res word template - a4 - ivanti
TRANSCRIPT
RES Word Template - A4Citrix Published Applications
.....................................................................................................
4
Partially Managed Environments ................................................................................................. 4
General .............................................................................................................................. 5
Troubleshooting ...................................................................................................................... 9
Step 2: Examples .................................................................................................................. 11
Process Interception
Page 3 of 20
Introduction Process Interception is a new feature of RES Workspace Manager 2012. It is an extension of the Managed Application control that currently exists. Traditionally, applications were managed by RES Workspace Manager by changing the shortcut that pointed to an existing application. This allowed RES Workspace Manager to control what happened when an application was launched, or even if it was allowed to be accessed. This is a very good approach for most situations and is still supported and recommended. RES Workspace Manager extends this functionality by including Process Interception. Process Interception monitors what processes are being launched by the user, pauses the process if necessary to apply configurations, and then resumes the process. This approach allows more flexibility for Managed Applications and helps to open up new use cases for RES Workspace Manager. This document explains in which situations Process Interception should (or should not) be used and explains how to set up Process Interception. A Troubleshooting section is included at the end of the document. Refer to the RES Workspace Manager Administration Guide 2012 for more information about this feature, available at http://support.ressoftware.com/workspacemanageradminguide2012/.
About this Guide The purpose of this Guide is to explain Process Interception which was introduced in RES Workspace Manager 2012. The provided information in this guide applies to:
Product Version Service Release
RES Workspace Manager 2012 -
Microsoft Windows 2008 R2 -
Citrix XenApp 6.5 -
Audience RES Software Best Practice Documentation is carefully researched and written for a specific target audience and is intended primarily for Administrators. This document also makes the assumption that the reader is familiar with RES Workspace Manager and knows how to set up and configure different features, including Managed Applications.
Finding Product documentation RES Software provides product documentation for different stages of deployment: from designing the environment, to installing, using and troubleshooting. After a product is released, information is provided via the integrated product help file, the Administration Guide and the online Knowledgebase, available at http://support.ressoftware.com.
Page 4 of 20
When to use Process Interception Process Interception is very flexible and has numerous use cases. The three most commonly used scenarios for Process Interception include intercepting Citrix Published Applications without the need for republishing, partially managed laptops and desktops, and when applications call other application directly. Each scenario is described below.
Citrix Published Applications In previous releases, RES Workspace Manager needed to republish Citrix Published Applications through the console in order to manage different aspects of Citrix Published Applications. This approach required that all modifications to applications needed to be done through the RES Workspace Manager console. Furthermore, any modification to a published application through the RES Workspace Manager console required the console to be running on a Citrix XenApp server in the farm on which the application existed. With Process Interception, the RES Workspace Composer monitors the Citrix server and intercepts the specified application, regardless whether they are launched locally, through a published desktop or through a Published Application. This allows Citrix Administrators to use the Citrix XenApp console to manage the basic application properties while still being able to leverage the context awareness of RES Workspace Manager. All of the benefits that existed before still apply. However, modifications do not need to be done on a console running on a server in the same farm as the application.
Partially Managed Environments Partially managed laptops and desktops are another area where Process Interception offers great advantages. In this use case, usually in existing environments where desktop transformation is being used, RES Workspace Manager is slowly being incorporated to manage the most critical applications without having a large impact on the end user. By using Process Interception, the administrator can slowly start managing specific applications while still allowing the user the flexibility they are accustomed to having. Another advantage of using Process Interception in this type of environment is that users do not need to change the way they work or change their preferences. Two examples of this flexibility are using the run command to launch an application, and selecting which browser is the default. Both can be supported when using Process Interception.
Application Dependencies The last use case that is discussed in this document is when applications call other applications directly. Applications are normally launched from another application via file type associations. In RES Workspace Manager this is normally handled through file type association redefinitions. However, when file type associations are not used, RES Workspace Manager does not have a way to know that a specific application is called. This results in the application being launched unmanaged. With Process Interception, an application can be managed regardless of how it is launched. One common application that has been difficult to use with managed shortcuts and file type associations from RES Workspace Manager is iManage by Autonomy, a document management system that tightly integrates with Microsoft Office. This type of application requires that any configuration is done on a global level and not at application level, because RES Workspace Manager has no way of knowing when the application is launched. Process Interception can be used to move the configuration back to the application level where it belongs.
