Showing posts from 2016

Access Point Gui 3.0.2 - Final

Access Point Gui 3.0.1 3.0.2

Ok so this is My last, last version of this as I am moving on to other projects.

Last Updates include:
config options for vIDM
config options for system settings.
removal of background image (it was causing long load times.
some code cleanup.

Also forgot to add a thumbprint box for vIDM
Note about auto thumbprint for vidm, this will get the thumbprint from the server however it will not add the sha value at the beginning, this is due to a framework limitation, and i dont have the time figure out a new way, so if you auto generate your thumbprint, make sure to put a 'shat1:" or "sha256:" in front before submitting.


Download Here

Access Point Gui 3.0 ( For AP 2.7.2)

Access Point Gui 3.0 ( For AP 2.7.2)

So I didn't think id write another one of these since I figured there would be one in the latest realease of AP. Well I guess they skipped any sort of Gui again, so here we go!

.NET 4.5.2 or greater
A deployed AP (just needs to be accessible via management IP)

So to start download , extract and double click the Access Point Gui.exe

Once the App has loaded you will be presented with a console 

Enter your AP's management IP or the host name and password. At this point you could continue filling out the settings but lets see what we currently have set by clicking the [Get Current Info] button.

OK Great , there are our current settings, we can copy those off some where in case we need them.

Click the View Enabled? check box to open up the rest of the settings.

Fill out the rest of the settings as required. I have added a function to get the Thumbprint for the connection server (or LB server) of the supplied certificate. After you …

VMware View 2-factor authentication with Google Authenticator - Part Four

Adding View to the Mix.
Now that we have (almost) everything setup on the Linux server side, we just need to finish the view configuration and the client portion.

Open up the View administrator, navigate to View Configuration > servers.
Select the Connection Servers tab
Select your Server and click the Edit button.

in the "Edit Connection Server Settings" pop up window, change 2-Factor authentication to RADIUS
Check enforce 2-factor and windows user name matching

On Select Authenticator Select New.

Update the fields with your information.

We are now down with the View Configuration.

download and install the google authenticator app for your device:

Now we sill set up the user to authenticate.
Open up a putty session to your ubuntu server.
su someADusername
you should now be logged in as that users
run gauth, this will generate the QR code to scann from the install app on your device.

From your device, select the…

VMware View 2-factor authentication with Google Authenticator - Part Three

Installing Google Authenticator pbis-open and freeradius
Now that we have the VM and Ubuntu installed, we now need to install our packages.

First make sure you have a DNS record for the server in active directory, as we are going to need it. This must be done first!

Also create a AD security group named:

Once done, go back to your console and run the following:
sudo su
enter your password

apt-get update

apt-get dist-upgrade
say Y when prompted

apt-get install ntp
say Y when prompted

apt-get install ntpdate
should not prompt


Now we are going to install pbis-open for our connection to Active Directory

wget -O -|sudo apt-key add - 
wget -O /etc/apt/sources.list.d/pbiso.list 
apt-get update
apt-get install pbis-open
say Y when prompted

Once that completes we can Join our Ubuntu server to the domain.
domainjoin-cli join administrator@yourd…

VMware View 2-factor authentication with Google Authenticator - Part Two

Installing Ubuntu 16.04
Now that the VM is powered on and you in the console window select English, then Install Ubuntu server.
(some times it appears that its frozen, this is just the client having issues re-drawing, close and reopen the console and your good to go)

Basic stuff here, choose English again

Select your country
don't detect keyboard layout (unless you have a non qwerty keyboard)
Finish selecting your keyboard layouts.
And wait for some stuff to load

You will be prompted to give your server a host name. Put in the FQDN you plan to use.

create a user, this is a local user so nothing fancy, and a password:

For the purpose of this demo I have chosen not to encrypt my home directory.
Select your time zone if the one that comes up is not correct.
Unless you know what your doing just use the defaults for setting up the disk.

Write your changes to the disk
Select Continue
And then Confirm.

Bunch of stuff will install.
You will be prompted for a proxy, if you do not have no s…

VMware View 2-factor authentication with Google Authenticator - Part One

Ok so I though this was going to be a simple step by step process. Considering there is already a published document out there on this. However come to find out not only is this completely out dated, but half the stuff is wrong, Not only is this doc wrong in so many parts, but searching documentation on the internet is wrong as well.

However after several days of testing, and looking up error codes, and then re-testing and chasing rabbits down holes that led me no where I finally got this up and running, and I'm able to consistently reproduce the results.

I'm going to walk you step by step how to set this up for a single connection server for dual factor authentication.

Part 1 : Get Ubuntu 16.04 and install it!
Go over and grab the 16.04 LTS ISO  from (64 bit)
Download it, put it on a Share in your vSphere environment so you can build a new VM.
Once that is done lest build the VM. Always choose custom

Give it a Name
I decided to use HW version 8, just my preference.

VMware View VMs stuck on logoff

You may get into a situation where your View VMs do not log off correctly. Typically this happens because the VM is waiting for an application to close and is prompting for user interaction. This is a common issue.

This can be worked around by setting some registry keys in the HKCU hive. however this is quite cumbersome , so i have created a user GPO to do exactly this!

I created this adm template that can be imported into AD and pushed to your VDI users, it allows you to change the following settings:

Determines whether user processes end automatically when the user either logs off or shuts down

Specifies how long the system waits for user processes to end after the user clicks the End Task command button in Task Manager . If this threshold is exceeded, the End Taskdialog box appears, stating that the process did not respond.

Using PowerShell to Deploy VMware Access Point

Looks like VMware came up with a solution to deploy the access point with powershell.

VMwareView.MOF WMI queries


To create a WMI framework for querying agent variables created on a View Desktop.


The MOF allows you to query the following:


VMware View local \ remote user information

In some instances you may want to get some information on the users that are logging in to the VM's.
This is not easily accessible through View its self. So I have come up with a way get the information from the VM's themselves.

First of all your going to need the MOF file i created in an earlier post here for the WMI queries.
Install this into your parent image.
You will also need the logon script , that runs at logon located here.
And lastly a remote SQL database that will hold the data, I have taken the liberty of creating a script to create the database for you here.

After running trough this, you will be able to query for users that logged in to a specific VM and find any additional information provided by the agent.

So lets get started.

Create a database with the script
Open up Microsoft Management studio and connect to your database server, create a new database, and use the script to create a new table.
Paste the contents of the script into a new query window
change the…

WMI Query VMware View Agent Variables

The purpose of this post is to show how you can query the "Volatile Environment" variables from the View agent to get WMI information. I though I would share what I have done to maybe help others in similar situations.

The requirements for this view environment is to allow client drive redirection for internal users and disable it for external users.
The users are always in the same pool, and in this case we only have one connection server and one security server.

Because this is a feature that is either on or off and no built in way to control this, the thought is that we can create a GPO that and run off a WMI query to determine if the users are inside the network or outside of the network and disable client drive redirection based on the IP.

Lets Filter!
So we can create a simple GPO to disable CDR , however we do not want this to happen internally so we need something to query off of. It would seam this would be an easy task however I ran into the first issue…