Monday, December 12, 2011

Connecting OTRS into Active Directory.

I was testing out OTRS for work and got it to connect to and integrate with out Active Directory server.  All the Customers and Agents are pulled in from AD, bassed on group membership, along with their contact information.  This took quite a bit of trial and error but here is the config file I ended up with.  Note that this isn't the full file but rather goes into the load method where indicated.

How to retain a users default printer in Citrix when using Session Printers.

Update: 2/27/2011
Rewrote the scripts as they didnt work is some situations and caused some very strange errors.
Aslo to remove some potential errors with client session printers a network printer shuold now be set in the policies though this will get changed by the scripts.

I just covered how to push down Session Printers in Citrix based on Active Directory membership in my last post.  This method does however have one problem and that is that the users Default Printer preference will be discarded upon logout.  To get around that the with some scripts can be set up in the users login script to restore the previous default printer.  Also the free Defset utility will also need to be added as a published application for the users to use to change their default printer instead of the normal way.

You will need to download and save theDefSet utility onto each citrix server available form  In my case I just saved it to %windir%.

Once downloaded you will need to add a plublished application for the user to run this tool and set their default printer.  It should use the following command line to execute.
%windir%\defset.exe /PA

Also save the following  VBScript onto your Citrix servers where you put DefSet. The Adobe PDF printer is a default that will be used if no preference is set of if there is some error in the proccess though it can be changed here.

On Error Resume Next
Set WSHNetwork = CreateObject("WScript.Network")
Set ArgObj = WScript.Arguments
if ArgObj(0) = "Document" then
WSHNetwork.SetDefaultPrinter "Adobe PDF"
WSHNetwork.SetDefaultPrinter ArgObj(0)
End if
if Err.Number <> 0 then
WSHNetwork.SetDefaultPrinter "Adobe PDF"
End if

After that you will need to create a Group Policy that will apply to all the Citrix users.  In this policy you will need to add the following login scripts.

rem @echo off
echo Waiting for network printers to appear.
timeout 15
echo Setting user default printer.
FOR /F "eol=; tokens=3 delims=\" %%i in (%userprofile%\Windows\defset.ini) do (
cscript.exe %windir%\SetPrinterDefault.vbs "%%i"

 This will in essence work now but any client side printers published to the session will not save properly.  To fix this add the following Citrix Policy to the Group Policy we already created.
Policy: Client printer names
Value: Legacy printer names

We also need to set a default printer in the policy so that client side printers not cause errors durring startup.  Specificly what will happen is that if one of them gets assigned as a default durring the normal winodws logon proccess then the utilities will not work properly.  To get around this we will set a server side default printer and then the login script will change it.  This printer will need to be a session printer shared out to all the citrix users, though the default will just be changed so they won't really be printing to it.  We just use our support printer but you could jsut as easily use a fake printer. Add the following Citrix Policy to the Group Policy we already created.
Policy: Default Printer
Value: \\PrintServer\GlobalSharedPrinter

Please note that changing the default printer must be done with the DefSet tool and changing the printer in Windows will still be ignored on logoff.

Granting users Session Printers bassed on Active Directory Membership with Citrix.

I have been setting up the new Citrix environment where I work on one of the biggest problems we have run into is that of printing.  In the end I set the system up to use Citrix Group Policies to configure Session Printers at login time.  Furthermore I have it configured to discard the printers at log off.  The primary benefit to this approach is a one to one relationship between the printers a user has access to and the group membership in Active Directory.  There is one group for each printer in AD those groups are granted to user/department groups as needed. 

The Active Directory groups are named to match the printer names.
Printer - PNT001, Printer - PNT002-Color, Etc.

The Citrix Policies can be configured in the GPO or the Citrix Delivery Services Console as User Policies, one entry per printer. and look like so.
Name: Printer - PNT001
Setting: Session Printers   \\print01\PNT001
Filter:  Allow when user is in DOMIAN\Printer - PNT001 

When the user logs in the Citrix policy is applied.  It has one session printer line for each printer that is only applied if the user is a member of that printers security group.  As a result when adding or removing printers in AD any changes will be reflected when the users log in again.  This does not set or force down a default printer and any default set by the user will be lost on log out as the printers are discarded.  Please see the next post for dealing with allowing users to set and store their default printer preference.