Posts

I’m here in Nashville for IGEL Disrupt over the next few days and I’m looking forward to a number of sessions. While the main event starts on the Tuesday (28th) the first day (Monday 27th) has a couple of sessions on.

FSLogix Profile Container has plenty of advantages in a virtual desktop environment that show a measurable improvements to end-user experience. It’s important to understand what a container approach to roaming a user profile is as you consider adoption of Profile Container, now that you own the license.

On the modern Windows 10 desktop with Office 365 and Azure AD Premium, application preferences are roamed by two components - the Office 2013+ desktop applications roam settings when used with Office 365 and when enabled, Enterprise State Roaming synchronises specific settings.

Here’s a new tool that I’ve pushed to the PowerShell Gallery - ConvertTo-RedirectionsXml for generating a Redirections.Xml for use with Profile Container. This makes the task of generating a new Redirections.xml as simple as running two PowerShell commands:

A container approach to profiles in your virtual desktop environment means you’re going to deal with additional storage requirements that you likely haven’t had previously. Profile containers have gone mainstream with the Microsoft acquisition of FSLogix, making Profile Container and Office 365 Container available to practically everyone.

With a hosting renewal pending I thought it past time to migrate to a new platform for stealthpuppy.com. While I’ve found WordPress to be OK with plenty of support for extensibility through plug-ins, I’m not keen on paying for a blogging platform that I don’t actively make an income from, nor do I want to deal with the hassle of a multi-tier platform using MySQL, PHP and WordPress itself.

Confession time - I’ve had a GitHub account since 2014 and haven’t signed a single commit. I’ve read various tweets and articles about signing your commits, but never committed (git it? … see what I did there…) to setting up a signature until recently.

The promise of a modern management approach to deployment and management of Windows 10 is that you no longer create and manage a custom SOE image. User experience is still important though and a large part of that experience in an enterprise environment, is the default Start menu.

Microsoft Intune provides management of Window 10 Update Rings to enable Windows as a Service, via the Software Updates feature. This enrols a Windows PC into Windows Update for Business to manage feature and quality updates the device receives and how quickly it updates to a new release. As you scale the number of devices managed by Microsoft Intune, the need to manage the software update or deployment rings is key to adopting Windows 10 successfully. Being able to do so dynamically and empowering end-users by involving them in the process sounds like an idea that’s just crazy enough to work. This article details an approach to achieve dynamic software update rings.

I recently presented a session titled ‘Modern Management Methodology Imaginarium’ at the xenappblog.com Virtual Expo September 2018 event. In this session, I discussed my thoughts and approach to modern management, primarily for Windows 10. The session provided a bit of background, some definitions for what makes up the modern desktop and a high-level approach to implementing it.

In a modern management scenario, enabling end-points to perform automatic maintenance tasks will reduce TCO by avoiding scenarios that might result in support calls. Storage Sense in Windows 10 is a great way to manage free disk space on PCs by clearing caches, temporary files, old downloads, Windows Update cleanup, previous Windows Versions, and more, but it it’s not fully enabled by default. Storage Sense can potentially remove gigabytes of data, freeing up valuable space on smaller drives.

Citrix Workspace app is here to replace Citrix Receiver with a new UI and capabilities (primarily for Citrix Cloud customers). Here’s how to deploy it across various supported platforms in a modern management capacity with Microsoft Intune.

Thunderbolt 3 (and USB-C) are here to provide a single cable for everything, although your experience with this technology will differ depending on your choice of operating system. Here’s a quick look at the end-user experience of TB on macOS and Windows.

Thunderbolt 3 and USB-C have arrived to make our life easier and more confusing all at the same time. The promise of a single cable that does everything is appealing but for the average consumer, knowing what to purchase is challenging. This article is a view into my research into Thunderbolt, USB-C and 4K monitors and what I’ve ultimately purchased.

In the previous article we saw how to customise the Adobe Reader DC installation and deploy it via Microsoft Intune. Now that it’s installed on Windows 10 end-points let’s look at how updates work.

Adobe Reader is of course one of the most common applications on Windows desktops and if you’re moving to a Modern Management approach you’re likely looking at how to deploy Adobe Reader DC to Windows 10 via Microsoft Intune.

Note: for a more up to date version of the content in this article, VcRedist now has documentation available here: https://docs.stealthpuppy.com/docs/vcredist

I’ve previously written about deploying Citrix Receiver to Windows 10 via Intune with PowerShell. In that article, I included a script that will detect an installed version of Receiver and update to the latest version if it is out of date. To start with, I’ve hard-coded the current Receiver for Windows version into the script; however, that’s not necessarily the best approach, because it will require updating whenever a new version is released.

If you’re deploying Windows 10 with Modern Management (Azure AD joined, MDM managed), you’ll likely have wondered about data protection - if users aren’t intentionally saving documents to their OneDrive folder, that data is likely, not synchronised and therefore not protected against data loss.

If you’ve deployed Windows 10 Modern Management you’ll know that some applications present a challenge for deployment, because Windows 10 MDM supports the Win32 applications via a single MSI file only. Applications such as Citrix Receiver, that are a single EXE (that wraps multiple MSI files), can, therefore, be challenging. You can create a custom wrapper to deploy Receiver, but this requires a packaging tool and some specific knowledge on how to package applications.

Ivanti Application Control (previously AppSense Application Manager) is an application whitelisting and privilege management solution; however, I think you’re likely aware of that since you’re reading this article. Application Control has a number of customisable message boxes that are displayed to the end-user for Windows application whitelisting or privilege elevation scenarios. In this article, I’ll discuss improving the end-user experience with some visual flair and text.

We’ve been busy planning our next CUGC meet-up for 2017, which will be on the 24th of October at the Telstra Conference Center at 242 Exhibition St. To attend the meet-up, ensure you’ve signed up at the MyCUGC.org site: Melbourne Citrix User Group Local Meeting

Great news! Microsoft has enabled a number of available conditions and custom controls in Azure AD for use in Conditional Access making these policies even more useful. This includes a simple method to control access to Citrix NetScaler by country of origin.

Microsoft released a beta version of the Intune Company Portal for macOS just last month; however, it’s since been pulled from the Download Center. This app had been made available along with the announcement of Conditional Access supporting macOS in preview.

Understanding what Windows Defender Advanced Threat Protection (ATP) actually is had eluded me for a while - it’s not included in something like EMS, it’s not available with a Visual Studio Enterprise subscription and you’ll need to request an evaluation from Microsoft (and hope it’s approved) to test it out. Windows Defender ATP is licensed as a component of the Windows 10 Enterprise E5 or the Secure Productive Enterprise (soon to be Microsoft 365) E5 subscriptions.

Deploying a jump box into a cloud environment such as Azure or AWS, is a common way of providing access into said environment through a single entry point. Often access to the jump box will be restricted by source IP, but that approach isn’t completely secure for many reasons - admins don’t update the rules, source IP doesn’t identify the user etc.

Intune has simplified the process for deploying Office 365 ProPlus to Windows 10 PCs with a wizard driven process that will get you deploying the Office suite in less that 5 minutes. I’m not exaggerating either - the process is so simple, it will take you longer to make a cup of coffee.

A couple of months back, I sent an email to the Microsoft MVP mailing list to see if anyone knew of a JSON feed of Windows 10 updates from Microsoft. I’d found a way to grab the latest Firefox version via PowerShell and was hoping to do something similar for Windows 10. Keith Garner responded with something even better - a working script that pulls from a JSON resource on the Windows 10 and Windows Server 2016 Update History page, to return the most recent cumulative update.

Enabling Azure AD and Office 365 features including multi-factor authentication and Conditional Access will impact your users because they’ll need utilise App Passwords (one time passwords used for authentication with legacy applications). Unfortunately this will only serve to confuse users and result in calls to your service desk. Modern authentication is, of course, the way to improve user experience but it’s not enabled by default.

I recently posted an article on a script I’ve written for downloading and installing the Microsoft Visual C++ Redistributables. Thanks to Cornelius Schuchardt, the script now supports creating applications for each redistributable in Configuration Manager (ConfigMgr).

In updating my MDT deployment shares recently, I got tired of having to do something about the Visual C++ Redistributable installers and finally decided to do something about it, so I’ve written a script that will download the installers and optionally install them - Install-VisualCRedistributables.ps1.

Every so often a few of your favourite technologies intersect to create something magical and your passion for IT is renewed. That happened for me this week when configured Citrix NetScaler to authenticate to Azure Active Directory via SAML and enforce access to XenApp via Azure Multi-factor Authentication and Azure AD Conditional Access policies. The possibilities for securing remote access and the improved user experience that this configuration provides is so damn cool, everyone should know about it.

I was recently testing out the setup of single sign-on (SSO) and user provisioning with Azure Active Directory and Salesforce via the Azure Resource Manager portal and came across a couple of minor hiccups that I wanted to share. With Salesforce being as popular as it is, it’s a great target for enabling SSO in any organisation and improving the user experience.

I am excited about the opportunities that managing Windows 10 devices with Azure AD Join and MDM (i.e. modern management) provides for both users and admins. In this article, I’ll cover deploying and managing modern applications (Universal apps) on a modern platform with a modern device management solution - Microsoft Intune standalone for managing Universal apps.

While the Universal app platform on Windows 10 isn’t going to replace legacy Win32 apps for some time, the potential of this platform to improve the way IT approaches application lifecycle management is high. Apps can be deployed, updated and removed without packaging or having to worry about application conflicts. It’s encouraging to see a number of useful enterprise applications available - the future is mobile apps, even on the desktop, so every enterprise should be looking at the Windows Store for Business.

In a previous article, I wrote about the differences between managing Windows 10 PCs with the Intune Client vs. the Windows 10 MDM channel. Two key monitoring pieces that you lose with going to MDM instead of the Intune Client is the ability to report on Windows updates and Endpoint Protection (Windows Defender) status.

It’s been a long time coming and the time is nearly here for the inaugural meeting of the Melbourne Citrix User Group. On the 6th of December 2016, we’ll be really proud to kick off an independent Citrix User Group at the Golden Gate Hotel, South Melbourne.

To understand sizing Machine Creation Services on Hyper-V, we should first look at how XenDesktop creates virtual machines across the various deployment choices. XenDesktop 7.9 and 7.11 have introduced new features to MCS that will require additional consideration for storage requirements over previous versions.

How much storage capacity do you need for Citrix Machine Creation Services? If you’re designing a XenApp or XenDesktop environment, one question you’re going to ask is “how much storage do we need?”. Let’s dig into the fundamentals of Machine Creation Services and have a look at how much capacity you’ll need to provision.

Automating the installation of the Citrix ShareFile Drive Mapper requires deploying a code signing certificate to target machines before setup will complete. If you’ve installed the Drive Mapper client, you will have seen the following dialog box during setup:

I recently wrote a couple of articles on setting up and Root Certification Authority and a Subordinate Certification Authority as a basic cheat sheet for setting up and Enterprise PKI. One configuration item that is less well understood and often the cause of major headaches with certificate authorities, is the Certificate Revocation List (CRL). An Offline CRL can bring down your PKI and other services that rely on it.

In the last article, I documented the steps for deploying an offline Root Certificate Authority on Windows Server 2012 R2. This article will continue the process and show how to install and configure a Subordinate Certificate Authority that will be used to issue certificates to users and devices.

Setting up an Enterprise Root Certificate Authority isn’t a task that you’ll complete on a regular basis and something I think I’ve done twice, maybe 3 times, ever. Each time I forget what I did previously and you can guarantee I’m using a different version of Windows Server each time. Please note as you read these article and the next, that whilst I have an interest in PKI, I don’t consider myself an expert. Deploying a PKI is not a simple task, so read up carefully if you’ve not done this before.

Microsoft Intune has multiple methods for managing Windows 10 - you can choose to deploy a client or use the mobile device management capabilities built into the operating system. However, guidance from Microsoft on the comparing the capabilities of each, especially from a policy perspective, is currently unclear.

Chicken Little seems to be working overtime when it comes to the Windows Store in Windows 10. I’ve read and heard many different thoughts and approaches to the Store in Windows 10, but I believe that the Store and Universal apps should be embraced. It would; however, be nice to have more control over user interaction with the Store and in-box Univeral apps.

I had the pleasure recently to present a session at Citrix Synergy 2016 in Las Vegas with Helge Klein (of uberAgent and UPM fame) on enterprise desktop performance in a session titled: SYN239: UX and the enterprise desktop: like oil and water?. We’ve previously presented on performance related topics with folder redirection, and this year we wanted to take a wider look at performance on an enterprise desktop and how user experience is affected.

Citrix recently made the ShareFile Drive Mapper tool available for mapping a drive letter into your ShareFile data available on Windows clients. This is an interesting approach to providing access to ShareFile data which changes the data access approach from sync to on-demand.

Windows has supported TLS for server authentication with RDP going back to Windows Server 2003 SP1. When connecting to a Windows PC, unless certificates have been configured, the remote PC presents a self-signed certificate, which results in a warning prompt from the Remote Desktop client. An environment with an enterprise certificate authority can enable certificate autoenrollment to enable trusted certificates on the RDP listener, thus removing the prompt. To get OS X clients to accept the certificate takes a little extra configuration not required on Windows clients.

Enabling the App-V client and UE-V client in Windows 10 Enterprise Build 14316 via PowerShell and viewing the behaviour of filter drivers for each client.

I’ve recently added a new PC to my home lab - the Intel NUC6i5SYB, to replace a Lenovo laptop that I’ve been using to host VMs on Hyper-V. In this article, I’ll cover an overview of the NUC, how I’ve configured this device and some details on performance.

I use several physical PCs and virtual machines. I use OS X and Windows. I (sometimes) write PowerShell scripts to perform various tasks.

With an App Store now on the Apple TV, is the latest Apple TV 4 the ultimate media centre? I think it comes pretty darn close and here’s why.

Now that we’ve covered the main questions in the survey - which hypervisors are in use, the VDI solutions are run on those hypervisors, how master images are built, the automation solutions used to build images and the solutions used to deliver images to SBC and VDI environments, we’ll take a short look at how often master images are updated.