When not to use Process Interception Although Process Interception is very flexible and has many different use cases, it should not be used in every situation. For example, it is not recommended to use Process Interception if multiple managed applications exist that have the same command line. Currently, Process Interception only matches based on process name and path and not on parameters. This means that if multiple managed applications exist but only differ on the parameter, the first one to match alphabetically will be intercepted.
Process Interception
Page 5 of 20
How to Set Up Process Interception This section describes how to set up Process Interception in different scenarios. This covers only the differences in setting up Process Interception and does not cover how to set up Managed Applications.
General In the Applications node, Windows Shell Shortcut Creation can be set to Do nothing, Merge or Replace. Process Interception works for all creation modes. To enable or disable Process Interception per Workspace Container select the option Disable process interception for unmanaged shortcuts, available on the Properties tab. Exceptions per Workspace Container can be created by clicking the [+].
Process Interception
Page 6 of 20
Standard Desktop/Laptop/VDI Process Interception still uses Managed Applications to determine which applications to track and configure. As shown below, Process Interception can be enabled by setting the option If managed shortcut was not used from Ignore to Intercept new process and apply configuration.
With this approach, anytime WINWORD.exe is launched from the above command line, the process will be paused, context checked, configurations applied, and then resumed. The only difference between using Process Interception and a managed shortcut is that the application can be launched independently of the managed shortcut. This is especially useful in non-greenfield scenarios where only specific applications need to be managed and desktop transformation is not complete.
Process Interception
Page 7 of 20
Citrix XenApp Published Applications Process Interception can be used with existing Citrix XenApp Published Applications that are not controlled by RES Workspace manager. The process to manage Citrix XenApp Published Applications is very similar to standard desktops or laptops. The application still needs to be listed as a managed application and pass all of the access control tests. Also, just like a desktop or laptop, the Run Workspace Composer functionality needs to be set to Automatic mode in the section Administration > Agents as shown in the screenshot below. This functionality did not exist in previous releases of RES Workspace Manager.
NOTE: The option to set Run Workspace Composer to Automatic is only available on Windows Server Operating
Systems running both the RES Workspace Manager Agent and also a version of Citrix XenApp. At the release of this document, Process Interception does not support Windows Remote Desktop Services and Windows Remote Applications.
RES Software provides a tool to help migrate or manage existing Citrix XenApp Published Application into RES Workspace Manager. This tool is called the "Integration Toolkit for Citrix XenApp v2", and can be found on the support site under Downloads > RES Workspace Manager > Utilities. A new addition to this tool is the ability to enable Process Interception as shown in the screenshot below. For more information, please consult the documentation provided in the download.
Process Interception
Page 9 of 20
Troubleshooting This section describes troubleshooting steps to take if Process Interception does not appear to be working. The following three sections describe basic troubleshooting steps, an example scenario and some advanced logging.
Step 1: Back to basic In this scenario, Microsoft Windows Notepad is used as example application, in order to verify that Process Interception works in a basic setup. Notepad is created as a Managed Application in the RES Workspace Manager Console and Process Interception is activated as shown below:
One way to make sure that Process Interception is being used is to display a Notification on launch of the application. NOTE: Although it is possible to use an Action like a drive mapping or a Execute Command from the
Configuration section for this purpose, the Action may fail for reasons that are not related to Process Interception. This is why a Notification is suggested.
Process Interception
Configuring the Notification:
NOTE: Do not use ''Show once'' in this troubleshoot scenario, because it will only appear the first time. The following example tests launching Notepad using a Citrix XenApp session running RES Workspace Manager. To launch Notepad, browse to c:\windows\system32 and launch notepad.exe directly. If Process Interception is working, the notification below is shown:
Process Interception
Page 11 of 20
After the notification is shown and OK is clicked (or after waiting for 60 seconds), Notepad is launched. This confirms that the process was intercepted, because the Notification was shown. If the process was not intercepted, Notepad is launched directly without showing the notification. NOTE: If it is not possible to browse to the c:\ drive due to restrictions, a shortcut can be made available to
c:\windows\system32\notepad.exe on the User's Home Drive or any other accessible location.
Proceed to Step 2 if Notepad was intercepted and the notification was shown.
Proceed to Step 3 if Process Interception did not work.
