Tag Archives: Citrix

Web page to search group policy’s from Microsoft

Posted on by

So.. have you ever tried to find the registry setting for a specific group policy setting, or just tried to actually find the group policy setting you needed and couldn’t quite remember where it was?

Under MSDN Microsoft has launched a new site called http://gps.cloudapp.net this site is awesome! The site will allow you to search for group policy settings, filter by Internet Explorer version, office version and others and browse by registry or by policy.

But this tool makes it much easier to find the right settings and apply them either with registry hacks or policy objects.

This is a quick example of a search on hide drives which is pretty commonly used but still..

image

Continue reading

Citrix Connector for System Center Configuration Manager 2007

Posted on by

Source; http://blogs.technet.com/b/systemcenter/archive/2010/07/01/citrix-connector-for-system-center-configuration-manager-2007.aspx

Microsoft have recently jointly released the Citrix connector for ConfigMgr 2007.  Through this release, the ConfigMgr SDK has been used to extend and support the management of application services through XenApp.  Very cool indeed.

Here is the announcement. Links are below.

Citrix® XenApp™ 6 introduces integration with Microsoft System Center Configuration Manager 2007 R2 giving organizations a single, integrated view and management of all applications across the enterprise including on-demand apps by XenApp. The Citrix XenApp Connector leverages the Configuration Manager console to deploy and publish applications and updates to XenApp servers with zero disruption to users and extends the reach of Configuration Manager applications to a broader set of users, devices and access scenarios

Some resources for you:

  • Jointly authored whitepaper is available here
  • A Video Demo can be viewed here

Three Steps to a PXE-Free XenDesktop on Hyper-V

Posted on by

http://community.citrix.com/display/ocb/2010/04/13/Three+Steps+to+a+PXE-Free+XenDesktop+on+Hyper-V

I ran into an interesting situation last week while working with Tony Sanchez from our Global Microsoft Team. He was setting up XenDesktop 4 on Hyper-V 2008 R2. However, the lab he was at used a Windows Deployment Server (WDS) for image management and it relies extensively on PXE. Rather than modify the WDS to support the Provisioning Services PXE boot file, we decided the best solution was to make a boot ISO that will load the OS directly from the Provisioning Services host and then boot the guests from that ISO.

Background

Since not all my readers are familiar with using the Boot Device Manager, I will set the stage. When configuring a virtual machine to boot off of a CD-ROM image for PVS, you need to do three things:

  1. Add a Legacy network card on the host since the Synthetic network adapter is not created until the Operating System loads.
  2. Configure the BIOS boot order so that CD-ROM is first in the list.
  3. Assign a bootable ISO image to the CD-ROM/DVD drive.
Take Note
The PXE boot option is required in order for the NIC Option ROM to stay resident in memory during the pre-boot process. This way, UNDI will be available to the boot device to properly initialize the NIC. Otherwise, the “API not found” message would be displayed by the boot device.

In deployments of XenDesktop where you have more than about 15 machines, the XenDesktop Setup Wizard (XDSW) is normally used to create and link the XenDesktops with Hyper-V. Unfortunately, the XDSW does not support all the possible VM configuration options when duplicating the source virtual machine. One of the properties that is not transferred to the new virtual machine is the ISO in the DVD drive. Normally, this behavior is the preferred because Hyper-V needs a special configuration to support sharing an ISO across multiple guests simultaneously (See this Technet article), which if not configured correctly can cause startup issues.

If you do not want to configure ISO sharing, you can use the VMM server and VMM library to copy the boot ISO to each virtual machine’s folder. If the ISO was large, I would say spend time setting up the sharing configuration; however, in this case the file itself is only 300K and copying it will eliminate the possibility of file sharing/locking issues.

Now you understand some of the challenges, I can tell you the three steps to a PXE-free Hyper-V deployment.:

  1. Create a PVS Boot ISO using the Boot Device Manager
  2. Import that PVS Boot ISO into the VMM Library
  3. Execute a PowerShell script

Step 1: Create a PVS Boot ISO

The Provisioning Services Boot Device Manager is a three-dialog wizard that lets you pre-configure the boot environment just like a PXE server would, except you can then write that to a drive or CD-ROM media. The Boot Device Manager is found on the Start menu of any provisioning server at All Programs >> Citrix >> Provisioning Services >> Provisioning Services Boot Device Manager.