In the previous article, we covered which automation solutions are in use to create (and manage) master images. In this article we’ll cover what tools or technologies are used to deliver an image to an end-point (that being a virtual machine or a physical device).

Thamim Karim has worked across the globe assisting customers with their user experience and application deployment strategies offering both consultancy and training services. He also has made many speaker appearances at conferences including TechEd, App-V User Groups and Microsoft Ignite.

Previously we’ve looked at which hypervisors are in use and the virtual desktop solutions deployed on those hypervisors, so now we’ll take a look at how organisations are building their master images.

Digging further into the details of the data we’ve gathered from our OS Automation survey, let’s take a look at the virtual desktop platforms in use by those who responded. I’ll largely present this as is and leave any further analysis for later articles.

Some older applications (and perhaps even some newer applications) will prompt for elevation on Windows via User Account Control (UAC) - this might be a valid request for elevation, but in the case of many older applications it’s because they expect to run with administrative rights.

We had an amazing response to our OS automation deployment survey with well over 700 respondents. In this series of articles to be posted here and on xenappblog.com, we’ll cover and analyse the results.

Here’s is a list of articles and resources for delivering the currently supported versions of Microsoft Office with App-V 5.

Kevin Kaminski, a long time App-V MVP based in Calgary, Canada. He’s a long time presenter at events such as BriForum and MMS. As well as consulting on application delivery, he provides training services for App-V and application packaging._

Here’s a review of my experiences with the Microsoft Surface 3 and some thoughts on the hardware and running Windows 10 on the device.

Operating system support for App-V is ultimately determined by the Microsoft Product Support Lifecycle. You can search the Product Support Lifecycle page for “Application Virtualization” to return the product lifecycle for all versions of App-V. This FAQ covers the most recent version of App-V: 5.1.

We’re into the closing days of the OS Deployment Automation Survey over at xenappblog.com and we need you to help make this a success. So far we’ve had a great response with over 600 people taking part, but with a week still left there’s still plenty of time to get involved.

This is a multi-part article detailing our testing results and presentations for the 2015 series on Folder Redirection:

This is a multi-part article detailing our testing results and presentations for the 2015 series on Folder Redirection:

This is a multi-part article detailing our testing results and presentations for the 2015 series on Folder Redirection:

Microsoft Application Virtualization (App-V) can be downloaded in a number of locations; however you will first require access to these locations which are typically via a paid subscription or because you have paid for licenses.

This article is part of the Microsoft Application Virtualization 5 FAQ series. Last update: September 1st, 2015

This article is part of the Microsoft Application Virtualization 5 FAQ series.

Citrix have made available the recording of our session at Synergy 2015 in Orlando - I’ve Got 99 Problems and Folder Redirection is Every One of Them. This is a standard 45-minute, level 400 session. Shawn and I will be repeating this as a 75-minute session at BriForum Denver with additional content and testing scenarios.

Helge, Shawn and myself had a great session this week at Citrix Synergy with our session SYN502: I’ve got 99 problems, and folder redirection is every one of them.

Citrix Synergy 2015 is just next week, so for me that means several things - attending CTP meetings (from about 8:00 am to 9:00 pm each day) on the Sunday and Monday, presenting a Geek Speak Live session on Tuesday, helping to man the Atlantis booth on the solutions expo floor, taking part in Geek Speak on Wednesday evening, meet old and new friends and generally have some fun.

I received a Citrix X1 Prototype mouse a few days ago, so I’ve put together here a short video that shows paring the mouse and using it in a remote Windows 8 desktop.

I’ve previously covered the use of AppSense DataNow as an alternative to folder redirection and Offline Files. In that article I provided an approach to using DataNow to sync a copy of the user’s home drive locally instead of redirecting user folders to the network. I’ve previously used a beta version of DataNow and with the release of DataNow 3.5, I want to take an updated look at this solution.

A conversation about desktop virtualisation will invariably turn to the topic of persistent vs. non-persistent. Anyone new to VDI or Server Based Computing (SBC), may need persistent and non-persistent defined in context. This is a discussion that I have on a semi-regular basis, so for easy reference, I’d thought I would put down a discussion on this topic into an article.

There’s a particular behaviour in Outlook for Mac, that for several years I have thought was a bug. If you reply to an email, you often only get some of the text from the original email, rather than the entire email being copied into the reply. Like this:

Last week, thanks to xenappblog.com, Helge Klein and I presented a webinar titled: How Folder Redirection Impacts User Experience and Breaks Applications. This was a great webinar for us to present thanks to Eric. This is the first time Helge and I have presented this topic together - previously Helge and Shawn Bass presented at BriForum London and Shawn and I presented it as BriForum Boston.

The independent R&D project ‘Virtual Reality Check’ (VRC) was started in early 2009 by Ruben Spruijt (@rspruijt) of PQR and Jeroen van de Kamp (@thejeroen) of Login Consultants, and focuses on research in the desktop and application virtualization market. Several white papers with Login VSI test results were published about the performance and best practices of different hypervisors, Microsoft Office versions, application virtualization solutions, Windows Operating Systems in server hosted desktop solutions and the impact of antivirus in VDI environments.

This is the forth in a series of articles on folder redirection by Aaron Parker, Helge Klein and Shawn Bass.

This is the second in a series of articles on folder redirection by Aaron Parker, Helge Klein and Shawn Bass.

I wrote previously about automating the creation of an MCS-based machine catalog in XenDesktop with PowerShell, so in this article I’ll cover updating that machine catalog via PowerShell.

Separate to this article would be the process of creating the updated image - that could be done manually (by updating the existing master image), or by automating a new master image deployment with MDT, or any other method that you can think of.

Just as with creating the machine catalog, the PowerShell output from Studio when updating a catalog is a place to start - the code provided isn’t reusable without some effort to make it work.

Linking the Code to the UI

I’ll walk briefly through the wizards to show, in part, how the code relates to each step when updating a machine catalog via the Studio UI.

In this case, I’ve already created the machine catalog and updated my master image and created a snapshot. The hypervisor isn’t important because Citrix Studio abstracts this from the process when performing the update (I do need to be using the same infrastructure as the target catalog).

To find the snapshot to use, I’ve obtained the path to the master image and a specified snapshot via the Get-ChildItem command (on the path XDHyp:\HostingUnits<Storage Resource>). This is essentially a path/directory that I can parse - I’ve explicitly specified the master image and the snapshot to use. I need the path to the snapshot so that I can use that in the publish step for the image update.

Get-ChildItem "XDHyp:\HostingUnits\"

I can choose from a couple of rollout strategies for the image update - I can choose to update on next shutdown of the desktop, or update immediately (with a specified delay).

Start-BrokerRebootCycle is used to control the the reboot cycle, but this is called at the end of the script to ensure the update process is completed first.

Start-BrokerRebootCycle -InputObject @(<Machine Catalog Name>) -RebootDuration 120 -WarningDuration 15 -WarningMessage <message> -WarningTitle <message>

Publish-ProvMasterVmImage is used to publish the image. The process can then be monitored by getting updates for the process via Get-ProvTask. I’ve opted to show a progress bar while the update is on-going before initiating the desktop reboot.

There’s plenty that the wizard does to hide the complexity of setting up a catalog from the administrator. If you attempt the same via PowerShell, what goes on under the hood is laid bare.

The Code

Below is the full code listing with comments inline that should provide some detail on the process the code follows. At this point the code provides some error checking for the most important steps. There are still some additional steps and error checking that could be integrated:

• The code will get a specified snapshot from the target VM. I’ve done this to ensure I’m using the correct version of the image
• Publish the image update to the catalog
• Monitor the update process until completion
• Start the desktop reboot cycle

At this stage, I haven’t added too much error checking, but an important step to add will be to check that the image update process was successful and rollback if it wasn’t.

#---------------------------------------------------------------------------
## Author: Aaron Parker
## Desc:   Using PowerShell to update a XenDesktop 7.x machine catalog 
## Date:   Oct 27, 2014
## Site:   http://stealthpuppy.com
#---------------------------------------------------------------------------

## Set variables for the target infrastructure
## ----------
$adminAddress = 'xd71.home.stealthpuppy.com' #The XD Controller we're going to execute against
$xdControllers = 'xd71.home.stealthpuppy.com'

## Hypervisor and storage resources
## These need to be configured in Studio prior to running this script
## This script is hypervisor and management agnostic - just point to the right infrastructure
$storageResource = "HV2-EVOPro" #Storage
$hostResource = "Lab vCenter" #Hypervisor management

## Master image properties
$machineCatalogName = "Windows 8 vSphere"
$masterImage ="Windows8*"
$snapshot = "VDA 7.6"

$messageDetail = "Your computer has been updated and will be automatically restarted in 15 minutes."
$messageTitle = "Help desk message"
## ----------

## Load the Citrix PowerShell modules
Write-Verbose "Loading Citrix XenDesktop modules."
Add-PSSnapin Citrix*

## Get information from the hosting environment via the XD Controller
## Get the storage resource
Write-Verbose "Gathering storage and hypervisor connections from the XenDesktop infrastructure."
$hostingUnit = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\HostingUnits" | Where-Object { $_.PSChildName -like $storageResource } | Select-Object PSChildName, PsPath
## Get the hypervisor management resources
$hostConnection = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\Connections" | Where-Object { $_.PSChildName -like $hostResource }

## Get the broker connection to the hypervisor management
## http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/get-brokerhypervisorconnection-xd75.html
$brokerHypConnection = Get-BrokerHypervisorConnection -AdminAddress $adminAddress -HypHypervisorConnectionUid $hostConnection.HypervisorConnectionUid

## Set a provisioning scheme for the update process
## http://support.citrix.com/proddocs/topic/citrix-machinecreation-admin-v2-xd75/set-provschememetadata-xd75.html
$ProvScheme = Set-ProvSchemeMetadata -AdminAddress $adminAddress -Name 'ImageManagementPrep_DoImagePreparation' -ProvisioningSchemeName $machineCatalogName -Value 'True'

## Get the master VM image from the same storage resource we're going to deploy to. Could pull this from another storage resource available to the host
Write-Verbose "Getting the snapshot details for the catalog: $machineCatalogName"
$VM = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\HostingUnits\$storageResource" | Where-Object { $_.ObjectType -eq "VM" -and $_.PSChildName -like $masterImage }
## Get the snapshot details. This code will grab a specific snapshot, although you could grab the last in the list assuming it's the latest.
$VMSnapshots = Get-ChildItem -AdminAddress $adminAddress $VM.FullPath -Recurse -Include *.snapshot
$TargetSnapshot = $VMSnapshots | Where-Object { $_.FullName -eq "$snapshot.snapshot" }

## Publish the image update to the machine catalog
## http://support.citrix.com/proddocs/topic/citrix-machinecreation-admin-v2-xd75/publish-provmastervmimage-xd75.html
$PubTask = Publish-ProvMasterVmImage -AdminAddress $adminAddress -MasterImageVM $TargetSnapshot.FullPath -ProvisioningSchemeName $machineCatalogName -RunAsynchronously
$provTask = Get-ProvTask -AdminAddress $adminAddress -TaskId $PubTask

## Track progress of the image update
Write-Verbose "Tracking progress of the machine creation task."
$totalPercent = 0
While ( $provTask.Active -eq $True ) {
    Try { $totalPercent = If ( $provTask.TaskProgress ) { $provTask.TaskProgress } Else {0} } Catch { }

    Write-Progress -Activity "Provisioning image update" -Status "$totalPercent% Complete:" -percentcomplete $totalPercent
    Sleep 15
    $provTask = Get-ProvTask -AdminAddress $adminAddress -TaskId $PubTask
}

## Start the desktop reboot cycle to get the update to the actual desktops
## http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/start-brokerrebootcycle-xd75.html
Start-BrokerRebootCycle -AdminAddress $adminAddress -InputObject @($machineCatalogName) -RebootDuration 60 -WarningDuration 15 -WarningMessage $messageDetail -WarningTitle $messageTitle

Comments or feedback on bugs, better ways to do things or additional steps is welcome. the code is provided as-is, so ensure you test before using in a production environment.

Adding Microsoft App-V publishing information to a XenDesktop or XenApp 7.x site is very easy via the Citrix Studio UI, but what if you want to automate this process? Of course, you’ll need to reach for PowerShell.

What may not be widely known is that you can add additional App-V publishing configuration to a XenDesktop site beyond what you see in the UI. This allows you to set publishing information per delivery group. Useful for complex XenDesktop sites such as multi-tenant environments.

Creating the App-V publishing information with PowerShell is a multi step process. You’ll need to create the publishing information with New-CtxAppVServer and then apply the configuration with New-BrokerMachineConfiguration.

Applying this in practice however may ultimately require testing the App-V management and publishing servers and ensuring that the configuration does not already exist before adding it.

So to do that, I’ve written a function that will take the App-V Management and Publishing servers as parameters, ensure that they test OK and check that the configuration does not already exist before importing the configuration into the site.

This function is fairly basic and while it does do some error checking, it could probably go a little further to ensure the configuration is applied successfully.

Function Set-CtxAppvConfig {
    <#
        .SYNOPSIS
            Sets new App-V publishing information in a XenDesktop site.
 
        .DESCRIPTION
            This function can be used to set or add App-V publishing information in a XenDesktop or XenApp 7.x site.
 
        .PARAMETER AdminAddress
            Specifies a remote XenDesktop controller to apply the configuration against. If omitted, the local host will be used instead.
 
        .PARAMETER AppvMgmtSvr
            Specifies a remote XenDesktop controller to apply the configuration against. If omitted, the local host will be used instead.
 
        .PARAMETER AppvPubSvr
            Specifies a remote XenDesktop controller to apply the configuration against. If omitted, the local host will be used instead.
 
        .PARAMETER Description
            Specifies a remote XenDesktop controller to apply the configuration against. If omitted, the local host will be used instead.
 
