We use cookies on this page to better serve you. You can find more information about cookies here.

Latest posts

Omnissa Horizon Client prefs.txt
by

There’s not a lot of official information about the prefs.txt file that the Omnissa Horizon client (formerly the VMware Horizon client) creates and uses.

I’ve figured out that the prefs.txt text file is in XML format and is generated by the Horizon client, usually once the user changes a setting in the Horizon client. It seems that prefs.txt is used to store all the user settings that the user has configured within the Horizon client.

Here’s an example of the contents of a prefs.txt file.

<?xml version="1.0" encoding="utf-8"?>
<Root>
  <RecentServer serverName="horizon.company.com" isSyncShortcutsEnabled="false">
    <SecondaryServerList />
    <ShortCuts />
    <FileRedirection>
      <AppExtensionInfo AppId="cn=microsoft_edge,ou=applications,dc=vdi,dc=vmware,dc=int" AppName="Microsoft Edge">
        <Extension Name="htm" Display-name="Microsoft Edge HTML Document" />
        <Extension Name="html" Display-name="Microsoft Edge HTML Document" />
        <Extension Name="mht" Display-name="Microsoft Edge MHT Document" />
        <Extension Name="mhtml" Display-name="Microsoft Edge MHT Document" />
        <Extension Name="pdf" Display-name="Microsoft Edge PDF Document" />
        <Extension Name="shtml" Display-name="Microsoft Edge HTML Document" />
        <Extension Name="svg" Display-name="Microsoft Edge HTML Document" />
        <Extension Name="webp" Display-name="Microsoft Edge HTML Document" />
        <Extension Name="xht" Display-name="Microsoft Edge HTML Document" />
        <Extension Name="xhtml" Display-name="Microsoft Edge HTML Document" />
        <Extension Name="xml" Display-name="Microsoft Edge HTML Document" />
      </AppExtensionInfo>
    </FileRedirection>
    <RecentDesktop desktopID="cn=vdis,ou=applications,dc=vdi,dc=vmware,dc=int" autoSyncToggleKeysMode="7">
      <LastDisplaySize displaySize="Fullscreen" height="0" width="0">
        <SelectedMonitors />
      </LastDisplaySize>
    </RecentDesktop>
  </RecentServer>
  <DataSharingSettings Allowed="1" />
  <BlastSettings allowClientH264YUV444="true" allowClientHEVCYUV444="true" allowClientHDR="true" DisableDisplayNetworkState="false" DisableDisplayNetworkStateManually="true" />
  <BrokerJumpList>
    <BrokerJump BrokerName="horizon.company.com" BrokerArguments="horizon-client://horizon.company.com/" />
  </BrokerJumpList>
  <AutoCheckForUpdate autoCheckForUpdate="false" />
  <sharingList allowAccessRemovable="true" shareHomeDirectory="true">
    <sharingItem from="C:\Users\daniel" />
    <sharingItem from="T:\" />
  </sharingList>
  <GeolocationSharingSettings GeoSharingAllowed="true" />
  <WebrtcSettings WebrtcScreenSharePerm="1" enableWebRTCRedirection="true" WebrtcSuppressScreenSharePrompt="true" />
</Root>Code language: HTML, XML (xml)

The prefs.txt file is stored in the user’s AppData Roaming folder.

The file will be in the following locations depending on which version of the Horizon client you use.

  • For Horizon clients version 2412 or newer, it is stored in %AppData%\Omnissa\Omnissa Horizon Client
  • For Horizon clients older than version 2412, it is stored in %AppData%\VMware\VMware Horizon View Client

Horizon-Prefs Script

Because the contents of the prefs.txt file are predictable, I created a script called Horizon-Prefs. You can find the script on my GitHub https://github.com/thedxt/Omnissa#horizon-prefsps1. The Horizon-Prefs script can place the prefs.txt file in the correct location for all users, just a single user, or both.

I’ve used my script to deploy the prefs.txt file to systems to configure some Horizon client settings that don’t have GPO options. I’ve also used it to configure Horizon client settings on systems that aren’t joined to a domain.

