tools

Appsense–First letter of username

Posted by nickekallen on in Appsense 0 Comment

I had to extract a the first letter of a username using Appsense Policy Configuration within Environment Manager. I would have hoped there was a trim functionality natively available, however none were found in the version that was dealt with.

Therefore a bit of optimized search had to be performed. As far as I can see this is faster than executing a script, but perhaps a bit more work to setup initially.

imageCreated 5 top Username matches with these regular expressions;

.*\\[a-eA-E]\w*
.*\\[f-jF-J]\w*
.*\\[k-oK-O]\w*
.*\\[p-uP-U]\w*
.*\\[v-zV-Z]\w*

Below each one I then parsed through the letters that the regular expression matched (A-E for example) and once a match was hit – set the environment variable FIRSTLETTER to the matching letter.

Search was for the letter A as a sample; *\a*
For each specific letter I used a query and not a regular expression.

I created an Appsense template for EM that you can download, which contains a reusable node!

App-V 4.6 Compliance Baseline for SCCM 2012

Posted by nickekallen on in App-V 0 Comment

Just created a Compliance-baseline for the App-V 4.6 client to be used within System Center Configuration Manager 2012 .

image

Above is a sample screenshot of the items that are beeing checked – some of them contains remediation tasks, others are just for information. There are quite a few checks there that should be verified if they suite your environment – this is the recommended practices of me, myself and not Microsoft or anyone else. The CAB-file can be download here; SCCM2k12MSAppV46baseline.cab

The checks;

AllowDisconnectedOperation
Enables or disables disconnected operation. Default value is 1 enabled, and 0 is disabled. When disconnected operations are enabled, the App-V client can start a loaded application even when it is not connected to an App-V Management Server.
Checks for 1
Remediate: Yes

AllowIndependtFileStreaming
Indicates whether streaming from file will be enabled regardless of how the client has been configured with the APPLICATIONSOURCEROOT parameter. If set to FALSE, the transport will not enable streaming from files even if the OSD HREF or the APPLICATIONSOURCEROOT parameter contains a file path.
0x0=False (default)
0x1=True
Checks for 1
Remediate: Yes

App-V Version
Checks the version of sfttray.exe
Checks for 4.6.1.30121
Remediate: No

AutoLoadTarget
Indicates what will be auto-loaded when any given AutoLoad triggers occur. Bit mask values:
(0) None: No auto-loading, regardless of what triggers may be set.
(1) PreviouslyUsed (default): If any AutoLoad trigger is enabled, load only the packages where at least one application in the package has been previously used—that is, started or precached.
(2) All: If any AutoLoad trigger is enabled, all applications in the package (per package) or all packages (set for client) will be automatically loaded, whether or not they have ever been started.
Checks for between 0-2
Remediate: No

AutoLoadTriggers
AutoLoad is a client runtime policy configuration parameter that enables the secondary feature block of a virtualized application to be streamed to the client automatically in the background. The AutoLoad triggers are flags to indicate events that initiate auto-loading of applications. AutoLoad implicitly uses background streaming to enable the application to be fully loaded into cache. The primary feature block will be loaded first, and the remaining feature blocks will be loaded in the background to enable foreground operations, such as user interaction with applications, to take place and provide optimal perceived performance.
Bit mask values:
(0) Never: No bits are set (value is 0), no auto loading will be performed, because there are no triggers set.
(1) OnLaunch: Loading starts when a user starts an application.
(2) OnRefresh: Loading starts when the application is published. This occurs whenever the package record is added or updated—for example, when a publishing refresh occurs.(4) On
Checks for between 0-5
Remediate: No

Cache Percent Free Space
This information is captured on the client computer by a performance counter called “App Virt Client Cache” and it has three components; “Cache size (MB)”, “Cache free space (MB)” and “% free space”. You can use Performance Monitor to display the information graphically.
http://blogs.technet.com/b/appv/archive/2009/04/06/how-to-determine-the-space-remaining-in-the-app-v-client-cache.aspx
Checks for greater than 20 %
Remediate: No

Drive Letter
Drive where App-V file system will be mounted, if it is available. This value is set either by the listener or the installer, and it is read by the file system.
Checks for Q:
Remediate: No

File Size
Maximum size in megabytes of file system cache file. If you change this value in the registry, you must set State to 0 and reboot.
Checks for must exist
Remediate: No

