Home Page

Citrix Presentation Server 4.5 Deployment Script

The script below is very thorough. Please read through it so that you understand exactly what it does. This script is part of our automated server deployment model.

CMDOW @ /HID @Echo Off ::------------------------------------------------------------------------------ :: Citrix Presentation Server Deployment :: ------------------------------------- :: :: Revision History: :: :: v2.0 9th Feb 2007 by Jeremy.Saunders@au1.ibm.com :: - Cleared revision history. :: :: Notes: :: 1) This script works if you are joining a farm or even creating one. Just :: toggle the FarmStatus variable to achieve the required results. :: 2) We test for existing versions of Sun J2RE 1.5.0. Presentation Server :: requires a minumum of 1.5.0 update 09. If an acceptable version is found, the :: CTX_USE_EXISTING_JRE property is set to Yes, which tells the Presentation :: Server installation mechanism to use an existing installation of the Sun JRE. :: Doing it this way allows us to pre-install a later version of the Sun 1.5.0 :: JRE, such as 1.5.0_11 and above that include the DST patches, etc. :: If your existing installation of the 1.5.0_xx is faulty or corrupt, this :: script, and the Presentation Server installation process will not fix it. We :: are simply checking for the existance of a registry key. :: 3) The installation of Presentation Server creates 15 anonymous user accounts :: (Anon000 to Anon014). This script will disable them as per best practice from :: a security point of view. :: 4) This script has been tested on x64 (64-bit) deployments. :: ::------------------------------------------------------------------------------ Echo. Echo ....Installing Presentation Server 4.5..... Echo.

:: The following 9 lines are Environment variables that are available to all :: scripts throughout our automated build process. Some are deleted when the :: build completes. So you will need to uncomment and customise these lines if :: you are deploying Presentation Server manually outside the build process, or :: to an environment that does not contain these variables. ::Set BldSWDrive=S: ::Set BldSWShare=\\mydomain.com\serverbuild\software$ ::Set FarmStatus=Join ::Set BldDomain=MYDOMAIN ::Set BldUser=build ::Set CitrixEdition=Enterprise ::Set CitrixVersion=PS45 ::Set DeployOS=W2K3 ::Set Architecture=x86 ::------------------------------------------------------------------------------

Set ODBCUserName=MYDOMAIN\CitrixIMA Set ODBCPassword=Password1 Set LicenseServerName=MYLICSVR1 Set ServerLocation="http://pnagent.mydomain.com/Citrix/PNAgent/config.xml" Set FarmName="My Applications" Set Rootpackagefolder=%BldSWShare%\Citrix\Packages\Builds

:: Groups for permissions to ICA-TCP and RDP-TCP listeners. Set Group1=MyDomain Server Administrators Set Group2=

If /I "%CitrixEdition%"=="Enterprise" Set MFServerType=e If /I "%CitrixEdition%"=="Advanced" Set MFServerType=a If /I "%CitrixEdition%"=="Standard" Set MFServerType=s

SET SQLServer=CITRIXSQL SET IMADatabase=CitrixIMA SET RMDatabase=CitrixRM

set ScriptPath=%~dp0 Set loglocation=%systemDrive%\bldlogs if not exist %loglocation% md %loglocation%

Echo. Echo Deleteing any existing "Citrix" registry keys that may cause the installation of Presentation Server to fail. SET KEY=HKLM\SYSTEM\CurrentControlSet\ REG DELETE "%KEY%Control\Terminal Server\WinStations\ICA-tcp" /f 2>nul REG DELETE "%KEY%Control\Citrix" /f 2>nul REG DELETE "%KEY%Services\ICABrowser" /f 2>nul