        .EXAMPLE
            Set-CtxAppvConfig -AdminAddress 'xd71.home.stealthpuppy.com' -AppvMgmtSvr 'http://appv1:8080' -AppvPubSvr 'http://appv1:80' -Description 'Created by PowerShell'
 
        .NOTES
 
        .LINK
    #>
    param(
        [Parameter(Mandatory = $false, Position = 0, HelpMessage = "XenDesktop Controller address.")]
        [string]$AdminAddress = 'localhost',

        [Parameter(Mandatory = $true, Position = 1, HelpMessage = "Microsoft App-V Management Server address.")]
        [string]$AppvMgmtSvr = $(throw = "Please specify an App-V Management Server address."),

        [Parameter(Mandatory = $true, Position = 2, HelpMessage = "Microsoft App-V Publishing Server address.")]
        [string]$AppvPubSvr = $(throw = "Please specify an App-V Publishing Server address."),

        [Parameter(Mandatory = $true, Position = 2, HelpMessage = "App-V publishing configuration description.")]
        [string]$Description = $(throw = "Specify a description to apply to the App-V publishing information. Specify 'Created by Studio' to set the App-V publishing inforamtion viewed in Citrix Studio.")
    )

    Function Add-AppvConfig {
        # Add the AppV Server settings to the new specified settings
        Write-Verbose "Setting App-V Management Server to specified URI."
        #http://support.citrix.com/proddocs/topic/citrix-appv-admin-v1-xd71/new-ctxappvserver-xd71.html
        $newAppvConfig = New-CtxAppVServer -ManagementServer $AppvMgmtSvr -PublishingServer $AppvPubSvr

        # Applying configuration to the site
        Write-Verbose "Saving configuration to the site."
        #http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokermachineconfiguration-xd75.html
        $machineConfig = New-BrokerMachineConfiguration -AdminAddress $AdminAddress -ConfigurationSlotUid 3 -LeafName 1 -Description "Created by Studio" -Policy $newAppvConfig -Verbose
    }

    # Obtain FQDN from Management server URL
    $urlGroups = [regex]::Match($AppvMgmtSvr, '^(?&lt;protocol&gt;(http|https))://(?&lt;fqdn&gt;([^:]*))((:(?&lt;port&gt;\d+))?)').Groups

    # Test specified Management Server.
    Write-Verbose "Testing Management Server."
    If (Test-CtxAppVServer -AppVManagementServer $urlGroups["fqdn"].Value -ErrorAction SilentlyContinue -ErrorVariable $manError) {
        Write-Verbose "Management Server tested OK."

        # Test specified Publishing Server
        Write-Verbose "Testing Publishing Server."
        If (Test-CtxAppVServer -AppVPublishingServer $AppvPubSvr -ErrorAction SilentlyContinue -ErrorVariable $pubError) {
            Write-Verbose "Publishing Server tested OK."
            # Get any existing AppV configuration from the broker
            #http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd71/get-brokermachineconfiguration-xd71.html
            If ($Config) { Remove-Variable Config }
            $Config = Get-BrokerMachineConfiguration -AdminAddress $AdminAddress -Name AppV* -ErrorAction SilentlyContinue

            $cfgMatch = $False
            If ($Config) {
                ForEach ($cfg in $Config) {

                    # Grab the AppV configuration details
                    #http://support.citrix.com/proddocs/topic/citrix-appv-admin-v1-xd71/get-ctxappvserver-xd71.html
                    $appvConfig = Get-CtxAppVServer -ByteArray $cfg.Policy

                    # If the existing Management Server matches the specified Management Server
                    If (($appvConfig.ManagementServer -eq $AppvMgmtSvr) -and ($appvConfig.PublishingServer -eq $AppvPubSvr)) {
                        Write-Verbose "Specified config matches existing config."
                        $cfgMatch = $True
                    }
                }

                If (!($cfgMatch)) {
                    # Add config
                    Add-AppvConfig
                }
                Else {
                    Write-Verbose "App-V configuration already exists."
                }
            }
            Else {
                # Add config
                Add-AppvConfig
            }
        }
        Else {
            Write-Error "[Aborting] App-V Publishing Server test failed with: $pubError"
        }
    }
    Else {
        Write-Error "[Aborting] App-V Management Server test failed with: $manError"
    }
}

Please ensure that you test thoroughly before using in a production environment. Comments or feedback on bugs, better ways to do things or additional steps is welcome.

Note - a very big thanks to David Wagner at Citrix (and team) for assisting with working out how to write the App-V publishing information that you see in the Studio UI. This is done by applying the description “Created with Studio” to the publishing configuration (presumably only the first configuration that you apply with that description).

A recent security update for the Remote Desktop Connection client in Windows 7 and Windows Server 2008 R2 has affected both the Microsoft App-V 4.6 and 5.0 client.

Is VMware Horizon View 6 RDS a viable replacement or competitor to Citrix XenApp? A competitor, most certainly. View RDS as a replacement for XenApp deserves further investigation and I recommend no assumptions be made as to the suitability of View RDS, especially if you are a current Citrix customer, or a VMware partner.

App-V Server 5.0 Setup with missing prerequisites

I’ve got a very simple setup in my home lab with a couple of machine running either Hyper-V or ESXi. I typically don’t have monitoring solutions running and manage each host directly, rather than part of a cluster or with SCVMM or vCenter. For Hyper-V, I try to manage it remotely via PowerShell as much as I can and so it’s handy to be able to see memory utilisation on the remote host to understand how much capacity I’ve got before powering on a VM. I’ve written a PowerShell function to return various memory stats:

• Total RAM available in the host - using Get-VMHost.
• Total memory in use by running VMs - by returning the running VMs and finding the current amount of RAM assigned to each VM with Get-VM. This works with dynamic memory.
• Available memory to run additional VMs - using Get-Counter to gather the ‘\Memory\Available Bytes’ performance counter
• How much memory is used by the system - this is calculated by adding what’s in use by VMs, to the available memory and subtracting the results from the physical RAM in the host. This is a rough calculation, but an interesting metric to view.

The function returns an array that includes each stat. Here’s an example of what the function returns. All values are in gigabytes and multiple hosts can be specified to gather details from.

PS C:\> Get-HvMem -ComputerName hv1


Name         : hv1
HostRAMGB    : 11.904224395752
VMInUseGB    : 7.12890625
SystemUsedGB : 1.46017837524414
AvailableGB  : 3.31513977050781

Here’s the code listing for the Get-HvMem function:

Function Get-HvMem {
    <#
        .SYNOPSIS
            Return Hyper-V host RAM details.
 
        .DESCRIPTION
            This function returns the total available RAM, RAM in use by VMs and the available RAM on a Hyper-V host.
 
        .PARAMETER ComputerName
            Specifies one or more Hyper-V hosts to retrieve stats from.
 
        .EXAMPLE
            Get-HvRAM -ComputerName hyperv1

        .NOTES
 
        .LINK
            /hyperv-memory-powershell
 
    #>
    param(
        [Parameter(Mandatory=$true, Position=0,HelpMessage="Hyper-V host.")]
        [string[]]$ComputerName = $(throw = "Please specify a remote Hyper-V host to gather memory details from.")
    )

    # Create an array to return
    $allStats = @()

    ForEach ( $computer in $ComputerName ) {

        # Create an array to contain this computer's metrics
        $a = @()

        # Get details for Hyper-V host
        $vmHost = Get-VMHost -ComputerName $computer

        If ($vmHost) {

            # Get total RAM consumed by running VMs.
            $total = 0
            Get-VM -ComputerName $computer | Where-Object { $_.State -eq "Running" } | Select-Object Name, MemoryAssigned | ForEach-Object { $total = $total + $_.MemoryAssigned }

            #Get available RAM via performance counters
            $Bytes = Get-Counter -ComputerName $computer -Counter "\Memory\Available Bytes"

            # Convert values to GB
            $availGB = ($Bytes[0].CounterSamples.CookedValue / 1GB)
            $hostGB = ($vmhost.MemoryCapacity / 1GB)
            $vmInUse = ($total / 1GB)

            # Construct an array of properties to return
            $item = New-Object PSObject

            # Add host name
            $item | Add-Member -type NoteProperty -Name 'Name' -Value $vmHost.Name

            # Host RAM in GB
            $item | Add-Member -type NoteProperty -Name 'HostRAMGB' -Value $hostGB

            # In use RAM in GB
            $item | Add-Member -type NoteProperty -Name 'VMInUseGB' -Value $vmInUse

            # System used in GB
            $item | Add-Member -type NoteProperty -Name 'SystemUsedGB' -Value ($hostGB - ($vmInUse + $availGB))

            # Available RAM in GB
            $item | Add-Member -type NoteProperty -Name 'AvailableGB' -Value $availGB
            $a += $item
        }

        # Add the current machine details to the array to return
        $allStats += $a
    }
    Return $allStats
}

Comments or feedback on bugs, better ways to do things or additional steps is welcome.

My last article was on creating a XenDesktop machine catalog with PowerShell - in this article I’m going to create a Delivery Group which provides access to the virtual machines that a part of that catalog.

Like the last article, I’ve taken the PowerShell generated by Citrix Studio, banged my head against the wall a few times, and improved it to create the code presented in this article.

Linking the Code to the UI

To help explain the code, I’ll first run through the Create Delivery Group wizard and show how the code relates to options in the wizard and the Delivery Group properties.

Add-BrokerMachinesToDesktopGroup assigns virtual machines from a specified Machine Catalog to the new Delivery Group.

Selecting the Machine Catalog and the number of desktops - Add-BrokerMachinesToDesktopGroup -Catalog “Windows 8 x86” -Count 5

Specify the delivery type for this Delivery Group when using New-BrokerDesktopGroup.

Selecting the delivery type - New-BrokerDesktopGroup -DeliveryType ‘DesktopsOnly’

New-BrokerEntitlementPolicyRule is used to assign user or group accounts to the Delivery Group.

Assigning users to the Desktop Group - New-BrokerEntitlementPolicyRule -Name “Windows 8 x86_1” -IncludedUsers “HOME\Domain Users” -DesktopGroupUid 11

Add-BrokerMachineConfiguration adds StoreFront and UPM configurations to a Delivery Group. The function just adds a machine configuration - the configuration is setup separately. To avoid selecting a StoreFront server for the Delivery Group, don’t use this function.

Selecting a StoreFront server - Add-BrokerMachineConfiguration -DesktopGroup “Windows 8 x86” -InputObject @(1005)

When calling New-BrokerDesktopGroup, the Delivery Group name, display or published name and description is specified.

Group name, Display name and description - New-BrokerDesktopGroup -Name “Windows 8 x86” -PublishedName “Windows 8 x86” -Description “Windows 8 x86 with Office 2013, Pooled desktops”

The wizard does not expose all settings for the Delivery Group, so additional settings require opening the properties of the new group. These can be set during creation of the group when using PowerShell.

The same call to New-BrokerDesktopGroup is used to specify user settings including colour depth and time zone preferences.

Controlling various user settings - New-BrokerDesktopGroup -ColorDepth TwentyFourBit -TimeZone “AUS Eastern Standard Time” -SecureIcaRequired $False

New-BrokerDesktopGroup and New-BrokerPowerTimeScheme are both used to manage virtual machine power management settings. Setting or modifying the peak and off peak hours isn’t friendly either.

Virtual machine power management settings - New-BrokerPowerTimeScheme -DisplayName ‘Weekdays’ -DaysOfWeek ‘Weekdays’ -DesktopGroupUid 11; New-BrokerDesktopGroup -OffPeakDisconnectAction Suspend -OffPeakDisconnectTimeout 15

New-BrokerAccessPolicyRule modifies the access policies. This is called twice - once for connections through NetScaler Gateway and once for direct connections.

Modifying access policies - New-BrokerAccessPolicyRule -Name “Windows 8 x86_AG” -AllowedConnections ‘ViaAG’ -AllowedProtocols @(‘HDX’,’RDP’) -DesktopGroupUid 11 -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled $True

Creating the Delivery Group is relatively straight-forward; however there are some additional steps, such as creating a StoreFront server and working out how to manage peak and off peak times, that require a bit more investigation.

The Code

Below is the full code listing with comments inline that should provide some detail on the process the code follows. At this point the code provides some error checking for the most important steps. There are still some additional steps and error checking that could be integrated into the code.

#---------------------------------------------------------------------------
# Author: Aaron Parker
# Desc:   Using PowerShell to create a XenDesktop 7.x Delivery Group
# Date:   Aug 23, 2014
# Site:   http://stealthpuppy.com
#---------------------------------------------------------------------------
# 

# Set variables for the target infrastructure
# ----------
$adminAddress = 'xd71.home.stealthpuppy.com' #The XD Controller we're going to execute against
$xdControllers = 'xd71.home.stealthpuppy.com'

# Desktop Group properties
$desktopGroupName = "Windows 8 desktops"
$desktopGroupPublishedName = "Windows 8 desktops"
$desktopGroupDesc = "Windows 8 x86 with Office 2013, Pooled desktops"
$colorDepth = 'TwentyFourBit'
$deliveryType = 'DesktopsOnly'
$desktopKind = 'Shared'
$sessionSupport = "SingleSession" #Also: MultiSession
$functionalLevel = 'L7'
$timeZone = 'AUS Eastern Standard Time'
$offPeakBuffer = 10
$peakBuffer = 10
$assignedGroup = "HOME\Domain Users"

#Machine Catalog
$machineCatalogName = "Windows 8 x86"
# ----------

# Change to SilentlyContinue to avoid verbose output
$VerbosePreference = "Continue"

# Create the Desktop Group
# http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokerdesktopgroup-xd75.html
If (!(Get-BrokerDesktopGroup -Name $desktopGroupName -ErrorAction SilentlyContinue)) {
    Write-Verbose "Creating new Desktop Group: $desktopGroupName"
    $desktopGroup = New-BrokerDesktopGroup -ErrorAction SilentlyContinue -AdminAddress $adminAddress -Name $desktopGroupName -DesktopKind $desktopKind -DeliveryType $deliveryType -Description $desktopGroupPublishedName -PublishedName $desktopGroupPublishedName  -MinimumFunctionalLevel $functionalLevel -ColorDepth $colorDepth -SessionSupport $sessionSupport -ShutdownDesktopsAfterUse $True -TimeZone $timeZone -InMaintenanceMode $False -IsRemotePC $False -OffPeakBufferSizePercent $offPeakBuffer -PeakBufferSizePercent $peakBuffer -SecureIcaRequired $False -TurnOnAddedMachine $False -OffPeakDisconnectAction Suspend -OffPeakDisconnectTimeout 15 -Scope @() 
}

# At this point, we have a Desktop Group, but no users or desktops assigned to it, no power management etc.
# Open the properties of the new Desktop Group to see what's missing.

