of running (multiple) Remote Desktop Sessions

Preferable the Test Environment should also have:• 2 networks:

• 1 Server network• 1 Client network



Please note: when a license is installed, it can not be transferred to a different server; licenses are bound to the hardware.Taking testing serious implies that testing is not done once for 2 weeks, but is a continuous activity. New versions of applications, patches, firewalls, anti virus software, etc, are all tested in the test environment prior to using them in the production environment. Therefore permanent hardware and software is required for the test environment.



Test Tools

For the IT professional or for those involved in testing XP Unlimited, we have some Test Tools. You can download the Test Tools from our website.

The Test Tools can assist you in understanding and working with Application Control, the Command line Parameters and the Autorun options of an Application.



xpuViewUsers

In the folder Program Files\XPUnlimited the tool xpuViewUsers is installed:

When it is started by an user which does not have Administrator Rights, it is shown as follows:

When it is started by an Administrator, is shows more options:



When it is started in the Console of the XP Unlimited Server, the button for Control is not available.

What can xpuViewUsers do• Users are able to send messages to each other.• Administrators are able Disconnect or Logoff an user.• Administrators which are not working on the Console of the XP Unlimited Server are able to

Remote Control a session:



• Select an user (not yourself)• Select a preferred hot-key combination that can be used to disconnect the Remote Control

Session• click on Control.

Depending on the Policy Settings related to Remote Control, the target user is asked (or not) for allowing the Remote Control action:

When the request is accepted, the Administrator can remote view or control the session of the user.

Note:• Remote Control is not available on Windows Server 2008, based on Vista.• Remote Control is available on Windows Server 2008 - R2, based on Windows 7.



In the upper-right corner of the Remote Controlled Session, a small button is shown as an indication that the session of the user is being Remote Controlled:



xpuDockDesktopIn the folder Program Files\XPUnlimited the tool xpuDockDesktop is installed. Purpose of xpuDockDesktop is to show the desktop icons at a different location on the screen then as default done by Windows:

The icons shown by xpuDockDesktop are those that are visible on the default Windows desktop of the user.

On each corner, xpuDockDesktop has a small docking arrow / button. By clicking on this small docking arrow / button, xpuDockDesktop will dock itself to that specific location on the screen.

The small docking arrows / buttons can also be used to resize xpuDockDesktop, or to reposition it along the screen-edge where it is docked.



If you click on the “no arrow / button” -button, the small arrows / buttons will disappear. Doing so will prevent that the user does accidentally resize or move xpuDockDesktop:

By clicking on the close-button, xpuDockDesktop will terminate:



Config options of xpuDockDesktop

The config-button shows a panel with configuration options:

Auto ReSize if to small: In case xpuDockDesktop is to small, such that not all icons are shown, such that there is a vertical and / or horizontal scrollbar visible, xpuDockDesktop will enlarge itself until all icons are visible.

No Close: the close button will disappear and it will not be possible to terminate xpuDockDesktop.Also the option Do not show on Taskbar will be checked, and disabled.

Hide icons on normal desktop: when checked, the default Windows desktop does not show any icon. When un-checked the default Windows desktop does also show the usual desktop icons

Show those standard desktop icons: when checked, those standard desktop icons like My Computer, Recycle Bin, etc, are shown. When un-checked, only the icons in the personal desktop of the user are shown. The personal desktop is a setting / location that can be changed by the administrator. Default the personal desktop is located in %USERPROFILE%\Desktop.If the user has no icons in %USERPROFILE%\Desktop, xpuDockDesktop will be empty.



Do not show on Taskbar: if checked, the taskbar will not show an item for xpuDockDesktop. If un-checked, the Taskbar will show an item for xpuDockDesktop:



Show Full Screen: xpuDockDesktop can position itself Full Screen.

