Thursday, 18 May 2017

Change Location of User Profile Folders in Registry

I love to move my Windows profile folders from common, Microsoft-preset folders to my desired folders. And occasionally, out of stupidity, I mistakenly deleted the active folders, rather than the previous folders, which resulting to below error :

<Path> refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location.

As always, it is not hard to resolve this issue. However, it involves registry changes, therefore do it cautiously.

  1.  Open regedit

  2.  navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer

  3.  There are 2 parts here :  Shell Folders is designed to be used by Windows NT and earlier. It is necessary not to delete this folder.


Monday, 8 May 2017

Citrix Group Policy Management Console

It is a common practice to have a management server, with most (if not all) consoles installed on it. the purpose of this practice are to consolidate the management consoles into centralized servers, and reduce un-needed resources utilization on target servers (e.g : SQL, AppSense, Citrix Delivery Controller, VMware vCenter). 

One component that I love to have in my management server is Citrix GPMC. I prefer to configure my Citrix policies via GPO, rather than Citrix Policies. One main reason is to consolidate all policies into a single, centralized location. 

This is what you can see from AD server or normal servers/machines without Citrix GPMC installed / enabled.

This is what you can see from Citrix servers with GPMC installed / enabled.

Now, how to install Citrix GPMC : 

  1.  Download the installers from here :

    x86 :

    x64 :

  2.  Right click at the installer, and click Install (or just double click at it).

  3.  Preparing to install..

  4.  Accept the agreement, and click Install

  5.  Installing...

  6.  Done, click Finish.

  7.  Launch Group Policy Management, and Edit any GPO

  8.  Now we can see Citrix Policies available in GPO.


Wednesday, 3 May 2017

Configure HTTPS authentication to CA Server

In previous post, I demonstrated steps to install a Certificate Authority server as well as enabling Web enrollment. All good so far. However, when we tried to proceed with web enrollment, below message box appeared :

In order to complete certificate enrollment, the Web site for the CA must be configured to use HTTPS authentication.

To make it worst (not really), if we tried to access to the web page by using HTTPS, no page can be displayed. 

Luckily, Microsoft has compiled all needed steps on how to get it resolved, as posted here.
Implementing SSL on a Web site in the domain with an Enterprise CA
The following example will assume that you have an Enterprise CA from which to issue certificates. Further, the assumption is that you have a Certification Authority Web Enrollment pages installed, either on that CA or on another computer in the domain. This example will walk through the steps necessary to do the following:
  1. Configure an appropriate certificate template for SSL certificates.
  2. Obtain a certificate for IIS using the certificate template
  3. Configure the HTTPS on the Default Web Site
  4. Connect to the HTTPS location for certificate enrollment

So, let's start with those steps.

1) Configure an appropriate certificate template for SSL certificates.
  1.  Launch Certificate Authority Console

  2.  Right click Certificate Templates | Manage

  3.  Certificate Templates Console will launch. Look for Web Server template, right click at it, and choose Duplicate Template

  4.  At Compatibility tab, you may want to maintain or change the settings depending on the environment.

  5.   Go to General tab, and change the name of the template to reflect correct usage. Change the certificate validity and renewal period if needed.

  6.  Go to Security tab, add 2 information :
    • User/Group Accounts which will be used in enrollment
    • Computer accounts which require ability to enroll

  7.   Go to Cryptography tab, make changes if needed. Once all good, click Apply then OK.

  8.  New template created. Close the Certificate Templates Console.

  9. At Certificate Authority Console, right click at Certificate Templates | New | Certificate Template to Issue. Find the newly created certificate templates, click on it, then click OK.

2) Obtain a certificate for IIS using the certificate template

  1.  Launch MMC console

  2.  Go to File | Add/Remove Snap-in...

  3.  Click at Certificate | Add >

  4.  Choose Computer account, and click Next >

  5.  Choose Local computer, then click Finish.

  6.  Click OK.

  7.  Expand certificate (Local Computer) | right click at Personal | Choose All Tasks | click at Request New Certificate

  8.  click Next.

  9.  Select Active Directory Enrollment Policy, then click next

  10. Click at ' More information is required to enroll for this certificate. Click here to configure settings. ' (coloured in blue).

  11.  We need to configure who will receive the certificate. In this case, the rootCA server. At Subject tab, at Subject name box, change the type to Common name, put in the value, and click Add >. Once done, click Apply then OK.

  12.  Click enroll.

  13.  Enrolling

  14.  Click Finish.

3) Configure the HTTPS on the Default Web Site

  1.  Launch IIS Manager

  2.  Navigate to Default Web Site (or if you have more, choose appropriately).

  3.  At Action column, click at Bindings...

  4.  Click at https, and click at Edit...

  5.  Change the SSL certificate to correct certificate (you can press View... to check to whom certificate is being issued)

  6.  Click OK.

  7.  Click Close.

4) Connect to the HTTPS location for certificate enrollment

  1.  launch the web enrollment with HTTPS. UID required, access the web using ID which previously configured.

  2.  This page will appeared if you try to access using unauthorized user ID.

  3.  Website launched successfully with HTTPS.