Aaron Parker

Hands off my gold image! – Video: Windows 8 zero-touch deployment

2013-05-23T17:48:24Z

Here’s another demo that I showed during my Geek Speak Live session at Citrix Synergy 2013 at Anaheim yesterday.

In a 45 minute session on MDT and automating gold image deployments there’s not enough time for such a large topic, so perhaps I should have dropped this one; however this is interesting nonetheless. Using PowerShell to drive Hyper-V and MDT, this demo shows a full Windows 8 deployment from start to ready for user logon. This approach might be useful for persistent virtual desktops, or with a little more effort, using the image in a XenDesktop 7 desktop catalog created with PowerShell.

The video is available in HD resolution (720) so you can see the full details.

Hands off my gold image! – Video: Windows 8 zero-touch deployment is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Hands off my gold image! – Video: automated PVS image deploy and capture

2013-05-23T17:49:16Z

Thanks to everyone who attended my Geek Speak Live session at Citrix Synergy 2013 in Anaheim yesterday. I’ll post details about the session and the slide deck next week for those who couldn’t attend.

In the mean time, here’s one of the demos that I ran during the session that shows using the Microsoft Deployment Toolkit to deploy WIndows 7 to a target VM and then capture that image into a PVS vDisk, completely hands free (apart from kicking the deployment off, of course).

The video is available in HD resolution (720) so you can see the full details.

Hands off my gold image! – Video: automated PVS image deploy and capture is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Take part in the OS Deployment Automation Survey

2013-04-24T07:25:48Z

At Citrix Synergy in Anaheim next month, I’ll have the opportunity to present a Geek Speak Live session – Hands Off My Gold Image! If you aren’t automating the creation of your gold images, there’s lots to learn in this session. Even if you are automating your gold images, perhaps there’s something new that I can still share with you. In this session, which will be demo heavy, I’ll show you some ways that you can deliver build automation with toolsets provided by Microsoft and Citrix.

I’m big on automation, especially when it comes to gold images. If you’re building images via a manual process, I contend that you cannot deliver the quality and consistency that is provided through an automated process. PVS, MCS/linked clones etc. are not a replacement for automation either. An open and repeatable build process improves the user experience and reduces the cost of support, because Windows is no longer a black box. Instead the entire process from start to finish, can be viewed, interrogated and understood by everyone.

In my role at Kelway, I get to talk many customers about how to better deliver and manage their physical and virtual desktop environments, but it’s still surprising to me that often automation is an afterthought.

So for this talk, I wanted to provide more than just anecdotal evidence, I’d like to back up my approach with some real data. That’s where I need 60 seconds of your time to contribute to a survey. Here’s a 5 question, anonymous survey designed to gather some details on OS automation in hosted desktop environments:

This survey will be available until at least Synergy in May, where I’ll present the results during my talk - Hands Off My Gold Image!

Take part in the OS Deployment Automation Survey is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

400 App-V Recipes!

2013-04-12T12:05:36Z

With thanks to Nicke’s latest post, the App-V Recipes and Tips list has hit 400 links!

If you haven’t seen this list previously, this is the place to find recipes, tips, workaround and fixes for various applications that the community has built around Microsoft App-V. A big thanks to all those community members who have contributed to this list and shared their knowledge.

If you’d like to keep up to date, as links are added, there’s an RSS feed for the list, and the list itself is searchable (here’s an example for Firefox recipes).

Here’s to the next 400.

400 App-V Recipes! is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Retrieving a VM’s UUID from vSphere

2013-03-24T22:19:03Z

While working on a PowerShell script to drive OS deployment through MDT, I’ve needed to obtain the UUID from a target virtual machine. Unfortunately this isn’t just a property of the VM that you get through Get-VM. Instead you’ll need jump through a few hoops to retrieve the right UUID.

I’ve haven’t had to re-invent the wheel on this one, as I’ve taken some tips from this VMware Community thread and a blog post by Ken Smith. I have simplified things a little by writing a function that you can use to return the UUID as a string from a virtual machine object (gathered from Get-VM) to the function.

To use the function, first ensure that PowerCLI is installed and that you’ve connected to a host or vCenter, so that a target VM can be returned and then passed to the function.

For example, I could use the following command to retrieve the UUID from a target VM:

PS C:\> Get-VM -VM "W7VM1" | Get-vSphereVMUUID
554c0342-c2c7-c3b7-8258-96eb00f62b0c

Code listing below:

#---------------------------------------------------------------------------
# Author: Aaron Parker
# Desc:   Function that uses retrieves the UUID from a specified VM and
#         transposes it into the right format for use with MDT/SCCM etc
# Date:   Mar 24, 2013
# Site:   http://stealthpuppy.com
#
# Original code snippets from:
# http://communities.vmware.com/thread/239735
# http://www.keithsmithonline.com/2013/02/powershell-show-vmware-vm-UUID.html
#---------------------------------------------------------------------------

Function Get-vSphereVMUUID {
    <#
        .SYNOPSIS
            Retrieves the UUID from a specified VM and formats it correctly for use with MDT/SCCM etc.

        .DESCRIPTION
            Retrieves the UUID from a specified VM and formats it correctly for use with MDT/SCCM etc. Returns the UUID as a string that can be passed to other functions.

            Requires that a VM object is passed to the function. That object will first have to be created before being passed to this function.

        .PARAMETER VM
            Specifies the VM to retrieve the UUID from.

        .EXAMPLE
            PS C:\> Get-vSphereVMUUID -VM "W7VM1"

            Retrieves the UUID from a VM named W7VM1.

        .EXAMPLE
            PS C:\> $VM | Get-vSphereVMUUID

            Retrieves the UUID from a VM piped to this function.

        .NOTES
            See http://stealthpuppy.com/ for support information.

        .LINK

http://stealthpuppy.com/code/retrieving-a-vms-uuid-from-vsphere/

     #>

    [CmdletBinding(SupportsShouldProcess=$True)]
    Param(
        [Parameter(Mandatory=$True, ValueFromPipeline=$True, HelpMessage="Specify the VM to retrive the UUID from.")]
        [System.Object]$VM
        )

    BEGIN {
    }

    PROCESS {
        # Retrive UUID from vSphere
        $UUID = $VM | %{(Get-View $_.Id).config.UUID}

        #Transpose UUID into expected format
        # Section 1
        $UUID11 = $UUID.Substring(0,2)
        $UUID12 = $UUID.Substring(2,2)
        $UUID13 = $UUID.Substring(4,2)
        $UUID14 = $UUID.Substring(6,2)

        # Section 2
        $UUID21 = $UUID.Substring(9,2)
        $UUID22 = $UUID.Substring(11,2)

        # Section 3
        $UUID31 = $UUID.Substring(14,2)
        $UUID32 = $UUID.Substring(16,2)

        # Section 4
        $UUID41 = $UUID.Substring(19,4)

        # Section 5
        $UUID51 = $UUID.Substring(24,12)

        # Piece the strings together
        [string]$UUIDa = "$UUID14$UUID13$UUID12$UUID11"
        [string]$UUIDb = "$UUID22$UUID21"
        [string]$UUIDc = "$UUID32$UUID31"
        [string]$UUIDd = "$UUID41"
        [string]$UUIDe = "$UUID51"
        [string]$UUIDfixed = "$UUIDa-$UUIDb-$UUIDc-$UUIDd-$UUIDe"
    }

    END {
        # Return the UUID
        Return $UUIDfixed
    }
}

Retrieving a VM’s UUID from vSphere is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Sequencing Mozilla Firefox with App-V 5.x

2013-03-16T23:04:08Z

It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little preparation. Before embarking on sequencing Firefox, please refer to this companion article – Prepare Mozilla Firefox for Enterprise Deployment and Virtualization – which covers configuring a Firefox installation for virtualizing. It’s important that Firefox is configured correctly for virtualization by disabling specific features.

User Experience

Typically, virtualizing an application changes the user experience due to the introduction of isolation. With App-V 5 there’s no such change to the way users might interact with Firefox. Users can even set a virtualized Firefox as their default browser.

Firefox features to disable

There are a couple of features that should be disabled when running Firefox under App-V 5:

Automatic updates for Firefox – Options / Advanced / Update / Firefox updates. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
Mozilla Maintenance Service – Firefox installs an updater service that allows updating whilst avoiding UAC prompts. This service should be disabled or not installed

Read the article Prepare Mozilla Firefox for Enterprise Deployment and Virtualization for full details on removing these options during installation.

