Detecting a Citrix XenDesktop Session - session

I'm looking to determine if our application is running on a XenDesktop session rather than locally. Here is what I have found so far:
We currently have code to detect a Citrix XenApp session similar to the solution mentioned by Helge Klein in "API for Determining if App is Running on Citrix or Terminal Services".
Sadly that solution in a XenDesktop environment is returning back a WTSClientProtocolType of 0 which signifies a local console session.
In response to the same question Josh Weatherly mentioned checking the sessionname environment variable.
However a quick console check with echo %sessionname% on the XenDesktop environment returns back 'Console'.
From "Detect citrix “application mode”?" John Sibly suggested a solution for detecting a remote session (not Citrix in particular):
GetSystemMetrics(SM_REMOTESESSION) however returns 0 which also means that it is a local session.
Does anyone know of a way to detect that it is a XenDesktop session? So far as you can see all my attempts are returning that the session is a local console session.
I'm using XenDesktop Express 5.5, accessing the desktop using the Citrix Receiver Web Plug-In.

If you are using XenDesktop for VDI, then as far as the application is concerned, the application is executing locally. VDI, or virtual desktop infrastructure, consists of delivering the GUI from a full featured desktop operating system to a remote device. Typically, the desktop O/S executes in a virtual machine on a hypervisor in a data center, and the GUI is transmitted to the remote device using Citrix' ICA stack. For example, this happens in the pooled desktops scenario.
XenApp offers virtual desktops, which is a slightly different concept. Again, the desktop is delivered to a remote device using the ICA stack. However, the desktop is no longer running on a dedicated O/S. Rather, it is one of a number of user sessions on a single Windows Server. There may be any number of users logged on to that server. This places limits on the applications that can be run, which is why applications might want to know that they are on a multi-user O/S.
What you might try to do is determine whether the GUI is being delivered remotely using the ICA stack. A simple check would involve looking for the "ProticaService", which is responsible for implementing the ICA stack.
Alternatively, you may be trying to determine if your machine is running in a VM or native to a machine. Besides the pooled scenario described in the first paragraph, XenDesktop can deliver desktop running native. This overcomes limits on virtualision I/O devices such as graphics cards used by CAD applications. In this case, you need to rule out the presence of a VMM, or hypervisor.

I have updated my answer linked to in the question with a description of how to determine the remoting protocol type in XenDesktop sessions.
You need the (not really well documented) function WFGetActiveProtocol from Citrix' WFAPI SDK. Proceed as follows:
Download the SDK (link)
Install WFApiSDK64-65.msi
In your C++ project include wfapi.h and link to wfapi[64].lib
Use the undocumented function WFGetActiveProtocol
More detail and sample code here.

Related

Is it possible to containerize a Windows GUI application on a Windows host?

I have a rather difficult to manage Windows closed-source Windows GUI application. It's messy (leaves files all over the place) and has a convoluted installation process.
It has been proposed that we containerize the application, but can this be done?
For UNIX applications there's an easy pattern - just give the app access to the port of the X11 server, and allow the app to write to that, but is there a Windows equivalent? Is there any way at all to containerize a Windows application but allow it to generate windows in the host Operating System's desktop?
If this is possible, are there any handy recipes to get started with this?
Currently, It's not possible to containerized Windows GUI application on a windows host.
From the blog Insider preview: Windows container image
Lars Iwer [MSFT] writes in the comments below the article:
"In the container image as it is right now, GUI elements will be rendered in session 0. UI automation should work with that (e.g. programmatically searching for a window etc.)."
So according to my understanding, you can run GUI apps but the rendered elements are not shown on any desktop which will only work for UI automation work but not for user interactive application.
Session 0:
Session 0 is reserved exclusively for services and other non-interactive user applications. Users
who are logged on to Windows and their user applications must run in Session 1 or higher.
- User interfaces in Session 0 are not supported. Processes running in Session 0 have no access to the graphics hardware thus user interfaces cannot be directly displayed on the monitor.

How to make Delphi applic debugged see the REAL registry - and not the virtual one

Background:
I'm developing an windows service and using the registry to get the parameters (using the key Parameters below the service entry).
Delphi is installed as an AppWave app (long story I cannot tell here) and therefore when debugging it goes to an virtualized copy [1] instead of the real deal [2].
I detected that after going logging registry activity of the service using
Process Monitor. If I run the service outside Delphi, the application
access the real key normally.
Question: there's some way to circunvent Streaming Core and debug the app
accessing the real registry key?
Note to mods: since there's no AppWave tag, I could not include it - I tried.
Virtualized copy: HKEY_LOCAL_MACHINE\software\Embarcadero\StreamingCore\Profiles\fabricio\Applications\{<<GUID>>}\Virtualization\Keys\whklm\SYSTEM\CurrentControlSet\services\[service]\Parameters]
Real deal: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\[service]\Parameters
The whole point of AppWave to is sandbox and virtualize applications. So no, AFAIK your service cannot bypass AppWave's Registry virtualization while running inside of the sandbox.
I've never used AppWave myself, but assuming it allows network connections, you may have to resort to using the IDE's remote debugger. Run the service outside of the sandbox, and then have the IDE connect to the remote debugger, which can then debug the service process.
I didn't found an way. The remote debugger approach - suggested by Remy's answer - when used on the same machine ended affected by the StreamingCore service.
So the approach used is logging to do the debugging. For that, used CodeSite Express (which is very handy and included in Delphi) to do the logging.