Echo. Echo Creating the File DSN... Echo [ODBC]>%loglocation%\CitrixSQL.DSN Echo DRIVER=SQL Server>>%loglocation%\CitrixSQL.DSN Echo Trusted_Connection=Yes>>%loglocation%\CitrixSQL.DSN Echo Network=DBMSSOCN>>%loglocation%\CitrixSQL.DSN Echo DATABASE=%IMADatabase%>>%loglocation%\CitrixSQL.DSN Echo APP=Citrix IMA>>%loglocation%\CitrixSQL.DSN Echo SERVER=%SQLServer%>>%loglocation%\CitrixSQL.DSN Echo Description=Citrix IMA Database>>%loglocation%\CitrixSQL.DSN

set KEY=HKLM\Software\JavaSoft\Java Runtime Environment set JREUpdate=9

:CheckJavaVersion IF %JREUpdate% LSS 10 reg query "%KEY%\1.5.0_0%JREUpdate%" >nul 2>&1 IF %JREUpdate% GEQ 10 reg query "%KEY%\1.5.0_%JREUpdate%" >nul 2>&1 IF %ERRORLEVEL% EQU 0 goto JavaExists set /a JREUpdate+=1 IF %JREUpdate% EQU 21 GOTO NoJava goto CheckJavaVersion

:NoJava Set JavaInstalled=No goto SetPSInstallProperties

:JavaExists :: Uncomment the following two lines for testing purposes only. ::IF %JREUpdate% LSS 10 echo Java 1.5.0_0%JREUpdate% exists ::IF %JREUpdate% GEQ 10 echo Java 1.5.0_%JREUpdate% exists Set JavaInstalled=Yes

:SetPSInstallProperties Set SetupProperties=/qb Set SetupProperties=%SetupProperties% /Lv* %loglocation%\CitrixPS.Log Set SetupProperties=%SetupProperties% CTX_MF_FARM_SELECTION=%FarmStatus% Set SetupProperties=%SetupProperties% CTX_MF_NEW_FARM_NAME=%FarmName% Set SetupProperties=%SetupProperties% CTX_MF_JOIN_FARM_DB_CHOICE=Direct Set SetupProperties=%SetupProperties% CTX_MF_CREATE_FARM_DB_CHOICE=Thirdparty Set SetupProperties=%SetupProperties% CTX_MF_ODBC_USER_NAME="%ODBCUserName%" Set SetupProperties=%SetupProperties% CTX_MF_ODBC_PASSWORD=%ODBCPassword% Set SetupProperties=%SetupProperties% CTX_MF_ODBC_RE_ENTERED_PASSWORD=%ODBCPassword% Set SetupProperties=%SetupProperties% CTX_MF_LICENSE_SERVER_NAME=%LicenseServerName% Set SetupProperties=%SetupProperties% CTX_MF_USER_NAME=%BldUser% Set SetupProperties=%SetupProperties% CTX_MF_DOMAIN_NAME=%BldDomain% Set SetupProperties=%SetupProperties% CTX_MF_SHADOWING_CHOICE=Yes Set SetupProperties=%SetupProperties% CTX_MF_SERVER_TYPE=%MFServerType% Set SetupProperties=%SetupProperties% CTX_MF_SHADOW_PROHIBIT_REMOTE_ICA=No Set SetupProperties=%SetupProperties% CTX_MF_LAUNCH_CLIENT_CD_WIZARD=No Set SetupProperties=%SetupProperties% CTX_MF_SILENT_DSNFILE=%loglocation%\CitrixSQL.DSN Set SetupProperties=%SetupProperties% CTX_MF_ENABLE_VIRTUAL_SCRIPTS=Yes Set SetupProperties=%SetupProperties% CTX_USE_EXISTING_JRE=%JavaInstalled% Set SetupProperties=%SetupProperties% CTX_MF_ONLY_LAUNCH_PUBLISHED_APPS=No Set SetupProperties=%SetupProperties% CTX_MF_ADD_LOCAL_ADMIN=Yes Set SetupProperties=%SetupProperties% CTX_ADDLOCAL="All" Set SetupProperties=%SetupProperties% SERVER_LOCATION=%ServerLocation% Set SetupProperties=%SetupProperties% REBOOT=ReallySuppress

