If your users use a published application, you might have noticed that OneDrive does not automatically start after starting the app. This is by design, as it will only start in the full desktop, when Explorer.exe is running.

To ensure that Onedrive is starting with the Citrix Published Application, you can create a user logon script. This is one solution I have implemented, there are many others though.

C:\Program Files\Microsoft OneDrive\OneDrive.exe

/background

The other challenge: If the published application is closed, the session will still be open because Onedrive is still running, and the user will not be logged off. To change that behaviour, add Onedrive.exe and Microsoft.Sharepoint.exe as a value of this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI

REG_SZ LogoffCheckSysModules OneDrive.exe,Microsoft.Sharepoint.exe

References:

https://support.citrix.com/article/CTX891671/graceful-logoff-from-a-published-application-renders-the-session-in-active-state

Microsoft SQL Server administration is a big topic, but this short installation and configuration guide might help you get started with that.

First of all, download Microsoft SQL Server 2019 Express. You might get other versions (like MS SQL Standard) from your organization’s Licensing Portal (VLSC). The installation and configuration steps are the same. SQL Express can only have a maximum database size of 10GB and some other limitations.

https://www.microsoft.com/en-us/download/confirmation.aspx?id=101064

Run the setup and download media:

Run the downloaded installer and export it somewhere. The setup will launch. We need a new SQL Server instance:

We are performing a brand new installation (I already had installed an instance on this server)

We need the database engine services:

Give the instance a name. You might name the instance after your application.

Leave all this to default

The User Database and log directory should be changed. Normally you have one disk for the database and another disk for the log database, like this:

In some cases, you might limit the amount of RAM the instance can use:

Hit next and let the installation finalize.

Open SQL Server Configuration Manager. Here you should activate the TCP/IP protocol, so that your instance is reachable from a server in the network.

The service has to be restarted:

By default, the instance will have a high port assigned. This can be changed to a lower port like 1433,1434, etc.

Do not forget to restart the instance service after the changes.

Next, configure Windows Firewall. You will need these ports: UDP 1434 for SQL Server Browser and the instance port (the high port TCP 64891 or the manually configured port TCP 1434).

To verify the connection, install Microsoft SQL Server Management Studio on another server in the same domain.

https://learn.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?redirectedfrom=MSDN&view=sql-server-ver16

Verify login:

On the left side, you should see something if the login was successful:

In some cases you might need to enable mixed mode authentication, which allows you to authenticate with SQL users (for example the SA user) while also maintaining Windows Authentication.

After this change, the instance service has to be restarted.

Exchange Zero days are very common these days and there is a freshly baked one today (30th September 2022 as of writing). If you want to know what how the vulnerabilities work, take a look at the reference at the bottom. As a sysadmin I care about securing my systems.

Here are a few steps to mitigate this zero day vulnerability:

In IIS Manager on the Exchange Server, select the Autodiscover virtual directory and open URL Rewrite and add a new rule.

Select Request Blocking

Enter the string

.*autodiscover\.json.*\@.*Powershell.*

Using should be changed to Regular Expression.

Change URL to REQUEST_URI and save the changes.

References:

https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

Windows Server 2022 is new and has to be the best Windows Server there is right? Not at all. Microsoft has added a recovery partition (like in Windows Client versions) that prohibits you from expanding the boot disk like you usually would in older Windows Server versions.

Anyway, here are a few diskpart commands that will help you delete the recovery partition and allow you to expand the boot disk:

diskpart

list disk

select disk 0

Make sure partition 4 is the 523MB Recovery partition

select partition 4

delete partition override

References:

https://www.diskpart.com/diskpart/delete-partition-4125.html

If UAC is enabled and Admin Approval Mode is enabled for the built-in Administrator for example, you might have problems accessing network drives from an elevated command prompt. This behavior is expected, since in Admin Approval Mode all apps run as a standard user by default. If a program is elevated, it runs under a different session than the non-elevated user.

Microsoft suggests following fixes or workarounds:

1. Remap network drives via bat file or manually
2. Create this registry key, which creates a link between both sessions:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DWORD EnableLinkedConnections 1

References:

https://docs.microsoft.com/en-us/troubleshoot/windows-client/networking/mapped-drives-not-available-from-elevated-command