UIAutomation won't work in Windows Server (VPS) if I am not connected via RDP

I have script which uses mircrosoft's UIAutomation to automate an application. The script is inside a VPS running Windows Server 2012. The script works perfectly while I am connected to the VPS via Remote Desktop (RDP).
When I am not connected, the script seems to be stuck on SetFocus for a object... which leads me to believe that the script needs a Display/Screen/Session in order to work... but I am not sure if it is possible to do it while I am not connected to the VPS.
I can see 2 possible solutions here, either modify the script in someway to work in this environment or make the VPS have a virtual desktop while I am not connected (this solution might be more related to Server Fault rather than StackOverflow).
I am very confused, thanks for the help in advance :)
I managed to workaround the issue by actually connecting to the server to itself (to 127.0.0.1) via RDP so that it will always have an active RDP session for the automation script to run.
I am not happy with the results but it works... I cannot give clear instructions on how you would need to modify the settings in Windows to allow RDP connections from self, it was a one big trial and error process, I have to modify some policies in the Group Policy Editor and then some stuff that I don't remember.
There is another downside to this, a Windows server will allow 2 simultaneous connections to it but by using this method we are reserving a slot so only 1 connection at a given time is possible, something to be aware of.

Is it possible to run programs locally from a terminal services remote app?

First, I guess I'd have to figure out if I'm running remotely and second I'd have to figure out whether my remote connection is a standalone remote app or an app running on a terminal server (that may be tricky).
But, once I've figured out all those awful things, is there a way to run a windows function like ShellExecute locally instead of remotely?
The reason I'd want to do this is because I launch a web browser to view rather high bandwidth things that require javascript and flash and certain sysadmins who administer our product aren't too keen on having to make unnecessary and insecure modifications to their terminal server farm.
Yes, if the clients are running Windows and you can install software on them.
See Remote Desktop Services Virtual Channels in MSDN.
There is a free tool that does exactly what you want. I got reference from TechNet forums, it's named Remote Executer from http://www.mqtechnologies.com
Good luck

What can Services do under Windows?

Does anyone have a good guide to capabilities of Windows Services under XP? In particular, I am trying to find out what happens when a program being run as a service tries to open windows, but hasn't been given permission to interact with the desktop.
Basically, I have a program that is/was a GUI application, that should be able to run as a service for long term background processing. Rewriting the program to not display the GUI elements when doing background processing is a major effort, so I'd like to see if there is just a way to ignore the UI elements. It is sort of working now, as long as too many windows aren't opened. I'm trying to figure out what limits I might be running into. Ideally, there would be an MSDN page that discusses this, but I've had no luck finding one yet.
Generally, services should be designed to not have any visible UI. The entire point of a service is to run in the background, without UI, unattended. (Think SQL Server, IIS, etc.)
In most scenarios, a separate application controls the service's operation, should a GUI be needed. (Continuing the samples I just mentioned, SQL Server Management Studio, IIS Manager, etc.) These separate applications configure and manipulate the service (and occasionally, if needed, bounce said service).
If your service requires occasional UI, and said UI can't be isolated to a control app, then you probably should reconsider the fact that you're using a service to begin with. Perhaps a UI application which resides in the system notification area is the right pattern to use? (E.G., Windows Live Communicator.)
A service in Microsoft Windows is a program that runs whenever the computer is running the operating system. It does not require a user to be logged on. Services are needed to perform user-independent tasks such as directory replication, process monitoring, or services to other machines on a network, such as support for the Internet HTTP protocol
Usually it is implemented as a console application that runs in the background and performs tasks that don't require user interaction.
The installed services can be configured through the Services applet, available from
Control Panel --> Administrative Tools in Windows 2000/XP.
Services can be configured to start automatically when operating system starts, so you dont have to start each of them manually after a system reboot.
Creating a Simple Service - MSDN Article
Writing Windows Services Made easy - Code Project Article
Five Steps to Writing Windows Services in C - DevX Article
If you should be thinking of eventually migrating to a newer OS such as Vista or Server 2008, you will find that you cannot give a service permission to interact with the desktop at all. Therefore, from the point of view of forwards compatibility, you should design your service to not require it.
A service in Windows XP can interact with the Desktop if its "Allow Service to Interact with Desktop" property (MMC -> service properties -> Log On tab) is checked. It is also possible to do so by doing the following:
hWinstation = OpenWindowStation("winsta0", FALSE, MAXIMUM_ALLOWED);
SetProcessWindowStation(hWinstation);
hDesktop = OpenDesktop("default", 0, FALSE, MAXIMUM_ALLOWED);
SetThreadDesktop(hDesk);
But be aware that presenting UI from a service process in Windows XP will almost always lead to a security problem (see Shatter attack). You should try to break out the UI part of your application from the service.
Usually the service won't have permission to write to the window station and desktop, so it will fail; even running applications that load user32.dll can fail simply because user32 has initialization code that wants to talk to the window station and can't get access to it unless the service is running as an administrator.

Resources