Deploying VMware View 5 – Part 2: Configure Windows 7 to be a VMware View Desktop

KB ID 0000596

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

In Part 1 we looked at setting up your connection server. To actually deliver a virtual desktop you need to a) have a desktop built, and b) have the VMware View ‘agent’ installed on it.

In addition there are various changes you need to make, both to streamline the virtual machine, and make it more efficient for VMware View.

Note: If you are doing manual assignment of desktops to users, then this is not as important, but if you are going to deploy linked clone desktops this is VERY important. Either way its still good practice to ‘prep’ desktops first.

Solution

1. Build the desktop you intend to deliver via View (In this example I’m using Windows 7 Pro x32 bit).

Licencing Note: For manual desktop assignments you can use MAK license keys, but for larger deployments using VMware composer and linked clones, use Microsoft’s KMS server to service your licensing needs.

Using KMS Server for Windows Server 2008 R2, Windows 7, and Office 2010

2. Run a full Windows update, allow the machine to reboot, then keep running Windows update until it says that it is up to date.

3. Then install the VMware tools.

4. Install any software and applications you require.

5. Download these scripts to auto configure your clients.

Note: There are two scripts, one called PrepClient.bat and the other called PrepClientPM.bat (Only use the latter if you are going to deploy persona management). I originally got these scripts from VMware, and have made a subtle change to them, they are 99% NOT my work!

Make sure you execute the scripts from a command window “As Administrator”, (right click the cmd shortcut while holding down Shift). You will need to do this even if you are logged in as the administrator.

What this script is doing?

a. Sets screen saver to “Blank Screen”, enable after one minute, and password protects it. b. Empties the internet cache. c. Turns off RSS Feeds in Internet Explorer. d. Disables Microsoft Action center. e. Stops the “Welcome to Internet Explorer” Dialogue for new users. f. Disables “Superfetch”. g. Disables Windows update (Note: If you are not using linked clones you might want to remove this line);

[box]reg ADD “HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU” /v NoAutoUpdate /t REG_DWORD /d 0x1 /f[/box]

h. Disables System Restore, and removes access to the restore options. i. Sets the application log size to 10MB and allows it to overwrite events as needed. j. Sets the system log size to 10MB and allows it to overwrite events as needed. k. Sets the security log size to 10MB and allows it to overwrite events as needed. l. Disables the Network Location Wizard. m. Disables Crash Dump Logging. n. Deleted files are instantly deleted, they do not go to the recycle bin (Stops the recycler file filling up with junk), to stop this remove this line.

[box]reg ADD “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer” /v NoRecycleFiles /t REG_DWORD /d 0x1 /f[/box]

o. Enables Remote Desktop (RDP Connections) from all clients (the less secure option) p. Disables Windows User Access control. q. Disables Windows SideShow. r. Disables the following services.

Bitlocker Drive Encryption Service ‘BDESVC’ Block Level Backup Engine Service ‘wbengine’ Diagnostic Policy Service ‘DPS’ Desktop Window Manager Session Manager Service ‘UxSms’ Disk Defragmenter Service ‘Defragsvc’ Home Group Listener Service ‘HomeGroupListener’ Home Group Service ‘HomeGroupProvider’ IP Helper Service ‘iphlpsvc’ Microsoft iSCSI Initiator Service ‘MSiSCSI’ Microsoft Software Shadow Copy Provider ‘swprv’ Client side Caching Service ‘CscService’ Secure Socket Tunnelling Protocol Service ‘SstpSvc’ Windows Security Center Service ‘wscsvc’ Simple Service Discovery Protocol Service ‘SSDPSRV’ ReadyBoost Service ‘SysMain’ Tablet Input Service ‘TabletInputService’ Themes Service ‘Themes’ Universal Plug and Play Service ‘upnphost’ Volume Snapshot Service ‘VSS’ (Note: NOT Disabled if using the Persona Management Batch File) Windows Backup Service ‘SDRSVC’ Windows Defender Service ‘WinDefend’ Windows Error Reporting Service ‘WerSvc’ Windows Firewall Service ‘MpsSvc’ Windows Media Center Receiver Service ‘ehRecvr’ Windows Media Center Scheduler Service ‘ehSched’ Windows Search Service ‘WSearch’ Windows Update Service wuauserv’ Wireless LAN Service ‘Wlansvc’ Wireless Auto config Service ‘WwanSvc’

s. Sets Windows to show “Blank Screen” when booting instead of the Windows animation. “bcdedit /set BOOTUX disabled”. t Remove all Shadow Copies, “vssadmin delete shadows /All /Quiet” (Note: NOTDisabled if using the Persona Management batch file). u. Disables Hibernation “powercfg -H OFF”. v. Disables the “Last accessed” timestamp for windows files “fsutil behavior set DisableLastAccess 1”. w. Stops scheduled Windows Defragmentation (Note: In Linked clone environments this would expand all the delta disks and is a common ‘gotcha’). x. Stops the registry backup which happens every 10 days. y. Stops the scheduled Windows Defender tasks. z. Stops the Windows System Assessment Tools (this gives your PC its ‘performance rating’ from 1 to 5).

