Setting the start page
To control the start page for users, we can use the SetHomePage command. While you can set the home page using
Group Policies, this only works for Internet Explorer. The SetHomePage command works across Internet
Explorer, Firefox and Chrome. The easiest way to set the home page is to set up a FastTrack
logon script, as demonstrated
here. Once a logon script
is set up, you can simply issue the command anywhere in your logon script.
Setting the default browser
If you need to set the default browser, you can use the SetDefaultBrowser command in the same logon script, where you use the SetHomePage command.
This command will set the default browser to Internet Explorer, Firefox or Chrome and remove the default browser checks in all three of them.
If you set it to for example Chrome and Chrome is not installed, the command has no effect and will not change the current default browser for the current user.
There is however one thing to be aware of. If you have clients that are Windows 8 or newer, the SetDefaultBrowser command has no
effect. This is because of the legal problems that Microsoft had in relation to free browser choice. For this reason,
it is not possible to change the default browser automatically without user consent or by setting it
using Group Policies, which requires Windows 2012. This is explained further down.
Logon Script Wizard
You can use the Logon Script Builder to use the commands in the engine to control browser settings, instead
of write a script manually. The screenshot below is the browser page of the wizard.
Using multiple browsers through a mediator
A common problem that many companies experience is that not all web applications work in the most
recent version of Internet Explorer. To solve this problem, you can inject an intermediate script into the process,
when a user clicks a hyperlink or enters an address in the Windows Explorer address bar. Instead of this spawning
the user's default browser, we can inject a script in the middle to control the browser spawn.
This script is set as the default browser instead of an actual browser.
If there is a need to use a legacy browser, you can virtualize it using for example
Novells'
ZENWorks
or
Spoon, which can sandbox an application, enabling
you to produce a single exe file for a virtualized Internet Explorer 6 for example. Your FastTrack controller
script then allows you to control when the virtualized application is used. If you detect that a certain partial url
is passed to your intermediate script, you start the virtualized exe file and pass the url.
The way we do this is to use the SetScriptAsDefaultBrowser command, which requires us to point to a script file, which
will be the script file in the middle in the drawing above. The command will overrule the default browser of the
current user and the easiest way to get the command executed, is in a
FastTrack logon script,
where we simply insert the command in the prelogon.fsh script:
SetScriptAsDefaultBrowser [FastTrackPath]\BrowserControl.fsh
Notice that we point to an intermediate script in the "FastTrackPath" directory. If you take another look
at the logon script documentation
here, you will notice
that the logon script files are cached locally for performance reasons. When we simply create a new
script in the "fshbin" folder on the netlogon share named BrowserControl.fsh, we get a "free" deployment
of our controller script - and more importantly, you can just alter the script and it automatically
takes effect for all users at next logon.
Next we need to write the script that controls the logic. The most important thing to know, when writing
the script is that we get the url by using the VirtualBrowserURL function and the end result must be that we call
a browser passing this parameter to the browser exe. In the real world, a typical reason for needing
such a script is that certain internal applications require a different browser than the typically
used one and in such a case, we would detect internal server names in the script. For the purpose of
demonstration, we will simply let the user use Internet Explorer by default, but if the user starts
www.google.com, it will use Chrome. If the users enters a url that starts with the server name "AcmeServer",
we will start a virtualized Internet Explorer 6. You get download this script directly in Automation Studio.
In the Script Editor, click the "New Script" button and select the "MultiBrowser Control" template script.
''==== RUN CHROME FOR GOOGLE.COM ===
If StartsWith [VirtualBrowserURL],http://www.google.com
Then
If Not FileExists [ProgramFilesDirx86]\Google\Chrome\Application\chrome.exe Then
ShowErrorMessage
"Chrome is required, but not installed. Please contact
the IT department."
''here we could use the SendEmail command to notify
IT using the [ComputerName] and [UserName] functions
Else
Launch [ProgramFilesDirx86]\Google\Chrome\Application\chrome.exe,[VirtualBrowserURL]
End If
Exit
End If
''==== RUN VIRTUAL IE6 FOR URLS STARTING WITH "ACMESERVER"
===
If StartsWith [VirtualBrowserURL],http://acmeserver
Then
If Not FileExists [ProgramFilesDirx86]\Acme\VirtualIE6.exe Then
ShowErrorMessage
"The required version of Internet Explorer is not
installed. Please contact the IT department."
''here we could use the SendEmail command to notify
IT using the [ComputerName] and [UserName] functions
Else
Launch [ProgramFilesDirx86]\Acme\VirtualIE6.exe
End If
Exit
End If
''==== DEFAULT: IE ===
Launch [ProgramFilesDir]\Internet Explorer\iexplore.exe,[VirtualBrowserURL]
Notice that you have all FastTrack commands available in the script. This means that you can email someone in the IT department,
if a user does not have a required browser installed. We could also present a
graphical menu and ask the user for a preference
for certain urls or we can start a Citrix application using the RunIcaApp command as explained
here for certain urls.
If all your clients are from the Windows XP or Windows 7 generation, the rest of this page has no relevance for you.
For servers hosting remote sessions, Windows 2008 is equivalent to Windows 7 and Windows 2012 is equivalent to Windows 8.
Setting the default browser in Windows 8
Windows 8 introduced breaking changes in options to set the default browser for a user. From Windows 8, it is
not possible to set the default browser without the user's consent or by using Windows 2012 Group Policies.
This breaking change is a bit annoying for systems administrators, because it means there are two scenarios that have to be handled for
mixed environments with Windows XP/7 and Windows 8. The reason for this change is European Union legislation.