Managing the Firefox profile

Firefox stores preferences, extensions and other user data in:

%APPDATA%\Mozilla (preferences, bookmarks etc.); and
%LOCALAPPDATA%\Mozilla (browser cache)

The default behaviour of the App-V Sequencer is to exclude %LOCALAPPDATA% – this is a good thing and I don’t recommend removing this exclusion. %APPDATA% will be included by default and whether you leave this location included in the package will depend on your specific deployment requirements; however my recommendation is to exclude this location by adding [{AppData}]\Mozilla to the exclusion list in your sequence. On the client, Firefox will then create a new profile in the real file system when the user starts the browser for the first time.

Virtualizing the profile increases the complexity of upgrading Firefox packages especially challenging given Mozilla’s approach to Firefox releases. By storing the Firefox profile on the real file system, Firefox can be deployed via completely unrelated packages – no need to create upgrade versions. By excluding %APPDATA% and not virtualizing the user profile you will gain some flexibility with your Firefox deployment.

Sequencing Platform

Sequence Firefox on a clean Windows 7 SP1 x86 VM with all current updates and no other applications other than the App-V Sequencer. The Firefox version available from Mozilla is an x86 application, so I generally recommend sequencing Firefox on Windows 7 x86 virtual machine even though you may be deploying to 64-bit Windows. However confirm this in your own environment and re-sequence for 64-bit platforms if required.

Sequencer Configuration

Before sequencing, add the following recommended exclusions. :

[{AppData}]\Mozilla
[{Common AppData}]\Microsoft\RAC
REGISTRY\USER\ [{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Download the following Sequencer Template as a starting point for your Firefox sequence:

App-V 5 Sequencer Template

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. Sequence Firefox by following these high level steps:

Install Firefox
Configure profile defaults and preferences locking
Optionally add global add-ons and install plug-ins such as Adobe Flash Player (assuming you want this in the same package)

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Firefox package if required.

Mozilla Firefox installer command line arguments – use the INI file approach to control where Firefox is installed and to prevent the addition of a desktop shortcut, if required
After installing Firefox, copy user.js to %ProgramFiles%\Mozilla Firefox\defaults\profile
Copy userChrome.css to %ProgramFiles%\Mozilla Firefox\defaults\profile\chrome
Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
If you are including Adobe Flash player in the package, be sure to disable the auto-update notification

Before sequencing, copy all of the required files into the sequencing VM, which should like something like this:

For a walkthrough of the sequencing process, using the installation script outlined in the Firefox deployment article, see the following screenshots:

[Show as slideshow]

First Run Tasks and Primary Feature Block

If the steps above have been followed for exclusions, installation and configuration of Firefox, there will be no first run tasks to complete. Additionally the resultant package will be reasonably small so there is no need to create the Primary Feature Block. Because you don’t need to complete first run tasks or create the Primary Feature Block, you could automate the entire end-to-end process of creating a Firefox package using the App-V 5 Sequencer PowerShell module.

Automating the Firefox sequence

With the provided script, sequencing Firefox with the App-V 5 PowerShell module is very simple. Use the PowerShell script below to create a Firefox package based on the steps outlined above.

Import-Module AppvSequencera
New-Item -Path C:\Packages\MozillaFirefox19 -ItemType Directory
CD C:\Packages\Firefox19
New-AppvSequencerPackage -Name "Mozilla Firefox 19" -TemplateFilePath .\AppV5SequencerTemplate.appvt -OutputPath C:\Packages -PrimaryVirtualApplicationDirectory C:\MozillaFirefox -Installer .\InstallFirefox.cmd

Finally

Save your package and deploy. With compression enabled, the package should be around 27Mb.

Sequencing Mozilla Firefox with App-V 5.x is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V 5 Sequencer Template

2013-03-16T19:24:57Z

The App-V 5 Sequencer, just like version 4.6 SP1, includes support for Sequencer Templates. These are an ideal approach for ensuring the use of the same set of Sequencer settings and exclusions across all packages.

App-V 5 captures many additional locations that weren’t captured by the version 4 Sequencer. This isn’t generally an issue for packages; however excluding unneeded data means that data isn’t streamed to clients unnecessarily. Listed below is sequencer template that includes a few additional locations that I’d recommend excluding.

In the listing below, the highlighted line is a local folder into which all application installations are executed from (i.e. setup has been copied locally to the sequencing VM). This ensures that any files created by the application setup are not captured during installation.

Attached here is a downloadable copy of the template listing:

App-V 5 Sequencer Template

<?xml version="1.0" encoding="utf-8"?>
<SequencerTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <AllowMU>true</AllowMU>
  <AppendPackageVersionToFilename>true</AppendPackageVersionToFilename>
  <AllowLocalInteractionToCom>false</AllowLocalInteractionToCom>
  <AllowLocalInteractionToObject>false</AllowLocalInteractionToObject>
  <FileExclusions>
    <string>[{Profile}]\NTUSER.DAT</string>
    <string>[{Local AppData}]Low</string>
    <string>[{AppVPackageDrive}]\Packages</string>
    <string>[{CryptoKeys}]</string>
    <string>[{Common AppData}]\Microsoft\Crypto</string>
    <string>[{Common AppData}]\Microsoft\Search\Data</string>
    <string>[{Cookies}]</string>
    <string>[{History}]</string>
    <string>[{Cache}]</string>
    <string>[{Local AppData}]</string>
    <string>[{LocalAppDataLow}]</string>
    <string>[{Personal}]</string>
    <string>[{Profile}]\Local Settings</string>
    <string>[{Profile}]\NTUSER.DAT.LOG1</string>
    <string>[{Profile}]\NTUSER.DAT.LOG2</string>
    <string>[{Recent}]</string>
    <string>[{Windows}]\Debug</string>
    <string>[{Windows}]\Logs\CBS</string>
    <string>[{Windows}]\Temp</string>
    <string>[{Windows}]\WinSxS\ManifestCache</string>
    <string>[{Windows}]\WindowsUpdate.log</string>
    <string>[{AppVPackageDrive}]\$Recycle.Bin</string>
    <string>[{AppVPackageDrive}]\System Volume Information</string>
    <string>[{AppData}]\Microsoft\AppV</string>
    <string>[{Local AppData}]\Temp</string>
    <string>[{ProgramFilesX86}]\Microsoft Application Virtualization\Sequencer</string>
    <string>[{AppVPackageDrive}]\Boot</string>
    <string>[{Windows}]\ServiceProfiles</string>
    <string>[{Windows}]\AppCompat</string>
    <string>[{Windows}]\Logs</string>
    <string>[{SystemX86}]\wbem</string>
    <string>[{SystemX86}]\config</string>
    <string>[{SystemX86}]\SMI</string>
  </FileExclusions>
  <RegExclusions>
    <string>REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography</string>
    <string>REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Internet Settings</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Streams</string>
    <string>REGISTRY\MACHINE\SOFTWARE\Microsoft\AppV</string>
    <string>REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AppV</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\AppV</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\AppV</string>
  </RegExclusions>
  <TargetOSes />
</SequencerTemplate>

App-V 5 Sequencer Template is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Prepare Mozilla Firefox for Enterprise Deployment and Virtualization

2013-03-16T17:13:28Z

I’ve previously written articles on virtualizing Mozilla Firefox, but with Firefox releases more regular these days and the release of App-V 5, it makes sense to split details on configuring Firefox for an enterprise deployment and virtualizing Firefox into separate articles.

Whilst this article will cover some recommendations for configuring a Firefox deployment in an enterprise that can be used when virtualizing Firefox with various solutions, including App-V.

Features to control in an enterprise

There are a number of features that might be considered for disabling or configuring in an enterprise environment where users generally won’t have administrative rights and IT may want to control the default user experience.

These might include:

Import Wizard – Firefox starts a wizard on first run that imports settings from other browsers. You may want to remove this wizard to simplify the startup of Firefox
Automatic updates for Firefox – Options / Advanced / Update / Firefox updates. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
Mozilla Maintenance Service – Firefox installs an updater service that allows updating Firefox automatically, whilst avoiding UAC prompts. This service should be disabled or not installed in a controlled environment including under application virtualization
Default browser check – Options / Advanced / General – Always check to see if Firefox is the default browser on startup. Under App-V 4,x, once Firefox is isolated from the OS, the user won’t be able to make it the default browser (this will work under App-V 5)
The ‘Welcome to Firefox’ tab, the ‘Know your rights’ and ‘Improve Firefox’ notifications

There is a way to control many of these settings through Group Policy, but if we get these right at install time, there’s no need for the overhead of GPOs. I will cover using a few of these customisations to ensure these features are disabled for any new Firefox profile.