Step 2: Examples The above scenario was very basic and many other factors are usually involved in a real world scenario. The next example takes a step further in basic troubleshooting. The general steps for troubleshooting Process Interception are as follows:
1. Configure a Notification at application launch 2. Check the User Event log for related errors 3. Make sure that the path of the configured application and the application being launched match 4. Make sure that the RES Workspace Composer is set to run in ''Automatic'' mode
Example 1 In this example, Notepad is configured as a managed application and Process Interception is enabled. There is an action configured to map the M: drive when Notepad is launched. However, when Notepad is launched, the M: drive is not available when the user tries to save the file. To confirm that the process was intercepted, configure a Notification at application launch as described in Step 1 and check whether it is shown. If the notification was shown, the next step is to review the User Event log in Diagnostics (Diagnostics > User Sessions, double click the user, Diagnostics > Event Log) to determine why the drive was not mapped. In this example, the issue was related to a misconfigured drive mapping and not related to Process Interception. This is one reason why the suggested approach is to use a Notification. The below screenshot of the Event Log shows the issue:
Process Interception
Page 12 of 20
Example 2 In this example, Notepad is configured as a managed application and Process Interception is enabled. The application is launched from the Citrix Web Interface and RES Workspace Manager Composer is set to Automatic. When the user launches the Citrix Published Notepad application, several Actions configured are not executed. A Notification is configured and is not shown and there are no errors in the Event Log. Next step is to check the application path to verify that they are correct. In Citrix XenApp:
Process Interception
Page 13 of 20
In RES Workspace Manager:
In this example, the paths do not match. After adjusting the path in the Citrix XenApp published application, the process is intercepted. It is important to remember that the process is matched on the entire command line and not just the process name (unless a wildcard is used). If many applications are configured, a dump of all intercepted processes can also be useful. More information about this in Step 3: Advanced Troubleshooting.
Process Interception
Page 14 of 20
Example 3 In this example, Microsoft Office Outlook is configured as a managed application and Process Interception is enabled. E-mail settings are configured and should be pushed when a user launches Outlook. However, the Email Settings are not configured when the user launches Outlook and the user is presented with the Microsoft Office Outlook Wizard. A Notification is configured and is not shown and there are no errors in the Event Log. This behavior may occur on certain servers but not all. The configured application:
Like in the example above, examine the paths first to see if a match can be found. The option to generate a dump will be described in Step 3: Advanced Troubleshooting. For this example, Microsoft Office is installed in the C:\Program Files directory and that Outlook.exe can be found in "C:\Program Files\Microsoft Office\Office14\Outlook.exe". This path may not be the same for all servers if they are a mix of 32-bit and 64-bit, or if the version of Microsoft Office is different. One way to solve this is to use wildcards or parameters as discussed above in How to Setup Process Interception.
Process Interception
Page 15 of 20
Step 3: Advanced Troubleshooting If the problem could not be found and fixed in Step 1 and 2, we need to proceed with advanced methods to acquire more information. This consists of creating a dump of all Process Intercepted paths and tracing when the problem occurs. There are 2 separate traces that are needed for troubleshooting: the general trace and the trace that is specific for Process Interception. Dump of all Process Intercepted paths When many applications are configured in the RES Workspace Manager console, a dump of all Process Intercepted paths for the current session can help when comparing paths. This dump file is configured for a specific user as follows:
The setting ImgGuardDump=Yes needs to be configured in the user’s pwruser.ini file under the Preferences section. This can be done via the RES Workspace Manager console or manually. Via RES Workspace Manager Console:
1. Create a new object at Composition > Files and Folders > Home Directory. The Object is the pwruser.ini, Action is set to Set specific values in INI-file:
Process Interception
Page 16 of 20
2. Click the Browse button as shown above. This will launch the Edit INI-file value dialog box where you can fill in the values shown below and click OK.
When the user logs on to a RES Workspace Manager session, this generates a file called
ImgGuardDump_servername in the Personal Settings\pwrmenu folder of the Home Drive of the specific user.
Process Interception
Process Interception
Page 18 of 20
Tracing: This will generate 2 trace files. The first file is the general trace file with information of RES Workspace Manager processes. The second file is the trace for Process Interception. Enable tracing: To enable tracing through RES Automation Manager, follow the steps below or download the Building Block on the RES Software Support portal: http://support.ressoftware.com.
