Skip to content

Advance Configurations

Enhanced Shell Tracking for Applications in Shell Mode

New session host server supports enhanced tracking of applications running in shell mode. Example of such applications are:

  1. Internet Explorer
  2. Explorer (My PC)
  3. Google Chrome
  4. Batch script driven app launches

Note

The feature is limited to applications delivery in shell mode only and will be controlled by Controller v3.3, but if session host v3.3.0.11119 or greater is being delivered with v3.2 controller, then it must be configured using registries carefully. Please see appendix for detailed information.

Configuration to Run Application with Specific User Credentials

In some deployments, it is required to run application with specific user privileges. From HyWorks v3.3 onwards, administrator will be able to configure to run application as:

  • Logged-in User (Default option)

  • System User

  • Specific User Credentials

Direct RDP/Console Block

In some deployments, direct access (console/RDP) needs to be blocked for the users. From HyWorks v3.3 onwards, access can be blocked via registry entries of Session Host Server machine using following registry keys:

Registry key for Direct RDP Block: (default: false)

HKLM\SOFTWARE\Accops\Controller\EDC\SESSIONHOST\DirectRdpBlocked

Registry key for Direct Console Block: (default: false)

HKLM\SOFTWARE\Accops\Controller\EDC\SESSIONHOST\DirectConsoleBlocked

Registry key for Direct RDP/Console Block Timeout: (default: 15 seconds)

HKLM\SOFTWARE\Accops\Controller\EDC\SESSIONHOST\DirectRdpBlockTimeoutSec

Note that all users with admin privilege are allowed to access.

Allow calls from authorized controller(s) only

In some deployments, it is required to block unauthorized access to the session host service. From HyWorks v3.3 onwards, administrator will be able to configure block unauthorized access by updating authorized controller IPs list at: (default value: '*')

HKLM\SOFTWARE\Accops\Controller\EDC\SESSIONHOST\AuthorizedControllerIPs

Note

  • Default value is set as '*', which means all controllers are open to connect
  • Replacing '*' with one or more (multi-string) controller IPs results in allowing only those listed controller(s) to communicate with the local Session Host Service
  • In case, if unauthorized controller try to communicate an error log will come into both Session Host and controller logs

Session change event scripts support

In some deployments, it is required to execute some scripts in case of session change events. From HyWorks v3.3 onwards six types of session change event types are supported:

  1. CONNECT
  2. DISCONNECT
  3. LOCK
  4. LOGOUT
  5. RECONNECT
  6. UNLOCK

Registry Base:

HKLM\SOFTWARE\Accops\Controller\EDC\SESSIONHOST\

The administrator will be able to configure the session change event via updating the registry entries. Details about the registry key values are as follow.

Key Name Name Value Type Meaning
EVENTS EnableForAdmins FALSE String Set this flag as True to enable Session Change Events scripts execution for Admin users too.
EVENTS\CONNECT ISENABLED FALSE String Set this flag as True to enable Connect Event script execution.
EVENTS\DISCONNECT ISENABLED FALSE String Set this flag as True to enable Disconnect Event script execution.
EVENTS\LOCK ISENABLED FALSE String Set this flag as True to enable Lock Event script execution.
EVENTS\LOGOUT ISENABLED FALSE String Set this flag as True to enable Logout Event script execution.
EVENTS\RECONNECT ISENABLED FALSE String Set this flag as True to enable Reconnect Event script execution.
EVENTS\UNLOCK ISENABLED FALSE String Set this flag as True to enable Unlock Event script execution.

Accops Session Recording module is driven by these scripts which are having default calls added. The same scripts can be updated for more other custom usage. Scripts root folder:

C:\Program Files (x86)\Accops\HyWorks\SessionHost\scripts\

Script Name Description
Connect_System.bat The script is used execute batch commands in System context while Connect event.
Connect_User.bat The script is used execute batch commands in User context while Connect event.
Disconnect_System.bat The script is used execute batch commands in System context while Disconnect event.
Disconnect_User.bat The script is used execute batch commands in User context while Disconnect event.
Lock_System.bat The script is used execute batch commands in System context while Lock event.
Lock_User.bat The script is used execute batch commands in User context while Lock event.
Logout_System.bat The script is used execute batch commands in System context while Logout event.
Reconnect_System.bat The script is used execute batch commands in System context while Reconnect event.
Reconnect_User.bat The script is used execute batch commands in User context while Reconnect event.
Unlock_System.bat The script is used execute batch commands in System context while Unlock event.
Unlock_User.bat The script is used execute batch commands in User context while Unlock event.

Pre-Post Scripts for AppLauncher (Linux Only)

HyWorks v3.3, now allows Pre & Post batch scripts execution while application/desktop launch which means before launching application or desktop these scripts will get executed as some deployment need per-post cleanups.

The scripts can be updated at (folder):

/etc/edcdvm/linuxDVM/scripts/

Available Scripts names:

  • AppLauncherPostScript.sh
  • AppLauncherPreScript.sh

HyShell

HyShell is desktop customization utility, which comes integrated with HyWorks Session Host Server. The primary objective of HyShell is to publish and manage desktop shortcuts on desktop of user session from session host server. HyShell will only manage those desktop shortcuts which are created by it and not available as public shortcuts installed by administrator.

Purpose

HyShell is required to publish shortcuts of those applications (virtual), which are assigned to the users (which means user is authorized to use them) and need not to see so many shortcuts of those applications which are of no use. For example, a session host server is installed with 50 different applications where as a typical user uses only 5 of them and in this situation showing all 50 will be very confusing for the user, instead user is shown with only those 5 applications which are useful. Similar approach is followed for other users as well and this is what HyShell does with shared hosted desktop.