LogMinSeverty
Controls which messages are written to the log. The value indicates a threshold of what is logged—everything less than or equal to that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.
Value Range: 0x0 = None, 0x1 = Critical, 0x2 = Error, 0x3 = Warning, 0x4 = Information (Default), 0x5 = Verbose.
The log level is configurable from the Application Virtualization (App-V) client console and from the command prompt. At a command prompt, the command sftlist.exe /verboselog will increase the log level to verbose. For more information on command-line details see
http://go.microsoft.com/fwlink/?LinkId=141467http://go.microsoft.com/fwlink/?LinkId=141467
Checks for between 0-4
Remediate: No

LogRolloverCount
Defines the number of backup copies of the log file that are kept when it is reset. The valid range is 0–9999. The default is 4. A value of 0 means no copies will be kept.
Checks for between 1-4
Remediate: No

Online
Enables or disables offline mode. If set to 0, the client will not communicate with App-V Management Servers or publishing servers. In disconnected operations, the client can start a loaded application even when it is not connected to an App-V Management Server. In offline mode, the client does not attempt to connect to an App-V Management Server or publishing server. You must allow disconnected operations to be able to work offline. Default value is 1 enabled (online), and 0 is disabled (offline).
Checks for between 0-1
Remediate: No

Requireauthorizationifcached
Indicates that authorization is always required, whether or not an application is already in cache. Possible values:
0=False: Always try to connect to the server. If a connection to the server cannot be established, the client still allows the user to launch an application that has previously been loaded into cache.
1=True (default): Application always must be authorized at startup. For RTSP streamed applications, the user authorization token is sent to the server for authorization. For file-based applications, file ACLs control whether a user may access the application.
Restart the sftlist service for the change to take effect.
Checks for 0
Remediate: Yes

SystemEventLogLevel

Indicates the logging level at which log messages are written to the NT event log. The value indicates a threshold of what is logged—that is, everything equal to or less than that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.
Value Range
0x0 = None
0x1 = Critical
0x2 = Error
0x3 = Warning
0x4 = Information (Default)
0x5 = Verbose
Checks for between 0-4
Remediate: No

TrayVisibility
Checks for 2
Remediate: No

Update as of 2012-09-06
Multiple MDM
You may also see these client launch errors, especially on Terminal Servers:

xxxxxx-xxxxxx03-00001002
xxxxxx-xxxxxx0A-0000E005
xxxxxx-xxxxxx 0C-0000003C

Instead of, or in addition to these, you may also notice periodic hangs, as well as a frequent depletion of paged pool memory resources.

To prevent this issue, during the initial sequencing of Office 2007 (or via modification of the existing package) we recommend that you remove the Microsoft Office Diagnostics and Office Source Engine services from any sequenced package running Office 2007 or any sequence that includes any Office 2007 application.  This will require the removal of these virtual services under the Virtual Services Tab in the Softgrid/App-V Sequencer

http://blogs.technet.com/b/appv/archive/2009/01/22/reducing-resource-requirements-for-computers-running-virtualized-microsoft-office-2007.aspx
Checks for less than 1
Remediate: No

Multiple OSE
You may also see these client launch errors, especially on Terminal Servers:

xxxxxx-xxxxxx03-00001002
xxxxxx-xxxxxx0A-0000E005
xxxxxx-xxxxxx 0C-0000003C

Instead of, or in addition to these, you may also notice periodic hangs, as well as a frequent depletion of paged pool memory resources.

To prevent this issue, during the initial sequencing of Office 2007 (or via modification of the existing package) we recommend that you remove the Microsoft Office Diagnostics and Office Source Engine services from any sequenced package running Office 2007 or any sequence that includes any Office 2007 application. This will require the removal of these virtual services under the Virtual Services Tab in the Softgrid/App-V Sequencer

http://blogs.technet.com/b/appv/archive/2009/01/22/reducing-resource-requirements-for-computers-running-virtualized-microsoft-office-2007.aspx
Checks for less than 1
Remediate: No

Multiple Office Diagnostics
You may also see these client launch errors, especially on Terminal Servers:

xxxxxx-xxxxxx03-00001002
xxxxxx-xxxxxx0A-0000E005
xxxxxx-xxxxxx 0C-0000003C

Instead of, or in addition to these, you may also notice periodic hangs, as well as a frequent depletion of paged pool memory resources.