1. Stop the "RES Workspace Manager Agent Service" 2. Add the following registry values to the machine running RES Workspace Manager in the key
32-bits OS: HKEY_LOCAL_MACHINE\SOFTWARE\RES\Workspace Manager
64-bits OS: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RES\Workspace Manager
Value: Trace
Type: REG_SZ
Data: Yes
Value: TraceDetailed
Type: REG_SZ
Data: Yes
Value: TraceFile
Type: REG_SZ
Data: c:\temp\RESTrace.log
3. Start the "RES Workspace Manager Agent Service" 4. Verify that the trace file is created at the specified location. This is the value of the TraceFile key
(C:\temp\RESTrace.log in this example).
Note:
The location of c:\temp\RESTrace.log can be changed if necessary.
It is not possible to use a variable like %systemroot% or %windir%.
This file will reach a maximum size of 2MB, after which older entries will be overwritten. The file will not change the date/timestamp from the original creation date.
Please make sure that every user has Modify permissions on the folder where the log file is created.
If you have configured Read-Only Blanketing make sure you make an exception for the location of the trace file.
After reproducing the problem, two trace files will be generated:
The general trace will be in the location specified in TraceFile (c:\temp\RESTrace.log in this example).
The Process Interception trace will be in the %TEMP% directory of the user called igstub.log. General trace: In the general trace file, verify that pfwsmgr.exe is present. If this process is not shown in the file, the user did not have permission to write to the file. Please change the TraceFile variable and try again. When troubleshooting Process Interception, look specifically for "ImgGuard" as shown in the screenshot below.
4324 pfwsmgr 3 Testuser015 ProcessImgGuardEvent; Title = [IG1_2_1_6336] 4324 pfwsmgr 3 Testuser015 sharedImgGuard.SetImgGuardEvent; Setting ImgGuard event: IG1_2 4324 pfwsmgr 3 Testuser015 sharedImgGuard.ProcessImgGuardEvent; Loading user settings, actions, etc for application 4324 pfwsmgr 3 Testuser015 fysnChangedRunProgram; ImgGuard intercept launch -> RuleID = 1; MsgID = 2; ProcessID = 6336 4324 pfwsmgr 3 Testuser015 fysnChangedRunProgram; mstrPwrGateParms = %PWRGATEPARMS%
Process Interception trace:
The Process Interception specific trace file is called igstub.log and can be found in the %TEMP% directory of the user. NOTE: This specific file is written in the User's Temp directory in the Local AppData folder and might be removed
when logging off the session. Example file: If after following the above troubleshooting steps the issue still occurs, please send both files including a clear problem description and troubleshooting steps already taken to [email protected].
IgStub HandleNotification; Creating event IG1 IG1_1 IgStub HandleNotification; Creating event IG2 IG2_1 IgStub HandleNotification; Process ImageFileName \Device\HarddiskVolume1\Windows\System32\notepad.exe IgStub HandleNotification; Parent ProcessName \Device\HarddiskVolume1\Windows\explorer.exe IgStub HandleNotification; Opened mutex:000000c8
IgStub HandleNotification; Waiting for mutex:000000c8
Disclaimer
Whilst every care has been taken by RES Software to ensure that the information contained in this publication is correct and complete, it is
possible that this is not the case. RES Software provides the publication "as is", without any warranty for its soundness, suitability for a different
purpose or otherwise. RES Software is not liable for any damage which has occurred or may occur as a result of or in any respect related to the
use of this publication. RES Software may change or terminate this publication at any time without further notice and shall not be responsible
for any consequence(s) arising there from. Subject to this disclaimer, RES Software is not responsible for any contributions by third parties to
this publication.
Copyright Notice
Copyright © on software and all Materials 1998-2011 Real Enterprise Solutions Development BV, P.O. Box 33, 5201 AA `s-Hertogenbosch, The
Netherlands. RES and the RES Software Logo are either registered trademarks or service marks of Real Enterprise Solutions Nederland B.V. in
Europe, the United States and other countries. RES Automation Manager, RES Workspace Manager, Dynamic Desktop Studio, Virtual Desktop
Extender and RES VDX are trade names of Real Enterprise Solutions Nederland B.V. in Europe, the United States and other countries. All other
product and company names mentioned may be trademarks and/or service marks of their respective owners. Real Enterprise Solutions
Development BV, The Netherlands has the following patents: U.S. Pat. "US 7,433,962", "US 7,565,652", "US 7,725,527", other patents pending or
granted.