Read more
ITScripts
CustomizeEUCOmnissaOmnissa HorizonPowerShellRabbit HoleScriptVMware Horizon

Windows Default User Profile
by

With Microsoft Windows installations, there’s a hidden user profile called Default. Anything in that user profile is copied directly to any new user account that logs into the computer. It is a template for each user who logs onto that system.

The default user profile is located C:\Users\Default

List of users in C:\Users showing the Default user profile.

When a user logs into a Windows system for the first time, a user profile is created for that user on that system. As part of the first logon process, Windows uses the Default user profile to build the user’s profile on the system. This process only happens the first time a user logs into that system.

Files and folders located in the Default user profile.

The fact that the default user profile exists gives us the power to tweak it. Any files we place in that Default user profile will be copied to each user who logs into that system for the first time.

For example, I will create a text file called I am text.txt and place it in C:\Users\Default\Desktop

Text file placed in the Default user profile.
Read more
IT
CustomizeMicrosoftRabbit HoleWindowsWindows 10Windows 11Windows Server

Nginx Proxy Manager Setup
by

Nginx Proxy Manager (NPM) is an open-source Docker image that lets you run a reverse proxy and can even handle SSL certificates for you using Let’s Encrypt. It’s great when you can’t use a Cloudflare Tunnel or an Entra App Proxy. I’ve been using Nginx Proxy Manager for a while now, and it’s been perfect for what I need.

In this post, I will show you step-by-step how to setup Nginx Proxy Manager with Docker and configure a Proxy Host, Redirection Host, 404 Host, add a custom SSL certificate, and enable SSL.

Prerequisites

  • Access to the DNS for the domains you want to use.
  • Access to create port forwards for port 80 and 443.
  • Docker host.

Initial Setup

  • Make a folder to store your configurations for Nginx Proxy Manager.
  • Make a new docker-compose.yml file.

Your docker-compose.yml file should look something like this.

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencryptCode language: YAML (yaml)

The docker compose file will create a folder named data in the location where the docker-compose.yml file is. The data folder holds the SQLite database for NPM, log files and other configuration files. A folder named letsencrypt will also be created, where your Let’s Encrypt data is stored.

  • Run the following command to start the Nginx Proxy Manager docker container docker compose up -d
  • Go to the address of your Docker host on port 81 to access the NPM admin interface.
  • Login with the default admin user.
Email: [email protected]
Password: changemeCode language: plaintext (plaintext)

You will be forced to change it on the first login.

  • Change the user details as needed.
  • Change the password.
Read more
IT
CertificatesDockerHow ToLet's Encryptopen-sourceProxySelf-hostedSSLWeb App

Install Debian 12 Bookworm
by

Debian is a solid Linux distribution I’ve been using for a while. It is my default Linux OS of choice. Many popular Linux distros are actually based on Debian, such as Ubuntu, Proxmox, Kali Linux, TrueNAS SCALE, SONiC, Raspberry Pi OS, SteamOS and many more.

In this post, I will show you step-by-step how to install Debian 12, aka Bookworm.

The Process

  • Download the Debian ISO from Debian.org (I tend to use the small installation image, aka netinst, as it has everything I need out of the box, and anything else I can download as needed)

When you boot up the Debian installation media, you are presented with the option of a graphical version of the installation or a text-only version. It doesn’t matter which option you select. The end result is the same.

  • Select if you want to use the graphical (aka GTK) or text-based install (aka newt).

I tend to use the text-based installation more as I can complete it slightly faster.

  • Select your language.

The language you select will be used for the installation process and will be the default language for the Debian install.

I will select English.

  • Select your location.

I will select Canada.

  • Select the keyboard layout you use.

I will select American English.

  • Enter the hostname for the Debian system.

I will use the hostnames DXT-DEB01 and DXT-DEB02

  • Enter the domain name if the Debian system is on a domain network. If not, just leave it blank.
Read more
IT
DebianHow ToInstallLinux

Palo Alto Certificate Chain Fix
by

An issue I’ve run into on Palo Alto Networks firewalls is that everything seems to work when importing a certificate (usually a PFX). Until you start using the certificate, then after a validation or a commit, there’s a warning that the certificate chain is not correctly formed.