Locking down and controlling Firefox options

Firefox can be configured with defaults for any new profile and locked down so that it will contain your required configuration options. Mozilla has made it easy to deploy custom default settings and preferences – by adding some specific files at install time (assuming the default install location):

%ProgramFiles%\Mozilla Firefox\defaults\pref\local-settings.js
%ProgramFiles%\Mozilla Firefox\Mozilla.cfg
%ProgramFiles%\Mozilla Firefox\override.ini
%ProgramFiles%\Mozilla Firefox\defaults\profile\chrome\userChrome.css

Firefox itself and any new user profile will be configured with desired preferences and locked down. You can find more detailed documentation on these features in the following articles:

To enforce user settings we can leverage the ability to lock Firefox preferences and use UserChrome.css to remove the associated user interface elements.

Local-settings.js

Local-settings.js is used to tell Firefox to read Mozilla.cfg for some configuration items. Add the following lines to local-settings.js:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

Mozilla.cfg

Here’s is where we can lock specified Firefox preferences. In the listing below, we’ve disabled the auto-update feature, the ‘Welcome to Firefox’ tab, the ‘Know your rights’ and ‘Improve Firefox’ notifications. The last (highlighted) line will disable the ability to set the browser as default.

This is useful where you would like to restrict this functionality and is applicable to App-V 4.x environments where attempting to set a virtualized Firefox as default won’t work. Under App-V 5, remove this line so that users can set Firefox as the default browser if they wish.

lockPref("app.update.auto", false);
lockPref("app.update.enabled", false);
lockPref("app.update.service.enabled", false);
lockPref("toolkit.telemetry.prompted", true);
lockPref("browser.rights.override", true);
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);

Override.ini

To disable the browser Import Wizard on first run, place the following lines into override.ini

[XRE]
EnableProfileMigrator=false

userChrome.css

Mozilla has made it a fairly straight forward process to remove browser user interface elements using userChrome.css. Where browser functionality has been disabled, we can remove the corresponding UI to avoid user confusion. Enter the following lines into userChrome.css; however remove the highlighted line if you would like users to be able to set Firefox as the default browser:

/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that aren't suitable for application virtualization */

/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }

/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }

/* Help - About - Check for Updates button */
#updateButton { display: none !important; }

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. For most deployments the installer won’t require modification and installation can be automated by passing an INI file with setup configuration details to the installer. This enables you to control setup and set options such as preventing the desktop shortcut from being added, or control the target directory that Firefox is installed to (useful when virtualizing).

An installation script for Firefox should perform the following tasks:

Install Mozilla Firefox with installer command line arguments – use the INI file approach to control for finer control over the installation
After installing Firefox, copy the configuration files to the correct locations
Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
Optionally set Mozilla Maintenance service to disabled, if it is installed

For an example script that will automate the install and configuration of Firefox using the recommendations outlined in this article, see the script below. Note the highlighted line, where I can change the target installation directory for Firefox:

@ECHO OFF
SET SOURCE=%~dp0
SET SOURCE=%SOURCE:~0,-1%
SET INSTALLPATH=%ProgramFiles%\Mozilla Firefox

REM Create the Firefox answer file
ECHO [Install] > %SOURCE%\Firefox.ini
REM    InstallDirectoryName=Firefox >> %SOURCE%\Firefox.ini
ECHO InstallDirectoryPath=%INSTALLPATH% >> %SOURCE%\Firefox.ini
ECHO QuickLaunchShortcut=false >> %SOURCE%\Firefox.ini
ECHO DesktopShortcut=false >> %SOURCE%\Firefox.ini
ECHO StartMenuShortcuts=true >> %SOURCE%\Firefox.ini
ECHO MaintenanceService=false >> %SOURCE%\Firefox.ini

REM Install Firefox - the START command will not work if the Firefox setup filename includes spaces
START /WAIT /D %SOURCE% FirefoxSetup19.0.2.exe /INI=%SOURCE%\Firefox.ini

REM Configure Firefox profile defaults and preferences locking
IF NOT EXIST "%INSTALLPATH%\defaults\profile\chrome" MD "%INSTALLPATH%\defaults\profile\chrome"
COPY /Y %SOURCE%\userChrome.css "%INSTALLPATH%\defaults\profile\chrome\userChrome.css"
IF NOT EXIST "%INSTALLPATH%\defaults\pref" MD "%INSTALLPATH%\defaults\pref"
COPY /Y %SOURCE%\local-settings.js "%INSTALLPATH%\defaults\pref\local-settings.js"
COPY /Y %SOURCE%\Mozilla.cfg "%INSTALLPATH%\Mozilla.cfg"
COPY /Y %SOURCE%\override.ini "%INSTALLPATH%\override.ini"

REM Disable the Mozilla Maintenance Service to prevent updates (in the event the service is installed)
sc config MozillaMaintenance start= disabled

If the installation has been configured correctly, Firefox should start and not display the Import Wizard or any of the other prompts and start-up tabs. Additionally, if you navigate to about:config, a number of preferences should be listed as locked:

To make it easier, I’ve included the configuration files and the installation script listed above in a single ZIP file that you can download here:

Mozilla Firefox Enterprise Install and Configure Scripts

Finally

The approach outlined in this article should provide you with a deployment of Firefox that can be used in an enterprise where control of the browser is required. I’ve only covered a few of the things that are possible when customising the installation and if you dig a little deeper you can come up with a setup to suit your own environment.

This is also a key approach to use when virtualising Firefox. Controlling the browser options and automating the installation will assist in producing better application virtualization packages.

Don’t miss out on the greatest (App-V) show on Earth

2013-01-14T09:31:43Z

February 8^th 2013 is the date for the 2^nd European App-V User Group Conference, which will take place at Microsoft Netherlands HQ (right next to Schiphol Airport).

The first European App-V User Group in 2011 was a great success also due the overwhelming number of attendants. Over 100 people from 14 different countries took part in the event.

This is the chance to hear from a number of App-V MVPs, including Falko Gräfe, Nicke Källén, Ment van der Plas, Ruben Spruijt, Jurjen van Leeuwen, Kalle Saunamäki and Rodney Medina. In addition, Madelinde Walraven and Sebastian Gernert from Microsoft Support will also be present.

The initiative is focused on bringing people from the App-V community together to learn about Microsoft App-V from the experts and to share experiences and real-world knowledge, plus it will be an excellent opportunity to learn about Microsoft App-V 5.0. The events is sponsored by Login Consultants, but is free from commercial messaging.

If you would like to participate, seats are limited to be sure to register ASAP. See the agenda for a list of all topics for the day.

Unfortunately, I can’t make it this year – I’ll be sipping some lagers in Bruges.

Don’t miss out on the greatest (App-V) show on Earth is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Context based automation in Mac OS X

2013-01-15T10:16:12Z

I currently use a MacBook Pro for my personal and work use every day – it’s my primary computing device. It goes with me almost everywhere, so invariably I am moving between secure (e.g. home) and non-secure or public locations (including the office).

Each location therefore, has different contexts – at home I might connect to my Synology NAS and I don’t need to lock the laptop when I walk away from it. Work is a very different context – I don’t have access to the NAS and I’m in a public location where I should be locking the desktop when it’s not in use.

Manually mounting remote shares or changing security settings for each locations is repetitive and time consuming. Surely there’s a better way?

I’m not that keen on writing shell scripts in OS X to automate the process, so I was impressed to come across ControlPlane. With this tool I can define different contexts and then enable certain actions based on those contexts.

So here’s how I’m using ControlPlane to make life easier by performing tasks as I move between home and work (or any other locations).

Installing ControlPlane

Downloading and installing ControlPlane is very simple – download the disk image (DMG file) and drag ControlPlane to your Applications folder.

Launch ControlPlane and enable ‘Start ControlPlane at login’ (if it’s not running, actions won’t fire). Here I’ve also set a default context (Secure). This is important because I want the secure actions firing by default with other actions only firing if I connect to a specific context (such as Home).

I’ve enabled the display of the context name in the menu bar so that I can easily see which context the laptop is in:

Configuring Contexts

Create a Context with a name, Evidence Sources (properties of a location, physical configuration, peripherals, time of day etc) and Rules (these define evidence sources that describe the context).

I’ve created three Contexts – Home, Mobile (for use with a MiFi-style device) and Secure. Rules are applied to Home and Mobile, whilst Secure has no rules applied and thus applies to any location that isn’t Home or Mobile.

To define the Home context, I’ve used the ‘WiFi BSSID’ rule to define that if the MacBook has a connection to my home router, then I must be at home. 100% confidence is enabled on this rule because I know it’s highly unlikely that I’ll be connected to the same SSID and MAC address at any other location.