I do not want to spend a lot of time discussing the various options or provide a tutorial on this utility; however, I will provide a few pointers. First, be sure to enable the “Citrix PVS Two-Stage Boot Service” and set it to start automatically on any servers you will use as the targets for the ISO image. Second, if you are using Windows 7, be sure to enable the PAE Mode on the second page of the wizard, like this:

Third, be sure to select Citrix ISO Recorder as the boot device (shown below) before burning the ISO image, lest you accidentally wipe out your local hard disk. For a complete guide on using the Boot Disk Manager, see this Citrix Support Article CTX121331.

Step 2: Import the ISO into the SCVMM Library

Take the ISO you created in Step 1 and save it to the folder where the SCVMM library stores are located. I created a new folder called ISOs at the same level as VHDs and placed the ISO in that folder. Next start the SCVMM Administrative Console and go to the Library tab. Select the MSSCVMMLibrary node and click Refresh on the context-menu to add the ISOs to the library as shown here:

Step 3: Execute the PowerShell Script

Next, you can copy the contents of the PowerShell script below and save it to a file called AttachISO.PS1. I realize that I am not yet a PowerShell guru, so I am aware that several optimizations and error checks could be made to this script. Feel free to modify it for your own use. My goal was provide a working example to help with this issue. The PowerShell script below does the following:

  1. Sets the boot order to CD, PXE (Legacy NIC), IDE, Floppy
  2. Copies the ISO image from the library to the VM’s folder
  3. Creates a DVD drive object at the IDE bus 1:0 if no DVD drive is found
  4. Removes any existing ISO and sets the ISO image to the one specified on the command-line
  5. For larger environments, it lets you know how many VMs it has left to process
AttachISO PowerShell Script
# Purpose:      Attach ISO image from VMM Server Library to Guest Virtual Machine
# Date Written: 12 April 2010
# Author:       Paul Wilson (no implied or expressed warranties)
# Usage:        AttachISO [UNC Path to ISO in Library] [VM Name to Match Criteria]

# Check for the two required arguments and offer command-line assistance if not found

if ($args -eq $null -or $args.Count -lt 2)
{
   write-output "Usage: AttachISO.ps1 UNC_fileName_ISO_File VMNameMatches"
   write-output "Example: .\AttachISO.ps1 ""\\SCVMM\MSSCVMMLibrary\ISOs\pvbt.iso"" ""Desktop"" "
   exit 1
}

# Grab the arguments and store them for later use

$ISOPath = $args[0]
$VMNameMatches = $args[1]

# Get the name of the SCVMM server we are running this on.
# The VMM server could be passed as a parameter as well.

$VMMServer = Get-VMMServer -Computername "localhost"

# Get the ISO image reference object using the ISO path provided earlier.
# Using the full path guarantees the right object is found. 

$ISOImage = Get-ISO -VMMServer $VMMServer | where { $_.SharePath -eq "$ISOPath" }

if ($ISOImage -eq $null)
{
   write-output "Unable to find ISO: $ISOPath"
   exit 1
}

# Get the collection of VMs that match the name parameters supplied and output that information

$VMs = Get-VM | where { $_.Name -match "$VMNameMatches" }
if ($VMs -eq $null)
{
   write-output "No VMs match the pattern: $VMNameMatches"
   exit 1
}
else
{
   $LeftToGo = $VMs.Count
   if ($LeftToGo -eq $null)
   {
      $matchString = "Only one VM matched the pattern: {0}" -f $VMNameMatches
      $LeftToGo = 1
    }
    else
    {
      $matchString = "{0} VMs match the pattern: {1}" -f $VMs.Count, $VMNameMatches
    }
    write-output $matchString
}

# This loop goes through each VM found and does the following:
#   1. Sets the boot order to CD, PXE Nic, IDE, Floppy.
#   2. Gets the DVD/CD drive object.
#   3. The script will copy the ISO image from the library to the VM's folder.
#      The copy is part of the Set-VirtualDVDDrive and New-VirtualDVDDrive cmdlets.
#   4. Creates the DVD drive object if none found and sets it to the ISO.
#   5. Removes any existing ISO and sets the ISO image to the one specified.
#   6. Outputs the number of VMs remaining to process. Added for large deployments. 