Echo. Echo Installing Citrix Presentation Server 4.x... Echo. msiexec /i "%BldSWDrive%\Citrix%CitrixVersion%\%DeployOS%\%Architecture%\Citrix Presentation Server\MPS.msi" %SetupProperties%

:: Delete the log when the installation has completed due to a security vulnerability for PS4.5 as per CTX116228. del /q %loglocation%\CitrixPS.Log

:: Start the MetaFrame COM Server service... :: Note: This is needed if you want to install components such as Conferencing :: Manager. net start | FIND "MetaFrame COM Server" > nul IF errorlevel 1 net start "MetaFrame COM Server" 2>nul

:: Fixing WMI Event Log errors by recompiling the MOF files. This also addresses errors when viewing the server health. :: This problem does not occur on every server, but happens often enough for it to be added as a process of this script. cd /d "%ProgramFiles%\Citrix\System32\Citrix\WMI" for %%i in (*.mof, *.mfl) do Mofcomp %%i cd /d "%ScriptPath%"

Echo. Echo Installing the Access Management Console... Echo.

:: The AMC can be installed in two ways: :: 1) Each individual plug-in can be installed, with the Framework needing to be deployed first. :: 2) By running the following command: :: CtxInstall.exe /SILENT :: This installs all the MMC plug-ins, and is a much simpler method.

Start "" /Wait "%BldSWDrive%\Citrix%CitrixVersion%\%DeployOS%\%Architecture%\Administration\Access Management Console\CtxInstall.exe" /SILENT

:: If it is the Enterprise or Platinum version, install Conferencing Manager and configure :: the Resource Manager DSN. IF /I "%CitrixEdition%"=="Platinum" GOTO InstallExtras IF /I "%CitrixEdition%"=="Enterprise" GOTO InstallExtras GOTO DisableRM

:InstallExtras

:: If it is the Packaging server, configure the Installation Manager Packager Settings. IF /I NOT "%UDF:~0,6%"=="CTXPKG" GOTO NotPackager SET KEY=HKLM\SOFTWARE\Citrix\IMS\2.0 REG ADD "%KEY%" /v "Root package folder" /d "%Rootpackagefolder%" /f REG ADD "%KEY%" /v "Auto add package to Installation Manager" /t REG_DWORD /d 1 /f REG ADD "%KEY%" /v "Default database server" /d %COMPUTERNAME% /f REG ADD "%KEY%" /v "Default database user" /d %COMPUTERNAME% /f REG ADD "%KEY%\Packager" /v DontShowStartupDialog /t REG_DWORD /d 1 /f GOTO DisableAnon :NotPackager

:: If it is the Profiling server, install the Streaming Profiler Component. IF /I NOT "%UDF:~0,6%"=="CTXPFL" GOTO NotProfiler Set SetupProperties=/qb- Set SetupProperties=%SetupProperties% /Lv* "%loglocation%\CitrixStreamingProfiler.log" Set SetupProperties=%SetupProperties% /norestart msiexec /I "%BldSWDrive%\Citrix%CitrixVersion%\Components\Citrix Streaming Profiler\Citrix Streaming Profiler.msi" %SetupProperties% GOTO DisableAnon :NotProfiler

Echo. Echo Install Conferencing Manager 4.5. Echo. @call "%ScriptPath%InstCM4.cmd"

Echo. Echo Create the Citrix Resource Manager DSN for connection to the Summary database. Echo. SET KEY=HKLM\SOFTWARE\ODBC\ODBC.INI\RMSummaryDatabase REG ADD "%KEY%" /v Driver /d %SystemDrive%\WINDOWS\system32\SQLSRV32.dll /f REG ADD "%KEY%" /v Server /d %SQLServer% /f REG ADD "%KEY%" /v Database /d %RMDatabase% /f REG ADD "%KEY%" /v Description /d "Resource Manager Summary Database" /f REG ADD "%KEY%" /v Trusted_Connection /d Yes /f SET KEY=HKLM\SOFTWARE\ODBC\ODBC.INI\ODBC Data Sources REG ADD "%KEY%" /v RMSummaryDatabase /d "SQL Server" /f