To prevent this issue, during the initial sequencing of Office 2007 (or via modification of the existing package) we recommend that you remove the Microsoft Office Diagnostics and Office Source Engine services from any sequenced package running Office 2007 or any sequence that includes any Office 2007 application. This will require the removal of these virtual services under the Virtual Services Tab in the Softgrid/App-V Sequencer

http://blogs.technet.com/b/appv/archive/2009/01/22/reducing-resource-requirements-for-computers-running-virtualized-microsoft-office-2007.aspx
Checks for less than 1
Remediate: No

Citrix – LogoffSyscheckModules
If you are running Citrix XenApp on a Terminal Server/RDS Server, you could be waiting on another seamless session to logoff. A good thing to verify is that the Citrix WFSHELL process releases SFTDCC properly
http://madvirtualizer.wordpress.com/2011/08/03/
Checks for sftdcc.exe
Remediate: No

Tivoli Storage Manager and SQL backup

Posted by nickekallen on in TSM 3 Comments

The script that was used as a template for initiating the SQL backup from the TDP agent is simply a bat-file. It isn’t very complicated and quite basic. Since deploying this backup within a datacenter and dealing with a few different SQL-servers installed in quite a few different ways – it seemed that this script had as many variations as we had SQL-servers installed. The main flaws were around the fact that multiple SQL instances weren’t detected and that the transaction-log weren’t truncated when the backup had been run for databases that were set to recovery mode FULL. Inorder to make this more manageable the following improvements were made;

  • Detect all SQL instances via the local the registry – based on Jay’s blog
  • Exclude Windows Internal Databases
  • Run through all databases in each instance. Verify if there are any offline instances and databases
  • Backup all databases or each database that are online.
  • Run a backup of transaction log and truncate it – some things based on SpaghettiDBA
  • Track all errors and exit the command with the error if one occurs to allow TSM to report a failed backup

It does not;

  • Detect if a SQL instance is offline
  • Detect if SQL is not installed and then fail

Why a bat-file?
All servers we are supporting doesn’t have Powershell. A reality…

@ECHO OFF

rem ==================================================================

rem sqlfull.smp sample command file

rem

rem Sample command file containing commands to do a scheduled full

rem backup of all SQL databases to an IBM Tivoli Storage Manager

rem server.

rem

rem This file is meant to be executed by the IBM Tivoli Storage

rem Manager central scheduler in response to a defined schedule on

rem the IBM Tivoli Storage Manager server.

rem

rem ==================================================================

rem ==================================================================

rem Replace "C:" with the drive where Data Protection for SQL

rem is installed. Update the directory to match the installation

rem directory that you chose when you installed the product.

rem ==================================================================

set TSMERROR=0

set sql_dir=C:\Progra~1\Tivoli\TSM\TDPSql

C:

cd %sql_dir%

rem ==================================================================

rem The two lines below put a date/time stamp in a log file for you.

rem Note: You can change "sqlsched.log" to whatever you prefer in

rem lines below.

rem ==================================================================

date < NUL >> %sql_dir%\sqlsched.log

time < NUL >> %sql_dir%\sqlsched.log

rem ==================================================================

rem Now call the command-line interface to do the backup:

rem

rem Replace "srvrname" with the name of the options file name you

rem plan to use.

rem

rem If SQL authentication is being used and the SQL login settings have

rem not been stored via the GUI, you must also specify the /sqluser and

rem /sqlpassword options on the command below.

rem

rem In this example, we use the '*' to back up all of the databases

rem on the SQL server. Note that database 'tempdb' will not

rem be backed up.

rem

rem Note: You can change "sqlsched.log" and "sqlfull.log" to

rem whatever you prefer.

rem ==================================================================

rem %sql_dir%\tdpsqlc backup * full /tsmoptfile=%sql_dir%\dsm.opt /logfile=%sql_dir%\sqlfull.log >> %sql_dir%\sqlsched.log

rem ===================================================================

rem Query all Microsoft SQL Server instances installed

rem ==================================================================

ECHO Creating tdpsqlservers.txt > command.log

reg query "HKLM\Software\Microsoft\Microsoft SQL Server\Instance Names\SQL">> tdpsqlservers.txt

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server\Instance Names\SQL" >> tdpsqlservers.txt

ECHO Generated tdpsqlservers.txt >> command.log

FOR /F "tokens=1 delims= " %%B IN (tdpsqlservers.txt) DO IF NOT "%%B"=="HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft" IF NOT "%%B"=="HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft" IF NOT "%%B"=="MICROSOFT##SSEE" CALL:servers %%B

del tdpsqlservers.txt

ECHO Deleted tdpsqlservers.txt >> command.log

del tdpsql_input.txt

ECHO Deleted tdpsql_input.txt >> command.log

ECHO Exit code %TSMERROR% >> command.log

exit /b %TSMERROR%

rem ================================================================

rem Verify all database instances

rem Check if there are any offline databases

rem ================================================================

:servers

IF NOT "%1"=="MSSQLSERVER" SET INSTANCE=%COMPUTERNAME%\%1

IF NOT "%1"=="MSSQLSERVER" SC QUERY "MSSQL$%1" | find /i "RUNNING"