# If creation of the desktop group was successful, continue modifying its properties
If ($desktopGroup) {

    # Add a machine configuration to the new desktop group; This line adds an existing StoreFront server to the desktop group
    # Where does Input Object 1005 come from?
    # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/add-brokermachineconfiguration-xd75.html
    # Write-Verbose "Adding machine configuration to the Desktop Group: $desktopGroupName"
    # Add-BrokerMachineConfiguration -AdminAddress $adminAddress -DesktopGroup $desktopGroup -InputObject @(1005)

    # Add machines to the new desktop group. Uses the number of machines available in the target machine catalog
    # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/add-brokermachinestodesktopgroup-xd75.html
    Write-Verbose "Getting details for the Machine Catalog: $machineCatalogName"
    $machineCatalog = Get-BrokerCatalog -AdminAddress $adminAddress -Name $machineCatalogName
    Write-Verbose "Adding $machineCatalog.UnassignedCount machines to the Desktop Group: $desktopGroupName"
    $machinesCount = Add-BrokerMachinesToDesktopGroup -AdminAddress $adminAddress -Catalog $machineCatalog -Count $machineCatalog.UnassignedCount -DesktopGroup $desktopGroup

    # Create a new broker user/group object if it doesn't already exist
    # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokeruser-xd75.html
    Write-Verbose "Creating user/group object in the broker for $assignedGroup"
    If (!(Get-BrokerUser -AdminAddress $adminAddress -Name $assignedGroup -ErrorAction SilentlyContinue)) {
        $brokerUsers = New-BrokerUser -AdminAddress $adminAddress -Name $assignedGroup
    } Else {
        $brokerUsers = Get-BrokerUser -AdminAddress $adminAddress -Name $assignedGroup
    }

    # Create an entitlement policy for the new desktop group. Assigned users to the desktop group
    # First check that we have an entitlement name available. Increment until we do.
    $Num = 1
    Do {
        # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/test-brokerentitlementpolicyrulenameavailable-xd75.html
        $Test = Test-BrokerEntitlementPolicyRuleNameAvailable -AdminAddress $adminAddress -Name @($desktopGroupName + "_" + $Num.ToString()) -ErrorAction SilentlyContinue
        If ($Test.Available -eq $False) { $Num = $Num + 1 }
    } While ($Test.Available -eq $False)
    #http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokerentitlementpolicyrule-xd75.html
    Write-Verbose "Assigning $brokerUsers.Name to Desktop Catalog: $machineCatalogName"
    $EntPolicyRule = New-BrokerEntitlementPolicyRule -AdminAddress $adminAddress  -Name ($desktopGroupName + "_" + $Num.ToString()) -IncludedUsers $brokerUsers -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedUserFilterEnabled $False

    # Check whether access rules exist and then create rules for direct access and via Access Gateway
    # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokeraccesspolicyrule-xd75.html
    $accessPolicyRule = $desktopGroupName + "_Direct"
    If (Test-BrokerAccessPolicyRuleNameAvailable -AdminAddress $adminAddress -Name @($accessPolicyRule) -ErrorAction SilentlyContinue) {
        Write-Verbose "Allowing direct access rule to the Desktop Catalog: $machineCatalogName"
        New-BrokerAccessPolicyRule -AdminAddress $adminAddress -Name $accessPolicyRule  -IncludedUsers @($brokerUsers.Name) -AllowedConnections 'NotViaAG' -AllowedProtocols @('HDX','RDP') -AllowRestart $True -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedUserFilterEnabled $True
    } Else {
        Write-Error "Failed to add direct access rule $accessPolicyRule. It already exists."
    }
    $accessPolicyRule = $desktopGroupName + "_AG"
    If (Test-BrokerAccessPolicyRuleNameAvailable -AdminAddress $adminAddress -Name @($accessPolicyRule) -ErrorAction SilentlyContinue) {
        Write-Verbose "Allowing access via Access Gateway rule to the Desktop Catalog: $machineCatalogName"
        New-BrokerAccessPolicyRule -AdminAddress $adminAddress -Name $accessPolicyRule -IncludedUsers @($brokerUsers.Name) -AllowedConnections 'ViaAG' -AllowedProtocols @('HDX','RDP') -AllowRestart $True -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled $True
    } Else {
        Write-Error "Failed to add Access Gateway rule $accessPolicyRule. It already exists."
    }

    # Create weekday and weekend access rules
    # http://support.citrix.com/proddocs/topic/citrix-broker-admin-v2-xd75/new-brokerpowertimescheme-xd75.html
    $powerTimeScheme = "Windows 8 Pooled Desktop_Weekdays"
    If (Test-BrokerPowerTimeSchemeNameAvailable -AdminAddress $adminAddress -Name @($powerTimeScheme) -ErrorAction SilentlyContinue) {
        Write-Verbose "Adding new power scheme $powerTimeScheme"
        New-BrokerPowerTimeScheme -AdminAddress $adminAddress -DisplayName 'Weekdays' -Name $powerTimeScheme -DaysOfWeek 'Weekdays' -DesktopGroupUid $desktopGroup.Uid -PeakHours @($False,$False,$False,$False,$False,$False,$False,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$False,$False,$False,$False,$False) -PoolSize @(0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0)
    } Else {
        Write-Error "Failed to add power scheme rule $powerTimeScheme. It already exists."
    }
    $powerTimeScheme = "Windows 8 Pooled Desktop_Weekend"
    If (Test-BrokerPowerTimeSchemeNameAvailable -AdminAddress $adminAddress -Name @($powerTimeScheme) -ErrorAction SilentlyContinue) {
        Write-Verbose "Adding new power scheme $powerTimeScheme"
        New-BrokerPowerTimeScheme -AdminAddress $adminAddress -DisplayName 'Weekend' -Name $powerTimeScheme -DaysOfWeek 'Weekend' -DesktopGroupUid $desktopGroup.Uid -PeakHours @($False,$False,$False,$False,$False,$False,$False,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$True,$False,$False,$False,$False,$False) -PoolSize @(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
    } Else {
        Write-Error "Failed to add power scheme rule $powerTimeScheme. It already exists."
    }

} #End If DesktopGroup

Comments or feedback on bugs, better ways to do things or additional steps is welcome.

Driving XenDesktop with PowerShell is a challenge to say the least. While documentation for the XenDesktop PowerShell modules is OK and Citrix Studio outputs PowerShell code after you’ve completed a task in the console, there’s still plenty of work to get that code into something usable.

As part of an ongoing series of articles themed around automating virtual desktop deployment, I’ve written some PowerShell code to automate the creation of an non-persistent, MCS-based Machine Catalog based on a specific Windows image, that we’ve already automated with a solution such as MDT.

Don’t expect to copy and paste the PowerShell output in Citrix Studio and have a complete script. The code is missing a number of lines that link tasks together. I found this article on the Citrix Blogs quite useful - Using PowerShell to Create a Catalog of Machine Creations Services Machines; however I’ve taken my script a few steps further.

Linking the Code to the UI

While the Create Machine Catalog wizard doesn’t expose everything that goes on behind the scenes when a machine catalog is created, I think it’s still worth showing how specific functions relate to choices that the administrator makes in the wizard.

The screenshots below show just a snippet of the functions required to automate the catalog creation using PowerShell. These walkthrough the same environment that the full code listing at the end of this article is creating. See the image captions for example code that applies to each step.

New-BrokerCataog is used to create the machine catalog and set a number of properties. You’ll see New-BrokerCatalog across a number of these screen shots. First up is setting the broker type - in this instance, I’m deploying a Windows 8 image, so need to choose ‘Windows Desktop OS’:

Selecting the Machine Catalog type - New-BrokerCatalog -SessionSupport SingleSession

Because were using MCS, I’m going to specify that I’m using virtual machines and choose the storage on which to deploy those VMs and use the ProvisioningType parameter on New-BrokerCatalog to specify MCS. This is done in PowerShell via a number of commands - see around line 45 where we specify the hypervisor management and storage resource to use.

Selecting the provisioning type - New-BrokerCatalog -ProvisioningType MCS

Also on the New-BrokerCatalog, we can specify that this is a set of randomly assigned desktops.

Selecting Random or Static desktops - New-BrokerCatalog -AllocationType Random

To find the image to use, I’ve obtained the path to the master image and its snapshot via the Get-ChildItem command (on the path XDHyp:\HostingUnits<Storage Resource>) and passed that to New-ProvScheme.

Selecting the master image and snapshot to use - New-ProvScheme -ProvisioningSchemeName “Windows 8” -HostingUnitName “HV1-LocalStorage” -MasterImageVM “XDHyp:\HostingUnits\HV1-LocalStorage\WIN81.vm\MasterImage.snapshot”

Also with New-ProvScheme we can set the number of virtual CPUs and the amount of RAM to assign to each virtual desktop. To specify the number of desktops to create, we’re actually first specifying the number of AD machine accounts to create via New-AcctADAccount and then creating the same number of desktops to assign to those accounts.

Selecting the virtual machine configurations - New-ProvScheme -VMCpuCount 2 -VMMemoryMB 2048

New-AcctIdentityPool is used to create an identity pool that stores the machine accounts by specifying the naming convention and where the accounts will be stored.

Setting machine account names and location - New-AcctIdentityPool -Domain ‘home.stealthpuppy.com’ -NamingScheme ‘W8-MCS-###’-NamingSchemeType Numeric -OU ‘OU=MCS Pooled,OU=Workstations,DC=home,DC=stealthpuppy,DC=com’

Again we can see where New-BrokerCataog is used to specify the catalog name and description.

Setting the machine catalog name and description - New-BrokerCatalog -Name “Windows 8 x86” -Description “Windows 8.1 x86 SP1 with Office 2013”

There’s plenty that the wizard does to hide the complexity of setting up a catalog from the administrator. If you attempt the same via PowerShell, what goes on under the hood is laid bare.

The Code

Below is the full code listing with comments inline that should provide some detail on the process the code follows. At this point the code provides some error checking for the most important steps. There are still some additional steps and error checking that could be integrated:

• This code should find the last snapshot of the target master image; it would be simple enough to specify a particular snapshot if required
• Checking whether provisioning schemes are already available or exist before attempting to create a new provisioning scheme
• Additional checking that some tasks have completed successfully before continuing

#---------------------------------------------------------------------------
# Author: Aaron Parker
# Desc:   Using PowerShell to create a XenDesktop 7.x machine catalog 
# Date:   Aug 19, 2014
# Site:   http://stealthpuppy.com
#---------------------------------------------------------------------------

# Set variables for the target infrastructure
# ----------
$adminAddress = 'xd71.home.stealthpuppy.com' #The XD Controller we're going to execute against
$xdControllers = 'xd71.home.stealthpuppy.com'

# Hypervisor and storage resources
# These need to be configured in Studio prior to running this script
# This script is hypervisor and management agnostic - just point to the right infrastructure
$storageResource = "HV1-LocalStorage" #Storage
$hostResource = "Lab SCVMM" #Hypervisor management

# Machine catalog properties
$machineCatalogName = "Windows 8 x86"
$machineCatalogDesc = "Windows 8.1 x86 SP1 with Office 2013"
$domain = "home.stealthpuppy.com"
$orgUnit = "OU=MCS Pooled,OU=Workstations,DC=home,DC=stealthpuppy,DC=com"
$namingScheme = "W8-MCS-###" #AD machine account naming conventions
$namingSchemeType = "Numeric" #Also: Alphabetic
$allocType = "Random" #Also: Static
$persistChanges = "Discard" #Also: OnLocal, OnPvD
$provType = "MCS" #Also: Manual, PVS
$sessionSupport = "SingleSession" #Also: MultiSession
$masterImage ="WIN81*"
$vCPUs = 2
$VRAM = 2048
# ----------

# Change to SilentlyContinue to avoid verbose output
$VerbosePreference = "Continue"

# Load the Citrix PowerShell modules
Write-Verbose "Loading Citrix XenDesktop modules."
Add-PSSnapin Citrix*

# Get information from the hosting environment via the XD Controller
# Get the storage resource
Write-Verbose "Gathering storage and hypervisor connections from the XenDesktop infrastructure."
$hostingUnit = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\HostingUnits" | Where-Object { $_.PSChildName -like $storageResource } | Select-Object PSChildName, PsPath
# Get the hypervisor management resources
$hostConnection = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\Connections" | Where-Object { $_.PSChildName -like $hostResource }
$brokerHypConnection = Get-BrokerHypervisorConnection -AdminAddress $adminAddress -HypHypervisorConnectionUid $hostConnection.HypervisorConnectionUid
$brokerServiceGroup = Get-ConfigServiceGroup -AdminAddress $adminAddress -ServiceType 'Broker' -MaxRecordCount 2147483647

# Create a Machine Catalog. In this case a catalog with randomly assigned desktops
Write-Verbose "Creating machine catalog. Name: $machineCatalogName; Description: $machineCatalogDesc; Allocation: $allocType"
$brokerCatalog = New-BrokerCatalog -AdminAddress $adminAddress -AllocationType $allocType -Description $machineCatalogDesc -Name $machineCatalogName -PersistUserChanges $persistChanges -ProvisioningType $provType -SessionSupport $sessionSupport
# The identity pool is used to store AD machine accounts
Write-Verbose "Creating a new identity pool for machine accounts."
$identPool = New-AcctIdentityPool -AdminAddress $adminAddress -Domain $domain -IdentityPoolName $machineCatalogName -NamingScheme $namingScheme -NamingSchemeType $namingSchemeType -OU $orgUnit

# Creates/Updates metadata key-value pairs for the catalog (no idea why).
Write-Verbose "Retrieving the newly created machine catalog."
$catalogUid = Get-BrokerCatalog | Where-Object { $_.Name -eq $machineCatalogName } | Select-Object Uid
$guid = [guid]::NewGuid()
Write-Verbose "Updating metadata key-value pairs for the catalog."
Set-BrokerCatalogMetadata -AdminAddress $adminAddress -CatalogId $catalogUid.Uid -Name 'Citrix_DesktopStudio_IdentityPoolUid' -Value $guid

# Check to see whether a provisioning scheme is already available
Write-Verbose "Checking whether the provisioning scheme name is unused."
If (Test-ProvSchemeNameAvailable -AdminAddress $adminAddress -ProvisioningSchemeName @($machineCatalogName))
{
  Write-Verbose "Success."