Partially Managed Environments ................................................................................................. 4
General .............................................................................................................................. 5
Troubleshooting ...................................................................................................................... 9
Step 2: Examples .................................................................................................................. 11
Process Interception
Page 3 of 20
Introduction Process Interception is a new feature of RES Workspace Manager 2012. It is an extension of the Managed Application control that currently exists. Traditionally, applications were managed by RES Workspace Manager by changing the shortcut that pointed to an existing application. This allowed RES Workspace Manager to control what happened when an application was launched, or even if it was allowed to be accessed. This is a very good approach for most situations and is still supported and recommended. RES Workspace Manager extends this functionality by including Process Interception. Process Interception monitors what processes are being launched by the user, pauses the process if necessary to apply configurations, and then resumes the process. This approach allows more flexibility for Managed Applications and helps to open up new use cases for RES Workspace Manager. This document explains in which situations Process Interception should (or should not) be used and explains how to set up Process Interception. A Troubleshooting section is included at the end of the document. Refer to the RES Workspace Manager Administration Guide 2012 for more information about this feature, available at http://support.ressoftware.com/workspacemanageradminguide2012/.
About this Guide The purpose of this Guide is to explain Process Interception which was introduced in RES Workspace Manager 2012. The provided information in this guide applies to:
Product Version Service Release
RES Workspace Manager 2012 -
Microsoft Windows 2008 R2 -
Citrix XenApp 6.5 -
Audience RES Software Best Practice Documentation is carefully researched and written for a specific target audience and is intended primarily for Administrators. This document also makes the assumption that the reader is familiar with RES Workspace Manager and knows how to set up and configure different features, including Managed Applications.
Finding Product documentation RES Software provides product documentation for different stages of deployment: from designing the environment, to installing, using and troubleshooting. After a product is released, information is provided via the integrated product help file, the Administration Guide and the online Knowledgebase, available at http://support.ressoftware.com.
Page 4 of 20
When to use Process Interception Process Interception is very flexible and has numerous use cases. The three most commonly used scenarios for Process Interception include intercepting Citrix Published Applications without the need for republishing, partially managed laptops and desktops, and when applications call other application directly. Each scenario is described below.
Citrix Published Applications In previous releases, RES Workspace Manager needed to republish Citrix Published Applications through the console in order to manage different aspects of Citrix Published Applications. This approach required that all modifications to applications needed to be done through the RES Workspace Manager console. Furthermore, any modification to a published application through the RES Workspace Manager console required the console to be running on a Citrix XenApp server in the farm on which the application existed. With Process Interception, the RES Workspace Composer monitors the Citrix server and intercepts the specified application, regardless whether they are launched locally, through a published desktop or through a Published Application. This allows Citrix Administrators to use the Citrix XenApp console to manage the basic application properties while still being able to leverage the context awareness of RES Workspace Manager. All of the benefits that existed before still apply. However, modifications do not need to be done on a console running on a server in the same farm as the application.
Partially Managed Environments Partially managed laptops and desktops are another area where Process Interception offers great advantages. In this use case, usually in existing environments where desktop transformation is being used, RES Workspace Manager is slowly being incorporated to manage the most critical applications without having a large impact on the end user. By using Process Interception, the administrator can slowly start managing specific applications while still allowing the user the flexibility they are accustomed to having. Another advantage of using Process Interception in this type of environment is that users do not need to change the way they work or change their preferences. Two examples of this flexibility are using the run command to launch an application, and selecting which browser is the default. Both can be supported when using Process Interception.
Application Dependencies The last use case that is discussed in this document is when applications call other applications directly. Applications are normally launched from another application via file type associations. In RES Workspace Manager this is normally handled through file type association redefinitions. However, when file type associations are not used, RES Workspace Manager does not have a way to know that a specific application is called. This results in the application being launched unmanaged. With Process Interception, an application can be managed regardless of how it is launched. One common application that has been difficult to use with managed shortcuts and file type associations from RES Workspace Manager is iManage by Autonomy, a document management system that tightly integrates with Microsoft Office. This type of application requires that any configuration is done on a global level and not at application level, because RES Workspace Manager has no way of knowing when the application is launched. Process Interception can be used to move the configuration back to the application level where it belongs.