In 2009 Microsoft committed to allow open browser
choice according to
IP-09-1941. In 2013 Microsoft was
slapped with a $730 million fine for not complying with the agreement (see
IP-09-1941).
A technical side-effect of this is that it is not possible to automatically set the default browser
in Windows 8 without user consent, as this would violate the legislation, which again unfortunately
means that the SetDefaultBrowser and SetScriptAsDefaultBrowser commands cannot work from Windows 8.
It is however possible to overrule the default browser of Windows 8 clients (and Windows 2012 remote sessions) using Group Policies on Windows Server 2012.
The bad news is that if you have Windows 8 clients and Windows 2008 servers, there is no way you can set the
default browser on Windows 8 clients, until you have upgraded to Windows Server 2012. If you Google setting the default browser
using Group Policies, you will find a series of registry keys that can be set using Group Polices for Windows 2003 and Windows 2008.
These no longer work on Windows 8, because a new hash key that is a unique combination of the user, browser name
and protocol is introduced and that can only be generated by Windows itself, when a user uses Default Programs in the Control Panel
or it is set using Windows 2012 Group Policies. The hash key exists to prevent the default browser from being set by than other these two.
Introducing: FastTrack's Virtual Browser
In Windows 8 environments, we can only set the default browser automatically using Group Policies. As a script is not an actual browser, the approach
needs to be radically different than using the SetScriptAsDefaultBrowser command, to be able to inject a script as a default browser on Windows 8.
The InstallVirtualBrowser command will allow a script to impersonate a browser.
If you execute the InstallVirtualBrowser command on Windows 8, Windows 8.1, Windows 2012 or any newer version,
a virtual browser will be listed in your default programs list:
The InstallVirtualBrowser command needs a script file as input for installation, just like SetScriptAsDefaultBrowser.
InstallVirtualBrowser BrowserControl.fsh
In mixed environments, the script file used for InstallVirtualBrowser (Windows 8) and SetScriptAsDefaultBrowser (Windows XP/7) is the same script, because
they are just two different means of achieving execution of the same script in the same scenario (the user starts a hyperlink).
But while the SetScriptAsDefaultBrowser sets a script as the default browser for the current user (typically in a logon script),
the InstallVirtualBrowser installs the virtual browser at the system level like real browsers
and the InstallVirtualBrowser command must therefore be executed once as an administrator on each client in order to install it.
An example of deploying an InstallVirtualBrowser script is shown further down.
The purpose of emulating a browser is not to make it available for the end user to select it,
but to force an assignment of the default browser on the end user through Group Policies.
On a Windows 2012 domain controller server, open the Group Policy that you need to modify and locate the
File Explorer options (which is not available in Windows 2008) under Computer Configuration -> Policies -> Administrative
Templates -> Windows Components -> File Explorer. Open "Set a default associations configuration file" as shown below.
Note that the policy is set at a system level, not the user level, which is the reason the virtual browser is also installed at a system level.
As is also the case with User Account Control (UAC), it is policy decided by Microsoft that it is a system-wide setting that cannot be differentiated per user.
You must point to an XML file that describes the associations.
Create an XML like the one below. If you are already using another xml file, you can use that and replace the two http and https
associations. The FastTrackURL is the system name of the virtual browser installed by the InstallVirtualBrowser command.
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
<Association Identifier="http" ProgId="FastTrackURL" ApplicationName="FastTrack Virtual Browser" />
<Association Identifier="https" ProgId="FastTrackURL" ApplicationName="FastTrack Virtual Browser" />
</DefaultAssociations>
If you have a mixed environment of Windows XP/7 and Windows 8 clients, you need to implement both solutions, meaning that you need to include the SetScriptAsDefaultBrowser
command in your logon script for Windows XP/7 clients and also deploy a virtual browser for Windows 8 clients.
Default browser notifications
When you assign a browser using Group Policies, your users might get the default browser notifications that a browser is not the default browser.
You can get rid of these browser notifications by issuing the RemoveDefaultBrowserChecks command in your logon script. This command
removes the default browser checks in both Internet Explorer, Firefox and Chrome at the same time in one command. The SetScriptAsDefaultBrowser and
SetDefaultBrowser commands include the removal of these notifications also, when executed on Windows XP or Windows 7.
Deploying the virtual browser
To deploy the virtual browser to your machines, you basically just need to get the InstallVirtualBrowser command
executed on all clients. You can build an exe file and execute once on clients or as part of a startup script,
or you can build an MSI file and deploy that using your management system or Group Policies.
To create an MSI File, write a script like the one below and hit the "Compile to MSI" button.
If MSIInstallContext Then
InstallVirtualBrowser \\FastTrack\netlogon\BrowserControl.fsh
Else
RemoveVirtualBrowser
End If
Notice that the script above uses a full path to a script
file. If you do not include a path, the script will be copied to the local harddrive and used
from there, as it was when you built it into the MSI file.
This is important to know, because if you leave the script on a public network share,
you do not need to redeploy, when the controller script (BrowserControl.fsh in this case) is changed.
If you want to include the script inside the MSI file, you must remember to select it as an additional file,
when compiling the MSI file and exclude the path in the script.
Remember that if you use a network share to host the browser controller script file, the file gets read
by all users every time they start a hyperlink. If this is an issue, a good compromise is to deploy the controller script
itself to a local folder on all clients through Group Policies and point to the local path of this file in the MSI
installation script.
When the installation script above executes on a client, it does not install the virtual browser on clients older than Windows 8,
but it still registers as an installation in the Windows control panel program list. If it's not possible to deploy only to
Windows 8 (or newer) machines, it is therefore safe to deploy to all clients.