  # Get the master VM image from the same storage resource we're going to deploy to. Could pull this from another storage resource available to the host
  Write-Verbose "Getting the master image details for the new catalog: $masterImage"
  $VM = Get-ChildItem -AdminAddress $adminAddress "XDHyp:\HostingUnits\$storageResource" | Where-Object { $_.ObjectType -eq "VM" -and $_.PSChildName -like $masterImage }
  # Get the snapshot details. This code will assume a single snapshot exists - could add additional checking to grab last snapshot or check for no snapshots.
  $VMDetails = Get-ChildItem -AdminAddress $adminAddress $VM.FullPath
  
  # Create a new provisioning scheme - the configuration of VMs to deploy. This will copy the master image to the target datastore.
  Write-Verbose "Creating new provisioning scheme using $VMDetails.FullPath"
  # Provision VMs based on the selected snapshot.
  $provTaskId = New-ProvScheme -AdminAddress $adminAddress -ProvisioningSchemeName $machineCatalogName -HostingUnitName $storageResource -MasterImageVM $VMDetails.FullPath -CleanOnBoot -IdentityPoolName $identPool.IdentityPoolName -VMCpuCount $vCPUs -VMMemoryMB $vRAM -RunAsynchronously
  $provTask = Get-ProvTask -AdminAddress $adminAddress -TaskId $provTaskId

  # Track the progress of copying the master image
  Write-Verbose "Tracking progress of provisioning scheme creation task."
  $totalPercent = 0
  While ( $provTask.Active -eq $True ) {
    Try { $totalPercent = If ( $provTask.TaskProgress ) { $provTask.TaskProgress } Else {0} } Catch { }

    Write-Progress -Activity "Creating Provisioning Scheme (copying and composing master image):" -Status "$totalPercent% Complete:" -percentcomplete $totalPercent
    Sleep 15
    $provTask = Get-ProvTask -AdminAddress $adminAddress -TaskID $provTaskId
  }

  # If provisioning task fails, there's no point in continuing further.
  If ( $provTask.WorkflowStatus -eq "Completed" )
  { 
      # Apply the provisioning scheme to the machine catalog
      Write-Verbose "Binding provisioning scheme to the new machine catalog"
      $provScheme = Get-ProvScheme | Where-Object { $_.ProvisioningSchemeName -eq $machineCatalogName }
      Set-BrokerCatalog -AdminAddress $adminAddress -Name $provScheme.ProvisioningSchemeName -ProvisioningSchemeId $provScheme.ProvisioningSchemeUid

      # Associate a specific set of controllers to the provisioning scheme. This steps appears to be optional.
      Write-Verbose "Associating controllers $xdControllers to the provisioning scheme."
      Add-ProvSchemeControllerAddress -AdminAddress $adminAddress -ControllerAddress @($xdControllers) -ProvisioningSchemeName $provScheme.ProvisioningSchemeName

      # Provisiong the actual machines and map them to AD accounts, track the progress while this is happening
      Write-Verbose "Creating the machine accounts in AD."
      $adAccounts = New-AcctADAccount -AdminAddress $adminAddress -Count 5 -IdentityPoolUid $identPool.IdentityPoolUid
      Write-Verbose "Creating the virtual machines."
      $provTaskId = New-ProvVM -AdminAddress $adminAddress -ADAccountName @($adAccounts.SuccessfulAccounts) -ProvisioningSchemeName $provScheme.ProvisioningSchemeName -RunAsynchronously
      $provTask = Get-ProvTask -AdminAddress $adminAddress -TaskId $provTaskId

      Write-Verbose "Tracking progress of the machine creation task."
      $totalPercent = 0
      While ( $provTask.Active -eq $True ) {
        Try { $totalPercent = If ( $provTask.TaskProgress ) { $provTask.TaskProgress } Else {0} } Catch { }

        Write-Progress -Activity "Creating Virtual Machines:" -Status "$totalPercent% Complete:" -percentcomplete $totalPercent
        Sleep 15
        $ProvTask = Get-ProvTask -AdminAddress $adminAddress -TaskID $provTaskId
      }

      # Assign the newly created virtual machines to the machine catalog
      $provVMs = Get-ProvVM -AdminAddress $adminAddress -ProvisioningSchemeUid $provScheme.ProvisioningSchemeUid
      Write-Verbose "Assigning the virtual machines to the new machine catalog."
      ForEach ( $provVM in $provVMs ) {
        Write-Verbose "Locking VM $provVM.ADAccountName"
        Lock-ProvVM -AdminAddress $adminAddress -ProvisioningSchemeName $provScheme.ProvisioningSchemeName -Tag 'Brokered' -VMID @($provVM.VMId)
        Write-Verbose "Adding VM $provVM.ADAccountName"
        New-BrokerMachine -AdminAddress $adminAddress -CatalogUid $catalogUid.Uid -MachineName $provVM.ADAccountName
      }
      Write-Verbose "Machine catalog creation complete."

   } Else {
    # If provisioning task fails, provide error
    # Check that the hypervisor management and storage resources do no have errors. Run 'Test Connection', 'Test Resources' in Citrix Studio
    Write-Error "Provisioning task failed with error: [$provTask.TaskState] $provTask.TerminatingError"
   }
}

Comments or feedback on bugs, better ways to do things or additional steps is welcome.

I’ve previously posted about retrieving the UUID from a virtual machine hosted on vSphere. UUIDs are useful if you want to uniquely identify a target machine for OS deployment task sequences and the like (e.g. MDT). Here’s how to obtain the UUID from a virtual machine hosted on Hyper-V.

Just like with vSphere, the UUID isn’t a property of the virtual machine that can be queried directly. We need to go via WMI to query the target virtual machine. Note that in this function, I’m using version 2 of the Root\Virtualization WMI namespace (root\virtualization\v2. This means the function as written, will only work on Windows 8 and Windows Server 2012 (and above). If you want to use this function on earlier versions of Hyper-V, remove the “\v2” from the namespace.

As an example, here’s how to retrieve the UUIDs from a set of VMs on a target Hyper-V host named hv1:

C:\> Get-HypervVMUUID -ComputerName hv1 -VM win71, file3, pvs1

Name		BIOSGUID
----		----
WIN71		E6E1A176-0713-4BB0-99E9-4570A1A3A94A 
FILE3		9E9D788A-15E2-4760-A049-9F6EB88677A9 
PVS1		74EFF5BC-A24E-48C3-85BE-12D758FE7AB6

Here’s the full function code listing. Please let me know if you find any bugs:

#---------------------------------------------------------------------------
# Author: Aaron Parker
# Desc:   Function that uses retrieves the UUID from a specified VM and
#         formats it into the right format for use with MDT/SCCM etc
# Date:   Aug 18, 2014
# Site:   http://stealthpuppy.com
#---------------------------------------------------------------------------
Function Get-HypervVMUUID {
   <#
        .SYNOPSIS
            Retrieve the UUID from a virtual machine or set of virtual machines.
 
        .DESCRIPTION
            This function will retrieve the UUID from from a virtual machine or set of virtual machines from a Hyper-V host.
 
        .PARAMETER ComputerName
            Specifies the host from which to query the virtual machine or set of virtual machines.
 
        .PARAMETER VM
            Specifies the virtual machine or set of virtual machines (a comma delimited list) from which to obtain the UUID/s.
 
         .EXAMPLE
            PS C:\&gt; Get-HypervVMUUID -ComputerName hv1 -VM win71, win72
 
            This command retrieves the UUIDs from the virtual machines win71 and win72 from the host hv1.
 
        .EXAMPLE
            PS C:\&gt; Get-HypervVMUUID -VM win71, win72
 
            This command retrieves the UUIDs from the virtual machines win71 and win72 from the local host.
 
        .EXAMPLE
            PS C:\&gt; Get-HypervVMUUID
 
            This command retrieves the UUIDs from the all of the virtual machines on the local host.
 
        .NOTES
            /retrieving-a-vms-uuid-from-hyperv/ for support information.
 
        .LINK
            /retrieving-a-vms-uuid-from-hyperv/
    #>
    [cmdletbinding(SupportsShouldProcess=$True)]
    param(
        [Parameter(Mandatory=$false,HelpMessage="Specifies one or more Hyper-V hosts from which virtual machine UUIDs are to be retrieved. NetBIOS names, IP addresses, and fully-qualified domain names are allowable. The default is the local computer — use ""localhost"" or a dot (""."") to specify the local computer explicitly.")]
        [string]$ComputerName,

        [Parameter(Mandatory=$false, Position=0,HelpMessage="Specifies the virtual machine from which to retrieve the UUID.")]
        [string[]]$VM
    )

    # If ComputerName parameter is not specified, set value to the local host
    If (!$ComputerName) { $ComputerName = "." }

    # If VM parameter is specified, return those VMs, else return all VMs
    If ($VM) {
        $UUIDs = Get-VM -ComputerName $ComputerName -VM $VM -ErrorAction SilentlyContinue | Select-Object Name,@{Name="BIOSGUID";Expression={(Get-WmiObject -ComputerName $_.ComputerName -Namespace "root\virtualization\v2" -Class Msvm_VirtualSystemSettingData -Property BIOSGUID -Filter ("InstanceID = 'Microsoft:{0}'" -f $_.VMId.Guid)).BIOSGUID}}
    } Else {
        $UUIDs = Get-VM -ComputerName $ComputerName -ErrorAction SilentlyContinue | Select-Object Name,@{Name="BIOSGUID";Expression={(Get-WmiObject -ComputerName $_.ComputerName -Namespace "root\virtualization\v2" -Class Msvm_VirtualSystemSettingData -Property BIOSGUID -Filter ("InstanceID = 'Microsoft:{0}'" -f $_.VMId.Guid)).BIOSGUID}}
    }

    # Remove curly brackets from the UUIDs and return the array
    ForEach ( $UID in $UUIDs ) { $UID.BIOSGUID = $UID.BIOSGUID -replace "}"; $UID.BIOSGUID = $UID.BIOSGUID -replace "{" }
    Return $UUIDs
}

Running VMs under ESXi will incur a memory overhead for each virtual machine.  You can read about this overhead here: Understanding Memory Overhead. Essentially memory overhead is:

One of the great things I enjoyed about working at Kelway was the access to a pretty solid lab environment. While I do have access to a lab environment at Atlantis (3 in fact), now that I work primarily from home, I really prefer a lab environment that can provide me more flexibility. Only a local environment can do that.

There’s typically not too much that you can do to reduce the size of your master image. You might use application virtualization or layering solutions to reduce the number of master images, but once you work out what needs to go into the core image, that’s going to dictate the size of the image.

In my lab environment, I often want to start a list of virtual machines, but without taxing the system in the process by starting them all at the same time.  I could do that manually, but that’s no fun.

Here’s a short function I wrote to sequentially start a list of virtual machines - the script will start a VM and wait for that VM to boot before starting the next VM. You can optionally also wait additional time before starting the next VM to give the first one some time to finish starting it’s services etc.

This version currently supports Hyper-V only. The script does not currently return anything, but has a number of parameters:

• ComputerName - the name of the Hyper-V host. Specify “.” for the local machine (without quotes)
• VM - specify a comma separated list of VMs
• Wait - the number of seconds to wait between starting a VM after the previous VM. Specify the number of VMs as a number (integer) only. This will default to 180 seconds
• ShowProgress - Specify whether to show progress while starting the VMs. This is cosmetic only, but does give some indication as to how far through the boot process the script is.
• Other standard parameters such as Verbose are supported.

Function Start-SequentialVMs {
    <#
        .SYNOPSIS
            Starts a list of VMs.
 
        .DESCRIPTION
            This function starts a list of VMs sequentially. It will wait until a VM is booted, optionally pause for a number of seconds, before starting the next VM.
 
        .PARAMETER ComputerName
            Specifies the Hyper-V host to start the VM on.
 
        .PARAMETER VM
            Specifies a list of VMs to start.
 
        .PARAMETER Wait
            Specifies a number of seconds to wait after the previous VM has booted successfully. Defaults to 180 seconds.

        .PARAMETER ShowProgress
            Specified whether to show progress as VMs are started.
 
