Posts

Showing posts from 2016

Access Point Gui 3.0.2 - Final

Image
Access Point Gui 3.0.1 3.0.2

Ok so this is My last, last version of this as I am moving on to other projects.

Last Updates include:
config options for vIDM
config options for system settings.
removal of background image (it was causing long load times.
some code cleanup.

Also forgot to add a thumbprint box for vIDM
Note about auto thumbprint for vidm, this will get the thumbprint from the server however it will not add the sha value at the beginning, this is due to a framework limitation, and i dont have the time figure out a new way, so if you auto generate your thumbprint, make sure to put a 'shat1:" or "sha256:" in front before submitting.


Enjoy!



Download Here













Access Point Gui 3.0 ( For AP 2.7.2)

Image
Access Point Gui 3.0 ( For AP 2.7.2)

So I didn't think id write another one of these since I figured there would be one in the latest realease of AP. Well I guess they skipped any sort of Gui again, so here we go!


Requirements:
.NET 4.5.2 or greater
A deployed AP (just needs to be accessible via management IP)

So to start download , extract and double click the Access Point Gui.exe

Once the App has loaded you will be presented with a console 


Enter your AP's management IP or the host name and password. At this point you could continue filling out the settings but lets see what we currently have set by clicking the [Get Current Info] button.





OK Great , there are our current settings, we can copy those off some where in case we need them.



Click the View Enabled? check box to open up the rest of the settings.

Fill out the rest of the settings as required. I have added a function to get the Thumbprint for the connection server (or LB server) of the supplied certificate. After you …

VMware View 2-factor authentication with Google Authenticator - Part Four

Image
Adding View to the Mix.
Now that we have (almost) everything setup on the Linux server side, we just need to finish the view configuration and the client portion.


Open up the View administrator, navigate to View Configuration > servers.
Select the Connection Servers tab
Select your Server and click the Edit button.

in the "Edit Connection Server Settings" pop up window, change 2-Factor authentication to RADIUS
Check enforce 2-factor and windows user name matching


On Select Authenticator Select New.

Update the fields with your information.




We are now down with the View Configuration.

download and install the google authenticator app for your device:
https://support.google.com/accounts/answer/1066447?hl=en


Now we sill set up the user to authenticate.
Open up a putty session to your ubuntu server.
type
su someADusername
you should now be logged in as that users
run gauth, this will generate the QR code to scann from the install app on your device.



From your device, select the…

VMware View 2-factor authentication with Google Authenticator - Part Three

Image
Installing Google Authenticator pbis-open and freeradius
Now that we have the VM and Ubuntu installed, we now need to install our packages.

First make sure you have a DNS record for the server in active directory, as we are going to need it. This must be done first!

Also create a AD security group named:
GG_S_GOOGLE_AUTH_DISABLED

Once done, go back to your console and run the following:
sudo su
enter your password

apt-get update

apt-get dist-upgrade
say Y when prompted

apt-get install ntp
say Y when prompted

apt-get install ntpdate
should not prompt

ntpdate pool.ntp.org

Now we are going to install pbis-open for our connection to Active Directory

wget -O - http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis|sudo apt-key add - 
wget -O /etc/apt/sources.list.d/pbiso.list http://repo.pbis.beyondtrust.com/apt/pbiso.list 
apt-get update
apt-get install pbis-open
say Y when prompted

Once that completes we can Join our Ubuntu server to the domain.
domainjoin-cli join yourdomain.com administrator@yourd…

VMware View 2-factor authentication with Google Authenticator - Part Two

Image
Installing Ubuntu 16.04
Now that the VM is powered on and you in the console window select English, then Install Ubuntu server.
(some times it appears that its frozen, this is just the client having issues re-drawing, close and reopen the console and your good to go)



Basic stuff here, choose English again

Select your country
don't detect keyboard layout (unless you have a non qwerty keyboard)
Finish selecting your keyboard layouts.
And wait for some stuff to load

You will be prompted to give your server a host name. Put in the FQDN you plan to use.


create a user, this is a local user so nothing fancy, and a password:

For the purpose of this demo I have chosen not to encrypt my home directory.
Select your time zone if the one that comes up is not correct.
Unless you know what your doing just use the defaults for setting up the disk.


Write your changes to the disk
Select Continue
And then Confirm.

Bunch of stuff will install.
You will be prompted for a proxy, if you do not have no s…

VMware View 2-factor authentication with Google Authenticator - Part One

Image
Ok so I though this was going to be a simple step by step process. Considering there is already a published document out there on this. However come to find out not only is this completely out dated, but half the stuff is wrong, Not only is this doc wrong in so many parts, but searching documentation on the internet is wrong as well.

