Automating delimiter selection when working with Csv cmdlets

Recently I walked passed a collegue with an error on his Powershell console which peaked my interest. He quickly noted that he had chosen the wrong delimiter for the Csv he imported which resulted in errors in the code, I then jokingly said ”Why don’t you just use the ‘Get-CsvDelimiter’ cmdlet?” and we had a quick laugh.
30 minutes later the ”Get-CsvDelimiter” function was born, but first,

Let’s dive into how Import-Csv, ConvertFrom-Csv & delimiters really work

When used correctly Import-Csv & ConvertFrom-Csv creates an array object with each row as a PSCustomObject with named content based on headers.

Import-Csv has two constructors, one with Path as a required and the other with Path & Delimiter as required.
If you omit the delimiter parameter the Path constructor will be used, now this constructor has a required parameter (according to the documentation) that is auto filled. Instead of using Delimiter we can use ”UseCulture” which takes the current culture delimiter as input,

”To find the list separator for a culture, use the following command: (Get-Culture).TextInfo.ListSeparator.” –docs.microsoft

If we interpret the documentation this is a required parameter, but it is not really required, as we are able to pass only the -Path parameter and delimiter will autofill

Assume we’re using the following CSV as input ($File)

the command ”Import-Csv $File” will output a valid object. Now in my opinion it should fail. As my culture specifies semicolon (;) as the default listseparator, while forcing ”-UseCulture” can’t produce a correct csv object. This basically means that UseCulture is not a required parameter and the default unless specified is always a comma (,)

The exact same goes for ConvertFrom-Csv.

Presenting Get-CsvDelimiter

The below function will search and find the most probable delimiter used in a Csv file.

Let’s see how it works.

$File is a csv file with the below data.

If we run Import-Csv $File we’ll get a incorrect table object, every row will have a single property containing the row data.

If we instead specify a delimiter as shown below, we’ll calculate the most probable delimiter and use that to produce a correct CSV table object without having to inspect the csv culture or assume anything.

And to prove it works, the below code outputs only the Name column in the Csv

If we have a stringobject and need to convert it that is also possible.

With this method we can use virtually any delimiter we want, assuming that the Csv is formatted correctly. Again we’re using the same csv input but we change the delimiter to a ”greater than” (>) symbol and see how the function performs.

Now when we run the function standalone we’ll get a Greater than symbol as the return

And finally, when running the previous code we get the same output as when we were using a semicolon as the delimiter.

 

Get-CsvDelimiter



VDA stuck when updating

Sometimes (no idea why, seems random to me) the VDA update is stuck after prompted to reboot in the middle of the update like below.

VDA Update Stuck

After going through the logs (Get-content ”$env:LOCALAPPDATA\Temp\Citrix\XenDesktop Installer\XenDesktop Installation.log” -wait) I noticed that the VDA setup creates a RunOnce key just before the restart.

VDA Update Powershell Log

After checking the registry path ”HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce” there was indeed a key created with the name ”!XenDesktopSetup”.

VDA Update Stuck Registry

After deleting this key the update proceeded immediately.

VDA Update Proceed

I guess the registry key should delete it self after a reboot, but for whatever reason it doesn’t. This update was from 7.18 to 1808, but have happened to me in all different versions from 7.15 and later.



Mapped network printers unavailable due to SMB1 being obsolete

INTRODUCTION

As we all might be familiar with, printers are one of those little peculiar matters within IT. Implementing these in an IT-environment is self-explanatory oftentimes, but when they do not cooperate the issue itself can stem from one single obscure root cause, if not a string of these having to be checked upon.

Recently, I encountered a particular printer issue which I found interesting enough to share. The root cause here, in summary, was due to the network protocol SMB1 (Server Message Block) being obsolete in recent Windows releases.



Run Windows Defender inside a sandbox

Last week Microsoft released the news that they have added a new feature to Windows Defender Antivirus. The new feature allows Windows Defender Antivirus to run within a sandbox.