When not to use Process Interception Although Process Interception is very flexible and has many different use cases, it should not be used in every situation. For example, it is not recommended to use Process Interception if multiple managed applications exist that have the same command line. Currently, Process Interception only matches based on process name and path and not on parameters. This means that if multiple managed applications exist but only differ on the parameter, the first one to match alphabetically will be intercepted.
Process Interception
Page 5 of 20
How to Set Up Process Interception This section describes how to set up Process Interception in different scenarios. This covers only the differences in setting up Process Interception and does not cover how to set up Managed Applications.
General In the Applications node, Windows Shell Shortcut Creation can be set to Do nothing, Merge or Replace. Process Interception works for all creation modes. To enable or disable Process Interception per Workspace Container select the option Disable process interception for unmanaged shortcuts, available on the Properties tab. Exceptions per Workspace Container can be created by clicking the [+].
Process Interception
Page 6 of 20
Standard Desktop/Laptop/VDI Process Interception still uses Managed Applications to determine which applications to track and configure. As shown below, Process Interception can be enabled by setting the option If managed shortcut was not used from Ignore to Intercept new process and apply configuration.
With this approach, anytime WINWORD.exe is launched from the above command line, the process will be paused, context checked, configurations applied, and then resumed. The only difference between using Process Interception and a managed shortcut is that the application can be launched independently of the managed shortcut. This is especially useful in non-greenfield scenarios where only specific applications need to be managed and desktop transformation is not complete.
Process Interception
Page 7 of 20
Citrix XenApp Published Applications Process Interception can be used with existing Citrix XenApp Published Applications that are not controlled by RES Workspace manager. The process to manage Citrix XenApp Published Applications is very similar to standard desktops or laptops. The application still needs to be listed as a managed application and pass all of the access control tests. Also, just like a desktop or laptop, the Run Workspace Composer functionality needs to be set to Automatic mode in the section Administration > Agents as shown in the screenshot below. This functionality did not exist in previous releases of RES Workspace Manager.
NOTE: The option to set Run Workspace Composer to Automatic is only available on Windows Server Operating
Systems running both the RES Workspace Manager Agent and also a version of Citrix XenApp. At the release of this document, Process Interception does not support Windows Remote Desktop Services and Windows Remote Applications.
RES Software provides a tool to help migrate or manage existing Citrix XenApp Published Application into RES Workspace Manager. This tool is called the "Integration Toolkit for Citrix XenApp v2", and can be found on the support site under Downloads > RES Workspace Manager > Utilities. A new addition to this tool is the ability to enable Process Interception as shown in the screenshot below. For more information, please consult the documentation provided in the download.
Process Interception
Page 9 of 20
Troubleshooting This section describes troubleshooting steps to take if Process Interception does not appear to be working. The following three sections describe basic troubleshooting steps, an example scenario and some advanced logging.
Step 1: Back to basic In this scenario, Microsoft Windows Notepad is used as example application, in order to verify that Process Interception works in a basic setup. Notepad is created as a Managed Application in the RES Workspace Manager Console and Process Interception is activated as shown below:
One way to make sure that Process Interception is being used is to display a Notification on launch of the application. NOTE: Although it is possible to use an Action like a drive mapping or a Execute Command from the
Configuration section for this purpose, the Action may fail for reasons that are not related to Process Interception. This is why a Notification is suggested.
Process Interception
Configuring the Notification:
NOTE: Do not use ''Show once'' in this troubleshoot scenario, because it will only appear the first time. The following example tests launching Notepad using a Citrix XenApp session running RES Workspace Manager. To launch Notepad, browse to c:\windows\system32 and launch notepad.exe directly. If Process Interception is working, the notification below is shown:
Process Interception
Page 11 of 20
After the notification is shown and OK is clicked (or after waiting for 60 seconds), Notepad is launched. This confirms that the process was intercepted, because the Notification was shown. If the process was not intercepted, Notepad is launched directly without showing the notification. NOTE: If it is not possible to browse to the c:\ drive due to restrictions, a shortcut can be made available to
c:\windows\system32\notepad.exe on the User's Home Drive or any other accessible location.
Proceed to Step 2 if Notepad was intercepted and the notification was shown.
Proceed to Step 3 if Process Interception did not work.