Warning: certificate chain not correctly formed in certificate wild_thedxt_ca
(Module: device)

Certificate chain issues are commonly caused when the certificate chain is out of order. You can read more about certificate chains in my blog post, Certificate Chain. If you want to read more about what can cause broken certificate chains, my blog post, Broken Certificate Chain, goes into more detail.

An incorrect certificate chain can cause issues with a few items on a Palo Alto firewall. One of them can be GlobalProtect when the option FULLCHAINCERTVERIFY="yes" is used during the GlobalProtect install or when the registry value named full-chain-cert-verify is set to yes in the registry path HKLM:\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings

GlobalProtect malformed certificate error

In this post, I will show you step-by-step how to fix a certificate chain on a Palo Alto Networks firewall.

The Process

  • Click on the Device tab.
  • Click on Certificate Management > Certificates.
  • Select the certificate that is not correctly formed and click on Export Certificate.

In my example, the certificate named wild_thedxt_ca is the one I need to fix.

Read more
IT
CertificatesFirewallFixGlobalProtectHow ToNetworkingPalo Alto NetworksPAN-OSSSL

Convert PEM to PFX Certificate
by

Sometimes, you have a certificate in PEM format as a CRT file (also called a CER file) with a key file (also called a PEM file), and you need to combine and convert them into a PFX certificate.

In this post, I will show you step-by-step how to convert a PEM certificate into a PFX file.

Prerequisites

  • OpenSSL binary installed. You can find the OpenSSL binaries on the OpenSSL wiki.
  • Private key file
  • SSL Certificate

The Process

  • Place everything in a working directory.

I will be using C:\SSL as my working directory.

  • Open the command line. You can use Linux or Windows. The commands are all the same regardless of which OS you are using.

I will be using Microsoft Windows with Windows Terminal and PowerShell.

To convert the certificate using OpenSSL, we will need to use a few options to create our command.

  • The options we will use are
    • pkcs12 to tell OpenSSL that we will be working with a PKCS#12 file. PKCS#12 is another name for a PFX file.
    • inkey to tell OpenSSL which private key to use.
    • in to tell OpenSSL which certificate file to use.
    • export to tell OpenSSL we want to export a PKCS#12 file.
    • out to tell OpenSSL where to save the converted certificate.
Read more
IT
CertificatesConvertHow ToLinuxOpenSSLSSLWindows

Generate CSR with OpenSSL
by

There are many ways to generate a CSR (Certificate Signing Request). In this post, I will show you step-by-step how to generate a CSR using OpenSSL.

Prerequisites

  • OpenSSL binary installed. You can find the OpenSSL binaries on the OpenSSL wiki.

The Process

  • Create a working directory.

I will be using C:\SSL as my working directory.

  • Open command line. You can use Linux or Windows. The commands are all the same regardless of which OS you are using.

I will be using Microsoft Windows with Windows Terminal and PowerShell.

  • We will use the following options to create our OpenSSL command.
    • req to let OpenSSL know that we want to make a CSR.
    • newkey to tell Open SSL that we want a new private key.
    • rsa:2048 to tell Open SSL we want the private key encoded with RSA and 2048 bits.
    • keyout to tell OpenSSL where to save the private key.
    • out to tell OpenSSL where to save the CSR.
  • Using those options, we can create the OpenSSL command to generate a new private key and create the CSR. Replace PATH_TO_KEY and PATH_TO_CSR with the location where you want the private key and CSR saved. openssl req -newkey rsa:2048 -keyout PATH_TO_KEY -out PATH_TO_CSR

In my example, I will name my private key private.key, and my CSR will be named csr. The command for me will look like openssl req -newkey rsa:2048 -keyout private.key -out csr

Read more
IT
CertificatesHow ToLinuxOpenSSLSSLWindows

Entra Application Proxy
by

There are a few ways to grant external access to an internal application without doing any port forwarding. The way to do this in Microsoft’s world is through an Entra Application Proxy.

The name is a bit of a mess, as Microsoft renamed the Microsoft Entra application proxy program to Microsoft Entra private network connector. The Microsoft Entra private network connector is part of Microsoft Entra Private Access, which is part of Microsoft Global Secure Access.

Basically, Microsoft Entra Enterprise Applications can be configured with an Application Proxy, which will use the Microsoft Entra private network connector to proxy the connection.