foreach ($VM in $VMS)
{
   $LeftToGo = $LeftToGo - 1
   Set-VM -VM $VM -BootOrder CD,PXEBoot,IDEHardDrive,Floppy
   $current_dvd = get-VirtualDVDDrive -VM $VM

   if ($current_dvd -eq $null -or $current_dvd.count -eq 0)
   {
      $newDVD = New-VirtualDVDDrive -VM $VM -Bus 1 -LUN 0 -ISO $ISOImage
      $DVDResultMessage = "Created DVD Drive on {0}. {1} VMs left to go." -f $VM.Name, $LeftToGo
   }
   else
   {
      if ($current_dvd.Connection -ne "None")
      {
         set-VirtualDVDDrive -VirtualDVDDrive $current_dvd -noMedia
         set-VirtualDVDDrive -VirtualDVDDrive $current_dvd -ISO $ISOImage
         $DVDResultMessage = "Replaced existing media in DVD Drive on {0}. {1} VMs left to go." -f $VM.Name, $LeftToGo
       }
       else
       {
         set-VirtualDVDDrive -VirtualDVDDrive $current_dvd -ISO $ISOImage
         $DVDResultMessage = "Successfully attached ISO to the DVD Drive of {0}. {1} VMs left to go." -f $VM.Name, $LeftToGo
       }
    }
    write-output $DVDResultMessage
}

Technical Preview Citrix XenApp 6 for Windows Server 2008 R2

Posted on by

The Technology Preview of Citrix XenApp for Microsoft Windows Server 2008 R2 is now available for

Download here; http://www.citrix.com/English/ps2/products/feature.asp?contentID=1854441
(You will need a Citrix login)

New features :

More users, faster logons – Get up to 20% more users per server with XenApp on the R2 platform and faster logons with new Profile management streaming technology that improves user profile load times by up to 80%.

Seamless management integration – Role-based installation wizards, a new unified application management console, management through Active Directory group policies and support for PowerShell 2.0 help you deploy, configure and automate XenApp faster and easier than ever before.

More apps in HDX – HDX RealTime now delivers high quality audio using up to 90% less bandwidth and enables video conferencing using Microsoft Office Communicator or teleconferencing using VoIP softphones. New HDX Plug-n-Play support for Windows portable USB devices lets users connect more of the devices they need to the applications they use including point-of-sale, webcams, scanners, digital cameras and more.

Self-service application delivery – Citrix Dazzle, the first self-service “storefront” for the enterprise, gives corporate employees 24×7 access to the applications they need to work. Citrix Streaming technology with Windows service isolation and Microsoft App-V integration provide new options for delivering more applications to your users.

Complete mobility – New plug-ins as well as updated Receivers for Windows, iPhone, Android, and Windows Mobile keep business moving by enabling complete mobility and freedom to access enterprise applications from anywhere.

The Delivery Services Console provides a streamlined interface for performing a number of management functions. As with the Access Management Console in previous versions of XenApp, you can manage components administered through other Citrix products, such as Citrix Secure Access and Citrix Single Sign-On. For Citrix XenApp, you can set up and monitor servers, server farms, published resources, and sessions.

Streamlined design

The Delivery Services Console conforms to the console design standards in Windows Server 2008 R2. As with other Windows consoles, the Delivery Services Console includes:

  • a tree pane that provides an overview of the components in your XenApp farm.
  • a results pane that displays views of the items selected in the tree pane. For example, when you select Policies from the tree pane, the results pane displays tabs that show the computer and user policies and settings configured for the farm.
  • an Actions pane that contains all applicable tasks that can be performed on a particular item in the tree and results panes. For example, when you select the Servers folder, the Actions pane displays the tasks you can perform on the folder. When you select a server from the results pane, the Action pane displays the tasks you can perform on the server as well as the folder-level tasks.

Consolidated administration

In previous versions of Citrix XenApp, administering a farm meant using two consoles: the Access Management Console and the Advanced Configuration tool. Administrators had to know which console to use for certain tasks. In this Technical Preview, functions that were previously managed through the Advanced Configuration tool are now managed through the Delivery Services Console. Whether you need to publish applications or configure XenApp policies, you can perform farm administration tasks with one console.

Improved startup and discovery

In previous versions of XenApp, the management console started up slowly and required re-running discovery to display any changes made to the farm. In this Technical Preview, you can improve the console’s startup time by disabling Authenticode signature validation.

As you use the console to administer your XenApp farm, the display refreshes whenever you make a change to the farm or when you press F5. You do not need to re-run discovery to ensure the console display is up-to-date.