GOTO DisableAnon

:DisableRM Echo. Echo Rename the Resource Manager Plugin to remove the Unlicensed Server errors on non-Enterprise server deployments. Echo. REN "%ProgramFiles%\Citrix\Administration\Plugins\ResourceManager.jar" "ResourceManager.unused"

:DisableAnon Echo. Echo Disabling the 15 anonymous user accounts created by the Presentation Server installation... Echo. SET count=1 FOR /F "eol=- tokens=1-3 delims= " %%i in ('net user') do (call :ProcessUserAccounts %%i %%j %%k) GOTO Listeners

:ProcessUserAccounts Set Account=%1 IF /I "%Account:~0,4%"=="Anon" NET USER %1 /active:no Set Account=%2 IF /I "%Account:~0,4%"=="Anon" NET USER %2 /active:no Set Account=%3 IF /I "%Account:~0,4%"=="Anon" NET USER %3 /active:no set /a count+=1 GOTO :EOF

:Listeners :: We use the TsConSec utility to set the permissions of the ICA and RDP :: listeners. This is the only automated method that can be used that is fully :: compatible between all Windows Operating Systems. It can be downloaded from :: http://portal.loginconsultants.nl/forum/index.php?board=16. It is copied to :: the %SystemRoot% folder during the initial part of the server build process. ECHO Modifying permissions of ICA and RDP listeners>%loglocation%\Listeners.txt ECHO ---------------------------------------------->>%loglocation%\Listeners.txt

IF /I "%DeployOS%"=="W2K" GOTO W2K IF /I "%DeployOS%"=="W2K3" GOTO W2K3

GOTO Finish

:W2K Echo Remove Everyone from the ICA-Tcp listener...>>%loglocation%\Listeners.txt TsConSec.exe /t:ICA /a:Everyone /x: /Q>>%loglocation%\Listeners.txt

Echo Remove Guests from the ICA-Tcp listener...>>%loglocation%\Listeners.txt TsConSec.exe /t:ICA /a:Guests /x: /Q>>%loglocation%\Listeners.txt

Echo Add "%BldDomain%/%Group1%" to the RDP-Tcp listener with Full permissions...>>%loglocation%\Listeners.txt TsConSec.exe /t:RDP /d:%BldDomain% /a:"%Group1%" /P:F /Q>>%loglocation%\Listeners.txt

Echo Add "%BldDomain%/%Group2%" to the ICA-Tcp listener with deny permissions...>>%loglocation%\Listeners.txt TsConSec.exe /t:ICA /d:%BldDomain% /a:"%Group2%" /x:UG /Q>>%loglocation%\Listeners.txt

Echo Add "%BldDomain%/%Group2%" to the RDP-Tcp listener with deny permissions...>>%loglocation%\Listeners.txt TsConSec.exe /t:RDP /d:%BldDomain% /a:"%Group2%" /x:UG /Q>>%loglocation%\Listeners.txt

GOTO Finish

:W2K3 :: Unlike Windows 2000, by default Windows 2003 only allows members of the :: Remote Desktop Users and Administrators groups to connect via ICA and RDP. :: Therefore, we currently do not run TsConSec for Windows 2003 server builds. :: However, the structure is in place should a customer wish to lock it down :: further. Echo Remove the Remote Desktop Users group from the RDP-Tcp listener...>>%loglocation%\Listeners.txt TsConSec.exe /t:RDP /a:"Remote Desktop Users" /x: /Q>>%loglocation%\Listeners.txt

Echo Add "%BldDomain%/%Group1%" to the RDP-Tcp listener with Full permissions...>>%loglocation%\Listeners.txt TsConSec.exe /t:RDP /d:%BldDomain% /a:"%Group1%" /P:F /Q>>%loglocation%\Listeners.txt