Other antivirus providers have been offering the possibility to open files in a sandbox-environment before but what Windows Defender now offers is the feature that all virus scans are done inside a virtual sandbox. The biggest benefit of running the virus scans in a virtual sandbox is when the antivirus engine is scanning a malicious file. The malicious code that usually would be executed to exploit a vulnerability will now only affect the virtual sandbox and not the actual computer resources.

This new feature proves that Microsoft are really making an effort to increase the reputation of Defender. There is a debate whether this is the best way to go but it is good sign that Microsoft is really making an effort to develop Defender Antivirus with features like this.

Microsoft describes the feature in the following way on their blog:

Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm. This is part of Microsoft’s continued investment to stay ahead of attackers through security innovations. Windows Defender Antivirus and the rest of the Windows Defender ATP stack now integrate with other security components of Microsoft 365 to form Microsoft Threat Protection. It’s more important than ever to elevate security across the board, so this new enhancement in Windows Defender Antivirus couldn’t come at a better time.

It sure sounds interesting, so why don’t we try it out?

Requirements:

  • Windows 10, version 1703 and above.

How to activate the sandbox feature:

  • Open an elevated ‘Command Prompt’
  • Type: ‘setx /M MP_FORCE_USE_SANDBOX 1’ and then press enter
  • Then restart your computer and that should be it. Just make sure that you actually restart it since it won’t be activated if you just do a regular shutdown/start.

How to inactivate the sandbox feature:

  • Open the ‘Control Panel’
  • Navigate to ‘System’ and click on ‘Advanced System Settings’
  • Click on ‘Environment Variables’, navigate to ‘System Variables’ and remove ‘MP_FORCE_USE_SANDBOX 1’.
  • Restart the computer.

The feature is not enabled by default yet so it might not be a good idea to use it in a production environment, but it might be a good time to give Windows Defender a new chance? Have you had time to try it out yet? What do you think about it?



Teams in your Multi-user environment done right!

Microsoft Teams is on the rise, more and more businesses is seeing the potential of Teams and want a piece of the action.

Unfortunately Microsoft Teams is not ideally designed to work on a Multi-user environment like Citrix Xenapp or Microsoft Remote Desktop services. It is entirely installed in the users profile, and its quite big. A clean installation of teams is roughly 600 MB and will quickly grow, and you know what that means… You guessed it: Super long logon time, since logging on to the Multi-user environment often means the profile would be downloaded to Session Host before you are properly logged on, the users will not be happy! And on top of that, the latest recommendation in size per Teams installation is 3 GB…

There is however some rumors indicating there will be releasing a business version soon addressing this very issue! But if you are anything like me, and cant simply wait, there is a solution if you are willing to pay a small price, and you will at the same time have access to tons of other great stuff.

FSLogix Profile Container

FSLogix Profile Container is a great product that basically removes the profile size entirely, is an little agent you install on your Session Hosts and configure with an ADMX, you also need a file share with enough space for some big profiles. FSLogix is in the business of so called filter-drivers, what it does is simply put, lying to Windows. For example, when you install a 32-bit application to your 64-bit Windows System, Windows will use its own filter-driver to get it to work, its the same technology, its efficient and simple. In FSLogix case it is lying to the windows about the profiles, Windows thinks its a local profile, it does not know that in fact, the entire profile is contained in a vhd-file, mounted to the server. Because its a virtual disk that attaches to the server, there is only one SMB handle. It will therefor not be a huge load on the network, which you often sees when you for example roam your profiles.

Install Teams

When you have FSLogix Profile Container in place you can now install teams on your environment.  In early October Microsoft released a new version of Teams with some new features when deploying Teams to all the users in an organization, we are going to use parts of that to install Teams on to our environment!

 

  1. Download the latest version of Teams MSI-file (x64) file here!
  2. If you like to disable Auto-start of Teams use the following install string (otherwise just install without the option):
    This will put an Install file under ”C:\Program Files”, and when a user logon it will automatically install Teams to this user.
  3. You do not need to update the MSI to the latest version, Teams will automatically download and install pending updates on the next logon of the user.

