December 22, 2019

Caveats // Quickfix

Here you will find various caveats and quickfixes around various applications/solutions that may be nice to be aware of.

I will try to keep this updated regularly, and post updates in the Changelog below.

Hope you find the content useful.

PS: The links in the content list below are there for you to jump to the wanted subject, and will open in a new tab.

Content available

Citrix
|—-WEM – Be careful with the “registry inclusion” setting for UPM
|—-Google Chrome – No audio in ICA session after version 77
Microsoft
|—-Server 2019 NPS firewall bug
|—-Applocker breaking startmenu on server 2016+
|—-Server 2019/Windows 10: No borders around windows/AllWhite issue

Changelog

  • 24.12.2019 – Fieldnotes – Initial release
  • 15.01.2019 – Caveats // Quicfix – Added: “Google Chrome – No audio in ICA session after version 77”
  • 07.02.2020 – Moved Powershell scripts to GitHub
  • 08.02.2020 – Caveats // Quicfix – Added: “Server 2019/Windows 10: No borders around windows/AllWhite issue”
  • 26.02.2020 – Registry hacks – Added: Microsoft Edge Chromium
  • 27.03.2020 – Registry hacks – Added: Windows – Privacy
  • 10.04.2020 – Registry hacks – Added: Microsoft Edge Chromium – settings to remove prompts about opening Citrix receiver/workspace/ica files
  • 24.04.2020 – Powershell – Added: OneDrive for Business – Scripts to deploy with intune to configure OneDrive for Business with Known Folder management silently
  • 29.04.2020 – Powershell – Added: Microsoft Edge and Microsoft Teams – Downloads and install latest – intended for VDI
  • 30.04.2020 – Powershell – Added: OneDrive for Business – Downloads and install latest stable OneDrive for Business – intended for VDI
  • 25.09.2020 – Registry hacks – added audio sandbox values for Edge and Chrome
  • 25.09.2020 – Fieldnotes general – removed pagination and did some cleaning,

Citrix

|—-WEM – Be careful with the “registry inclusion” setting for UPM

If you are using WEM to control Citrix UPM/Profile manager settings. Be very careful with the setting for “registry inclusion”.
You may think this gives you the option to include some registry settings here that’s not beeing taken care of in other means.

Do note that, checking this box, and adding items in this area, makes WEM ONLY include the selected entries and ignore all others.

|—-Google Chrome – No audio in ICA session after version 77

If you are experiencing missing audio playback in Google Chrome inside an ICA session. Check if your version is above v77 of Chrome.
If you are, you can work around the issue by the following.:

1 – By editing the registry.:

HKCU\Software\Policies\Google\Chrome – to apply on the user level
or
HKLM\Software\Policies\Google\Chrome – to apply for all users on the machine

add a DWORD value named “AudioSandboxEnabled” and set the value to “0

2 – By editing the published application // shortcut for the application

Add one of the following as an argument for the shortcut:

“–disable-features=AudioServiceSandbox “
or
“–disable-features=AudioServiceOutOfProcess “

Sources reporting the issues:
Citrix Forum: https://discussions.citrix.com/topic/406285-chrome-79-no-audio/
Google Forum: https://support.google.com/chrome/thread/23003477?hl=en

Microsoft

|—-Server 2019 NPS firewall bug

In server 2019, there seems to be a bug when using the NPS server role for Radius authentications.
The default port 1812 UDP is open on the server after insta, but does not accept connections.
Workaround is to create a new inbound rule to open UPD 1812.

More information on this can be found in my post about the subject here:
https://dybbugt.no/2019/1330/

|—-Applocker breaking startmenu on server 2016+

If you are using applocker on server 2016 you may see issues around the start menu.
I found this to be an issue when provisioning Citrix VDA’s where AppLocker is enabled only for EXE rules.

The issues shows itself by:
Left clicking the start menu, the menu does not come up.
Right clicking gives your the default right-click meny context.

Issues comes from AppLocker missing the default APPX package rules.
You need to edit your GPO on a computer where these settings are available (2012r2+)
Enable the default APPX package rules in applocker and your should be good to go – no need to set the APPx rules to enforces status.
AppLocker seems to relate to these even if they are not enforced – so the defaults need to be there.

Kasper Johansen also wrote more details around this on this post back in 2017.

|—- Server 2019/Windows 10: No borders around windows/AllWhite issue

In windows server 2019 and windows 10. There is an issue in the RDS world where the windows overlapping each other appears to have no border (its all white) Making it hard to distinguish the various windows from each other. This can be fixed with the steps in this post.



Do you find this useful?

Let us know by leaving a comment and following us on Twitter or Facebook.

Also consider subscribing to this website so you get notification on new posts arrive.
You can subscribe with the subscribe button in the menu on the right side, or you can use this button:

If you wish to share the content to others, feel free to use the buttons below for your simplicity.

Best regards

Dybbugt.no