I could use various other evidence sources; however I’ve found that a WiFi connection is the simplest approach for my needs.

Enabling Actions

For each Context I’ve enabled various actions. When the laptop connects to my home WiFi, the following actions will take place:

Disable the requirement to enter my password when opening the lid or after a screensaver fires (System Preferences / Security & Privacy / General)
Mounting a share (or shares) on the NAS
Enabling Time Machine

When the Secure context is enabled, the follow actions take place:

Enable the requirement to enter a password when the desktop is locked
Disable Time Machine (without access to the NAS, there’s little use in Time Machine running)

Action Details

ControlPlane provides a plethora of actions and enabling or disabling Time Machine is straight forward. Mounting a remote share or enabling/disabling the screen lock are a little more nuanced.

Mounting or dismounting a remote share requires the full path to that share. That full path can be found via Get Info from the right-click context menu on the share.

I could also unmount the same share when I leave the Home context.

A shell script is needed to configure the requirement for a password when unlocking OS X. This uses the defaults command to directly modify the system preferences. Here’s the commands to lock:

defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0

And here are the commands to unlock:

defaults write com.apple.screensaver askForPassword -int 0
defaults write com.apple.screensaver askForPasswordDelay -int 3600

Save these commands in text files on the file system (e.g. enable-passwordlock.sh and disable-passwordlock.sh) and mark them as executable with:

chmod u+x <script name>.sh

Then add System actions in ControlPlane to execute the shell scripts at in the right context:

Life is Good

With ControlPlane I’ve got a great (and free) solution to automating some common actions that I’ve previously been performing manually as I move between home and work. First world problems solved again.

In this article I’ve only shown a couple of examples of what’s possible with ControlPlane, so I recommend checking it out for yourself to see how it can improve your workflows.

Context based automation in Mac OS X is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Creating App-V 5.0 Connection Groups with PowerShell

2013-01-07T00:30:54Z

Connection Groups (or Dynamic Suite Composition v2) in App-V 5.0 are great for enabling separate App-V packages to talk to each other. Connection Groups are easy enough to deploy with the App-V Management Server or Configuration Manager 2012; however that isn’t the case for stand-alone scenarios or 3rd party ESDs.

Adding a Connection Group to the client, first requires creating a definition file in XML. Without the App-V Management Server or ConfigMgr (where the resulting file ends up on the client), you’ll need to do that manually. Crafting XML files from scratch using Notepad isn’t my idea of fun.

What’s in a Definition File?

A Connection Group definition file contains the details about the Connection Group and the member packages. Each Connection Group has it’s own group and version ID (GUIDs).

A typical definition file will look something like this:

<?xml version="1.0" encoding="UTF-8"?>
<appv:AppConnectionGroup xmlns="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup" xmlns:appv="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup" AppConnectionGroupId="715f39d8-1b48-4b9a-95e6-d33370564b33" VersionId="9cdf46f3-6716-43d3-b533-5c697878f51f" Priority="2" DisplayName="Adobe Apps">
  <appv:Packages>
    <appv:Package DisplayName="Adobe Reader X" PackageId="abf1cd38-03cf-42af-8b27-564c4b9fcd1e" VersionId="818bc4eb-50f2-4fd4-90e4-9c8ed097e1e9" />
    <appv:Package DisplayName="Adobe Flash Player 11" PackageId="6a22f839-2d22-46dc-9c63-2649e370fce2" VersionId="792c8000-509c-4b1a-b4d7-58be65436d1a" />
  </appv:Packages>
</appv:AppConnectionGroup>

To create the file, we need to generate GUIDs for the group and version IDs, supply a Connection Group display name and priority, and then add the package and version IDs for each member package.

Enter PowerShell

To simplify the process of creating the definition file for a Connection Group, I’ve written a PowerShell function that will handle the heavy lifting for you. New-AppvConnectionGroupFile will create the definition file from a list of App-V packages passed to it.

The function will output the definition file to a specified path and then return that file as an object that you can do further processing with.

#---------------------------------------------------------------------------
# Author: Aaron Parker
# Desc:   Function that uses the App-V 5.0 client to create Connection
#         Group description (XML) files for use with stand alone clients or
#         test scenarios
# Date:   Jan 06, 2013
# Site:   http://stealthpuppy.com
#---------------------------------------------------------------------------

Function New-AppvConnectionGroupFile {
    <#
        .SYNOPSIS
            Creates an App-V 5.0 Connection Group definition file.
 
        .DESCRIPTION
            Creates an XML-based Connection Group definition file from packages added to the current system.

            Packages can be filtered before being passed to the function to control which packages are included in the Connection Group.
 
        .PARAMETER DisplayName
            Specifies the display name of the Connection Group.
 
        .PARAMETER Priority
            Specifies the priority of the Connection Group.

        .PARAMETER Path
            Specifies the App-V connection group definition file to output.

        .PARAMETER Packages
            The packages to include in the Connection Group.
 
        .EXAMPLE
            PS C:\> New-AppvConnectionGroupFile -DisplayName "Internet Explorer Plugins" -Priority 0 -FilePath InternetExplorerPlugins.xml -Packages $Packages

            Creates a Connection Group file named 'InternetExplorerPlugins.xml' with a display name of 'Internet Explorer Plugins' from packages contained within the array $Packages.

        .EXAMPLE
            PS C:\> Get-AppvClientPackage -Name Adobe* | New-AppvConnectionGroupFile -DisplayName "Adobe Apps" -Priority 10 -FilePath AdobeApps.xml

            Creates a Connection Group file named 'AdobeApps.xml' with a display name of 'Adobe Apps' from packages passed via the pipeline from Get-AppvClientPackage.
 
        .NOTES
            See http://stealthpuppy.com/ for support information.
 
        .LINK

http://stealthpuppy.com/code/creating-app-v-5-0-connection-groups-with-powershell/

     #>
 
    [CmdletBinding(SupportsShouldProcess=$True)]
    Param(
        [Parameter(Mandatory=$True, HelpMessage="Connection Group descriptor XML file path")]
        [string]$Path,
        [Parameter(Mandatory=$True, HelpMessage="Display name of the Connection Group")]
        [string]$DisplayName,
        [Parameter(Mandatory=$False, HelpMessage="Connection Group priority")]
        [int]$Priority,
        [Parameter(Mandatory=$True, ValueFromPipeline=$True, HelpMessage="Packages to include in the Connection Group")]
        [System.Array]$Packages
        )

    BEGIN {

# Template XML for an App-V Connection Group description file. Easier than building from an XML object
$templateXML = @' 
<?xml version="1.0" encoding="UTF-8" ?>
<appv:AppConnectionGroup
xmlns="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup"
xmlns:appv="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup"
AppConnectionGroupId="GUID"
VersionId="GUID"
Priority="0"
DisplayName="Display Name">
<appv:Packages>
<appv:Package DisplayName="Package1" PackageId="GUID" VersionId="GUID" />
</appv:Packages>
</appv:AppConnectionGroup>
'@

        # Write out the template XML to a file in the current directory
        $templateXMLFile = $pwd.Path + "\ConnectionGroupTemplate.XML"
        $templateXML | Out-File -FilePath $templateXMLFile -Encoding utf8 -Force

        # Create a new XML object and read the template XML file into this object
        $xml = New-Object XML
        If ((Test-Path $templateXMLFile) -eq $True ) { $xml.Load($templateXMLFile) } Else { Write-Warning -Message "Unable to read template XML file." }

        # Apply the display name and GUIDs to the XML object
        $xml.AppConnectionGroup.DisplayName = $DisplayName
        $xml.AppConnectionGroup.AppConnectionGroupId = ([guid]::NewGuid()).ToString()
        $xml.AppConnectionGroup.VersionId = ([guid]::NewGuid()).ToString()
        $xml.AppConnectionGroup.Priority = $Priority.ToString()

        # Clone the existing package entry to use for new entries
        $newPackage = (@($xml.AppConnectionGroup.Packages.Package)[0]).Clone()
    }

    # Process each supplied App-V package into the XML object
    PROCESS {
        ForEach ( $Package in $Packages ) {
            Write-Progress "Adding packages"
            
            $newPackage = $newPackage.Clone()
            $newPackage.DisplayName = $Package.Name
            $newPackage.PackageId = ($Package.PackageId).ToString()
            $newPackage.VersionId = ($Package.VersionId).ToString()

            # Output appending the child XML entry to null to prevent displaying on screen
            $xml.AppConnectionGroup.Packages.AppendChild($newPackage) > $null
        }
    }

    END {

        # Remove the template package entry from the XML
        $xml.AppConnectionGroup.Packages.ChildNodes | Where-Object { $_.DisplayName -eq "Package1" } | ForEach-Object  { [void]$xml.AppConnectionGroup.Packages.RemoveChild($_) }

        # Save the completed XML to disk
        $xml.Save($Path)

        # Delete the template XML file from disk
        If (Test-Path $templateXMLFile) { Remove-Item $templateXMLFile -Force -ErrorAction SilentlyContinue }

        # Return the new Connection Group description XML file so that it might be processed by other functions
        If (Test-Path $Path ) { Return Get-Item $Path } Else { Write-Warning "Failed to save Connection Group definition file." }
    }
}

Copy and paste the code above into a PowerShell window (or the ISE) to enable the function. You could also save code to a PowerShell module to make it more accessible.