        .EXAMPLE
            Start-SequentialVMs -ComputerName hyperv1 -VMList "sql1", "pvs1", "xd71" -Wait 20

        .NOTES
 
        .LINK 
    #>
    param(
        [Parameter(Mandatory=$true, Position=0,HelpMessage="Hyper-V host.")]
        [string]$ComputerName = $(throw = "Please specify a remote Hyper-V host to start VMs on."),

        [Parameter(Mandatory=$true, Position=1,HelpMessage="List of VMs to start.")]
        [string[]]$VMList = $(throw = "Please specifiy a list of VMs to start"),

        [Parameter(Mandatory=$false)]
        [int]$Wait = 180,

        [Parameter(Mandatory=$false)]
        [bool]$ShowProgress
    )

    # Connect to Hyper-V host before attempting to start VMs. Stop script if unable to connect
    Write-Verbose "Connecting to VM host."
    Get-VMHost -ComputerName $ComputerName -Verbose $False -ErrorAction Stop

    # Start progress at 0
    $Percent = 0

    # Step through list of provided VMs
    ForEach ( $vm in $VMList ) {

        # Convert current location in list of VMs to a percentage
        $Percent = ($VMList.IndexOf($vm)/$VMList.Count) * 100

        # Show progress if specified on the command line
        If ($ShowProgress -eq $True) { Write-Progress -Activity "Starting VMs." -Status "Starting VM $vm." -PercentComplete $Percent }

        # Get status for current VM
        Remove-Variable currentVM -ErrorAction SilentlyContinue
        Write-Verbose "Getting status for VM $vm..."
        $currentVM = Get-VM -ComputerName $ComputerName -Name $vm -ErrorAction SilentlyContinue

        # If the VM exists, then power it on if it is in an Off state
        If ($currentVM.Length -gt 0) {
            If ($currentVM.State -eq "Off" ) {
                Start-VM -ComputerName $ComputerName -Name $vm -Verbose
                
                # Wait for VM to boot and report a heartbeat
                Write-Verbose "Waiting for VM heartbeat."
                Do {
                    Start-Sleep -milliseconds 100
                } Until ((Get-VMIntegrationService $currentVM | ?{$_.name -eq "Heartbeat"}).PrimaryStatusDescription -eq "OK")

                # Wait the specified number of seconds before booting the next VM, unless this is the last VM in the list
                If ($Wait -gt 0 -and $VMList.IndexOf($vm) -lt ($VMList.Count-1)) {
                    Write-Verbose "Waiting for $Wait seconds before starting next VM."
                    Start-Sleep -Seconds $Wait
                }
            } Else {
                Write-Verbose "VM $vm already running."
            }
        } Else {
            Write-Error -Message "Unable to find VM $vm on host $ComputerName." -Category ObjectNotFound
        }
     }
     Write-Verbose "Started VMs."

     # Show progress if specified on the command line
     If ($ShowProgress -eq $True) { Write-Progress -Activity "Starting VMs." -Status "Started all VMs." -PercentComplete 100 }
     Start-Sleep -Seconds 1
}

Save the script as Start-SequentialVMs.ps1 and run it or add the function to your PowerShell profile so that the function is available when starting PowerShell. Use Get-Help to see the full syntax and examples from within a PowerShell window.

Booting a virtual machine under Windows Server 2012 R2 Hyper-V may result in the following:

Update: August 8, 2015 - Microsoft have discontinued the Microsoft Download Manager as of March 2015, so the below workload will no longer work. If fact there are no workaround now, you’ll need to rely on your browser’s download manager. See this article for more info: Using Subscriber Downloads

Multiple Methods

The Deployment Guys have a great article from 2009 that I recommend reading for a overview of customisation methods: Configuring Default User Settings – Full Update for Windows 7 and Windows Server 2008 R2. This article is still applicable today and the process hasn’t changed that much between Windows versions. Here are most of the ways that you could edit the default user profile:

• Copy a configured profile over the default profile - this is the most common way of changing the default user experience but this approach is unsupported by Microsoft and therefore I recommend against using it.
• Using Sysprep and the CopyProfile value - this approach requires creating a reference image and using Sysprep to generalise the image. Many enterprise desktop deployments will use reference images so this isn’t too hard; however Microsoft has not documented every setting that is copied to the default user profile, so it’s a bit of pot luck.
• Place a default profile in NETLOGON - a default profile copied to the NETLOGON share of a domain controller (and replicated) will be copied down to the local machine at first logon. The downside of this approach is that there can be only one default profile and it will be copied to all machines, regardless as to whether the profile should apply to that machine or not.
• Commands or scripts run from the RunOnce Registry key to edit the user profile.
• Logon scripts to edit the user profile.
• Group Policy Preferences - GPP has become more prevalent in the past few years, so should now be available across the board.
• Editing the default profile directly, typically during an automated deployment, but you could run the same script on any existing PC.

So there are multiple methods (of driving yourself to madness), I’d recommend experimenting with each approach and you’ll most likely implement a combination of approaches to best suit your environment.

Group Policy As A Last Resort

Group Policy is great, until it isn’t. Group Policy is pervasive and every Windows admin is familiar with it, but there a two things to consider when using it to manage the default user experience:

1. Group Policy is is a policy - that is, if you’re using policies to manage default user settings, the user cannot then change to their own preference.
2. Group Policy Preferences must be processed to determine whether they have been applied. Whilst GPPs can implement a preference rather than a policy, Windows must determine whether the preference has been applied by reading a flag. Whilst checking those flags isn’t a big problem, implementing GPPs should be considered in the context of whatever else is running at logon, how many preferences are implemented plus what happens to the environment over time (how many additional policies, applications, scripts etc. will be added to the environment over the life of that desktop).

I have seen many organisations over-relying on Group Policy and missing the most important component user environment management - change control and ownership. Group Policy becomes a black hole, complete with settings that no one can remember why they were implemented and settings that are no longer relevant. Group Policy Preferences are great for replacing logon scripts, but use Group Policy and GPP sparingly so as not to adversely affect the user experience.

A Better Way - Edit the Default Profile Directly

My preferred method for modifying the default user experience is to edit the default user profile directly using a script that is run during Windows deployment. This type of script can also be run on existing machines or used in combination with CopyProfile. A benefit of this approach is that you can modify the default profile with or without a reference image.

Editing the Default Profile

To edit the default profile, we’ll use the command line tool REG to mount and make changes to the default user registry hive. Additionally we can make folder and file changes to the default profile and a couple of other command line tools to perform tasks such as pin and unpin shortcuts or change the Windows 7 Libraries. As far as this article is concerned, the default profile is in its default location, usually C:\Users\Default. In a script, you could refer to this location as %SystemDrive%\Users\Default.

Finding Settings

To find the profile locations to modify there’s a couple of methods that I rely on:

• Google (or your favourite search engine)
• Process Monitor and Process Explorer

In most cases, someone (or even Microsoft) will have documented a registry value or profile location that is used to store a setting. More obscure or new settings will require detecting the location with Process Monitor. For example, to determine where a setting is stored in the Registry, create a filter in Process Monitor using the process name or process ID, additionally filtering on the operation such as RegSetValue, as shown below:

A trace with Process Monitor when making a preference change should result in something like this:

Regshot is also useful for comparing a before and after change to the profile for determining registry value locations.

Additionally Process Explorer can be useful for tracking down a process that might be responsible for writing a setting by viewing the command line used to launch the process. Finding settings can sometimes be a time consuming process, but once found and documented, you’ve got a detailed understanding of the default profile.

Editing the Registry

To make direct registry edits to the default user profile, the REG command line utility is used to load the default profile registry hive, change a registry value and then unload the hive, saving it back to the default profile. The following lines show a rough example of how this is done:

REG LOAD HKU\DefaultUser %SystemDrive%\Users\Default\NTUSER.DAT
REG ADD HKU\DefaultUser\Software\KeyName /v ValueName /d Data /t REG_SZ /f
REG UNLOAD HKU\DefaultUser

Note that this will need to be run with administrative privileges and in an elevated context, so that you have write access to the default profile.

Pinning and Unpinning Shortcuts

A common requirement is to modify the the pinned shortcuts on the Taskbar or Start menu. This can be automated using a script, which needs to run a first logon (either as the user, or in the profile copied over the default profile via Sysprep/CopyProfile). Unfortunately I can’t find the original source for this script; however it works quite well and allows you to pin shortcuts to and unpin shortcuts from the Taskbar and Start menu via a command line. The script is available here:

[download id="62″ format="1″]

Note that Windows 8 and above, do not expose a programatic method to pin and unpin shortcuts to the Start screen. If you’re looking to customise the Start screen, refer to this existing article: Customizing the Windows 8.1 Start Screen? Don’t follow Microsoft’s guidance.

Modifying the Windows Libraries

By default, the Libraries introduced in Windows 7, include the public folder locations. Removing these or adding locations requires editing the Libraries; however they’re stored in XML files and are created at first logon. To modify the libraries, you can use a command line tool ShLib.exe. Like pinning and unpinning shortcuts, this tool also needs to be run at first logon (and won’t work via CopyProfile). This article, Administratively Create and Modify Windows 7 Libraries, covers the use of ShLib.exe quite well.

Implementing a Script to Modify the Default Profile

Once you’ve created your script to make changes to the default registry, modify the default profile folder locations, pin and unpin shortcuts and make changes to the Libraries, you’ll need to implement the changes on the target PCs via script. Using an automation solution such as the Microsoft Deployment Toolkit (or an ESD like System Center Configuration Manager) the script can be run during a deployment task sequence. In the case of MDT, the script will be run after Windows unattended setup has completed in the local Administrator context. This way the script will have full elevation and write access to the default profile. An ESD solution will typically run the script via the local SYSTEM account. If you need to make changes to existing PCs, you’ll need a method to do so, such as an advertisement in Configuration Manager. If you take this approach, you can combine a script that makes direct changes to the default profile with the CopyProfile approach. That allows you to modify the profile for deployments from an unmodified OS as well as a custom image, keeping consistency across deployment types.

Example Scripts

Included here, along with some notation, are some example scripts for modifying the Windows 7 and Windows 8.1 default profiles. These example scripts include creation of a script at runtime that will run during first logon of any new profile. This is implemented as a batch file to keep things as simple as possible. Users will see a Command Prompt window as the script runs (but only once). The command lines includes in the script could be implemented with a UEM solution such as AppSense Environment Manager or even Group Policy to improve the user experience.

Windows 7

Here’s a sample script that will modify the default profile on a Windows 7 PC (x86 and x64). At a high level, the script will perform the following steps:

• Load and modifies the registry of the default profile
• Copies ExecuteVerbAction.VBS and ShLib.exe to folder under %ProgramFiles%
• Creates a batch script that will run on first logon to edit the Libraries and pin/unpin shortcuts. Once the script runs for the user, it will delete itself.

@ECHO OFF
REM Load the default profile hive
SET HKEY=HKU\Default
REG LOAD %HKEY% %SystemDrive%\Users\Default\NTUSER.DAT

REM Sound and end-application
REG ADD "%HKEY%\Control Panel\Sound" /v Beep /t REG_SZ /d NO /f
REG ADD "%HKEY%\Control Panel\Sound" /v ExtendedSounds /t REG_SZ /d NO /f
REG ADD "%HKEY%\Control Panel\Desktop" /v HungAppTimeout /t REG_SZ /d 5000 /f
REG ADD "%HKEY%\Control Panel\Desktop" /v AutoEndTasks /t REG_SZ /d 1 /f
REG ADD "%HKEY%\Control Panel\Desktop" /v WaitToKillAppTimeout /t REG_SZ /d 4000 /f

REM Command Prompt settings
REG ADD "%HKEY%\Console" /v QuickEdit /t REG_DWORD /d 1 /f
REG ADD "%HKEY%\Software\Microsoft\Command Processor" /v CompletionChar /t REG_DWORD /d 9 /f
REG ADD "%HKEY%\Software\Microsoft\Command Processor" /v PathCompletionChar /t REG_DWORD /d 9 /f
REG ADD "%HKEY%\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections" /v SaveConnections /d "no" /t REG_SZ /f

REM Language bar - only apply if using single regional settings
REM	REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v ShowStatus /t REG_DWORD /d 3 /f
REM	REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v Label /t REG_DWORD /d 1 /f
REM	REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v ExtraIconsOnMinimized /t REG_DWORD /d 0 /f

REM Windows Explorer and Start Menu
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v SeparateProcess /t REG_DWORD /d 1 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ServerAdminUI /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_AdminToolsRoot /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_PowerButtonAction /t REG_DWORD /d 2 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_ShowDownloads /t REG_DWORD /d 1 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_ShowMyGames /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Start_ShowMyMusic /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v StartMenuAdminTools /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v StartMenuFavorites /t REG_DWORD /d 1 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarSizeMove /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete" /v "Append Completion" /t REG_SZ /d YES /f
REG ADD "%HKEY%\AppEvents\Schemes\Apps\Explorer\Navigating\.Current" /ve /t REG_EXPAND_SZ /d "" /f

REM Set IE as default browser, prevent prompting user
REG ADD "%HKEY%\Software\Clients\StartmenuInternet" /ve /d "IEXPLORE.EXE" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice" /v Progid /d "IE.AssocFile.MHT" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v Progid /d "IE.AssocFile.HTM" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v Progid /d "IE.AssocFile.HTM" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice" /v Progid /d "IE.AssocFile.URL" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice" /v Progid /d "IE.AssocFile.MHT" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v Progid /d "IE.AssocFile.XHT" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice" /v Progid /d "IE.AssocFile.SVG" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice" /v Progid /d "IE.AssocFile.PARTIAL" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice" /v Progid /d "IE.AssocFile.WEBSITE" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice" /v Progid /d "IE.AssocFile.XHT" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice" /v Progid /d "IE.HTTPS" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice" /v Progid /d "IE.FTP" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" /v Progid /d "IE.HTTP" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\message/rfc822\UserChoice" /v Progid /d "IE.message/rfc822" /f
REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text/html\UserChoice" /v Progid /d "IE.text/html" /f

REM Additional Internet Explorer options
REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\TabbedBrowsing" /v PopupsUseNewWindow /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\PhishingFilter" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\Main" /v "Enable AutoImageResize" /t REG_SZ /d YES /f
REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\PhishingFilter" /v Enabled /t REG_DWORD /d 2 /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.local" /v * /t REG_DWORD /d 1 /f
REM	REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\New Windows\Allow" /v *.domain.local /t REG_BINARY /d 0000 /f

REM Windows Media Player
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Setup\UserOptions" /v DesktopShortcut /d No /t REG_SZ /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Setup\UserOptions" /v QuickLaunchShortcut /d 0 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v AcceptedPrivacyStatement /d 1 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v FirstRun /d 0 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v DisableMRU /d 1 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v AutoCopyCD /d 0 /t REG_DWORD /f

REM Help and Support
REG ADD "%HKEY%\Software\Microsoft\Assistance\Client\1.0\Settings" /v OnlineAssist /d 1 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\Assistance\Client\1.0\Settings" /v IsConnected /d 1 /t REG_DWORD /f

REM Remove localisation - Themes, Feeds, Favourites
REG DELETE "%HKEY%\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v mctadmin /f

REM Snipping Tool
REG ADD "%HKEY%\Software\Microsoft\Windows\TabletPC\Snipping Tool" /v ShowCaptureStroke /d 0 /t REG_DWORD /f

REM Unload the default profile hive
REG UNLOAD %HKEY%

REM Setup Taskbar unpin items on first login
IF NOT EXIST "%ProgramFiles%\Scripts" MD "%ProgramFiles%\Scripts"
COPY /Y ExecuteVerbAction.VBS "%ProgramFiles%\Scripts\ExecuteVerbAction.VBS"
COPY /Y ShLib.exe "%ProgramFiles%\Scripts\ShLib.exe"

MD "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
ECHO @ECHO OFF > "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO cscript.exe "%ProgramFiles%\Scripts\ExecuteVerbAction.vbs" "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk" UnpinFromTaskbar >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Documents.library-ms" %PUBLIC%\Documents >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Music.library-ms" %PUBLIC%\Music >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Pictures.library-ms" %PUBLIC%\Pictures >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Videos.library-ms" %PUBLIC%\Videos >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO DEL /Q "%%APPDATA%%\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd" >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"

If you use this in a production environment, please test and confirm each setting to ensure you understand what the script will implement.

