VMware Horizon Community
vBritinUSA
Hot Shot
Hot Shot

Making a changes to HCLM on logon

I have an application that need to reference HCLM:\Software\Citrix\ICA\Session for the name of the Clients physical desktop. I know I can get this value from "HKEY_Users:\SID\Volatile Environment\ ViewClient_Machine_Name" but the application doesn't support this location.

So, I have a PowerShell script to grab the sid and the "ViewClient_Machine_Name" and create a value in the required location.

To do this I need to elevate the task, has anyone had luck elevating a PowerShell script on login or even a DirectFlex without prompting the user? I was going to store the script on %UEMScripts% location also.

I wish I could just do a symbolic link and call it a day :confused_face:

Any help apricated. 

Please mark helpful or correct if my answer resolved your issue.
Reply
0 Kudos
5 Replies
DEMdev
VMware Employee
VMware Employee

Hi @vBritinUSA,

Sure, that should be possible.

Just create an elevated task, with
ExecutableC:\Windows\System32\reg.exe
Arguments – add HKLM\Software\Citrix\ICA\Session /v value-name-here /d "%{ViewClient_Machine_Name}%" /f

Then, create a logon task that launches that elevated task.

(I think that that %{ViewClient_...}% reference is undocumented, but it is fully supported. No need any more for any hacks to retrieve the ViewClient_ values from HKCU, with all the related timing issues.)

vBritinUSA
Hot Shot
Hot Shot

Hi @DEMdev, This works great for a new new login.

I created a "Triggered Task" to refresh the User environment for "Priviledge Elevation" and "Triggered Tasks" to see if it would update if the user was to login from another device. That doesn't seem to update the HCLM.

I set the trigger as Workstation unlock and session reconnect.

In the logs it states it was successful.

Any thoughts on this?

 

 

Please mark helpful or correct if my answer resolved your issue.
Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi @vBritinUSA,

Such a refresh will just refresh configuration settings. That is, it will process the privilege elevation configuration again, but that won't automatically launch elevated tasks (which is a good thing, I guess :))

You can still use a triggered task for session reconnect, though. Just use Run custom command as the Action, specify the path to FlexEngine.exe as the Command, and -LaunchTask "Name-of-your-elevated-task" as the Arguments.

Reply
0 Kudos
vBritinUSA
Hot Shot
Hot Shot

So, I created the Triggered Task as you stated. I have 2 devices that I connect from, Windows and a MAC to sign into the session. The HKLM is updated with the correct name of the physical device on logon, regardless of the device. 

I login from the other device and take the session, the HKLM is not updating. So, I open command prompt and ran the FlexEngine and argument and it didn't update so I thought. So, I deleted the variable and ran it again. The variable was created using the FIRST physical device I connected to not the current one I am using, even though in HKU "volatile environment\ViewClient_Machine_name is correct reflecting the correct physical device.

 

Please mark helpful or correct if my answer resolved your issue.
Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi @vBritinUSA,

Ah, shoot... That "%{ViewClient_Machine_Name}%" argument in the elevated task definition gets resolved when privilege elevation config is processed rather than when the task gets launched...

If you change your triggered task to run a batch file containing the following two commands, it should work.

"C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -DemRefreshPrivilegeElevation
"C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -LaunchTask "YourTaskNameHere"

Reply
0 Kudos