Hacking on ThinPro: Sneaky Workarounds

This is a continuation of Preventing User Interruptions in which I demonstrated a loop that checks for active Citrix connections. Now that I have that in place, I need to figure out a way to remotely disable and re-enable Imprivata on target devices. Doing it from the ThinPro GUI is easy (it's a checkbox), but doing it remotely is slightly more difficult.

There is a root/Imprivata/enableImprivata registry setting that will mostly do what I want; it just doesn't take effect immediately. I could probably get away with a reboot, but I want this to complete in a matter of seconds, not minutes. Less downtime, more better.

I SSH'd to a test unit and saw that /usr/bin/hptc-logoff -noask ran every time I toggled Imprivata on and off. Now, I usually dig into HP scripts a little more, but this one seemed pretty self-explanatory, and I didn't want to spend too much time on this, so I didn't bother. If you have a ThinPro computer and test it yourself, you'll see that the -noask switch just prevents an "are you sure?" dialog box from popping up.

So, with my handy new HP logoff script in hand, I added it and my registry edits to the previous script.

# Process ID of Citrix Workspace session
wfica_session_pid=$(ps -eo pid,cmd | grep -v grep | sed 's/^\ *//' | grep wfica.bin | cut -d " " -f 1)

# Watch for active Citrix connections
while [[ -n $wfica_session_pid ]] # <-- Testing for non-empty variable
do
  echo "Citrix session is active with PID $wfica_session_pid"
  sleep 5
  wfica_session_pid=$(ps -eo pid,cmd | grep -v grep | sed 's/^\ *//' | grep wfica.bin | cut -d " " -f 1)
  if  [[ -z $wfica_session_pid ]] # <-- Testing for empty variable
  then
    echo "No Citrix sessions are active right now"
    break
  fi
done

# Disable Impirvata agent in registry
mclient set root/Imprivata/enableImprivata 0
mclient commit root/Imprivata/enableImprivata

# Sleep for a bit
sleep 5

# Logoff local ThinPro user session without asking nicely
/usr/bin/hptc-logoff -noask

# Sleep for a bit longer to let the local ThinPro user log back in
sleep 15

# Re-enable Imprivata agent
mclient set root/Imprivata/enableImprivata 1
mclient commit root/Imprivata/enableImprivata

# Logoff local ThinPro user session again
/usr/bin/hptc-logoff -noask

And that's it.

Thanks for reading!

CCNA Prep: Applying ACLs in the Right Direction

CCNA Prep: Proxy ARP

CCNA Prep: Misinformation in Boson NetSim Labs

CCNA Prep: Setting Up Cisco Modeling Labs on Proxmox

Hacking on ThinPro: Enabling SSH

Hacking on ThinPro: Preventing User Interruptions

Hacking on ThinPro: Sneaky Workarounds

Hacking on ThinPro: Extension Properties

Hacking on ThinPro: Fixing EAP-TLS

Learning PowerShell: A Bash Fan's Experience

Learning PowerShell: Using PSComputerName

Learning PowerShell: Removing Unknown Profiles

Learning PowerShell: Finding Users in Folder Permissions

Learning PowerShell: Logging Pings

Hacky Nonsense: Bookstack Load Balancer

Hacking on ThinPro: Sneaky Workarounds