Examples

The function includes help and examples, so that you can view them from within PowerShell (the PowerShell ISE makes that simple). Use the Get-Help cmdlet to view details.

Using the function requires supplying a Display Name and Priority for the Connection Group as well as the list of App-V packages to include in the group. To supply the packages, first ensure they have been added to the local client, so that they can be queried with Get-AppvClientPackage.

In this example, I’ve added the list of packages to the variable $Packages and then supplied that to the New-AppvConnectionGroupFile function. This results in the definition file AdobeApps.xml with any Adobe package included in it.

$Packages = Get-AppvClientPackage -Name Adobe*
New-AppvConnectionGroupFile -Path C:\Packages\AdobeApps.xml -DisplayName "Adobe Apps" -Priority 2 -Packages $Packages

Taking this a step further, I can use a single line of PowerShell to query for a filtered list of packages on the local client, passing that to my function that will create the definition file. The Connection Group is then immediately added to the client and enabled.

Get-AppvClientPackage -Name Adobe* | New-AppvConnectionGroupFile -Path C:\Packages\AdobeApps.xml -DisplayName "Adobe Apps" -Priority 2 | Add-AppvClientConnectionGroup | Enable-AppvClientConnectionGroup -Global

Finally

This is version 1 of this function, so corrections and feedback are welcome. As always use at your own risk.

Creating App-V 5.0 Connection Groups with PowerShell is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V 5.0 delivers Internet Explorer Plugin Nirvana

2012-12-29T14:06:04Z

One of the great promises of application virtualization is dynamic delivery of software to end-points; however delivering plugins or add-ons to installed (i.e. not virtualized) software has thus far been a stumbling block.

Internet Explorer has been particularly challenging due to the inability to separate the browser from the OS in a supported manner. So using App-V to deploy plugins like Flash or Java has meant changing the user experience with virtualization or falling back to standard install methods.

App-V 5.0 delivers some good news though, with the ability to seamlessly run an installed application inside a specified virtual environment. This means that the Flash plugin can be delivered as a virtual package and made available to Internet Explorer without resorting to hacks or changing the user experience by providing a special shortcut. Providing Office add-ins would also benefit from the same approach.

Sebastian Gernert recently posted about the new RunVirtual feature in App-V 5.0 that can be used to launch a specified process or processes within a specific App-V package. RunVirtual is simple to implement but does require packages to be global.

RunVirtual works by the App-V client intercepting the process launch (CreateProcess) with AppvVemgr.sys and loading the process into the specified virtual environment.

Implementing RunVirtual

To illustrate implementing the RunVirtual feature, I’ll demonstrate delivering plugins to a Windows 7 client running Internet Explorer 9. In this example, I’m managing the App-V client with PowerShell to show what’s going on under the hood. This process would be simplified with Configuration Manager or the native App-V infrastructure.

Publishing Packages

Before deployment to a client PC, I’ve sequenced the follow applications into App-V 5.0 packages and saved them to the network:

Adobe Reader X
Adobe Flash Player 11
Oracle Java 7

During sequencing I’ve not performed any special steps to prepare the environment – there is no bearing on deployment during the sequencing stage.

Each package has been added to the client and published globally with the following commands:

Add-AppvClientPackage –Path \\server\Packages\AdobeReaderX_pkg\AdobeReaderX.appv | Publish-AppvClientPackage -Global<br>Add-AppvClientPackage –Path \\server\Packages\AdobeFlashPlayer11\AdobeFlashPlayer11.appv | Publish-AppvClientPackage -Global<br>Add-AppvClientPackage –Path \\server\Packages\OracleJava7\OracleJava7.appv | Publish-AppvClientPackage -Global

Whilst Adobe Reader can be used just like any other application, Flash and Java aren’t particularly useful on their own.

Enabling a Connection Group

Only a single package can be applied to a process with the RunVirtual feature. This means that to provide Internet Explorer with access to several packages, we need to first add each package to a Connection Group and add that to the client.

Connection Groups are defined via XML files that list each member package. If we’re managing the App-V client with PowerShell, the Connection Group descriptor files need to be created manually. I won’t go into detail here; however below is the listing for the descriptor file for a Connection Group that contains the Internet Explorer Plugins:

<?xml version="1.0" ?>
<appv:AppConnectionGroup
xmlns="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup"
xmlns:appv="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup"
AppConnectionGroupId="61BE9B14-D2B4-41CE-A6E3-A1B658DE7000"
VersionId="E6B6AA57-F2A7-49C9-ADF8-F2B5B3C8A42F"
Priority="0"
DisplayName="Internet Explorer Plugins">
<appv:Packages>
<appv:Package DisplayName="Adobe Flash Player 11" PackageId="6a22f839-2d22-46dc-9c63-2649e370fce2" VersionId="792c8000-509c-4b1a-b4d7-58be65436d1a" />
<appv:Package DisplayName="Adobe Reader X" PackageId="abf1cd38-03cf-42af-8b27-564c4b9fcd1e" VersionId="818bc4eb-50f2-4fd4-90e4-9c8ed097e1e9" />
<appv:Package DisplayName="Oracle Java 7" PackageId="7112a4ca-2fe9-4606-b673-e13ea8589294" VersionId="4887ecd0-ce7b-48f6-bad6-4d8197e3821e" />
</appv:Packages>
</appv:AppConnectionGroup>

Save the file as InternetExplorerPlugins.xml and copy to the client PC. The Connection Group is added and enabled (most importantly, globally), with the following command:

Add-AppvClientConnectionGroup -Path .\InternetExplorerPlugins.xml | Enable-AppvClientConnectionGroup -Global

PackageId/GroupId and VersionId from the Connection Group descriptor file are important to note when configuring RunVirtual.

Configure RunVirtual

Enabling the RunVirtual feature for a process is achieved via a Registry key in HKLM: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual. Each target process requires a key below the RunVirtual key and then the package ID and version ID listed in the default value.

So using Internet Explorer (iexplore.exe) and the Connection Group for the plugins, listed above, the data to add to the Registry would look like this:

Key: HKLM\SOFTWARE\Microsoft\AppV\Client\RunVirtual\iexplore.exe
Default Value: 61be9b14-d2b4-41ce-a6e3-a1b658de7000_e6b6aa57-f2a7-49c9-adf8-f2b5b3c8a42f

(Note the underscore between Package ID and Version ID to make up the data stored in the registry value.)

However – I have found that RunVirtual doesn’t start the virtual environment (VE) if details for a Connection Group are supplied. Documentation on this feature is scant, so it’s hard to tell whether this behaviour is by design or not.

If the Package and Version ID are of a member package are provided, then the Connection Group VE is loaded, so we do get the desired effect. In my test case, I’ve added the Package and Version ID of the primary package (Flash) to the registry.

Once the key is created and populated, start or restart the target process and the plugins will be available. Internet Explorer add-ons can now be virtualized and delivered to IE seamlessly. Even Adobe Reader can now be virtualized and embedded PDFs will still work.

The End to installing Plugins?

RunVirtual is a great new feature of App-V 5.0 that has only been possible with the re-architecture of App-V. The ability to provide add-ons or plugins for installed software without changing the user experience is brilliant. A feature that agent-less application virtalization solutions won’t be able to match.

However it’s still early days for App-V 5.0, so it remains to be seen how widely this feature will be used. At this point, it only works with global (i.e. not user targeted) packages and requires a change to the real registry. It is though, a feature with a lot of promise and I’m looking forward to it simplifying desktop images.