Windows 8.1

Here’s a sample script that will modify the default profile on a Windows 8.1 PC (x86 and x64). At a high level, the script will perform the following steps:

• Load and modifies the registry of the default profile
• Import a pre-configured Start screen
• Copies ExecuteVerbAction.VBS and ShLib.exe to folder under %ProgramFiles%
• Creates a batch script that will run on first logon to edit the Libraries and pin/unpin shortcuts. Once the script runs for the user, it will delete itself

@ECHO OFF
REM Load the default profile hive
SET HKEY=HKU\Default
REG LOAD %HKEY% %SystemDrive%\Users\Default\NTUSER.DAT

REM Sound and end-application
REG ADD "%HKEY%\Control Panel\Sound" /v Beep /t REG_SZ /d NO /f
REG ADD "%HKEY%\Control Panel\Sound" /v ExtendedSounds /t REG_SZ /d NO /f
REG ADD "%HKEY%\Control Panel\Desktop" /v HungAppTimeout /t REG_SZ /d 5000 /f
REG ADD "%HKEY%\Control Panel\Desktop" /v AutoEndTasks /t REG_SZ /d 1 /f
REG ADD "%HKEY%\Control Panel\Desktop" /v WaitToKillAppTimeout /t REG_SZ /d 4000 /f

REM Command Prompt settings
REG ADD "%HKEY%\Console" /v QuickEdit /t REG_DWORD /d 1 /f
REG ADD "%HKEY%\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections" /v SaveConnections /d "no" /t REG_SZ /f

REM Language bar - only apply if using single regional settings
REM	REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v ShowStatus /t REG_DWORD /d 3 /f
REM	REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v Label /t REG_DWORD /d 1 /f
REM	REG ADD "%HKEY%\Software\Microsoft\CTF\LangBar" /v ExtraIconsOnMinimized /t REG_DWORD /d 0 /f

REM Windows Explorer
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v SeparateProcess /t REG_DWORD /d 1 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarSizeMove /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete" /v "Append Completion" /t REG_SZ /d YES /f
REG ADD "%HKEY%\AppEvents\Schemes\Apps\Explorer\Navigating\.Current" /ve /t REG_EXPAND_SZ /d "" /f

REM Windows 8 navigation settings
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" /v OpenAtLogon /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" /v DesktopFirst /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" /v MakeAllAppsDefault /t REG_DWORD /d 0 /f
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" /v MonitorOverride /t REG_DWORD /d 0 /f

REM Set IE as default browser, prevent prompting user
REM	REG ADD "%HKEY%\Software\Clients\StartmenuInternet" /ve /d "IEXPLORE.EXE" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice" /v Progid /d "IE.AssocFile.MHT" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v Progid /d "IE.AssocFile.HTM" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v Progid /d "IE.AssocFile.HTM" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice" /v Progid /d "IE.AssocFile.URL" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice" /v Progid /d "IE.AssocFile.MHT" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v Progid /d "IE.AssocFile.XHT" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice" /v Progid /d "IE.AssocFile.SVG" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice" /v Progid /d "IE.AssocFile.PARTIAL" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice" /v Progid /d "IE.AssocFile.WEBSITE" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice" /v Progid /d "IE.AssocFile.XHT" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice" /v Progid /d "IE.HTTPS" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice" /v Progid /d "IE.FTP" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" /v Progid /d "IE.HTTP" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\message\rfc822\UserChoice" /v Progid /d "IE.message/rfc822" /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text\html\UserChoice" /v Progid /d "IE.text/html" /f

REM Additional Internet Explorer options
REM	REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\TabbedBrowsing" /v PopupsUseNewWindow /t REG_DWORD /d 0 /f
REM	REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\PhishingFilter" /v Enabled /t REG_DWORD /d 1 /f
REM	REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\Main" /v "Enable AutoImageResize" /t REG_SZ /d YES /f
REM	REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\PhishingFilter" /v Enabled /t REG_DWORD /d 2 /f
REM	REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.local" /v * /t REG_DWORD /d 1 /f
REM	REG ADD "%HKEY%\Software\Microsoft\Internet Explorer\New Windows\Allow" /v *.domain.local /t REG_BINARY /d 0000 /f

REM Windows Media Player
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Setup\UserOptions" /v DesktopShortcut /d No /t REG_SZ /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Setup\UserOptions" /v QuickLaunchShortcut /d 0 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v AcceptedPrivacyStatement /d 1 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v FirstRun /d 0 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v DisableMRU /d 1 /t REG_DWORD /f
REG ADD "%HKEY%\Software\Microsoft\MediaPlayer\Preferences" /v AutoCopyCD /d 0 /t REG_DWORD /f

REM Unload the default profile hive
REG UNLOAD %HKEY%

REM Configure the default Start Screen
IF NOT EXIST %SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows MD %SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows
POWERSHELL -NonInteractive -Command Import-StartLayout -LayoutPath .\CustomStartScreenLayout.bin -MountPath %SystemDrive%\

REM Setup Taskbar unpin items on first login
IF NOT EXIST "%ProgramFiles%\Scripts" MD "%ProgramFiles%\Scripts"
COPY /Y ExecuteVerbAction.VBS "%ProgramFiles%\Scripts\ExecuteVerbAction.VBS"
COPY /Y ShLib.exe "%ProgramFiles%\Scripts\ShLib.exe"

MD "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
ECHO @ECHO OFF > "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
REM	ECHO cscript.exe "%ProgramFiles%\Scripts\ExecuteVerbAction.vbs" "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk" UnpinFromTaskbar >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Documents.library-ms" %PUBLIC%\Documents >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Music.library-ms" %PUBLIC%\Music >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Pictures.library-ms" %PUBLIC%\Pictures >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO "%ProgramFiles%\Scripts\shlib" remove "%%APPDATA%%\Microsoft\Windows\Libraries\Videos.library-ms" %PUBLIC%\Videos >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"
ECHO DEL /Q "%%APPDATA%%\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd" >> "%SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinnedItemsLibraries.cmd"

If you use this in a production environment, please test and confirm each setting to ensure you understand what the script will implement.

Summing Up

There are numerous ways to edit the default profile, some more complicated and involved than others. It’s my view that the best way to modify the default profile is targeting the required settings, which does mean more work. However, this approach results in a better understanding of the user environment and with any luck a better user experience.

Each new major release of Windows results in less modifications, so your job will be easier. There are a few scripts and tools you’ll need to have in place and I’m confident the approach outlined here will result in happy users (or at least users who aren’t complaining).

In the next article on the same subject, I’ll cover customising the default profile for Remote Desktop Services Session Hosts.

I have too many devices but not one of them runs Android. A good part of my job is testing, presenting and demoing, so it’s handy being able to show the user experiences across different devices. One of everything is perhaps going a bit too far, so I’d prefer to run Android as a VM.

Microsoft announced some interesting new features in Windows Server 2012 R2 at TechEd 2013 and one of those that piqued my interest is Work Folders. I’m not the biggest fan of Redirected Folders and Offline files, but it’s essentially the only enterprise solution Microsoft provides today for taking your data offline. Microsoft needs to provide a completely new method of syncing file data - one that is designed for todays use cases and computing environment.

Citrix provides a nice wizard for installing the XenDesktop 7 VDA and some pretty good documentation on using a command line installation, but the wizard does not expose all of the available options and working out what the wizard is doing in relation to the command line takes a bit of translation. Here’s how to automate a typical VDA deployment.

The Microsoft Deployment Toolkit provides a Lite Touch deployment model - typically a device requires an engineer to manually start the deployment task sequence. Using PowerShell to drive MDT offers the chance to provide a little more automation around OS deployments.

Here’s an overview of my talk from Citrix Synergy 2013 - Hands off my gold image!  If you were unable to attend Synergy or missed my session, this is a short version of the talk, but hopefully it will give you an idea of what was covered.

Here’s a deployment demo that I showed during my Geek Speak Live session at Citrix Synergy 2013 at Anaheim last week as well as during BriForum London 2013 when I had the opportunity to co-present a session with fellow CTP, Jim Moyle.

Here’s another demo that I showed during my Geek Speak Live session at Citrix Synergy 2013 at Anaheim yesterday.

Thanks to everyone who attended my Geek Speak Live session at Citrix Synergy 2013 in Anaheim yesterday. I’ll post details about the session and the slide deck next week for those who couldn’t attend.

At Citrix Synergy in Anaheim next month, I’ll have the opportunity to present a Geek Speak Live session - Hands Off My Gold Image! If you aren’t automating the creation of your gold images, there’s lots to learn in this session. Even if you are automating your gold images, perhaps there’s something new that I can still share with you. In this session, which will be demo heavy, I’ll show you some ways that you can deliver build automation with toolsets provided by Microsoft and Citrix.

With thanks to Nicke’s latest post, the App-V Recipes and Tips list has hit 400 links!

While working on a PowerShell script to drive OS deployment through MDT, I’ve needed to obtain the UUID from a target virtual machine. Unfortunately this isn’t just a property of the VM that you get through Get-VM. Instead you’ll need jump through a few hoops to retrieve the right UUID.

It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little preparation. Before embarking on sequencing Firefox, please refer to this companion article - Prepare Mozilla Firefox for Enterprise Deployment and Virtualization - which covers configuring a Firefox installation for virtualizing. It’s important that Firefox is configured correctly for virtualization by disabling specific features.

The App-V 5 Sequencer, just like version 4.6 SP1, includes support for Sequencer Templates. These are an ideal approach for ensuring the use of the same set of Sequencer settings and exclusions across all packages.

I’ve previously written articles on virtualizing Mozilla Firefox, but with Firefox releases more regular these days and the release of App-V 5, it makes sense to split details on configuring Firefox for an enterprise deployment and virtualizing Firefox into separate articles.

Connection Groups (or Dynamic Suite Composition v2) in App-V 5.0 are great for enabling separate App-V packages to talk to each other. Connection Groups are easy enough to deploy with the App-V Management Server or Configuration Manager 2012; however that isn’t the case for stand-alone scenarios or 3rd party ESDs.

One of the great promises of application virtualization is dynamic delivery of software to end-points; however delivering plugins or add-ons to installed (i.e. not virtualized) software has thus far been a stumbling block.

Two recent releases presents an opportunity to revisit the state of virtualizing Apple iTunes. iTunes 11 looks great, but is it just lipstick on a pig? Under the hood, it doesn’t appear to differ that much from previous versions, but lets see whether a combination of Apple’s latest and greatest along with App-V 5 offers a better virtualisation experience.

User settings that might impact the default Office experience or may require special consideration in your environment, are worth investing in planning time because you’ll often have only one chance to get deployment right.

If you’ve been following along so far you’ll have read my follow up coverage of  my (and co-host, Jonathan Eyton-Williams) Geek Speak talk at Citrix Synergy in Barcelona, with  Hands off my gold image – Automating Citrix XenApp/PVS Image Creation and Hands off my gold image – Microsoft Deployment Toolkit details. In this article I’ll cover the task sequence that deploys Windows Server, installs XenApp and captures the image into PVS.

App-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.

You’ll then have tackled with the product matrix that comes as a PDF instead of something more reasonable like, say, a spread sheet. There’s probably a good reason for this document to be a PDF, but it’s not the best format for reading this type of information.

App-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.

After the corresponding Geek Speak talk at Citrix Synergy in Barcelona, I posted an article on automating a XenApp deployment and capture into Provisioning Services via the Microsoft Deployment Toolkit (MDT): Hands off my gold image – Automating Citrix XenApp/PVS Image Creation.

App-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.

App-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.

Citrix Provisioning Services is a great solution for the rapid deployment of Windows workloads from a master image. However, rapid deployment is not a replacement for a consistent, repeatable method of creating that master image.

Adobe Reader XI is now available and along with this release comes some interesting tools for deployment:

Note: this article covers a product that is in beta at the time of writing; therefore the specifics of the approach outlined in this article may be subject to change. This is not a recommendation to use this approach in production; rather it’s an exercise in understanding what’s possible with a new data synchronisation product.

Rory asks via Twitter - can we pre-cache App-V packages on laptop clients so that all applications are available offline, using AppSense Environment Manager?:

It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little more effort. I’ve previously shown you how to sequence Firefox 8, Firefox 7 and Firefox 5. Before embarking on sequencing Firefox, please refer to this companion article - Prepare Mozilla Firefox for Enterprise Deployment and Virtualization - which covers configuring a Firefox installation for virtualizing. It’s important that Firefox is configured correctly for virtualization by disabling specific features..