However after several days of testing, and looking up error codes, and then re-testing and chasing rabbits down holes that led me no where I finally got this up and running, and I'm able to consistently reproduce the results.

I'm going to walk you step by step how to set this up for a single connection server for dual factor authentication.


Part 1 : Get Ubuntu 16.04 and install it!
Go over and grab the 16.04 LTS ISO  from ubuntu.com (64 bit)
Download it, put it on a Share in your vSphere environment so you can build a new VM.
Once that is done lest build the VM. Always choose custom

Give it a Name
I decided to use HW version 8, just my preference.

VMware View VMs stuck on logoff

You may get into a situation where your View VMs do not log off correctly. Typically this happens because the VM is waiting for an application to close and is prompting for user interaction. This is a common issue.

This can be worked around by setting some registry keys in the HKCU hive. however this is quite cumbersome , so i have created a user GPO to do exactly this!

I created this adm template that can be imported into AD and pushed to your VDI users, it allows you to change the following settings:

AutoEndTasks:
Determines whether user processes end automatically when the user either logs off or shuts down
https://technet.microsoft.com/en-us/library/cc978604.aspx

HungAppTimeout:
Specifies how long the system waits for user processes to end after the user clicks the End Task command button in Task Manager . If this threshold is exceeded, the End Taskdialog box appears, stating that the process did not respond.
https://technet.microsoft.com/en-us/library/cc978614.aspx
WaitToKillServiceT…

Using PowerShell to Deploy VMware Access Point

Looks like VMware came up with a solution to deploy the access point with powershell.


https://communities.vmware.com/docs/DOC-30835


VMwareView.MOF WMI queries

VMwareView.MOF

Purpose:
To create a WMI framework for querying agent variables created on a View Desktop.



Details:

The MOF allows you to query the following:

ViewClient_Broker_DNS_Name
ViewClient_Broker_DomainName
ViewClient_Broker_Remote_IP_Address
ViewClient_Broker_Tunneled
ViewClient_Broker_URL
ViewClient_Broker_UserName
ViewClient_Client_ID
ViewClient_Displays_Number
ViewClient_Displays_Topology
ViewClient_IP_Address
ViewClient_Keyboard_KeyDelayToRepeat
ViewClient_Keyboard_KeyRepeatRate
ViewClient_Keyboard_Language
ViewClient_Keyboard_Layout
ViewClient_Keyboard_NumFuncKeys
ViewClient_Keyboard_NumIndicators
ViewClient_Keyboard_NumKeys
ViewClient_Keyboard_ScanCodeMode
ViewClient_Keyboard_SubType
ViewClient_Keyboard_Type
ViewClient_Language
ViewClient_Launch_ID
ViewClient_Launch_SessionType
ViewClient_LoggedOn_Domainname
ViewClient_LoggedOn_Username
ViewClient_MAC_Address
ViewClient_Machine_Domain
ViewClient_Machine_Name
ViewClient_Mouse_Identifier
ViewClient_Mouse_NumButtons
ViewCli…

VMware View local \ remote user information

Image
In some instances you may want to get some information on the users that are logging in to the VM's.
This is not easily accessible through View its self. So I have come up with a way get the information from the VM's themselves.

First of all your going to need the MOF file i created in an earlier post here for the WMI queries.
Install this into your parent image.
You will also need the logon script , that runs at logon located here.
And lastly a remote SQL database that will hold the data, I have taken the liberty of creating a script to create the database for you here.

After running trough this, you will be able to query for users that logged in to a specific VM and find any additional information provided by the agent.


So lets get started.

Create a database with the script
Open up Microsoft Management studio and connect to your database server, create a new database, and use the script to create a new table.
Paste the contents of the script into a new query window
change the…

WMI Query VMware View Agent Variables

Image
The purpose of this post is to show how you can query the "Volatile Environment" variables from the View agent to get WMI information. I though I would share what I have done to maybe help others in similar situations.

Requirements:
The requirements for this view environment is to allow client drive redirection for internal users and disable it for external users.
The users are always in the same pool, and in this case we only have one connection server and one security server.

Because this is a feature that is either on or off and no built in way to control this, the thought is that we can create a GPO that and run off a WMI query to determine if the users are inside the network or outside of the network and disable client drive redirection based on the IP.

Lets Filter!
So we can create a simple GPO to disable CDR , however we do not want this to happen internally so we need something to query off of. It would seam this would be an easy task however I ran into the first issue…