App-V 5.0 delivers Internet Explorer Plugin Nirvana is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Sequencing Apple iTunes 11 with App-V 5

2013-03-15T09:49:52Z

Two recent releases presents an opportunity to revisit the state of virtualizing Apple iTunes. iTunes 11 looks great, but is it just lipstick on a pig? Under the hood, it doesn’t appear to differ that much from previous versions, but lets see whether a combination of Apple’s latest and greatest along with App-V 5 offers a better virtualisation experience.

iTunes 10 with App-V 4.6

Previously delivering iTunes 10 with App-V 4.6, resulted in some loss of functionality and some minor annoyances with benign error messages. A lack of the Jumpt List under Windows 7 changed the user experience. App-V 5 now fixes this.

iTunes Components

To virtualize iTunes, you’ll need to extract the installer – simply run the installer and find the extracted MSI files in a folder under %TEMP%. This results in several files:

SetupAdmin.exe – the setup wrapper application. This can be discarded
AppleSoftwareUpdate.msi – Software Update is used to download and Apple software and updates
AppleApplicationSupport.msi – all Apple applications on Windows require this as a dependency
AppleMobileDeviceSupport.msi – required for Apple mobile device support (iPhone, iPad etc.). This installer includes the drivers for Apple’s devices
Bonjour.msi – iTunes uses Bonjour to find shared music libraries, to find AirPort Express devices for streaming music to, and to find Apple TVs
iTunes.msi – the iTunes installer itself

It is important that Apple Software Update is not included in the App-V package – allowing the applications in the package to update will at best fail and at worst, most likely bloat the package if it were allowed to run after deployment. Before copying the iTunes setup files into your sequencing VM, delete AppleSoftwareUpdate.msi and SetupAdmin.exe. This will prevent the iTunes installer from automatically installing Software Update during sequencing.

Prepare the Sequencing VM

Before starting the Sequencer, the following steps must be completed:

Install Apple Application Support– this is required because the Apple Mobile Device service will not start without it.
Install Apple Mobile Device Support – this is required to be installed outside of the package because it contains the mobile device drivers and related services

These same steps will need to be followed on the App-V client computer that will run iTunes. Fortunately Apple Application Support and the Mobile Device Support come as Windows Installer files, so they will be easy to deploy.

It is possible to include Apple Application Support in the iTunes package. This will allow you to run iTunes without any pre-requisites on client PCs; however both of the above components must be installed on client PCs if you want to connect mobile devices to iTunes.

User Profile

iTunes has the potential to store a massive amount of data in the user’s profile:

It is highly recommended to exclude %APPDATA% in the iTunes package to avoid this data being virtualized at runtime.

Sequencer Template

There are a number of locations that should be excluded from the package during sequencing, including %APPDATA%. I have included these in a Package Template for iTunes that you can download from here:

App-V 5 Sequencer Template for iTunes 11

Installing iTunes

Sequencing is as simple as capturing the installation of the following files and configuring iTunes the way we want:

Bonjour.msi
iTunes.msi
Optionally - AppleApplicationSupport.msi

The installation and configuration of the above can be scripted, which would be a good approach for repeatability.

Sequencing iTunes

To sequence iTunes, follow the basic outline here:

1. Start the Sequencer and load the Sequencer Template provided here

2. Create a new Virtual Application Package and choose Create Package (default)

3. Choose Standard Application (default)

4. Select the installer – select either a script to automate the iTunes install command or C:\Windows\System32\cmd.exe to manually run each MSI file

5. Add a Virtual Application Package Name (e.g. Apple iTunes 11). Use a Primary Virtual Application Directory of C:\iTunes11

6. Install both Bonjour and iTunes and optionally Apple Application Support. Use the following command lines to control the installation options including target folders:

MSIEXEC /I Bonjour.msi INSTALLDIR=C:\iTunes11\Bonjour /QB-
MSIEXEC /I iTunes.msi INSTALLDIR=C:\iTunes11\iTunes SCHEDULE_ASUW=0 REGSRCH_DESKTOP_SHORTCUTS=0

When installing iTunes, be sure to install to C:\iTunes11\iTunes and remove the following options during install:

Add iTunes shortcut to my desktop
Automatically update iTunes and other Apple software
Open iTunes after the installer exits

Note: do not launch iTunes during sequencing.

7. Finish the install and continue to the Configure Software step. There is no need to launch any applications at this point

8. Review the installation report. This will list a couple of issues which I’ll discuss later.

9. Continue and customize the package (do not stop at this point).

10. There is no need to configure streaming at this point, so skip the optimisation step.

11. If you are capturing iTunes on Windows 7 x86, allow the package to run on any operating system.

12. At the Create Package step, continue on to modify the package rather than stop now.

13. Add a description to the package and check each tab in the Sequencer to ensure the package looks OK. Under Virtual Services, two services should be listed – Bonjour Service and iPod Service.

14. Edit the Shortcuts and remove the About Bonjour and About iTunes shortcuts.

Virtualization Issues

The Sequencer will highlight a a couple of issues:

DCOM subsystem detected
Unsupported driver detected

DCOM

iTunes includes some DCOM components – the report shows:

The sequencer detected a DCOM subsystem. Application components that use DCOM will not work with App-V. The DCOM subsystems detected are as follows:

IpodService (LocalService)

iTunesAdmin (AccessPermission)

With the Apple Mobile Device Support, syncing with a virtualized iTunes should still work. The iTunesAdmin component appears to be related restricting access to Parental controls in Preferences. Clicking the lock will result the following error:

Driver

iTunes installs the GEARAspiWDM driver, which results in the following report:

The sequencer detected an unsupported driver. Kernel and user-mode drivers are not supported in the App-V virtual environment.

The unsupported drivers detected are as follows: SYSTEM\CurrentControlSet\services\GEARAspiWDM

This is related to writing CD/DVDs – once iTunes is virtualized, that feature will be unavailable.

Deploying iTunes

Deploying the iTunes package will require the deployment of Apple Application Support and Apple Mobile Device Support to the client computers first. Apple Application Support can be included in the package; however it is required to be installed if the Mobile Device Support is also deployed.

Without Apple Application Support the following will be the result of launching iTunes:

Last, but not least, for media sharing to work, firewall exceptions will be required for the following processes:

iTunes.exe
mDNSResponder.exe

The path to each process will be dependent on your package.

Finally

Running iTunes on the client for the first time will result in a prompt to the user to set iTunes as the default audio player. With App-V 5 this is now supported and should work just like an installed application.

View the gallery below for a screenshot walkthrough of sequencing iTunes 11:

[Show as slideshow]

Sequencing Apple iTunes 11 with App-V 5 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Office 2013 Customization

2012-11-26T17:16:27Z

Investing time into customising the deployment of Office 2013 is essential for providing a well managed deployment and the best out-of-box user experience. If you’re deploying a Windows Installer-based installation of Office 2013, you’ll need to customise the installation using the Office Customization Tool.

User settings that might impact the default Office experience or may require special consideration in your environment, are worth investing in planning time because you’ll often have only one chance to get deployment right.

Use Preference over Policy

Most of the Office user settings can be set as either a default/preference, by customising the Office deployment, or as a policy via Group Policy. The main difference being that a preference is set only during the initial launch of an Office application, whilst a policy may be set on every logon (whether the user launches an Office application or not). This is an important distinction – a preference only needs to be set once and only requires processing at first run, whereas a policy has the potential to be processed at every logon.

Hosted desktop environments where user profiles might be managed with custom solutions might result in GPOs being processed at every logon, even though the GPO has not changed. Judicious use of preferences vs. policies should reduce Group Policy processing time and thus logon time.

I recommend carefully considering each user setting and setting it as a preference instead of a policy wherever possible. Use a policy only where settings must be enforced.

Note that if you are deploying Office 2013 with Click-to-Run (App-V), then this level of setting user defaults will not be possible.

Office Customization

Office 2013 customisation and deployment is already well covered in the documentation available on TechNet, so in this article I’ll only cover some highlights and recommendations.

To create an Office Setup Customization, download the Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool. After extracting the Office Customization Tool download, copy the Admin folder to your copy of Office 2013 setup and create a new Setup Customization File for Office 2013, by running:

SETUP /ADMIN

The Office Customization Tool will launch:

Choose the default file types:

Set licensing options and the display level of the setup UI. These options will vary dependant on whether you’re using KMS or MAK licensing and how you’re deploying Office:

Navigate to the ‘Modify user settings’ page and set the options applicable to your environment. This is the section where the administrator can make changes to the default user experience:

User Settings Recommendations

The following table lists a number of user settings across each of the Office 2013 applications that I recommend you take a look at. This is just a small subset of the total number of settings, but includes some of the most important ones.

The status of each setting will vary dependant on the environment. Use at your own risk.