Farm Settings and Policies Management

In this Technical Preview, farm properties and XenApp policies are managed through Active Directory Group Policy. Active Directory simplifies XenApp farm management tasks because you can use the same tools you use already to manage your Windows environment. You can:

  • Use the Delivery Services Console to create and configure XenApp policies and run simulations of policy deployment scenarios. Alternatively, you can use the Group Policy Editor to create and configure policies and the Group Policy Management Console to run policy deployment simulations. You can also use the Group Policy Management Console to calculate the resulting set of policies for a specific user or farm server.
  • Use the Advanced Group Policy Manager, if available, to manage XenApp farm and policy settings, delegate administration, and manage changes to group policy objects.
  • Publish applications to server groups or organization units.
  • Provide access to published applications to anonymous users.
  • Delegate farm permissions to other Citrix administrators.
  • Enable zone preference and failover functionality for server groups and organization units, without creating zones.
  • Assign load evaluators to server groups or organization units.

Even though XenApp provides integration with Active Directory, organizations that use another directory service, such as Novell eDirectory, can take advantage of XenApp’s independent policy system and Active Directory SDK to integrate XenApp into their environment and support authenticated users.

Simplified installation

In previous versions of XenApp, the installation process often required pre-installation and post-installation tasks that took more time than the actual installation itself. In this Technical Preview, installing XenApp is much simpler. The XenApp Server Role Manager steps you through the deployment process by:

  • analyzing your computer and installing needed pre-requisites automatically
  • providing additional information about the roles in which XenApp components are grouped and their requirements
  • installing components according to the roles you select
  • providing a task list to help you keep track of your progress in configuring the roles you installed

HDX Enhancements

The XenApp Technical Preview includes several HDX technology enhancements:

  • Support for video conferencing with Office Communications Server 2007
  • New audio codecs and echo cancellation to enhance audio quality in XenApp sessions while reducing bandwidth
  • True multi-monitor support
  • Support for Microsoft Plug-n-Play device redirection so portable devices like MP3 players, digital cameras, and devices with Microsoft POS for .NET can be used in XenApp sessions

Application Streaming Enhancements

  • Service isolation enables you to install services in application profiles so that they run in isolation on user devices. Fully tested applications include Office 2010, Adobe applications, and the Firefox browser.
  • Profiled applications (especially those in Office 2010 and 2007) are no longer packaged in .CAB files. Instead, you can locate the application files in directory subfolders for the application.

Single Sign-On Enhancements

This Technical Preview includes several enhancements to Single sign-on, including:

  • Enhanced Web application definition creation and management functionality
  • Sendkeys functionality for Web, matching existing availability for Windows

For a complete list of enhancements, see http://support.citrix.com/proddocs/topic/xenapp6-w2k8-tp/pm-welcome-features-new-v48.html.

Profile Management Enhancements

The XenApp Technical Preview includes the following enhancements to profile management:

  • Citrix streamed user profiles enable files and folders on the local computer to be synchronized only when they are needed, which speeds up logon and logoff. (Registry entries are cached immediately.)
  • Profiles are synchronized locally after logon as a background system task, without any feedback to users.
  • With active profile write back, files and folders (but not Registry entries) that are modified can be synchronized to the user store in the middle of a session, before logoff.
  • Administrators can now set the computers and groups to be monitored using the Diagnostic Facility in the Daily Management Console. They no longer have to configure logging in the ADM template and force a group policy update (that they may not have permissions for). In addition, new event log messages display the full path to the user store for each user logon.
  • Profile management checks for more errors during installation and, if they are encountered, writes messages to the event log. A new command-line switch installs Profile management without the .ini files that were previously used for configuration.

Citrix Workflow Studio 2.0

Posted on by

I’m pleased to announce that Workflow Studio 2.0 is now available:

Download Workflow Studio 2.0 (MyCitrix login required)

This release has a number of great new features and is a seamless upgrade from version 1.x. Here are some of the key new features:

  • Native XenApp activity libraries (and many other additional activities)
  • Remote runtimes
  • Simplified management interface
  • Enhanced security features
  • Simplified installation and configuration
  • Improved SDK
  • Simplified workflow Designer
  • Globalization support

I will post some more blogs over the next few days with more details on the above features and will also be updating the CDN site with many new articles, so subscribe to the Workflow Studio blog and head over to the Workflow Studio CDN site and subscribe for updates on CDN as well.

Feel free to leave feedback in comments or email me directly.

Workflow Studio will be included with XenApp Feature Pack 2

Learn more about Citrix XenApp 5 Feature Pack 2

Should Citrix allow standalone ICA connections to desktops without a broker?

Posted on by

by Brian Madden

Last week, Citrix’s Chris Fleck started a conversation over at the Citrix blog site where he asked whether there’s value in Citrix enabling ICA connections (with full HDX capabilities) to desktop OSes directly instead of forcing users to connect through the XenDesktop connection broker. Specifically, Chris wrote:

We have been discussing ways to make HDX more pervasive and useful to IT pros and users. HDX has significant benefits and we want the broader industry to try it out and get a taste of XenDesktop.

