Category: Deployment and Scripting

Installing FireFox

Installing FireFox

In this article I’ll show you how to install and configure FireFox in a non-persistent Session Host environment. By non-persistent I mean in a Citrix Virtual Apps and Desktop setup deployed either via Citrix Provisioning or via Citrix Machine Creation Services. However you should be able to use this guide in Microsoft RDS and VMware Horizon as well.

During my research and testing of FireFox I have of course become more familiar with the browser, and it is also currently my second choice of browser, my first choice is still Microsoft Edge. Until recently my second choice was actually Internet Explorer, but I am more and more often experiencing issue with different web sites when using IE, so it’s now down to third choice.

Unfortunately in Session Hosts, we do not have access to the Microsoft Edge, only Internet Explorer is available out of the box. Microsoft has decided that the Edge browser, among other in-box Universal Windows applications, are only available in the semi-annual releases of Windows.

For anyone caring a bit about privacy, it may also be that FireFox is becoming one of the last independent browsers out there, as Microsoft late last year announced that Edge is moving to the Chromium open source project.

This means that at some point two of the four major browsers (Edge, Google Chrome, FireFox and Internet Explorer) will be running on the Chromium core.

To get started you will need to pick a FireFox installer that suits your needs. Currently FireFox is being maintained in two tracks, the Regular Release and Extended Support Release (ESR).
The ESR edition of FireFox is not updated with new features, updates will only address security vulnerabilities. Updates to the Regular Release may contain feature additions and will also address security vulnerabilities. So going with the ESR edition, could mean less testing when the browser is updated, as any updates will not contain new features.

Mozilla has a release calendar for 2019 where you can track when a new Regular Version is released.

For this article I am using the latest ESR 64-bit edition of FireFox, which currently is version 60.5.0. You can find the latest ESR edition here:
https://www.mozilla.org/en-US/firefox/organizations/all/.

You will also need the Group Policy Administrative Templates for FireFox, they can be found at Mozillas GitHub repository here:
https//github.com/mozilla/policy-templates


Click “Clone or Download”. That triggers a download of a ZIP file which contains the ADMX and ADML files needed.

So let’s get started.

Installing FireFox manually is pretty straight forward, I will not provide an install guide here. I will instead show how to do an unattended install of FireFox.

To do an unattended install of FireFox via command line or a script, you will need an INI file, with a few options.

Here are the contents of the INI file I use:

[Install]
;The name of the directory where the application will be installed in the system's program files directory
InstallDirectoryName=Mozilla Firefox

;Create a shortcut for the application in the current user's QuickLaunch directory.
QuickLaunchShortcut=false

;Create a shortcut for the application on the desktop.
;This will create the shortcut in the All Users Desktop directory
;If that fails this will attempt to create the shortcuts in the current user's Start Menu directory.
DesktopShortcut=false

;Create shortcuts for the application in the Start Menu.
;This will create the shortcuts in the All Users Start Menu directory
;If that fails this will attempt to create the shortcuts in the current user's Start Menu directory.
StartMenuShortcuts=true

;The MozillaMaintenance service is used for silent updates and may be used for other maintenance related tasks.
;It is an optional component.
MaintenanceService=false

Additional information about the arguments can be found here:
https://wiki.mozilla.org/Installer:Command_Line_Arguments

An important thing to remember is to include the “MaintenanceService=false” in the INI file, this excludes the FireFox Maintenance Service from the install process.
According to Mozilla this service is used for silent updates and “other maintenance tasks” whatever that means. As we all know it’s usually not a good idea to do any kinds of updates or “other maintenace tasks” in a Session Host based setup, whether it’s non-persistent or not. A certain degree of application control is still needed.

To install FireFox unattended using the INI file, use the /INI=<full path to configuration INI file> install switch, like this:
“Firefox Setup 60.5.0esr.exe” /INI=”C:\Temp\FireFox-Unattend-INI.ini”

If you are using the INI file provided above, everything should go through smoothly and you should now have a shortcut to FireFox in the Start Menu only, and no Maintenance Service. To verify whether the Maintenance Service is installed or not, go the Services console. If you see a service called “Mozilla Maintenance Service”, the service is installed. You can either remove FireFox and do another install, or simply disable the service.

Now to the more exiting part, group policy. We are going to create a FireFox GPO which configures a few things that addresses general usability and a bit of security/privacy.

Import the ADMX and ADML into your Central Store, then you should be able to access the FireFox group policy settings.

As you can see, we have a few possibilities when it comes to managing the configuration of FireFox. I will not go through every single policy, I will however show you the GPO I have implemented. Just remember that some of the settings in this GPO might not apply to your environment, so read the policy descriptions, understand them, and test whatever policies you apply.