Product	Path	Setting	Recommended Values
Microsoft Access 2013	Miscellaneous	Disable the Office Start Screen for Access	Enabled \| Not Configured
Microsoft Excel 2013	Excel Options - Save	Default file format	Enabled, Excel Workbook (*.xlsx)
Microsoft Excel 2013	Miscellaneous	Disable the Office Start Screen for Excel	Enabled \| Not Configured
Microsoft Office 2013	Global Options - Customize	Allow roaming of all user customizations	Enabled
Microsoft Office 2013	Privacy - Trust Center	Disable Opt-in Wizard on first run	Enabled
Microsoft Office 2013	Privacy - Trust Center	Enable Customer Experirnce Improvement Program	Disabled \| Not Configured
Microsoft Office 2013	Privacy - Trust Center	Automatically receive small updates to improve reliability	Disabled \| Not Configured
Microsoft Office 2013	Privacy - Trust Center	Send Office Feedback	Disabled \| Not Configured
Microsoft Office 2013	Privacy - Trust Center	Allow including screenshot with Office Feedback	Disabled \| Not Configured
Microsoft Office 2013	Subscription Activation	Do not show 'Manage Account' link for subscription licenses	Enabled \| Not Configured
Microsoft Office 2013	Subscription Activation	Automatically activate Office with federated organization credentials	Disabled \| Not Configured
Microsoft Office 2013	Services	Disable Roaming Office User Settings	Enabled \| Not Configured
Microsoft Office 2013	Services - Fax	Disable Internet Fax feature	Enabled
Microsoft Office 2013	Downloading Framework Components	Hide missing component download links	Enabled
Microsoft Office 2013	Microsoft Office Picture Manager	Disable File Types association dialog box on first launch	Enabled
Microsoft Office 2013	Miscellaneous	Show SkyDrive Sign In	Disabled \| Not Configured
Microsoft Office 2013	Miscellaneous	Block signing into Office	Enabled \| Not Configured
Microsoft Office 2013	Miscellaneous	Disable the Office Start screen for all Office applications	Enabled \| Not Configured
Microsoft Office 2013	Miscellaneous	Disable Office Backgrounds	Enabled \| Not Configured
Microsoft Office 2013	Miscellaneous	Suppress recommended settings dialog	Enabled
Microsoft Office 2013	First Run	Disable First Run Movie	Enabled \| Not Configured
Microsoft Office 2013	First Run	Disable First Run on application boot	Enabled \| Not Configured
Microsoft OneNote 2013	OneNote Options - Other	Add OneNote icon to the notification area	Disabled \| Not Configured
Microsoft Outlook 2013	Outlook Social Connector	Turn off Outlook Social Connector	Enabled \| Not Configured
Microsoft Outlook 2013	Outlook Social Connector	Do not show social network info-bars	Enabled \| Not Configured
Microsoft Outlook 2013	Outlook Options - Preferences - Calendar Options - Office.com Sharing Service	Prevent publishing to Office.com	Enabled \| Not Configured
Microsoft Outlook 2013	Outlook Options - Other - AutoArchive	AutoArchive Settings	Disabled
Microsoft PowerPoint 2013	PowerPoint Options - Save	Default file format	Enabled, PowerPoint Presentation (*.pptx)
Microsoft PowerPoint 2013	Miscellaneous	Disable the Office Start Screen for PowerPoint	Enabled \| Not Configured
Microsoft Project 2013	Miscellaneous	Disable the Office Start Screen for Project	Enabled \| Not Configured
Microsoft Publisher 2013	Miscellaneous	Disable the Office Start Screen for Publisher	Enabled \| Not Configured
Microsoft Visio 2013	Visio Options - Save - Save Documents	Save Visio files as	Enabled, Visio Document
Microsoft Visio 2013	Visio Options - Advanced - General Options	Put all settings in Windows registry	Enabled
Microsoft Word 2013	Word Options - Save	Default file format	Enabled, Word Document (*.docx)
Microsoft Word 2013	Miscellaneous	Disable the Office Start Screen for Word	Enabled \| Not Configured

Office 2013 Customization is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Hands off my gold image – The Scripts

2012-11-23T00:39:51Z

This is the last article in a series that covers in more detail the approach to automating XenApp and PVS image creation, from my Geek Speak talk at Citrix Synergy in Barcelona – Hands off my gold image.

The first article gives an overview of the approach - Hands off my gold image – Automating Citrix XenApp/PVS Image Creation and you can find more detail in Hands off my gold image – Microsoft Deployment Toolkit details and Hands off my gold image – The Task Sequence. In this article I’ll briefly cover the scripts referenced in the task sequence.

Approach to Scripting

Each included script is just a batch file. You won’t find too much error handling going on and each script will make certain assumptions about where things such as binaries are located. This has been done to keep each script as simple and as portable as possible.

Where possible, I’ve tried to use the original un-modified installer – that is, I’ve avoided extracting an installer if can get away with it. This should be that updating a binary requires as little changes to the scripts as possible.

Script Details

In the download that contains the pieces you can use to get this up and running in your own environment, you’ll find the following scripts:

Microsoft .NET Framework 4 Full
Citrix XenApp 6.5
Citrix XenApp 6.5 Hotfixes
Citrix Provisioning Services Device Target x64
Citrix XenConvert x64 2.x
Convert XenApp PVS Image

Import each of these as a separate application into the Applications folder in the MDT Workbench. Create a new application and choose ‘Application with source files’ and choose each script folder as the source directory.

You’ll then need to download the binaries for each application. Each script expects those binaries to be in the same folder as the script.

Microsoft .NET Framework 4 Full

This script will, of course, install the .NET Framework 4.0, required by Citrix XenConvert.

Citrix XenApp 6.5

The included script will install and configure XenApp 6.5 as a Worker (or session-host only mode) and join an existing farm. You’ll need to pay particular attention to the options included in this script as options such as XenApp edition, agents installed, farm name and credentials etc. Additionally you’ll have to create DSN file to reference the database server that hosts the XenApp data store.

Citrix XenApp Hotfixes

The approach used to install XenApp updates is very simple – the script will install every MSI and MSP file in the same folder as the script. That way you can add and remove hotfixes without changing the script.

Citrix Provisioning Services Device Target x64

Installing and updating the PVS device target software is always a barrel of laughs, so I’ve attempted to keep this script as simple as possible.

Citrix XenConvert x64 2.x

XenConvert is straightforward to install and there’s nothing special in this script, just a silent install of XenConvert.

Convert XenApp PVS Image

This is the script that runs at the end of the deployment and uses XenConvert to convert the current server into a PVS image. It essentially configures the local Windows instance and automates the XenConvert wizard.

The script implements a number of optimisations gathered from the XenConvert wizard and a couple of other sources. These include:

Registry changes (via REG.EXE) implemented by the XenConvert wizard
Runs the .NET Framework NGEN utility to generate native images
Various other optimisations including disabling the boot animation, sets the High Performance power scheme etc
Rearms Windows and Office

The final lines in the script then perform a few steps:

Disables auto admin logon
Converts the image using XenConvert
Deletes the MDT scripts folder (\MININT) from the converted image
Re-enables auto admin logon

These steps are required because the conversion occurs while the MDT task sequence is still running. We want the resulting image to not include the MDT components without breaking the currently executing task sequence.

Finally

It’s my view that Provisioning Services is a great tool for rapid deployment of an image, preventing service change creep and an excellent solution for managing read IO; however it is not a replacement for automating the creation of a gold image.

Combining a tool such as MDT with PVS creates a framework for the management of the entire lifecycle of your XenApp (or even virtual Windows 7 desktop) images. Automating the end to end creation and delivery of an image takes effort, but it gives you a transparent, consistent and repeatable approach.

I’ve laid out the framework, now go forth and automate.

Hands off my gold image – The Scripts is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Hands off my gold image – The Task Sequence

2012-11-24T20:13:07Z

If you’ve been following along so far you’ll have read my follow up coverage of my (and co-host, Jonathan Eyton-Williams) Geek Speak talk at Citrix Synergy in Barcelona, with Hands off my gold image – Automating Citrix XenApp/PVS Image Creation and Hands off my gold image – Microsoft Deployment Toolkit details. In this article I’ll cover the task sequence that deploys Windows Server, installs XenApp and captures the image into PVS.

Task sequences in the Microsoft Deployment Toolkit (MDT) are core of what makes MDT tick. Think of a task sequence as the steps that will deploy and configure Windows. Note that there is no post-deployment management with MDT, as there is no agent (that’s what ConfigMgr is for).