This is potentially a huge deal, so I’d like to bring this conversation to the BrianMadden.com audience since not everyone is probably aware of Chris’s post.

So let’s dig into it. First of all:

What is a standalone connection?

Simply put, a standalone connection means that Citrix would provide a standalone MSI package that could be installed onto Windows XP / Vista / Win7 desktops that would let ICA clients establish connections directly to the host desktop directly via the computer name or IP address. From a technical standpoint this would have nothing to do with XenDesktop. It’s just an ICA/HDX connection to a desktop instead of a terminal server.

If you haven’t used Citrix’s XenDesktop product, you might be surprised to learn that this capability actually isn’t possible today! Current versions of XenDesktop require that users first connect to a Citrix Web Interface / desktop broker to be routed to the desktop (physical/virtual/blade) where their ICA/HDX connection is established. So even if you downloaded the Citrix Virtual Desktop Agent (VDA) software and installed it onto a regular desktop, the agent only starts listening for incoming ICA connections after it’s been contacted by the central connection broker, so attempting a connection to 1494 or 2598 to a desktop with the VDA installed but without XenDesktop will just run you into a closed port.

Interestingly, Citrix XenApp has always allowed standalone connections (although in recent versions they’re disabled by default). So this capability would not be new to Citrix, just new to desktops.

Why would anyone want a standalone connection?

There are a lot of reasons that people might want to connect via ICA/HDX to a desktop outside of a proper XenDesktop environment. (And by the way, Citrix is interested in knowing your reasons, so feel free to leave a comment here or vote in the poll embedded in Chris’s original post on Citrix.com. Possible use cases include:

  • Creating simple proofs-of-concept. (Show users the concept and experience of connecting to their own images via ICA/HDX without having to go through all the trouble of setting up XenDesktop.)
  • Smaller or simpler VDI deployments where all users would be using private (a.k.a. “one-to-one” or “persistent”) images.
  • Using VDI where you don’t trust the HA capabilities of the connection broker, or where you don’t want to add the complexity of a broker.
  • Using VDI where you want to use another VDI framework (VMware View, Microsoft VDI Suite, etc.) but you still want ICA/HDX
  • As a method for users to connect to their own corporate desktops. (Kind of like a private in-house GoToMyPC.)
  • Cloud-based desktops where you want ICA/HDX.
  • Dev / testing of remote desktop VMs where you just want full ICA/HDX instead of just RDP.
  • Troubleshooting XenDesktop. e.g. if a user can’t connect to his or her desktop, you could try connecting directly via ICA/HDX to verify that the core components are online, working, and not being blocked by a firewall or policy or something. (Thanks to Shawn Bass for that suggestion.)
  • An easy way to configure multiple “tiers” of users. e.g. Let high value users get their own dedicated machines while the riff-raff share overloaded VMs. (Thanks to App Detective for that suggestion.)

How would Citrix release this standalone ICA connections?

Assuming that Citrix believes this is a good capability to have, how do you think they’ll release it?

  • Will it be built into the XenDesktop product? So when you buy XenDesktop, you also get the capability to connect via ICA/HDX directly to desktops?
  • Will it be released as a standalone product, like for $50 per user you can buy an ICA/HDX standalone license.

My gut reaction would be that Citrix would make this a option for XenDesktop customers. Then again, Chris’s blog post talks about wanting to expose people to the benefits of ICA/HDX, so maybe that’s a hint that they’re thinking about this as a standalone release? On the one hand, that might hurt their XenDesktop sales. But on the other, they’ve always been saying that XenDesktop is more than ICA, so why not make this a standalone capability?

That said, the cheapest XenDesktop is only $75 per concurrent user. (Not counting the free 10-user Express Edition.) Heck, if Citrix added standalone ICA to the $75 edition of XenDesktop, I’ll bet people who are using other VDI products would buy that edition just for ICA and not even use the rest! (Which I think would be fine, right? I mean there’s no reason for Citrix to limit this standalone ICA thing to Platinum or Enterprise editions, is there?

How likely is this to happen?

So now that we’ve looked into all the details of this ICA/HDX standalone capability, how likely is this to happen? (Because Chris’s blog post makes it clear that they’re just thinking about this—they’re not committed to anything.)