IF ERRORLEVEL 1 ECHO %INSTANCE% offline >> command.log | GOTO :EOF

IF "%1"=="MSSQLSERVER" SET INSTANCE=%COMPUTERNAME%

IF "%1"=="MSSQLSERVER" SC QUERY "MSSQLSERVER" | find /i "RUNNING"

IF ERRORLEVEL 1 ECHO %INSTANCE% offline >> command.log

IF ERRORLEVEL 1 GOTO :EOF

ECHO Verify Server %INSTANCE% >> command.log

SQLCMD -S %INSTANCE% -E -Q "SET NOCOUNT ON; SELECT name FROM sys.databases WHERE state_desc IN ('OFFLINE')" -h -1 -o tdpsql_offline.txt

ECHO Generated tdpsql_offline.txt >> command.log

SET FILE=tdpsql_offline.txt

FOR %%R IN (%FILE%) DO (

IF %%~zR LSS 87 (GOTO :backup

) ELSE (GOTO :backupoffline)

)

GOTO :EOF

rem ================================================================

rem Run a backup against each instance without offline dbs

rem For each instance - check what databases have FULL recovery

rem ================================================================

:backup

ECHO Backup all databases >> command.log

CALL %sql_dir%\tdpsqlc backup * full /SQLSERVER=%INSTANCE% /tsmoptfile=%sql_dir%\dsm.opt /logfile=%sql_dir%\sqlfull.log >> %sql_dir%\sqlsched.log

IF NOT "%ERRORLEVEL%"=="0" SET TSMERROR=%ERRORLEVEL%

SQLCMD -S %INSTANCE% -E -Q "SET NOCOUNT ON; SELECT name FROM sys.databases WHERE recovery_model_desc IN ('FULL') AND state_desc IN ('ONLINE')" -W -h -1 -o tdpsql_input.txt

ECHO Generated tdpsql_input.txt >> command.log

FOR /F "delims=" %%A IN (tdpsql_input.txt) DO CALL:translog "%%A"

del tdpsql_offline.txt

ECHO Deleted tdpsql_offline.txt >> command.log

GOTO :EOF

rem ================================================================

rem Run a backup against each instance with offline dbs

rem For each instance - check what databases have FULL recovery

rem ================================================================

:backupoffline

echo Backup - offline DBS located >> command.log

SQLCMD -S %INSTANCE% -E -Q "SET NOCOUNT ON; SELECT name FROM sys.databases WHERE state_desc IN ('ONLINE')" -h -1 -o tdpsql_online.txt

ECHO Generated tdpsql_online.txt >> command.log

FOR /F %%D IN (tdpsql_online.txt) DO CALL:dbbackup %%D

del tdpsql_offline.txt

ECHO Deleted tdpsql_offline.txt >> command.log

del tdpsql_online.txt

ECHO Deleted tdpsql_online.txt >> command.log

SQLCMD -S %INSTANCE% -E -Q "SET NOCOUNT ON; SELECT name FROM sys.databases WHERE recovery_model_desc IN ('FULL') AND state_desc IN ('ONLINE')" -h -1 -o tdpsql_input.txt

FOR /F %%A IN (tdpsql_input.txt) DO CALL:translog %%A

GOTO :EOF

rem ================================================================

rem Run a backup against a specific database

rem ===============================================================

:dbbackup

ECHO Backup against specific database %1 >> command.log

CALL %sql_dir%\tdpsqlc backup %1 full /SQLSERVER=%INSTANCE% /tsmoptfile=%sql_dir%\dsm.opt /logfile=%sql_dir%\sqlfull.log >> %sql_dir%\sqlsched.log

IF NOT "%ERRORLEVEL%"=="0" SET TSMERROR=%ERRORLEVEL%

GOTO :EOF

rem ================================================================

rem Run a log-file backup and truncate the transaction log

rem ===============================================================

:translog

SET DB=%1

ECHO Transaction Log for %DB% >> command.log

CALL %sql_dir%\tdpsqlc backup %1 log /truncate=yes /SQLSERVER=%INSTANCE% /tsmoptfile=%sql_dir%\dsm.opt /logfile=%sql_dir%\sqlfull.log >> %sql_dir%\sqlsched.log

IF NOT "%ERRORLEVEL%"=="0" SET TSMERROR=%ERRORLEVEL%

GOTO :EOF

:EOF