The more time I spend building Citrix/TS servers on Windows 2008 the more I realize that even though some of these changes have made things more difficult at first they ultimately will make creating new servers a bit easier once everything is scripted properly.
The following document contains registry entries and script information and is provided for informational purposes only. Use at your own risk.
Customizing the Start Menu
It used to be possible to create a user account, customize the profile and then copy the profile over the Default User profile. This method is not possible in 2008 and in my opinion this was always a little messy to begin with (although a bit less complex). In the following examples I am doing most things using more local changes since I am usually dealing with a single server and not a farm.
In 2008 you will find several new paths to customize your profile and the good news is that you can do this without creating a template user account!
The main areas I use are:
All Users Area
[list type=”arrow2″]
- This area is where the “All Users” profile area is stored.
- I usually shut this off in policy for my users (filtering admins from the policy) but I still access this section as most program installs dump their application shortcuts here.
- I then move the shortcuts to the Default Users area
[/list]
C:ProgramDataMicrosoftWindowsStart Menu
Default Users
[list type=”arrow2″]
-
This is the “profile template” that is used to create new user profiles
- I usually setup my menus here and take out any shortcuts I do not want
C:UsersDefaultAppDataRoamingMicrosoftWindowsStart Menu
Default Users Quick Launch
[list type=”arrow2″]
-
This is where you can find the Quick Launch
-
In the examples below I have provided information on how to script this.
[/list]
C:UsersDefaultAppDataRoamingMicrosoftInternet ExplorerQuick Launch
Public Folders
[list type=”arrow2″]
-
These directories are where you can place documents/application shortcuts/etc on all users Desktop/Favorites/etc
[/list]
C:UsersPublic
Customizing Pinned Items
It used to be possible to drag your icons into a quick launch folder or directly to your start menu folder but in 2008 everything is pinned and now this customization needs to be scripted.
Fortunately, I have found two ways of doing this. The first method (and the method I used) is to use a script created and provided by Citrix. The alternative is to use another script provided by Microsoft.
I chose the Citrix script because the Microsoft script first needed to be installed as a module before it could be run and I just wanted something simple that could be in a central location (in case an install was a farm install or for future server builds).
Obtaining the Script(s)
The Citrix script can be downloaded from the following web site: Citrix Script
The Microsoft module script can be downloaded from here: Microsoft Module
Instructions to install the Microsoft module can be found here: Microsoft Module Instructions
My Customizations
At the time of this writing the Citrix script could only handle task bar additions but I also wanted it to update the start menu. So here is what I did.
-
Download and open (with notepad) the Enable-CtxDesktopExperienceUser.ps1 script from Citrix
-
In notepad, perform a find and replace and find “Invoke-TaskbarItemVerb” and replace with “Invoke-MenuItemVerb”
-
Under the Remove Taskbar item section I added:
<#
.DESCRIPTION
Add Start Menu item.
#>
Function Add-StartMenuItem
{
Param (
[string]$FilePath
)
if (!(Invoke-MenuItemVerb "Pin to Start Menu" $FilePath)) {
Write-Host "The tasbar item has already been added for file: $FilePath"
}
}
<#
.DESCRIPTION
Remove Start Menu item.
#>
Function Remove-StartMenuItem
{
Param (
[string]$FilePath
)
if (!(Invoke-StartMenuItemVerb "Unpin from start menu" $FilePath)) {
Write-Host "The tasbar item has already been removed for file: $FilePath"
}
}
This now gives us two new functions to add and remove start menu items. Towards the bottom of the script you should see individual items enclosed in try { }. This is the part of the code that can be used to add or remove pinned items and after our customization we now have four functions that can be used: Add-TaskbarItem, Add-StartMenuItem, Remove-TaskbarItem, Remove-StartMenuItem.
So to add Excel to the Start Menu and Task Bar:
try {
Add-TaskbarItem -FilePath "${env:ProgramFiles}Microsoft OfficeOffice12EXCEL.EXE"
$success = $TRUE
} catch {
Write-Warning $_
Write-EventLog -LogName application -Source CtxDesktopExperience -EntryType warning -EventId 6004 -Message "Enable-CtxDesktopExperienceUser: $_"
$success = $FALSE
}
try {
Add-StartMenuItem -FilePath "${env:ProgramFiles}Microsoft OfficeOffice12EXCEL.EXE"
$success = $TRUE
} catch {
Write-Warning $_
Write-EventLog -LogName application -Source CtxDesktopExperience -EntryType warning -EventId 6004 -Message "Enable-CtxDesktopExperienceUser: $_"
$success = $FALSE
}
Policy Changes
In order to execute the script we will need to make two policy changes. Please keep in mind that this script is going to only execute once during profile creation. So to test you can delete the users profile and let it recreate.
Please move the script to your netlogon directory and make sure to edit the SERVER location below.
Allow Script Execution
-
Computer Configuration → Policies → Administrative Templates → Windows Components → Windows Power Shell
-
Turn on Script Execution
-
Enabled
-
Allow local scripts and remote signed scripts
-
Registry Setting to RunOnce – make sure to update the location of the script – I would recommend a network location
-
User Configuration → Preferences → Windows Settings → Registry
-
New → Registry Item
-
Action: Create
-
Hive: HKEY_CURRENT_USER
-
Key Path: SoftwareMicrosoftWindowsCurrentVersionRunOnce
-
Value name: CitrixStartMenu
-
Value type: REG_SZ
-
Value data: %SYSTEMROOT%system32WindowsPowerShellv1.0powershell.exe -WindowStyle Hidden SERVERNAMEnetlogonEnable-CtxDesktopExperienceUser.ps1
-
Create the event log entries
-
This script logs to the event log but as the event’s do not currently exist you will get a permission denied when running it as a user.
-
To get past this, open an elevated command prompt and run the script once as a system admin.