A Listing of Free Tools for Citrix and Terminal Server Environments

There are a lot of great FREE tools and utilities out there that can really help in Citrix and Terminal Server deployments. This article contains links to the tools I use most often.

There are a lot of great FREE tools and utilities out there that can really help in Citrix and Terminal Server deployments. This article contains links to the tools I use most often. (This is not a listing of every single tool known to humankind. Instead, this is a listing of the free tools that I myself actually use.)

Also, I’m not trying to suggest that you don’t ever need to use tools from third-party vendors that you have to pay for. Many of the vendors’ tools are more fully featured than the tools mentioned here. However, I’ve been in many environments where people have spent thousands of dollars for third-party tools that add capabilities that are available for free with the tools listed here.

Before we look at the list, I’d like to point out two tools that I consider “critical.” I use these two tools in every environment I touch:

UPH Clean stands for “User Profile Hive” Clean. It’s a service that installs on a Terminal Server and fixes issues with “stuck” user profiles. It works by killing any processes that have hooks open to the user’s profile after the user initiates the logoff process. UPH Clean was written by Robin Carin at Microsoft.

RDT/SDT means “Read Date Time / Set Date Time.” These tools are used to reset the hidden timestamps of an application’s registry keys that have been copied to the shadow area after a server goes into install mode.

Application Compatibility and Troubleshooting

Sysinternals makes so many great tools that I’m not going to list them all here. Needless to say, RegMon and FileMon are probably the two most useful tools on this page.

RDT/SDT means “Read Date Time / Set Date Time.” These tools are used to reset the hidden timestamps of an application’s registry keys that have been copied to the shadow area after a server goes into install mode.

Resource Hacker is a utility you can use to open up DLLs and EXE files to “hack” the internal components and resources. This is great for gently “coaxing” applications to work in a Terminal Server environment.

Profile and user Environment Management

BrsSuite is a database-based user profile and management tool, complete with a graphical admin utility.

Flex Profile Kit is the de facto tool that’s used to manage user profiles in Citrix and Terminal Server environments. It combines the customizability of roaming profiles with the ease of use or local profiles. The Flex Profile Kit was created by Jeroen van de Kamp of Login Consultants.

UPH Clean stands for “User Profile Hive” Clean. It’s a service that installs on a Terminal Server and fixes issues with “stuck” user profiles. It works by killing any processes that have hooks open to the user’s profile after the user initiates the logoff process. UPH Clean was written by Robin Carin at Microsoft.

ReconnAct is a great utility written by Dennis Damen from Login Consultant. ReconnAct allows you to specify scripts that run on the server when users disconnect from or reconnect to their sessions. (By default Windows only lets you run scripts on logon and logoff, not disconnect and reconnect.) ReconnAct also maintains session-based environment variables for the user’s client IP address and client name that are dynamically updated as the user connects from different client devices.

Printing

The Terminal Server Print Driver Redirection Wizard is a utility from Microsoft that you can use to scan the event logs of your servers to see which client printers and drivers are failing to map within your environment.

Client Tools

visionapp Remote Desktop (vRD) is a graphical tool that you can use to manage all of your RDP connections to various servers. It supports the console connection of Windows 2003. It's like RoyalTS, although vRD does a better job of managing credentials.

RoyalTS is a fantastic graphical tool that you can use to manage all of your RDP connections to various servers. It supports the console connection of Windows 2003.

The PN Agent Profile Manager, by Gus Pinto, lets you maintain multiple profile settings for a single PN Agent client. This is great if you travel between multiple sites or if you want to use your workstation to connect to separate test and production Citrix environments via PN Agent.

Thinstation is an open source client package that can convert a standard PC into a thin client device.

PXES is another open source client package that can convert a standard PC into a thin client device. PXES supports booting from a CD, so you can make a CD for your environment and hand it to visiting consultants who can then boot their laptops into “terminals” that connect into your environment.

Web Interface

Thomas Kötzing maintains a listing of great modifications that you can make to Citrix’s Web Interface. There are too many to mention here, but these modifications include hiding certain applications from the Web Interface, multiple connection speed drop-down boxes, audit logging, and Java-based messages that can pop up to alert users of upcoming maintenance downtime.

Security and Lockdown

In addition to the profile management stuff mentioned previously, BrainSys’s BrsSuite also includes a utility that can lockdown a session to prevent users from running certain applications. This BrsSuite lockdown tool runs at the kernel32.dll level, not the user32.dll level, so it’s very secure.

EventCombMT is a tool from Microsoft that can be used to scan, collect, and aggregate event log entries (i.e. security logs) from multiple computers. By configuring a policy to enable auditing in your environment and then using EventCombMT to collect the logs, you can do a lot without requiring any third party tools.