In this post, I will show you step-by-step how to set up a Microsoft Entra private network connector, configure an internal web application to use an Entra Enterprise application proxy, and add authentication before access is granted to the web application.

Prerequisites

  • Microsoft Entra ID P1 or higher license.
  • External domain added to Microsoft 365.
  • Windows Server for the Private Network Connector.
  • Internal DNS name for the application.
  • Access to the external DNS records.
  • SSL certificate in PFX format with a password.

The Process

The process will be broken up into the following sections.

Private Network Connector

We need to set up the Entra private network connector as the Entra application proxy will proxy its connections via the private network connector.

  • Log in to the Microsoft Entra Admin Center
  • Click on Global Secure Access

If needed, click on Activate to Activate Global Secure Access for your tenant.

  • Under Global Secure Access, click on Connect > Connectors.
Read more
IT
CertificatesEntra IDEntra Private AccessGlobal Secure AccessHow ToIdPMicrosoftMicrosoft 365ProxySelf-hostedSSLSSOWeb App

Reset Windows Password
by

Certain situations can arise where you no longer know a Windows user account password and need to reset it or make a new one. Third-party tools can assist, but in my experience, many of them have been hit-and-miss.

In this post, I will show you step-by-step how to reset a Windows password using Windows install media with the help of Utilman and cmd. I will also show you a way to prevent this.

Utilman is the executable name for the Utility Manager in Windows. Utility Manager allows for easy access to accessibility features in Windows. You can call Utility Manager right from Windows by pressing the Windows key and the letter U simultaneously.

On the Windows login screen, you can invoke Utilman by clicking on the Ease of access or the Accessibility icon in the bottom right beside the network icon.

Utility Manager running on the Windows login screen.

If we make Utilman launch CMD instead, we can get a command prompt window running with system-level permissions.

Prerequisites

  • Physical access to the system.
  • Bootable Windows install media.

The Process

  • Boot off of the Windows install media.

It doesn’t matter if the Windows install media matches the target OS.

  • Click on Repair your computer.
  • Select Troubleshoot.
  • Select Command Prompt.
Read more
IT
BitLockercommandsHardeningHow TopasswordsWindowsWindows 10Windows 11Windows Server

Net User and Net Group
by

The net user and group commands are very powerful tools for managing local and domain users and groups.

In this post, I will show you how to use the net user command locally and on a domain to create a user account, reset a user account password, and view general info about a user account. I will also show you how to use the net group and net localgroup commands to manage local groups and domain groups, and how to view group members.

Net User

Create User Account

  • Open CMD as admin or as an account that can create a domain user account.

New Local User

  • Enter the following command to create a new local user account and replace USERNAME_HERE and PASSWORD_HERE with the username and password you would like to use net user USERNAME_HERE PASSWORD_HERE /add

For example, if I want to make a new local account named NewUser with a password of NewP@ssword1, the command will be net user NewUser NewP@ssword1 /add

New Domain User

  • Enter the following command to create a new domain user account and replace USERNAME_HERE and PASSWORD_HERE with the username and password you would like to use net user USERNAME_HERE PASSWORD_HERE /add /domain

For example, if I want to make a new domain user account named NewUser1 with a password of NewP@ssword1, the command will be net user NewUser1 NewP@ssword1 /add /domain

Change User Password

  • Open CMD as admin or as an account that can change a domain user password.

Change Local User Password

  • Enter the following command to change a local user account’s password and replace USERNAME_HERE and PASSWORD_HERE with the username and password you would like to use net user USERNAME_HERE PASSWORD_HERE

For example, if I want to change the password of the local account named NewUser to the password of NewP@ssword2, the command will be net user NewUser NewP@ssword2

Change Domain User Password

  • Enter the following command to change a domain user account’s password and replace USERNAME_HERE and PASSWORD_HERE with the username and password you would like to use net user USERNAME_HERE PASSWORD_HERE /domain

For example, if I want to change the password of a domain account named NewUser1 to the password of NewP@ssword2, the command will be net user NewUser1 NewP@ssword2 /domain

Read more
IT
Active DirectorycommandsHow ToWindows
theDXT on GitHub
theDXT on X (Twitter)
theDXT on YouTube