How does HyShell work?

The functioning of HyShell is simple, when user connects to shared hosted desktop from appropriate endpoint of HyWorks/HyLite, HyShell is invoked. It triggers communication with Controller to get list of applications which are assigned to user and belong to this session host server. Then HyShell creates desktop shortcuts for all applications which are assigned to user and removes any other shortcuts which are not assigned to user.

Session Host Server Components

AppLauncher: It gets called once user logged in via client. AppLauncher will execute HyShell script to customize the desktop. This script can set application access and launch HyShell to create Desktop shortcuts and start menu links.

HyShell: HyShell is running in user context so it will collects user details like user desktop path, user start menu path, user session id (WtsId) etc. After collection this basic information it will call Session Host API which is exposed for HyShell tasks.

SessionHost: Session host expose endpoint for HyShell to accept user related data and executes following tasks.

  1. Run HyShellServerPreScript.ps1 script: This script contains Power Shell code to perform some operation which is required before create desktop shortcuts.

  2. Get Application list and its details from local DB and Controller for specified user.

  3. Try to create desktop icons and start menu links for user applications.

  4. Run HyShellServerPostScript.ps1 script This script contains Power Shell code to perform some operation which is required after creates desktop shortcuts.

Enabling HyShell

To enable HyShell, following configurations need to be done:

  1. Configuring applications for getting published for shared hosted desktop (in HyShell)

    1. Login into HyWorks Controller Management console with administrator rights
    2. In Add/ Edit application wizard -> Additional Settings screen
      1. In Access Settings section, select following options:
        1. Create Desktop Shortcut -> On shared hosted desktops
        2. Pin Application to Start Menu -> On shared hosted desktops
    3. Enable above options for all applications whose shortcuts need to be created on shared hosted desktop.

    Note

    HyShell will create shortcuts of those virtual applications, which are published on HyWorks and Which application shortcuts will get created:

    • Applications are published in HyWorks and enabled for shortcut creation on shared hosted desktops

    • Applications which are installed and published from the current server on which user has got connection

  2. Enable HyShell on Session Host Server

    1. Windows Session Host Server: Enable HyShell from Registry Editor Follow below steps to enable HyShell on session host server (Windows)

      1. Connect to session host server remotely using user credentials having administrator privileges

      2. Open Registry editor (Open Run prompt, type 'regedit' and press enter key)

      3. In Registry editor, navigate to following location:

        HKEY_LOCAL_MACHINE\SOFTWARE\Accops\Controller\EDC\SESSIONHOST

      4. Create or update following registry value

        1. Type: string
        2. Name: IsDesktopCustomizationEnabled
        3. Value: True

      5. Save registry value and exit registry editor

      6. Restart HyWorks Session Host Agent service

    2. Linux Session Host Server: Enable HyShell from configuration file Follow below steps to enable HyShell on session host server (Linux)

      1. Connect to Linux SHD server via SSH Client(if ssh enabled) or console session

      2. Open HyShell configuration file, command:

        sudo vi /etc/edcdvm/linuxDVM/hyShell/hyshell.config

      3. Set the value for IS_HYSHELL_ENABLED to 1.

      4. If any user added in EXCLUDE_USERS_LIST, then desktop restriction is not applicable for EXCLUDE_USERS_LIST

      5. Restart DVM Agent Service, by using following command, sudo systemctl restart edcdvm

      6. Linux SHD is now enabled with HyShell.

Pre-Post Scripts for HyShell

HyWorks v3.3, now allows Pre & Post batch scripts execution while executing HyShell as well, which means before launching HyShell these scripts will get executed as some deployment need some kind of per-post cleanups as well.

Windows Session Host

PowerShell Scripts: These scripts can be used by admin to enable any customization as per user/client requirements. E.g. pushing specific policies before and after HyShell execution. HyShell executes in user context and launch HyShell, other 2 scripts are executed in service context. mentioned below:

The scripts can be updated at (folder):

C:\Program Files (x86)\Accops\HyWorks\SessionHost\HyShellScripts\

Available Scripts names:

  1. HyShellLauncherScript.ps1 : It will be launched by AppLauncher. So runs in user context and launch HyShell. HyWorks admin can add their own customization code in this file which needs to execute in user context.

  2. HyShellServerPreScript.ps1 : This script will be executed in service context before creating shortcuts on the desktop. Should contain a set of command need to execute before creating shortcuts and current user don't have permission, such situations can be executed in the service context.

  3. HyShellServerPostScript.ps1 : This script will be executed in service context after the creation of shortcuts on the desktop. Should contain a set of command need to execute after creating shortcuts and current user don't have permission, such situations can be executed in the service context.

Linux Session Host

The scripts can be updated at (folder):

/etc/edcdvm/linuxDVM/hyshell/

Available Scripts names:

  1. HyShellLauncherPreScript.sh: This script will be executed in user context before creating shortcuts on the desktop. Should contain a set of command need to execute before creating shortcuts.

  2. HyShellServerPreScript.sh: This script will be executed in service context before creating shortcuts on the desktop. Should contain a set of command need to execute before creating shortcuts and current user don't have permission, such situations can be executed in the service context.

  3. HyShellLauncherPostScript.sh: This script will be executed in user context after creating shortcuts on the desktop. Should contain a set of command need to execute before creating shortcuts.

  4. HyShellServerPostScript.sh: This script will be executed in service context after the creation of shortcuts on the desktop. Should contain a set of command need to execute after creating shortcuts and current user don't have permission, such situations can be executed in the service context.