There you go, now your users can benefit from the full experience of Teams in your Multi-user environment, with one exception: if you are using Citrix, you have ”Skype for Business Optimization Pack” to utilize local client resources for best quality of Skype meetings and calls. There is no support for Teams as of for now. It will soon be available though. With that said, I wouldn’t uninstall Skype for business just yet.

Other Great stuff

As mentioned above, there is a lot of benefits using FSLogix Profile Container. For a great period of time, Citrix User Profile Manager has been the best way to reduce the size of the profiles while still have the most important settings saved in your profile. But this is still just a trade-off, you trade off your caches and settings that impact your profile logon, but at the same time still trying to get the best experience for the user, this will sometimes collide and you have to choose between longer logon time or full functionality of a certain application.

With FSLogix Profile Container you no longer need to worry about large profiles, you don´t need to trade off! There are a lot of applications that saves a ton of settings and files in your profile that you now can install without impacting the user experience, this opens up a great deal of opportunities. You can for example install OneNote with it´s (potentially)  gigantic cache, CAD applications with thousands of files in the user profile and so much more.

 

If you find this interesting and would like a trial of FSLogix Profile Container to see if this fits your organizations needs, please contact us. It is easily installed and does not require additional servers or infrastructure!

 



Migrate home directory to a new location

Recently, I have been involved in some larger XenApp projects where one of the objects have been to migrate home directories when users change environment. People tend to lock themselves to the idea that IT must help migrate home directory when the user is given access to the new environment. A better way to approach this is to publish a script to the start menu and inform users to run the script when first logging in to the new environment. In one of the projects it were a bit more complicated because the home directory structure was different from the structure in the new XenApp environment (see below).

 

Old structure

  • Links
  • Favorites
  • Downloads
  • Documents
    • My Music
    • My Videos
    • My Pictures
  • Desktop
  • Contacts
  • AppData

 

New structure

  • Downloads
  • Documents
  • Pictures
  • Music
  • Videos
  • Desktop

 

To solve this we had to create a PowerShell script with a bit more logic. Basically what we do is the following;

  1. Copy everything from old home directory to the new home directory, except the excluded folders and files
  2. Copy ”\Documents\Music” to ”\Music”
  3. Copy ”\Documents\Videos” to ”\Videos”
  4. Copy ”\Documents\Pictures” to ”\Pictures”
  5. Copy ”\Favorites” to ”\%USERPROFILE%\Favorites” (It’s bad practice to redirect Favorites. Read more here)
  6. Copy necessary items from ”\AppData\~” to ”\%USERPROFILE%\AppData\~” (We use Citrix Profile Management instead of redirecting AppData to the home share. Redirecting AppData to the home share is also bad practice. Same reason as why it’s bad practice to redirect Favorites.)

 

 

The end result looks like this;.

User runs ”Copy Home Directory” from Start Menu as instructed

Copy Home Directory

A box pops up

Popup - Copy the entire home directory from the old environment

Another box pops up when the script is finished copying the old home directory

Popup - Finished



Update Workspace Environment Management from 4.5 to 1808

The other day I tried to update Workspace Environment Management from 4.5 to 1808. I followed the guidelines provided from Citrix here. Everything went fine with the update of ”Infrastructure Services”, ”Database” and ”Administration Console”, but when I tried to connect to the ”Infrastructure Services” with the ”Administration Console” I faced the error ”Specified Infrastructure Server seems to be offline or have a wrong database configuration. Please check configuration and try again.”.

User-added image

I saw that the connection started to initialize to the database and everything went fine until WEM tried to read ”StorefrontSettings”, then the error came up. I started digging by enabling ”debug mode” in ”WEM Infrastructure Service Configuration”. This saves a log to ”C:\Program Files (x86)\Norskale\Norskale Infrastructure Services\Citrix WEM Infrastructure Service Debug.log” with information and errors connecting to the ”Infrastructure Services”. Unfortunately I did not save the exact error message but it was something like ”Error reading dbo.VUEMStorefrontSettings”.