My personal feeling is that this is fairly likely. In addition to all the reasons listed above, Citrix already has a marketing-friendly name picked out: HDX Connect. If this was just some project they were toying around with, it’d have a codename like “Project Flecktacular.”

And from a complexity standpoint, I can’t imagine that there’s too many code changes that need to happen to convert the existing VDA software agent into a standalone non-XenDesktop-requiring mode. Really it just depends on how they decide to license it. (And on that note, how cool would it be if Citrix just made this available for free, or super cheap, like $10 a user. Then everyone would use it. Microsoft would love it. And VMware would be caught in their own “we’re protocol agnostic” shtick and be forced to support it, which would make their blood boil since every View project on the planet would be enabled by Citrix. And Citrix would just sit back and look cool, knowing they were the reason that VDI was so popular.

XenApp 4.5 / 5 Hotfix Rollup pack 4

Posted on by

Citrix has released Hotfix Rollup pack 4 for XenApp 4.5 and XenApp 5.0.

You can download your version here:

32 Bit version: CTX119069
64 Bit version: CTX119075

License Server 11.6.1:  https://www.citrix.com/English/ss/downloads/details.asp?downloadId=1681211&productId=186

The version information of the License Server can be found in the version information of  "C:\Program Files\Citrix\Licensing\LS\CITRIX.exe"

Read the CTX documents mentioned above,  so you’re ready to install this hotfix rollup pack. If you’re doing an unattended installation of the rollup pack, please be sure you use the /qb- switch. When you use the /qb switch, setup fails to complete.

Continue reading

Pushing the Limits of Windows: Paged and Nonpaged Pool

Posted on by

In previous Pushing the Limits posts, I described the two most basic system resources, physical memory and virtual memory . This time I’m going to describe two fundamental kernel resources, paged pool and nonpaged pool, that are based on those, and that are directly responsible for many other system resource limits including the maximum number of processes, synchronization objects, and handles.

Paged and nonpaged pools serve as the memory resources that the operating system and device drivers use to store their data structures. The pool manager operates in kernel mode, using regions of the system’s virtual address space (described in the Pushing the Limits post on virtual memory) for the memory it sub-allocates. The kernel’s pool manager operates similarly to the C-runtime and Windows heap managers that execute within user-mode processes.  Because the minimum virtual memory allocation size is a multiple of the system page size (4KB on x86 and x64), these subsidiary memory managers carve up larger allocations into smaller ones so that memory isn’t wasted.

For example, if an application wants a 512-byte buffer to store some data, a heap manager takes one of the regions it has allocated and notes that the first 512-bytes are in use, returning a pointer to that memory and putting the remaining memory on a list it uses to track free heap regions. The heap manager satisfies subsequent allocations using memory from the free region, which begins just past the 512-byte region that is allocated.

Nonpaged Pool

The kernel and device drivers use nonpaged pool to store data that might be accessed when the system can’t handle page faults. The kernel enters such a state when it executes interrupt service routines (ISRs) and deferred procedure calls (DPCs), which are functions related to hardware interrupts. Page faults are also illegal when the kernel or a device driver acquires a spin lock, which, because they are the only type of lock that can be used within ISRs and DPCs, must be used to protect data structures that are accessed from within ISRs or DPCs and either other ISRs or DPCs or code executing on kernel threads. Failure by a driver to honor these rules results in the most common crash code, IRQL_NOT_LESS_OR_EQUAL .

Nonpaged pool is therefore always kept present in physical memory and nonpaged pool virtual memory is assigned physical memory. Common system data structures stored in nonpaged pool include the kernel and objects that represent processes and threads, synchronization objects like mutexes, semaphores and events, references to files, which are represented as file objects, and I/O request packets (IRPs), which represent I/O operations.

Paged Pool

Paged pool, on the other hand, gets its name from the fact that Windows can write the data it stores to the paging file, allowing the physical memory it occupies to be repurposed. Just as for user-mode virtual memory, when a driver or the system references paged pool memory that’s in the paging file, an operation called a page fault occurs, and the memory manager reads the data back into physical memory. The largest consumer of paged pool, at least on Windows Vista and later, is typically the Registry, since references to registry keys and other registry data structures are stored in paged pool. The data structures that represent memory mapped files, called sections internally, are also stored in paged pool.

Device drivers use the ExAllocatePoolWithTag API to allocate nonpaged and paged pool, specifying the type of pool desired as one of the parameters. Another parameter is a 4-byte Tag , which drivers are supposed to use to uniquely identify the memory they allocate, and that can be a useful key for tracking down drivers that leak pool, as I’ll show later.

Continue reading