All policies are configured in User Configuration. I prefer this approach, as I am then able to do security filtering of users and/or groups, which enables users and/or groups to receive different group policy configurations.

Here I block the access to the “about:config” page. This page contains a lot of very advanced features and settings, which probably isn’t a very good idea for a regular user to be messing around with.

Other noticeable policies are “Disable System Addon Updates”, which disables the update of System Addons, again we don’t want that in a Session Host based environment. The “Disable Update”, disables the update of FireFox itself.

“Tracking Protection” is enabled, and the user cannot disable it. This provides a security/privacy feature in FireFox which blocks content, cookies or scripts from collecting your browsing data across multiple sites. I recommend enabling the feature in a Session Host based environment, as it will reduce the CPU usage of the FireFox browser dramatically and provide some basic privacy when browsing the internet. A similar feature exists in Internet Explorer, which I have mentioned in another blog post.

The “Allow add-on install from website” is disabled, which prevents the user from installing add-ons to FireFox. We want control of the FireFox application, there are all kinds of add-ons doing all kinds of different things, we don’t want that on our Session Hosts.

The last part is the “Default Search Engine”. Here I configure Google as the default search provider, have you ever met a user that wanted another search provider than Google?
I also remove some built in search providers and essentially only allow Google and DuckDuckGo in the list of search providers and prevent manual addition of other search providers.

This concludes the guide. With this information you should be able to do an unattended setup of FireFox and configure a basic lockdown GPO to deliver a good user experience and prevent users from “messing thing up” for themselves, other users on the Session Host or the Session Host server.

Citrix Published Apps migration script

Citrix Published Apps migration script

Recently I was working on a XenApp and XenDesktop 7.9 upgrade project. The customer didn’t want to touch the existing 7.9 environment, as it was a production environment with around 1000 concurrent users from different parts of the world. Instead a new XenApp and XenDesktop 7.18 site was created and we had to create everything manually in the new site.

Fortunately, besides the published application, there really wasn’t much to be done. We had to create a couple of Machine Catalogs and a few Delivery Groups. However the customer had 50+ published applications and it would take quite a while to manually create those by hand.

As it turned out, the customer couldn’t wait for me to develop this script, so I actually didn’t test it out in that specific environment. However that didn’t stop me from finishing the script, as I expect more 7.x to 7.x or 7.x to 1808 and later migration projects in the future.

As I wasn’t able to find any useful tools from Citrix to help me migrate a 7.x site to another 7.x site, I decided to write my own script, with some inspiration from some older scripts I had used earlier.

The script can be found here:

Copy the code above and save it to file called Migrate-XAapps.ps1. The script contains basic information on usage and also examples of the different switches and paramaters that can be used.

Let me know if you experience any issues. As mentioned in the script, I have tested the code on XenApp and XenDesktop 7.6 LTSR CU6, XenApp and XenDesktop 7.9 and Citrix Virtual Apps and Desktops 1808 and I haven’t run into any issues, however I have probably not covered every possible published application scenario out there.

Installing Foxit Reader

Installing Foxit Reader

A few weeks ago I came across blog post by Carl Webster on a guide on how to install Adobe Acrobat Reader DC. This guide is very detailed and if you are in need of performing an unattended deployment of Adobe Acrobat Reader DC, this is probably the only guide you will need.

However there are other PDF viewers out there, better viewers in my opinion. Adobe Acrobat Reader DC, and versions before DC (11.x, 10.x, 9.x), has become bloated with features most users will never need, especially the online features are almost useless, at least from my point of view. My point of view is of course based on how the application behaves in a non-persistent and/or multi-user environment and general functionallity.

This guide I will show you how to install an alternative PDF Viewer from Foxit. With Foxit Reader you will, in my opinion, get a better performing and less bloated PDF Viewer, compared to Adobe Acrobat Reader DC and it’s just as easy, or maybe easier, to deploy and customize compared to Adobe Acrobat Reader DC.

To get started you will obviously need the Foxit Reader source files. To get those, go to the Foxit website https://www.foxitsoftware.com/

Go to the Log In box and either log in, if you have an account or create a new account. The account is needed to be able to get the Foxit Reader MSI installer, the XML Editor, the Foxit Customization Tool and the Group Policy administrative templates.

Once logged in, go to the download section and click Free Software

Here you will need the Enterprise Packaging which is either an MSI or, depending on the language selected, an ISO with an MSI.

 

Select the language needed, amount of users and make sure to select the MSI package type. As mentioned, depending on your selected language, you may not be able to select the MSI package type, only EXE or ISO is available. In that case select ISO, it will have en MSI package that we can extract and use going forward.