There’s one thing that I can’t get enough of when automating Windows deployments, it’s ambiguous and confusing error messages. More please, I’m a sucker for punishment.

Deploying Citrix Receiver (full or Enterprise) via an unattended command-line, may result in the installer running indefinitely and not completing until you interact with the target machine.

I shared a lightning round session at BriForum London 2012 with Dan Brinkmann. I rolled two lightning rounds (including Should Office Be in the Base Image?) into one with The Definitive Guide to delivering Office with App-V.

At Citrix Synergy 2012, I had the distinct pleasure of moderating a Geek Speak panel:  ”User Environment Management smackdown 2012” with Shawn Bass, Helge Klein, Harry Labana from AppSense, Bob Janssen from RES Software and Mike Larkin from Citrix on the state of User Environment Management.

I’ve been fortunate enough to have performed technical editor duties on a couple of App-V books by Augusto Alvarez - Getting Started with Microsoft Application Virtualization 4.6 and Microsoft Application Virtualization Advanced Guide.

The App-V 5.0 Sequencer includes a couple of PowerShell modules and for converting packages is the only interface to use. Here’s how to automate the migration of packages from the old 4.x format to the new App-V 5.0 format.

Last Friday turned out to be a pretty awesome day - my wife and I found out we’ll be having a girl in July and I’ve been selected to receive the Citrix Technology Professional award for 2012.

I’ve been configuring a Windows Server 2008 R2 Hyper-V deployment in the lab via MDT to a couple of ProLiant DL380 G5’s. I’ve been keeping the deployment as simple as possible, so there’s no SCVMM integrated at this point and as such I’ve need to configure the Hyper-V networking once the OS is deployed to the machine. Naturally, I don’t want to do that manually.

Mark Plettenberg, the lead developer of Login VSI. This new module looks very interesting because it will allow us to objectively measure and analyse the performance of remoting protocols such as Teradici PCoIP, Microsoft RDP, Citrix ICA/HDX and Quest EOP.

Having had to travel to Australia and the US recently, I’ve not had that much time to work on an upcoming white paper, but I have been posting some of the early versions of the chapters. So here’s another in that series while I work on getting the paper finished.

Update (28/03/2012): This list of white papers are now available on the Microsoft Download Centre: Microsoft Application Virtualization (App-V) Documentation Resources Download Page

I’m not sure why I didn’t think of this earlier – I get emails from readers fairly regularly and many of them make great topics for blog posts. So here’s the first in a series of posts where I’ll cover interesting questions I get via email and where I think other readers will benefit from a public response.

I recently posted a script for removing unnecessary files and pruning files based on their age, which can be used at logoff to keep profile sizes manageable - Reducing Profile Size with a Profile Clean Up Script.

Andrew Morgan (@andyjmorgan) has kindly translated my very basic VBscript to PowerShell. This can be used as a standalone script or the function (remove-itembyage) could be integrated into your own scripts and has the added benefit of in-built help and the ability to run silently.

Just like the original script, this could be executed at logoff, before the profile is saved back to the network, to perform two actions:

1. Delete all files of a specific file type in a specified folder, including sub-folders
2. Delete all files older than X days in a specified folder, including sub-folders

For example, you could use the script to delete all .log or temporary files below %APPDATA% that aren’t required to be roamed, or delete all Cookies older than 90 days to keep the Cookies folder to a manageable size.

Note: the script listing below has the -whatif parameter applied when calling the function, so no deletes will occur unless the parameter is removed.

function remove-itembyage {
    <#
        .SYNOPSIS
        remove items from folders recursively.

        .DESCRIPTION
        this function removes items older than a specified age from the target folder

        .PARAMETER Days
        Specifies the ammount of days since the file was last written to you wish to filter on.

        .PARAMETER Path
        Specifies the path to the folder you wish to search recursively.

        .PARAMETER Silent
        Instructs the function not to return any output.

        .EXAMPLE
        PS C:\&gt; remove-itembyage -days 0 -path $recent

        This command searches the $recent directory, for any files, then deletes them.

        .EXAMPLE
        PS C:\&gt; remove-itembyage -days 5 -path $recent

        This command searches the $recent directory, for files older than 5 days, then deletes them.

        .EXAMPLE
        PS C:\&gt; remove-itembyage -days 10 -path $appdata -typefilter "txt,log"

        This command searches the $cookies directory, for files older than 10 days and end with txt or log extensions, then deletes them.

        .EXAMPLE
        PS C:\&gt; remove-itembyage -days 10 -path $cookies -typefilter "txt,log" -silent

        This command searches the $cookies directory, for files older than 10 days and end with txt or log extensions, then deletes them without a report.

        .NOTES
        /user-virtualization/profile-clean-up-script-powershell-edition/ for support information.

        .LINK
        /user-virtualization/profile-clean-up-script-powershell-edition/
    #>

    [cmdletbinding(SupportsShouldProcess = $True)]
    param(
        [Parameter(Mandatory = $true, Position = 0, HelpMessage = "Number of days to filter by, E.G. ""14""")]
        [int]$days,
        [Parameter(Mandatory = $true, Position = 1, HelpMessage = "Path to files you wish to delete")]
        [string]$path,
        [string]$typefilter,
        [switch]$silent)

    #check for silent switch
    if ($silent) {$ea = "Silentlycontinue"}
    Else {$ea = "Continue"}

    #check for typefilter, creates an array if specified.
    if (!($typefilter)) {$filter = "*"}
    Else {$filter = foreach ($item in $typefilter.split(",")) {$item.insert(0, "*.")}}

    if (test-path $path) {
        $now = get-date
        $datefilter = $now.adddays( - $days)
        foreach ($file in get-childitem "$path\*" -recurse -force -include $filter | where {$_.PSIsContainer -eq $false -and $_.lastwritetime -le $datefilter -and $_.name -ne "desktop.ini"}) {
            if (!($silent)) {write-host "Deleting: $($file.fullname)"}
            remove-item -literalPath $file.fullname -force -ea $ea
        }#end for
    }#end if

    Else {
        if (!($silent)) {write-warning "the path specified does not exist! ($path)"}
    }#end else
}#end function

#Get KnownFolder Paths
$appdata = $env:appdata
$Cookies = (new-object -com shell.application).namespace(289).Self.Path
$History = (new-object -com shell.application).namespace(34).Self.Path
$recent = (new-object -com shell.application).namespace(8).Self.Path
$profile = $env:userprofile

#commands
remove-itembyage -days 0 -path $appdata -typefilter "txt,log" -silent -whatif
remove-itembyage -days 90 -path $cookies -silent -whatif
remove-itembyage -days 14 -path $recent -silent -whatif
remove-itembyage -days 21 -path $history -silent -whatif
remove-itembyage -days 14 -path "$appdata\Microsoft\office\Recent" -silent -whatif

I was quite relieved and grateful to receive the Microsoft MVP award again for 2012:

Windows profiles become larger over time - it’s an inescapable fact. This means that if you are using roaming profiles, logons (and logoff) will be longer and longer. It’s not just individual file sizes, but also the number of files stored in a profile that will make the synchronisation process slower.

One approach to reducing profile sizes is to exclude certain folders. A better solution is to ditch roaming profiles and use a third-party solution to manage roaming of the user environment.

However, there will still be folders that need to be roamed to maintain the experience that users expect when moving between devices (i.e. consistency). For those folders we can implement some maintenance to keep them at a manageable size - that is remove files that are not needed in a roaming profile (e.g. log files) or delete files older than a specific number of days.

Warning: there’s a reason that Windows doesn’t do this maintenance itself - only each application vendor will have an understanding of whether specific files are required or can be discarded (hence the roaming and local portions of AppData). However, as any experienced Windows admin knows - many vendors either don’t test for or don’t care about roaming scenarios, therefore I strongly recommend testing this approach before production deployment.

As a part of an upcoming version of this configuration, I’ve created a script that will execute at logoff, before the profile is saved back to the network, that will perform two actions:

1. Delete all files of a specific file type in a specified folder, including sub-folders
2. Delete all files older than X days in a specified folder, including sub-folders

So for example, you could use the script to delete all .log files below %APPDATA% or delete all Cookies older than 90 days.

The script is extremely simple on purpose and I recommend testing thoroughly before implementing - use at your own risk; however feedback is welcome.

' Profile clean up - remove unneeded or old files before logoff
' --------------------------------------------------------------
' Original scripts:
' http://www.wisesoft.co.uk/scripts/vbscript_recursive_file_delete_by_extension.aspx
' http://ss64.com/vb/syntax-profile.html
' http://csi-windows.com/toolkit/csigetspecialfolder

' Version 2.0; 27/12/2011

Option Explicit
On Error Resume Next 'Avoid file in use issues

Dim strExtensionsToDelete, strAppData, strUserProfile, objFSO, strCookies, strHistory, strRecent, objShellApp
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShellApp = CreateObject("Shell.Application")
Const CSIDL_COOKIES = "&H21"
Const CSIDL_HISTORY = "&H22"
Const CSIDL_RECENT = "&H08"
Const CSIDL_NETHOOD = "&H13"
Const CSIDL_APPDATA = "&H1A"
Const CSIDL_PROFILE = "&H28"

' Folder to delete files from (files will also be deleted from Subfolders)
strUserProfile = objShellApp.NameSpace(cint(CSIDL_PROFILE)).Self.Path
strAppData = objShellApp.NameSpace(cint(CSIDL_APPDATA)).Self.Path
strCookies = objShellApp.NameSpace(cint(CSIDL_COOKIES)).Self.Path
strHistory = objShellApp.NameSpace(cint(CSIDL_HISTORY)).Self.Path
strRecent = objShellApp.NameSpace(cint(CSIDL_RECENT)).Self.Path
strNetHood = objShellApp.NameSpace(cint(CSIDL_NETHOOD)).Self.Path

' Main
RecursiveDeleteByExtension strAppData, "tmp,log"
RecursiveDeleteOlder 90, strCookies
RecursiveDeleteOlder 14, strRecent
RecursiveDeleteOlder 21, strHistory
RecursiveDeleteOlder 21, strNetHood
RecursiveDeleteOlder 14, strAppData & "\Microsoft\Office\Recent"
'RecursiveDeleteOlder 5, strAppData & "\Sun\Java\Deployment\cache"
'RecursiveDeleteOlder 3, strAppData & "\Macromedia\Flash Player"
'RecursiveDeleteOlder 14, strUserProfile & "\Oracle Jar Cache"

Sub RecursiveDeleteByExtension(ByVal strPath,strExtensionsToDelete)
    ' Walk through strPath and sub-folders and delete files of type strExtensionsToDelete
    Dim objFolder, objSubFolder, objFile, strExt

    If objFSO.FolderExists(strPath) = True Then
        Set objFolder = objFSO.GetFolder(strPath)
        For Each objFile in objFolder.Files
            For each strExt in Split(UCase(strExtensionsToDelete),",")
                If Right(UCase(objFile.Path),Len(strExt)+1) = "." & strExt then
                    WScript.Echo "Deleting: " & objFile.Path
                    objFile.Delete(True)
                    Exit For
                End If
            Next
        Next
        For Each objSubFolder in objFolder.SubFolders
            RecursiveDeleteByExtension objSubFolder.Path,strExtensionsToDelete
        Next
    End If
End Sub

Sub RecursiveDeleteOlder(ByVal intDays,strPath)
    ' Delete files from strPath that are more than intDays old
    Dim objFolder, objFile, objSubFolder

    If objFSO.FolderExists(strPath) = True Then
        Set objFolder = objFSO.GetFolder(strPath)
        For each objFile in objFolder.files
            If DateDiff("d", objFile.DateLastModified,Now) > intDays Then
                If UCase(objFile.Name) <> "DESKTOP.INI" Then ' Ensure we don't delete desktop.ini
                    WScript.Echo "Deleting: " & objFile.Path
                    objFile.Delete(True)
                End If
            End If
        Next
        For Each objSubFolder in objFolder.SubFolders
            RecursiveDeleteOlder intDays,objSubFolder.Path
        Next
    End If
End Sub

Adobe released a new security advisory for Reader and Acrobat 9 and X this week to address details of an upcoming fix to these versions for a 0 day vulnerability. Exploits for this vulnerability exist for Reader and Acrobat 9 and are currently active:

Because Office is a core application of most desktop deployments, user interaction with Office and the user experience are important factors in the deployment of Office. From an administration perspective, providing a seamless user experience requires managing the user preferences of an application, independent of the application delivery method.

Several months ago, I used the The Archivist to create an archive and analysis of tweets with the #AppV hash tag. 1,740 tweets later (not all of which I’m sure are App-V related), we get an interesting picture of conversations around App-V. To view the archive visit this URL: http://bit.ly/appvarchive.

Mozilla has just released Firefox 8, so it’s time to look at virtualizing the new version. It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little more effort. Here’s how to successfully sequence Mozilla Firefox 8.x.

Here’s how to successfully sequence Google Chrome 15; however the same approach should work for Chrome 13, 14 and 16 and maybe even some other versions.

In the official Microsoft TechNet forums, a question had been asked about sequencing Google Chrome and the poster states that when using the Chrome Enterprise Installer (a downloadable MSI for deployment inside an organisation), Chrome installs OK during the monitoring phase, but the folder is deleted at the end of monitoring and thus isn’t captured.

Surely one of the main goals of any good desktop delivery project is to remove the user’s reliance on any single device?

I’ve been doing some work recently virtualizing various versions of Office in App-V plus managing user preferences for those Office packages. Here’s something interesting that I’ve found – the size of the profile settings for a default installation of Office 2010 is massively different in size over previous versions of Office.

If you have issues installing the Office 2010 Deployment Kit for App-V (OffVirt.msi) to install the licensing component for a virtualized Office 2010 package, it may fail to install. A typical command line to install the licensing component look like this:

If you follow any of the following guidance from Microsoft for sequencing Office with App-V: