Client Setup: Windows - indiana-university/kumo GitHub Wiki
Installation
Client Configuration
OS Configuration
Citrix Configuration
- Windows 7+ or Windows Server 2008+, joined to your domain
- .Net 4.5 Framework
-
NOSTARTUP: The installer will by default create a Kumo Client startup item for all users of the system. Use this flag to prevent the creation of the startup item. If you use this flag, we've documented some strategies to launch the Kumo Client when a user session starts.
In addition to the client executable, a virtual file system driver will be installed.
The Kumo Client executable has a settings file that can be customized to fit your environment. This file is located at C:\Program Files (x86)\Indiana University\Kumo\Client\Client.exe.config. The available customizations are listed here.
Default value: ijklmnopqrstuvwxyz
Specify the unreserved drive letters for your environment. The client will select from this list and exclude any drives letters that are currently in use.
Default value: true
The client caches data in a per-user temp folder (nominally c:\Users<USER>\AppData\Local\Temp). When closing, the client can optionally attempt to clean up this temporary data.
Default value: true
Excel timestamps files in such a way that it can erroneously detect 'phantom edits' for files stored on network drives. This manifests as a jarring message to the user that someone else may have made changes to their file, even when no one else is working on it. The cloud-facing drives are seen as network drives by Windows and are subject to this behavior. This option applies a registry key to HKCU that resolves this behavior in most cases. More info.
Default value: 10 (minutes)
Some applications, notably Microsoft Access, save data in such a way as to not immediately trigger a file upload. Those applications frequently flush data to disk, and we can interpret that as a signal to autosave a user's work. This setting modifies the minimum delay, in minutes, between autosaves. Set the interval to '0' in order to disable autosaving. Please note that setting this interval too low can degrade the user experience.
Default value: true
If the user does not have a Kumo profile, prompt them to create one. If they accept (by clicking Setup) they will be taken to the Kumo portal. The user can also dismiss the prompt (by clicking Not now) and optionally elect to not be prompted in the future (see 'allowIgnoreProfilePrompt' setting below.)
Default value: Would you like to configure secure access to your cloud and local files?
The message to show users when prompting them to create a profile.
Default value: true
Allow users to choose to never again be prompted to create a storage profile again.
By default a Kumo Client startup item will be created for all users. If you elected to install the Kumo Client with the NOSTARTUP flag, or startup items are disabled in your environment, you will need to do some extra work to ensure that the Kumo Client launches when the user's logs in. Two strategies are documented here based on whether your environment has UAC enabled.
Open or create a login script and add the following script to the end of it. This command launches the Kumo client and leaves it running in the background.
start "" "c:\Program Files (x86)\Indiana University\Cloud Storage\Client\client.exe"
UAC poses challenges when mapping a drive due to the fact Windows will in certain circumstances perform this operation with an elevated privilege token. In this case the drive will be mapped but not visible to the user. We’ve engineered the following solution to launch the client with the correct token:
First, create a cmd script to run the following command. You can store this script anywhere on the host machine. In this example we’ll save the script to c:\login.cmd.
start "" "c:\Program Files (x86)\Indiana University\Cloud Storage\Client\client.exe"
Next, create a scheduled task to run that script at user login. This task can be imported from the XML shown in Figure 1. A few notes:
- Line 5: change the Author to a user in your domain
- Line 9: change the Command path to reference to location of the script in step 1.
- Line 14: change the GroupId to ‘\Domain Users’ in order for the script from step 1 to be executed as the logged-in user.
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2012-08-14T14:42:47.4641918</Date>
<Author>IU-CV-XAIDMPTST\Administrator</Author>
</RegistrationInfo>
<Actions Context="Author">
<Exec>
<Command>C:\login.cmd</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<GroupId>ADS\Domain Users</GroupId>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
<Triggers>
<LogonTrigger>
<Enabled>true</Enabled>
</LogonTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>P3D</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
</Task>
Windows Explorer may hide the virtual drives that are created by the Kumo client. This can be prevented by creating the following registry setting:
Registry location: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Registry setting: create a new DWORD with the name SeparateProcess and a value of 1.
WebDAV is an extension to HTTP that facilitates document management via mapped network drives. It is a common alternative to CIFS-based file shares and is prominently used by SharePoint. Windows provides a built-in WebDAV client which is managed by the WebClient service. However, Windows also has some default settings in place that can make managing WebDAV-based files a bit frustrating. The following GPO and Registry settings are intended to improve that experience.
This improves Windows Explorer performance when browsing WebDAV-based drives.
GPO location: User Configuration \ Windows Settings \ Internet Explorer Maintenance \ Connection/Automatic Browser Configuration \ Automatically detect configuration settings
GPO setting: Disabled
Windows may overwrite the settings change made by the Disable IE proxy auto-detection GPO above. A registry setting can prevent this.
Registry location: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
Registry setting: create a new DWORD with a value of 1.
By default, the WebClient service does not support integrated authentication for servers that are mapped with a fully-qualified domain name (FQDN). Since campus WebDAV servers are typically mapped with a FQDN, this will cause connectivity problems.
Registry location: HKLM\SYSTEM\CurrentControlSet\services\WebClient\Parameters
Registry setting:
- Add a new multi-string value named AuthForwardServerList. Double-click the value to modify it.
- Under Value data, add a wildcard entry for each domain in your institution; one per line. For example, for Indiana University this would be:
- *.iu.edu
- *.indiana.edu
- *.iupui.edu
By default Microsoft Office applications will prompt the user for credentials when loading documents from a WebDAV. This can be suppressed by adding your campus domains to Windows’ Trusted Sites list.
GPO location: Computer Configuration \ Administrative Templates \ Windows Components \ Internet Explorer\Internet Control Panel \ Security Page \ Site to Zone Assignment List.
GPO setting:
- Enable Site to Zone Assignment
- Add https://*. with a value of 2. Do this for every institutional domain your users will need to access.
The WebClient service is sometimes prone to erratic behavior. Microsoft has issued a hotfix to address this behavior.
If you are publishing virtual applications or desktops with Citrix XenApp/XenDesktop you may run into an issue in which the Kumo client and/or other applications can remaining running and keep a session open after a user disconnects. For guidance on that please review CTX891671 in the Citrix KB.