Once past the image verification, you will get to the actual download site. The MSI package download will automatically prompt you to save the file, if not, go ahead and download it manually.

You will need the MSI package, the XML Editor and the Foxit Customization Tool.

So, this it how it should look like, when you have all the needed components:

How to install using an MSI transforms file

Next, extract the FoxitCustomizationTool.zip file, this is used to create an MSI transforms file with pre-configured setup settings.

Fire up the Foxit Customization Tool

Go to File and click Open and select the FoxitReader93_enu_Setup.msi file

Once opened, this is where the good stuff is..

From here on, I will show you how I usually configures the transforms file. The settings shown may not reflect your needs, so consider what you select and/or deselect.

I always disable the Auto Update feature, in non-persistent setups this is recommended.

In the Features pane you can choose which features of Foxit Reader to install or not to install.

This installs the bare minimum features, which allows you to open PDF files in either the Foxit Reader application or within browser windows.

I usually remove any unwanted shortcuts, in this case the Foxit Reader desktop shortcut and the Activate Plugins Start Menu shortcut.

Now all you have to do is save the configuration to an MST file.

Go to File and click Save-As, provide a name for your new MST file and save it in the same directory as the FoxitReader93_enu_setup.msi.

You are now able to deploy Foxit Reader unattended via MDT, SCCM, Altiris, PowerShell etc. using this command line:

msiexec /I FoxitReader93_enu_setup.msi /qb TRANSFORMS=”FoxitReader93_enu_Setup_FCT.mst” ALLUSERS=1

How to install using command line parameters only

If you for some reason don’t want to use a transforms file, a wide range of command line parameters are available when using the MSI installer.

This command line should provide you with the same result as the transforms install method described above:

msiexec /I FoxitReader93_enu_setup.msi /qb ADDLOCAL=”FX_PDFVIEWER” MAKEDEFAULT=1 VIEW_IN_BROWSER=1 DESKTOP_SHORTCUT=0 AUTO_UPDATE=0 NOTINSTALLUPDATE=1 ALLUSERS=1

The Foxit Reader Deployment and Configuration guide describes a few additional command line parameters. The guide can be found on the Foxit Reader download site.

This covers the deployment of the Foxit Reader. Now, we are going to look a bit closer at what’s possible with the XML Editor.

Foxit Reader UI Customization

The XML Editor is needed to customize the graphical user interface of Foxit Reader. This means that you can hide certain parts of the application that may not be relevant for your users to access. I will show a few examples here, but there are a lot of different areas of the UI in Foxit Reader that can be hidden, so it’s really just a matter of picking out the parts that suit your needs.

I’ll usually hide the Help and the Share tabs. The Help tab isn’t really providing any useful information to user and the Share tab makes it possible to integrate with Evernote, OneNote and Sharepoint which may not be available.

To make these changes to the UI you will need an XML file, which you create using the XML Editor.

Open the XML Editor, it should look like this:

Make sure to click the Interface button, and select Foxit Reader. Also in the version box, make sure to type in the correct version of Foxit Reader.

Next go to the Ribbon Set tab. In here you will see a lot of different check boxes, each representing either a feature or a tab to hide. As mentioned, I want to hide the Help and Share tabs, this is done simply by checking the corresponding boxes:

Next click Export and save the XML file:

The XML goes into the C:\Program Files (x86)\Foxit Software\Foxit Reader\ProfStore folder, just overwrite the existing profstore.xml file, as it’s a default XML containing the default out-of-the box configuration.

Look at this nice and clean UI:

You can download a pre-configured sample of profstore.xml file here. Be sure to review the customizations, before production usage.

Deployment script examples

The profstore.xml should be copied as a part of the deployment process. I have provided a couple of examples on how to create either a batch script or a PowerShell script to deploy Foxit Reader and copy the profstore.xml file.

Batch/CMD:

msiexec /I FoxitReader93_enu_setup.msi /qb TRANSFORMS=”FoxitReader93_enu_Setup_FCT.mst” ALLUSERS=1

copy profstore.xml “C:\Program Files (x86)\Foxit Software\Foxit Reader\ProfStore” /Y

PowerShell:

Start-Process -Wait FoxitReader93_enu_setup.msi -Argumentlist “/qb TRANSFORMS="FoxitReader93_enu_Setup_FCT.mst” ALLUSERS=1″

Copy-Item profstore.xml -Destination “C:\Program Files (x86)\Foxit Software\Foxit Reader\ProfStore” -Force

This concludes the guide.

We are now able to get the source files to Foxit Reader and make UI custumizations and deploy it. Now, there is no excuse, start testing Foxit Reader! I am sure you’ll agrre with me that Foxit Reader can easily take on Adobe Acrobat Reader.