Step 2: Examples The above scenario was very basic and many other factors are usually involved in a real world scenario. The next example takes a step further in basic troubleshooting. The general steps for troubleshooting Process Interception are as follows:
1. Configure a Notification at application launch 2. Check the User Event log for related errors 3. Make sure that the path of the configured application and the application being launched match 4. Make sure that the RES Workspace Composer is set to run in ''Automatic'' mode
Example 1 In this example, Notepad is configured as a managed application and Process Interception is enabled. There is an action configured to map the M: drive when Notepad is launched. However, when Notepad is launched, the M: drive is not available when the user tries to save the file. To confirm that the process was intercepted, configure a Notification at application launch as described in Step 1 and check whether it is shown. If the notification was shown, the next step is to review the User Event log in Diagnostics (Diagnostics > User Sessions, double click the user, Diagnostics > Event Log) to determine why the drive was not mapped. In this example, the issue was related to a misconfigured drive mapping and not related to Process Interception. This is one reason why the suggested approach is to use a Notification. The below screenshot of the Event Log shows the issue:
Process Interception
Page 12 of 20
Example 2 In this example, Notepad is configured as a managed application and Process Interception is enabled. The application is launched from the Citrix Web Interface and RES Workspace Manager Composer is set to Automatic. When the user launches the Citrix Published Notepad application, several Actions configured are not executed. A Notification is configured and is not shown and there are no errors in the Event Log. Next step is to check the application path to verify that they are correct. In Citrix XenApp:
Process Interception
Page 13 of 20
In RES Workspace Manager:
In this example, the paths do not match. After adjusting the path in the Citrix XenApp published application, the process is intercepted. It is important to remember that the process is matched on the entire command line and not just the process name (unless a wildcard is used). If many applications are configured, a dump of all intercepted processes can also be useful. More information about this in Step 3: Advanced Troubleshooting.
Process Interception
Page 14 of 20
Example 3 In this example, Microsoft Office Outlook is configured as a managed application and Process Interception is enabled. E-mail settings are configured and should be pushed when a user launches Outlook. However, the Email Settings are not configured when the user launches Outlook and the user is presented with the Microsoft Office Outlook Wizard. A Notification is configured and is not shown and there are no errors in the Event Log. This behavior may occur on certain servers but not all. The configured application:
Like in the example above, examine the paths first to see if a match can be found. The option to generate a dump will be described in Step 3: Advanced Troubleshooting. For this example, Microsoft Office is installed in the C:\Program Files directory and that Outlook.exe can be found in "C:\Program Files\Microsoft Office\Office14\Outlook.exe". This path may not be the same for all servers if they are a mix of 32-bit and 64-bit, or if the version of Microsoft Office is different. One way to solve this is to use wildcards or parameters as discussed above in How to Setup Process Interception.
Process Interception
Page 15 of 20
Step 3: Advanced Troubleshooting If the problem could not be found and fixed in Step 1 and 2, we need to proceed with advanced methods to acquire more information. This consists of creating a dump of all Process Intercepted paths and tracing when the problem occurs. There are 2 separate traces that are needed for troubleshooting: the general trace and the trace that is specific for Process Interception. Dump of all Process Intercepted paths When many applications are configured in the RES Workspace Manager console, a dump of all Process Intercepted paths for the current session can help when comparing paths. This dump file is configured for a specific user as follows:
The setting ImgGuardDump=Yes needs to be configured in the user’s pwruser.ini file under the Preferences section. This can be done via the RES Workspace Manager console or manually. Via RES Workspace Manager Console:
1. Create a new object at Composition > Files and Folders > Home Directory. The Object is the pwruser.ini, Action is set to Set specific values in INI-file:
Process Interception
Page 16 of 20
2. Click the Browse button as shown above. This will launch the Edit INI-file value dialog box where you can fill in the values shown below and click OK.
When the user logs on to a RES Workspace Manager session, this generates a file called
ImgGuardDump_servername in the Personal Settings\pwrmenu folder of the Home Drive of the specific user.
Process Interception
Process Interception
Page 18 of 20
Tracing: This will generate 2 trace files. The first file is the general trace file with information of RES Workspace Manager processes. The second file is the trace for Process Interception. Enable tracing: To enable tracing through RES Automation Manager, follow the steps below or download the Building Block on the RES Software Support portal: http://support.ressoftware.com.