Another Option to Prepare Windows 7 for View

You can also (If you prefer a graphical tool) use Desktop Optimizer from Quest. (Note: Also needs to be ran as administrator or you will get runtime errors!)

6. Then Install the VMware View Agent.

7. Then make sure any floppy drives, and CD/DVD drives are also disconnected.

8. If the virtual machine is going to be in a manual pool leave it powered on. If it’s going to be part of an automated pool, you can snapshot it.

Related Articles, References, Credits, or External Links

Deploying VMware View 5 – Part 1: Configure Active Directory and Deploy VMware Connection Server

Deploying VMware View 5 – Part 3: Creating a ‘Manual Pool’ and Connecting a View Client

 

VMware View – Using Persona Management

KB ID 0000615 

Problem

Persona Management, is the VMware version of “Roaming Profiles” and “Redirected Folders” rolled into one. Though the redirected folders bit is a lot easier to set up and less problematic than the Microsoft Folder Redirection policy.

Its handy if you using floating pools but still want your users to have a persistent user interface. Having these files centrally makes them easier to backup, and the more your users can customise their desktops and settings the better their level of equipment husbandry.

Solution

Create a “Roaming Profile” Network share with the correct permissions

1. On a network accessible server, create a folder and set the SHARE permissions as follows;

Share Permissions

Everyone = Read. Domain Users = Full Control.

Note: You may also want to DISABLE Caching on this folder.

2. Stop inheritable permissions from propagating to the folders and set the security permissions as follows;

Security / NTFS Permissions

Creator Owner (Subfolders and Files Only) = Full Control. Domain Users (This folder Only) = List Folder/Read Data and Create Folders/Append Data. System (This Folder, Subfolders and files) = Full Control. Creator Owner (Subfolders and Files Only) = Full Control. Everyone = No Permissions.

Note: I’m using domain users, you might have a different security group that you want to substitute.

3. Make sure that the machines that you will be using as view targets, have the View Persona Management option selected (this is selected by default).

Configure Windows 7 to be a VMware View Desktop

4. You need to get the administrative template for Persona Management. You will find it on your VMware Connection Server in the following location;

[box] C:Program FilesVMwareVMware ViewServerextrasGroupPolicyFiles [/box]

Locate the ViewPM.adm file and copy it to a domain controller.

5. Create a new group policy that is linked to the OU containing your View machines.

6. Edit the policy > Expand Computer Configuration > Policies >Administrative Templates > Right Click > add/Remove Administrative Temple > Add in the ViewPM.adm template.

7. Navigate to;

[box] Computer Configuration > Polices > Administrative Templates > Classic Administrative Templates > VMware View Agent Configuration > Persona Management [/box]

8. In the roaming and Synchronisation Section > Manage user persona > Set to Enabled > Next Setting.

9. Enable > Enter the shared folder you created earlier > Next Setting.

10. Enabled (to remove local cached copies of the profile).

11. Enabled to roam the local folder > That’s all I’m going to configure in this branch of the policy.

Persona Management Folder Redirection

12. Navigate to;

[box] Computer Configuration > Polices > Administrative Templates > Classic Administrative Templates > VMware View Agent Configuration > Persona Management > Folder Redirection [/box]

Here you will find the folders that can be redirected to a central location.

13. For example, here I’m redirecting the users “My Documents” folder.

14. And their “My Pictures” folder.

15. Make sure you have a pool created, and your users are have an ‘entitlement’ to them. These machines will also HAVE TO be in the OU your policy is applying to.

Creating a ‘Manual Pool’ and Connecting a View Client

Deploying Linked Clone View Desktops

16. Now when your users connect to their View Desktops.

17. Their user profile will be persistent.

18. Because their settings are stored in your profile shared folder.

Note: Persona Management will store the profile in username.domainname format. The reason there is a V2 on the end of it, denotes the profile is for Windows 7 or Vista. If users swap between these OS’s and any older Windows OS’s, then they will get a separate profile for those as well. If this is the case rely on the folder redirection rather than the profile.

Related Articles, References, Credits, or External Links

NA