:Finish Exit /B

9th April 2007



Home About Us Services Blogs Articles and Scripts White Papers Events and Conferences Downloads Links Search Staff Portal CV's Contact Us	Citrix Presentation Server 4.5 Deployment Script The script below is very thorough. Please read through it so that you understand exactly what it does. This script is part of our automated server deployment model. CMDOW @ /HID @Echo Off ::------------------------------------------------------------------------------ :: Citrix Presentation Server Deployment :: ------------------------------------- :: :: Revision History: :: :: v2.0 9th Feb 2007 by Jeremy.Saunders@au1.ibm.com :: - Cleared revision history. :: :: Notes: :: 1) This script works if you are joining a farm or even creating one. Just :: toggle the FarmStatus variable to achieve the required results. :: 2) We test for existing versions of Sun J2RE 1.5.0. Presentation Server :: requires a minumum of 1.5.0 update 09. If an acceptable version is found, the :: CTX_USE_EXISTING_JRE property is set to Yes, which tells the Presentation :: Server installation mechanism to use an existing installation of the Sun JRE. :: Doing it this way allows us to pre-install a later version of the Sun 1.5.0 :: JRE, such as 1.5.0_11 and above that include the DST patches, etc. :: If your existing installation of the 1.5.0_xx is faulty or corrupt, this :: script, and the Presentation Server installation process will not fix it. We :: are simply checking for the existance of a registry key. :: 3) The installation of Presentation Server creates 15 anonymous user accounts :: (Anon000 to Anon014). This script will disable them as per best practice from :: a security point of view. :: 4) This script has been tested on x64 (64-bit) deployments. :: ::------------------------------------------------------------------------------ Echo. Echo ....Installing Presentation Server 4.5..... Echo. :: The following 9 lines are Environment variables that are available to all :: scripts throughout our automated build process. Some are deleted when the :: build completes. So you will need to uncomment and customise these lines if :: you are deploying Presentation Server manually outside the build process, or :: to an environment that does not contain these variables. ::Set BldSWDrive=S: ::Set BldSWShare=\\mydomain.com\serverbuild\software$ ::Set FarmStatus=Join ::Set BldDomain=MYDOMAIN ::Set BldUser=build ::Set CitrixEdition=Enterprise ::Set CitrixVersion=PS45 ::Set DeployOS=W2K3 ::Set Architecture=x86 ::------------------------------------------------------------------------------ `Set ODBCUserName=MYDOMAIN\CitrixIMA Set ODBCPassword=Password1 Set LicenseServerName=MYLICSVR1 Set ServerLocation="http://pnagent.mydomain.com/Citrix/PNAgent/config.xml" Set FarmName="My Applications" Set Rootpackagefolder=%BldSWShare%\Citrix\Packages\Builds` `:: Groups for permissions to ICA-TCP and RDP-TCP listeners. Set Group1=MyDomain Server Administrators Set Group2=` `If /I "%CitrixEdition%"=="Enterprise" Set MFServerType=e If /I "%CitrixEdition%"=="Advanced" Set MFServerType=a If /I "%CitrixEdition%"=="Standard" Set MFServerType=s` `SET SQLServer=CITRIXSQL SET IMADatabase=CitrixIMA SET RMDatabase=CitrixRM` `set ScriptPath=%~dp0 Set loglocation=%systemDrive%\bldlogs if not exist %loglocation% md %loglocation%` `Echo. Echo Deleteing any existing "Citrix" registry keys that may cause the installation of Presentation Server to fail. SET KEY=HKLM\SYSTEM\CurrentControlSet\ REG DELETE "%KEY%Control\Terminal Server\WinStations\ICA-tcp" /f 2>nul REG DELETE "%KEY%Control\Citrix" /f 2>nul REG DELETE "%KEY%Services\ICABrowser" /f 2>nul` `Echo. Echo Creating the File DSN... Echo [ODBC]>%loglocation%\CitrixSQL.DSN Echo DRIVER=SQL Server>>%loglocation%\CitrixSQL.DSN Echo Trusted_Connection=Yes>>%loglocation%\CitrixSQL.DSN Echo Network=DBMSSOCN>>%loglocation%\CitrixSQL.DSN Echo DATABASE=%IMADatabase%>>%loglocation%\CitrixSQL.DSN Echo APP=Citrix IMA>>%loglocation%\CitrixSQL.DSN Echo SERVER=%SQLServer%>>%loglocation%\CitrixSQL.DSN Echo Description=Citrix IMA Database>>%loglocation%\CitrixSQL.DSN` `set KEY=HKLM\Software\JavaSoft\Java Runtime Environment set JREUpdate=9` `:CheckJavaVersion IF %JREUpdate% LSS 10 reg query "%KEY%\1.5.0_0%JREUpdate%" >nul 2>&1 IF %JREUpdate% GEQ 10 reg query "%KEY%\1.5.0_%JREUpdate%" >nul 2>&1 IF %ERRORLEVEL% EQU 0 goto JavaExists set /a JREUpdate+=1 IF %JREUpdate% EQU 21 GOTO NoJava goto CheckJavaVersion` `:NoJava Set JavaInstalled=No goto SetPSInstallProperties` `:JavaExists :: Uncomment the following two lines for testing purposes only. ::IF %JREUpdate% LSS 10 echo Java 1.5.0_0%JREUpdate% exists ::IF %JREUpdate% GEQ 10 echo Java 1.5.0_%JREUpdate% exists Set JavaInstalled=Yes` :SetPSInstallProperties Set SetupProperties=/qb Set SetupProperties=%SetupProperties% /Lv* %loglocation%\CitrixPS.Log Set SetupProperties=%SetupProperties% CTX_MF_FARM_SELECTION=%FarmStatus% Set SetupProperties=%SetupProperties% CTX_MF_NEW_FARM_NAME=%FarmName% Set SetupProperties=%SetupProperties% CTX_MF_JOIN_FARM_DB_CHOICE=Direct Set SetupProperties=%SetupProperties% CTX_MF_CREATE_FARM_DB_CHOICE=Thirdparty Set SetupProperties=%SetupProperties% CTX_MF_ODBC_USER_NAME="%ODBCUserName%" Set SetupProperties=%SetupProperties% CTX_MF_ODBC_PASSWORD=%ODBCPassword% Set SetupProperties=%SetupProperties% CTX_MF_ODBC_RE_ENTERED_PASSWORD=%ODBCPassword% Set SetupProperties=%SetupProperties% CTX_MF_LICENSE_SERVER_NAME=%LicenseServerName% Set SetupProperties=%SetupProperties% CTX_MF_USER_NAME=%BldUser% Set SetupProperties=%SetupProperties% CTX_MF_DOMAIN_NAME=%BldDomain% Set SetupProperties=%SetupProperties% CTX_MF_SHADOWING_CHOICE=Yes Set SetupProperties=%SetupProperties% CTX_MF_SERVER_TYPE=%MFServerType% Set SetupProperties=%SetupProperties% CTX_MF_SHADOW_PROHIBIT_REMOTE_ICA=No Set SetupProperties=%SetupProperties% CTX_MF_LAUNCH_CLIENT_CD_WIZARD=No Set SetupProperties=%SetupProperties% CTX_MF_SILENT_DSNFILE=%loglocation%\CitrixSQL.DSN Set SetupProperties=%SetupProperties% CTX_MF_ENABLE_VIRTUAL_SCRIPTS=Yes Set SetupProperties=%SetupProperties% CTX_USE_EXISTING_JRE=%JavaInstalled% Set SetupProperties=%SetupProperties% CTX_MF_ONLY_LAUNCH_PUBLISHED_APPS=No Set SetupProperties=%SetupProperties% CTX_MF_ADD_LOCAL_ADMIN=Yes Set SetupProperties=%SetupProperties% CTX_ADDLOCAL="All" Set SetupProperties=%SetupProperties% SERVER_LOCATION=%ServerLocation% Set SetupProperties=%SetupProperties% REBOOT=ReallySuppress `Echo. Echo Installing Citrix Presentation Server 4.x... Echo. msiexec /i "%BldSWDrive%\Citrix%CitrixVersion%\%DeployOS%\%Architecture%\Citrix Presentation Server\MPS.msi" %SetupProperties%` `:: Delete the log when the installation has completed due to a security vulnerability for PS4.5 as per CTX116228. del /q %loglocation%\CitrixPS.Log` `:: Start the MetaFrame COM Server service... :: Note: This is needed if you want to install components such as Conferencing :: Manager. net start \| FIND "MetaFrame COM Server" > nul IF errorlevel 1 net start "MetaFrame COM Server" 2>nul` `:: Fixing WMI Event Log errors by recompiling the MOF files. This also addresses errors when viewing the server health. :: This problem does not occur on every server, but happens often enough for it to be added as a process of this script. cd /d "%ProgramFiles%\Citrix\System32\Citrix\WMI" for %%i in (.mof, .mfl) do Mofcomp %%i cd /d "%ScriptPath%"` `Echo. Echo Installing the Access Management Console... Echo.` `:: The AMC can be installed in two ways: :: 1) Each individual plug-in can be installed, with the Framework needing to be deployed first. :: 2) By running the following command: :: CtxInstall.exe /SILENT :: This installs all the MMC plug-ins, and is a much simpler method.` `Start "" /Wait "%BldSWDrive%\Citrix%CitrixVersion%\%DeployOS%\%Architecture%\Administration\Access Management Console\CtxInstall.exe" /SILENT` `:: If it is the Enterprise or Platinum version, install Conferencing Manager and configure :: the Resource Manager DSN. IF /I "%CitrixEdition%"=="Platinum" GOTO InstallExtras IF /I "%CitrixEdition%"=="Enterprise" GOTO InstallExtras GOTO DisableRM` `:InstallExtras` :: If it is the Packaging server, configure the Installation Manager Packager Settings. IF /I NOT "%UDF:~0,6%"=="CTXPKG" GOTO NotPackager SET KEY=HKLM\SOFTWARE\Citrix\IMS\2.0 REG ADD "%KEY%" /v "Root package folder" /d "%Rootpackagefolder%" /f REG ADD "%KEY%" /v "Auto add package to Installation Manager" /t REG_DWORD /d 1 /f REG ADD "%KEY%" /v "Default database server" /d %COMPUTERNAME% /f REG ADD "%KEY%" /v "Default database user" /d %COMPUTERNAME% /f REG ADD "%KEY%\Packager" /v DontShowStartupDialog /t REG_DWORD /d 1 /f GOTO DisableAnon :NotPackager `:: If it is the Profiling server, install the Streaming Profiler Component. IF /I NOT "%UDF:~0,6%"=="CTXPFL" GOTO NotProfiler Set SetupProperties=/qb- Set SetupProperties=%SetupProperties% /Lv* "%loglocation%\CitrixStreamingProfiler.log" Set SetupProperties=%SetupProperties% /norestart msiexec /I "%BldSWDrive%\Citrix%CitrixVersion%\Components\Citrix Streaming Profiler\Citrix Streaming Profiler.msi" %SetupProperties% GOTO DisableAnon :NotProfiler` `Echo. Echo Install Conferencing Manager 4.5. Echo. @call "%ScriptPath%InstCM4.cmd"` Echo. Echo Create the Citrix Resource Manager DSN for connection to the Summary database. Echo. SET KEY=HKLM\SOFTWARE\ODBC\ODBC.INI\RMSummaryDatabase REG ADD "%KEY%" /v Driver /d %SystemDrive%\WINDOWS\system32\SQLSRV32.dll /f REG ADD "%KEY%" /v Server /d %SQLServer% /f REG ADD "%KEY%" /v Database /d %RMDatabase% /f REG ADD "%KEY%" /v Description /d "Resource Manager Summary Database" /f REG ADD "%KEY%" /v Trusted_Connection /d Yes /f SET KEY=HKLM\SOFTWARE\ODBC\ODBC.INI\ODBC Data Sources REG ADD "%KEY%" /v RMSummaryDatabase /d "SQL Server" /f `GOTO DisableAnon` `:DisableRM Echo. Echo Rename the Resource Manager Plugin to remove the Unlicensed Server errors on non-Enterprise server deployments. Echo. REN "%ProgramFiles%\Citrix\Administration\Plugins\ResourceManager.jar" "ResourceManager.unused"` `:DisableAnon Echo. Echo Disabling the 15 anonymous user accounts created by the Presentation Server installation... Echo. SET count=1 FOR /F "eol=- tokens=1-3 delims= " %%i in ('net user') do (call :ProcessUserAccounts %%i %%j %%k) GOTO Listeners` `:ProcessUserAccounts Set Account=%1 IF /I "%Account:~0,4%"=="Anon" NET USER %1 /active:no Set Account=%2 IF /I "%Account:~0,4%"=="Anon" NET USER %2 /active:no Set Account=%3 IF /I "%Account:~0,4%"=="Anon" NET USER %3 /active:no set /a count+=1 GOTO :EOF` :Listeners :: We use the TsConSec utility to set the permissions of the ICA and RDP :: listeners. This is the only automated method that can be used that is fully :: compatible between all Windows Operating Systems. It can be downloaded from :: http://portal.loginconsultants.nl/forum/index.php?board=16. It is copied to :: the %SystemRoot% folder during the initial part of the server build process. ECHO Modifying permissions of ICA and RDP listeners>%loglocation%\Listeners.txt ECHO ---------------------------------------------->>%loglocation%\Listeners.txt `IF /I "%DeployOS%"=="W2K" GOTO W2K IF /I "%DeployOS%"=="W2K3" GOTO W2K3` `GOTO Finish` `:W2K Echo Remove Everyone from the ICA-Tcp listener...>>%loglocation%\Listeners.txt TsConSec.exe /t:ICA /a:Everyone /x: /Q>>%loglocation%\Listeners.txt` `Echo Remove Guests from the ICA-Tcp listener...>>%loglocation%\Listeners.txt TsConSec.exe /t:ICA /a:Guests /x: /Q>>%loglocation%\Listeners.txt` `Echo Add "%BldDomain%/%Group1%" to the RDP-Tcp listener with Full permissions...>>%loglocation%\Listeners.txt TsConSec.exe /t:RDP /d:%BldDomain% /a:"%Group1%" /P:F /Q>>%loglocation%\Listeners.txt` `Echo Add "%BldDomain%/%Group2%" to the ICA-Tcp listener with deny permissions...>>%loglocation%\Listeners.txt TsConSec.exe /t:ICA /d:%BldDomain% /a:"%Group2%" /x:UG /Q>>%loglocation%\Listeners.txt` `Echo Add "%BldDomain%/%Group2%" to the RDP-Tcp listener with deny permissions...>>%loglocation%\Listeners.txt TsConSec.exe /t:RDP /d:%BldDomain% /a:"%Group2%" /x:UG /Q>>%loglocation%\Listeners.txt` `GOTO Finish` :W2K3 :: Unlike Windows 2000, by default Windows 2003 only allows members of the :: Remote Desktop Users and Administrators groups to connect via ICA and RDP. :: Therefore, we currently do not run TsConSec for Windows 2003 server builds. :: However, the structure is in place should a customer wish to lock it down :: further. Echo Remove the Remote Desktop Users group from the RDP-Tcp listener...>>%loglocation%\Listeners.txt TsConSec.exe /t:RDP /a:"Remote Desktop Users" /x: /Q>>%loglocation%\Listeners.txt `Echo Add "%BldDomain%/%Group1%" to the RDP-Tcp listener with Full permissions...>>%loglocation%\Listeners.txt TsConSec.exe /t:RDP /d:%BldDomain% /a:"%Group1%" /P:F /Q>>%loglocation%\Listeners.txt` `:Finish Exit /B`
	© Copyright J House Consulting 2007	9th April 2007