When Show Full Screen is combined with the option Align icons at Top, unchecked, then xpuDockDesktop mimics the default Windows desktop:



When Show Full Screen is combined with the option Align icons at Top, checked, then xpuDockDesktop shows the icons aligned at the Top of the Desktop:



Popup when moving mouse in mePopup when moving mouse in me or desktopWhen one of these options is checked, xpuDockDesktop will show itself “on top” when the mouse is moved over it.

Read only / No right click / No popup menu: when checked, the default right-click options that do exist on those desktop icons, are disabled. The only right-click that is available, is right-click on de Recycle bin. When doing so, the usual popup asking “Empty the Recycle Bin, yes / no” is shown.

Auto run after login: when checked, xpuDockDesktop will create an entry for itself in the RUN-key in the registry / profile of the user, such that it will be started every time after a login.When unchecked, the entry in the RUN-key in the registry / profile of the user will be deleted.

Note: when xpuDockDesktop is started using XPU Application Control, then this setting is not required.

Show transparent when not active: xpuDockDesktop is shown transparent onto the desktop:



Windows MenuThe small Windows-button shows a session menu:



INI-filexpuDockDesktop maintains an INI-file for the user in “Application Data”-folder beneath the personal folder of the user. Which folder that exactly is, can vary and is determined by the Operating System, or by specific settings done by the Administrator.The INI-file is called xpuDockDesktop.ini.

The various config-settings are saved in this INI-file.

All possible settings in an INI-file:

Left=340Top=0Height=340Width=460Dock position=right-topAuto size=noDo not close=yesHide icons on MS desktop=yesDo show standard Desktop icons=yesHide from taskbar=yesPopup when moving mouse over me=noPopup when moving mouse over me or desktop=noDo Transparancy if not Active=yesAlign icons at Top=yesPercentage Transparancy=20Show Full Screen=noRead only. No right click. No popup menu=yesAutostart for this user after login=noDo Resize and Dock=yesPath=



Path

Path is the only setting in the INI-File that can not be set using the Configuration-panel of xpuDockDesktop.In case Path is empty, xpuDockDesktop will show the default Global Desktop as offered by Windows, or the personal desktop of the user in case the option “Show those standard desktop icons” is not checked.

When the setting Path has a value, then xpuDockDesktop does expect to find icons in this folder.For example:

Path=\\server\groups\sales\AppGroup1

Path=c:\icongroups\sales\AppGroup1

It is expected that the folder AppGroup1 contains icons / shortcuts which will be shown by xpuDockDesktop.

Note: possible the second example, where Path points towards drive C:, is a better example, because Windows might show the user a warning when attempting to access an icon / link in a folder on a network drive.

Normally Path is never used, but an Administrator might use it in special cases where xpuDockDesktop needs to show a special set of icons for the user.



Command-line parametersIt is not required to start xpuDockDesktop with any command-line parameter. However, if done so, 1 or 2 parameters are possible. All parameters should be am INI-file.

The first command-line parameter / INI-file will be the user INI-file. It will replace the default INI-file for the user as described above here.

The second command-line parameter / INI-file will be the system INI-file.xpuDockDesktop will open it with only read-access. Whatever config-setting is set in this INI-file will overrule the config-setting in the user INI-file.

Example:

xpuDockDesktop “%userprofile%\xpuDockDesktop.ini” “c:\globalsettings\xpuDockDesktop.ini”

The 1th INI-file will be in the user-folder.The 2th INI-file will be a global INI-file with some settings that do apply for every user.

Content of c:\globalsettings\xpuDockDesktop.ini

There are only 5 settings in the system INI-file. These 5 settings will overrule the 5 settings in the user INI-file. All other settings in the user INI-file can be changed by the user.



The result of this example is as follows:

The settings which are placed in the system INI-file are all applied, and the user can not change those settings.Only the settings which are not placed in the system INI-file can be changed by the user.



All contents copyrighted by IPConsult BV

IPConsult BVThe Netherlands17 June 2011