The Microsoft Baseline Security Analyzer (MBSA) is a utility that you can run on a Terminal Server that scans it to look for weaknesses (or things that Microsoft considers to be weaknesses). It then provides a “score” for each area via green, yellow, or red indicators. While it’s virtually guaranteed that you won’t get all “greens,” the MBSA will at least let you know what Microsoft wants you to think about.

The AppSec (Application Security) tool from Microsoft is used to put a Windows 2000 Terminal Server into “locked down” mode where only certain executables are allowed to run. (AppSec has been replaced in Windows 2003 by Software Restriction Policies.)

Software Restriction Policies in Windows 2003 let you lock down what can and cannot run on a Terminal Server. You can configure applications based on file or folder name, hash, certificate, or Internet zone. Even though they are built-in to Windows and not “technically” a tool, I feel it’s important to list them here because using them has allowed a lot of people to secure their servers without having to resort to paying for third-party tools.

Performance Management

Threadmaster is a great tool that's used to monitor applications and restrict their usage of the CPU. It's designed for use in Terminal Server and Citrix environments.

The DADE Power Tools Logon Throttling Service by Daniel Nikolic and Dennis Damen is used to prevent the “black hole effect” on Citrix servers. It’s a service that runs that enables and disables logons when a server is started, meaning that you can configure your servers for no more than one logon every 30 seconds, or three logons per minute, or whatever.

Microsoft’s Debugging Tools for Windows are essential if you tune the kernel memory usage in your Terminal Server environment. Remember that even though the 32-bit Windows architecture provides 2GB for kernel memory, the kernel memory is partitioned up into several subsections, and any of these subsections filling up will hurt performance—long before the 2GB limit is reached.

AutoRuns from Sysinternals can be run within a session to show you everything (and I do mean everything) that loads and runs within that session. It’s a great tool for figuring out why logins or shell load times are slow in your environment.

Project Tools

I created a Citrix Visio Stencil awhile back that has all of the important Citrix server objects. It’s nothing special really, but it’s the place I start whenever I need to mock-up a Citrix environment.

Methodology-in-a-Box was created by Douglas Brown and friends as a kit that contains everything you need to deploy MetaFrame, including plans, documentation templates, and utilities.

Join the conversation

15 comments

Send me notifications when other members comment.

Please create a username to comment.

Make sure to check out thomasses resourcekit (87 must have tools in 1 easy download):
http://www.citrix4ge.de/tipps/4gereskit.htm
Cancel
If you want to see an even bigger URL list, go to http:
Benny
Cancel
Good to see that one made the list Brian... heehee
Cancel
is there a 3rd party program that does a better job of logging terminal services logons than the security event log?  I need something logs user logon/time/remote IP address/logout time
 
Thanks
Cancel
I tried to make a listing of all FREE SBC related tools out there. You can find it at [link=http:  
Please let me know of something is missing or incorrect...
Cancel
Is there a free scanning program, for use on a Citrix Presentation 4 server, that will allow me to scan with a local thin client scanner? 
Cancel

Best Site i've seen for terminal server tools!

thank you for putting this online.

It helped me a lot

 

greets

Martin 

Cancel
Hello
Cancel
WinZip9 in Citrix 4.5 environment. CPS 4.5, Published apps. We have installed Winzip9 in our Citrix 4.5 server farm. When customer try to open up attached .zip file, the Winzip9 tries to install itself and produce the error message "Only administrators have permission to add, remove, or configure server software during a Terminal services remote session. If you want to install or configure software on the server, contact your network administrator." Any idea?
Cancel
If your Citrix server farm is PS 4.5 Platinum Edition a great tool comes with it. It's called EdgeSite. That gives you all the information you're requesting
Cancel
I need to tie a user to a static IP address as they wander around the world.  One of my apps--legacy of course--performs its security check based upon IP address and user name.  Each user is allowed to log in from only one address.  Is there a tool to set this up?    I thought the virtual IP address of presentation server would do this, but it does not. 
Cancel
guys,is there  tool available that gives me the possibility too find at what server a specific app is installed?
Cancel

A few years ago I needed to do this and I wrote a script that would pull the list from Add/Remove Programs from each server and dump it into a CSV file.  I don't know if I still have that script, but I don't remember it being that difficult.  You should be able to whip up something pretty quick.


Cancel

yes, go ahead


Cancel

Dear All,

I've released some free Citrix Tools that you may like.

They are available from http://www.citrixtools.net

Do not hesitate to give me Your feedback about them.

Best Regards,

Pierre

Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close