1. Stop the "RES Workspace Manager Agent Service" 2. Add the following registry values to the machine running RES Workspace Manager in the key
32-bits OS: HKEY_LOCAL_MACHINE\SOFTWARE\RES\Workspace Manager
64-bits OS: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RES\Workspace Manager
Value: Trace
Type: REG_SZ
Data: Yes
Value: TraceDetailed
Type: REG_SZ
Data: Yes
Value: TraceFile
Type: REG_SZ
Data: c:\temp\RESTrace.log
3. Start the "RES Workspace Manager Agent Service" 4. Verify that the trace file is created at the specified location. This is the value of the TraceFile key
(C:\temp\RESTrace.log in this example).
Note:
The location of c:\temp\RESTrace.log can be changed if necessary.
It is not possible to use a variable like %systemroot% or %windir%.
This file will reach a maximum size of 2MB, after which older entries will be overwritten. The file will not change the date/timestamp from the original creation date.
Please make sure that every user has Modify permissions on the folder where the log file is created.
If you have configured Read-Only Blanketing make sure you make an exception for the location of the trace file.
After reproducing the problem, two trace files will be generated:
The general trace will be in the location specified in TraceFile (c:\temp\RESTrace.log in this example).
The Process Interception trace will be in the %TEMP% directory of the user called igstub.log. General trace: In the general trace file, verify that pfwsmgr.exe is present. If this process is not shown in the file, the user did not have permission to write to the file. Please change the TraceFile variable and try again. When troubleshooting Process Interception, look specifically for "ImgGuard" as shown in the screenshot below.
4324 pfwsmgr 3 Testuser015 ProcessImgGuardEvent; Title = [IG1_2_1_6336] 4324 pfwsmgr 3 Testuser015 sharedImgGuard.SetImgGuardEvent; Setting ImgGuard event: IG1_2 4324 pfwsmgr 3 Testuser015 sharedImgGuard.ProcessImgGuardEvent; Loading user settings, actions, etc for application 4324 pfwsmgr 3 Testuser015 fysnChangedRunProgram; ImgGuard intercept launch -> RuleID = 1; MsgID = 2; ProcessID = 6336 4324 pfwsmgr 3 Testuser015 fysnChangedRunProgram; mstrPwrGateParms = %PWRGATEPARMS%
Process Interception trace:
The Process Interception specific trace file is called igstub.log and can be found in the %TEMP% directory of the user. NOTE: This specific file is written in the User's Temp directory in the Local AppData folder and might be removed
when logging off the session. Example file: If after following the above troubleshooting steps the issue still occurs, please send both files including a clear problem description and troubleshooting steps already taken to [email protected].
IgStub HandleNotification; Creating event IG1 IG1_1 IgStub HandleNotification; Creating event IG2 IG2_1 IgStub HandleNotification; Process ImageFileName \Device\HarddiskVolume1\Windows\System32\notepad.exe IgStub HandleNotification; Parent ProcessName \Device\HarddiskVolume1\Windows\explorer.exe IgStub HandleNotification; Opened mutex:000000c8
IgStub HandleNotification; Waiting for mutex:000000c8
Disclaimer
Whilst every care has been taken by RES Software to ensure that the information contained in this publication is correct and complete, it is
possible that this is not the case. RES Software provides the publication "as is", without any warranty for its soundness, suitability for a different
purpose or otherwise. RES Software is not liable for any damage which has occurred or may occur as a result of or in any respect related to the
use of this publication. RES Software may change or terminate this publication at any time without further notice and shall not be responsible
for any consequence(s) arising there from. Subject to this disclaimer, RES Software is not responsible for any contributions by third parties to
this publication.
Copyright Notice
Copyright © on software and all Materials 1998-2011 Real Enterprise Solutions Development BV, P.O. Box 33, 5201 AA `s-Hertogenbosch, The
Netherlands. RES and the RES Software Logo are either registered trademarks or service marks of Real Enterprise Solutions Nederland B.V. in
Europe, the United States and other countries. RES Automation Manager, RES Workspace Manager, Dynamic Desktop Studio, Virtual Desktop
Extender and RES VDX are trade names of Real Enterprise Solutions Nederland B.V. in Europe, the United States and other countries. All other
product and company names mentioned may be trademarks and/or service marks of their respective owners. Real Enterprise Solutions
Development BV, The Netherlands has the following patents: U.S. Pat. "US 7,433,962", "US 7,565,652", "US 7,725,527", other patents pending or
granted.