WEM Debug

I remembered that Citrix added the functionality to point to a StoreFront store in version 4.6.

WEM Storefront

To resolve the issue I restored the database and server to 4.5 and upgraded all the components and database to 4.6, then 4.7 and then finally 1808. After this everything worked as expected.

Seems to me that Citrix forgot to add to create ”dbo.VUEMStorefrontSettings” if not previously existing in 1808…



Create Azure Policy’s based on Resource Graph querys

If you have used Resource graph to query resources you might realized it comes very handy when creating Azure Policy’s, for example you might check the SKU of virtual machines before you create the policy to audit specific sizes of virtual machines or even prevent creation of them. (If you haven’t yet used Azure Resource Graph you can check my previous post out – https://tech.xenit.se/azure-resource-graph/)

Let’s take it further and actually create a Policy based on our Resource Graph query.

In my example below i query all storage accounts that allows connection from all Virtual Networks and the where environment is set to Prod.

Iam running all commands in Cloud Shell and CLI, but you could just aswell use Powershell.

CLI

The query is looking for below setting, it can be found under Firewalls and virtual networks under your storage accounts.

Creating the policy

To create the Policy, I am using the tool GraphToPolicy. The tool and instructions can be found here http://aka.ms/graph2policy

Follow the instructions for the tool and when you have the tool imported to your cloud shell environment you are ready to go.

Iam using the same query as before and creates a Policy to Audit all storage accounts that allows connections from all Virtual Networks and have the environment tag set to Prod.

CLI

Output:

CLI

Same policy as above but query in variable

After creation the policy is ready for assignment. I assigned it to my test subscription and as you can see in my example it shows that one of my storage accounts are non-compliant.

Summary

Resource Graph is a handy tool and as you might have understood its very useful when looking for specific properties or anomalies in your resources. Together with the GraphToPolicy it’s easy to create Azure Policys based on your Resource Graph Querys.

Credit for the tool goes to robinchapas https://github.com/robinchapas/ConvertToPolicy

If you have any questions you can reach me at tobias.vuorenmaa@xenit.se



OpenID Connect token validation in Citrix ADC

I’ve previously written about how to use OpenID Connect in NetScaler and a way to use callouts to validate tokens. You can also use the function JWT_VERIFY_CERTKEY() but that requires that you (for now) keep the issuing certificate updated locally.

Another way is to setup an OpenID Connect client (OAuth Action) on Citrix ADC and enable 401 authentication in the load balancing vserver. Below is an example where the NetScaler will validate that the token sent is valid and issued by the correct provider. (I’ve used Azure AD in my example)

The only thing you have to do is send traffic with tokens (HTTP.REQ.HEADER(”Authorization”).SET_TEXT_MODE(IGNORECASE).CONTAINS(”Bearer ”)) to this LB and a session will be created in NetScaler. In my case, I’m also verifying that the user exists using a second factor to LDAP.

Try it out and all feedback is welcome!



Citrix ADC and ADM automation using Ansible

I’ve been working with Ansible more and more and been learning a lot. It’s so much fun but I also think it can help others out there with their projects. I’ve published a few blog posts regarding a few different parts of how I automate Citrix ADC (NetScaler) and Citrix ADM (NetScaler MAS), and will be holding a presentation about it at Citrix User Group Norway (CUGTech Autumn 2018) – I hope to see you there!

The blog posts I’ve published regarding this (so far) are:

I’ve learnt so much creating these playbooks and will continue to work on and perfect them. Most likely will be undergoing continuous improvement from now on! It will be great to talk about all of this next week, something I’m really looking forward to!

I hope to see at least a few of you out there test these playbooks and maybe even contribute to them or collaborate with me making them even better.