Importing the Task Sequence

To create a new task sequence, use the MDT Deployment Workbench, navigate to Task Sequences, right-click on that node and select ‘Create Task Sequence’:

Set a unique ID and task sequence name
Use the Standard Server Task Sequence as the template
Select the operating system – in this case Windows Server 2008 R2 SP1. I usually recommend deploying Standard Edition
Specify settings such as a product key, name, organisation and IE home page and local administrator password
Customise the task sequence and unattend.xml to automate the deployment of Windows Server, XenApp and applications

The download that I have supplied (XenApp 6.5/PVS automation with MDT samples) includes a pre-configured task sequence and unattend.xml for Windows Server 2008 R2 Standard Edition. To import these into a MDT Deployment Share, follow the steps above and then replace the resultant TS.XML and UNATTEND.XML that you’ll find in the \Control folder.

Re-open the task sequence properties and you should see something like this:

Importing the supplied pre-configured task sequence into your own Deployment Share, will result in some errors because the task sequence will reference applications and operating systems that either don’t exist in your Deployment Share or have different names.

For example, after I’ve imported this task sequence, I need to fix the reference to the Windows Server 2008 R2 SP1 source files:

The download also includes the scripts/applications referenced by the task sequence, so you’ll need to ensure they exist in your Deployment Share before fixing the task sequence.

About the Task Sequence

Put 10 people in a room and you’ll probably find 11 different approaches to MDT and task sequences, so keep in mind that this is only one way to deploy Windows and XenApp and capture that image into PVS. If you have any updates or improvements to this process, I would love to hear your feedback.

Here’s a rough breakdown of what the task sequence is doing:

Install and configure Windows. This utilises unattend.xml to perform some configuration including enabling the Remote Desktop Session Host role
Apply packages to Windows including Internet Explorer 9 (or 10)
The folder/group Custom Build Tasks contains the tasks that I’ve added to a vanilla server task sequence
Update Windows after deployment using either Windows Update or WSUS. This occurs before any additional applications are added to the build
Install hypervisor tools. The standard MDT property VMPlatform can be used to detect the underlying hypervisor and filter the install of the right tools
Install Dependencies and Runtimes (.NET Framework, Visual C++ etc.) using an Application Bundle
Control the installation of Citrix XenApp Controllers or Worker z. Deployment via PVS most likely means that you’ll deploy Workers rather than Controllers
Install some additional XenApp related components including hotfixes, Receiver, the Offline Plugin etc
Install core applications using an Application Bundle (this might include Office, Reader, Flash etc)
Run a Windows Update task again once the dependencies and applications have been deployed
Prepare and capture the image into PVS using custom properties. This might install and configure the EdgeSight Agent, but will install XenConvert, prep the image and then perform a capture

About Unattend.xml

Whilst MDT provides a far friendlier interface than Windows System Image Manager, there are still a number of configuration items that I’ve included in unattend.xml. These include configuring the following:

Disable Internet Explorer Enhanced Security Configuration
Disable the OOBE console and Server Manager from starting at first logon
Enabling Remote Desktop Services Session Host as a role during the install instead of post-install

The included unattend.xml has configuration items applied to two configuration passes, plus features/roles enabled in the Packages section:

specialize; and
oobeSystem

Together the task sequence and unattend.xml create what should be a fairly clean (and importantly, repeatable) deployment of a XenApp server.

In the last article of this series, I’ll discuss some of the included scripts, but as always, if you’d like to ask some specific questions, email me – aaron (at) stealthpuppy.com.

Next up: Hands off my gold image – The Scripts

Hands off my gold image – The Task Sequence is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V 5 PowerShell One Liners – Adding and Publishing A Folder of App-V Client Packages

2012-11-13T22:34:28Z

App-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.

Using PowerShell to drive the App-V Client opens up plenty of great scenarios. I’ve previously posted on how to add, publish and stream a single package with a one line of PowerShell, but it might also be useful to import a number of packages the same way.

This is simple with a slight modification of the original command line with the use of Get-ChildItem to return a list of .appv files from a folder. Adding the -recurse switch walk through a complete folder structure and return .appv files from sub-folders.

Here’s how to use PowerShell to import packages stored in their own folder (i.e. sub-folders) in a UNC, publish them globally and stream each package into the local cache.

Get-ChildItem "\\Server\Share\Packages" -recurse -force -include *.appv | Add-AppvClientPackage | Publish-AppvClientPackage -global | Mount-AppvClientPackage

Teamed with NTFS permissions on each package folder, this command is a (very) simple, roll your own publishing tool for App-V 5.

App-V 5 PowerShell One Liners – Adding and Publishing A Folder of App-V Client Packages is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Converting CTX114501 to a readable format

2012-11-25T10:37:05Z

If you’ve ever wanted to look up which Citrix products support a specific database server version, you’ve attempted to read this article: CTX114501 - Supported Databases for Citrix Products. You’ll then have tackled with the product matrix that comes as a PDF instead of something more reasonable like, say, a spread sheet. There’s probably a good reason for this document to be a PDF, but it’s not the best format for reading this type of information.

In one of those “why didn’t I think of that” moments, CTP Timco Hazelaar (and all round good guy) responded to my question to a mailing list about this document in Excel format, by putting the document through a PDF to Excel converter.

I had some mixed results with various online converters, but this one was fairly reasonable: PDF to Excel by Nitro PDF. You can upload a PDF and the site will then convert the file and email you the result. I haven’t tested the desktop version, but I assume it to be a similar experience.

After conversion, the file still required some cleanup, but the end result is a format more readable and workable than the original. You can view the embedded document here and download for full fidelity.

Converting CTX114501 to a readable format is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V 5 PowerShell One Liners – Sequencing an application

2012-11-01T23:47:21Z

App-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.

Using PowerShell to drive the App-V Sequencer opens up some great automation scenarios. Here’s how to use PowerShell to sequence an application without manually starting the Sequencer UI.

I’m using Paint.NET as my example application and before sequencing, I have configured an install script for this application which will automate the installation and configuration.

I’ve placed all binaries and files, including a Sequencer Template into a folder at C:\Packages. My script (INSTALL.CMD) looks like this:

@ECHO OFF
START /WAIT C:\Packages\Paint.NET.3.5.10.Install.exe /skipConfig /auto PDNUPDATING=0 CHECKFORUPDATES=0 DESKTOPSHORTCUT=0

Before running the New-AppvSequencerPackage command, I have changed directory to C:\Packages. To capture Paint.NET as a new App-V 5.0 package, I have used the following command:

New-AppvSequencerPackage -FullLoad -Installer "Install.CMD" -Name "PaintNet3x" -Path "C:\Packages" -PrimaryVirtualApplicationDirectory "C:\Program Files\Paint.Net" -TemplateFilePath "AppV5SequencerTemplate.appvt" -Verbose

This generates a completed package in C:\Packages\PaintNet3x, ready for deployment to a client PC.

For more information on the New-AppvSequencerPackage command, run:

Get-Help New-AppvSequencerPackage -detailed

App-V 5 PowerShell One Liners – Sequencing an application is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Hands off my gold image – Microsoft Deployment Toolkit details

2012-11-24T20:13:59Z

After the corresponding Geek Speak talk at Citrix Synergy in Barcelona, I posted an article on automating a XenApp deployment and capture into Provisioning Services via the Microsoft Deployment Toolkit (MDT): Hands off my gold image – Automating Citrix XenApp/PVS Image Creation.

In a series of blog posts I’ll cover some of the steps in more detail – first up is configuring the MDT deployment share. I won’t cover setting up a share here, so if you’re new to MDT, I suggest starting at the MDT home page on TechNet where you’ll find various resources on using MDT.

Hosting MDT

Typically MDT is going to be hosted on a Windows Server (VM or physical server); however as a minimum the MDT deployment share only needs to be available over SMB. So essentially any storage location that supports SMB will suit.

The MDT console and ADK/WAIK must be installed somewhere and it’s often most convenient to install these on a management desktop/server VM, accessible by whomever is administering MDT.

CustomSettings.ini

The ZIP file available for download includes a sample CustomSettings.ini which is used to control the MDT deployment share. I’ve stripped this file down to it’s bare essentials to be able to walk you through some of the options used in this approach.

You could potentially use a Configuration Database instead; however I’ve opted to use CustomSettings.ini so that I can use an approach that is as portable as possible.

[Settings]
Priority=ByVM, UUID, Default
Properties=XenAppRole, PVSTemplate, WindowsUpdate

[Default]
WSUSServer=http://wsus-svr:8530
WindowsUpdate=FALSE

OSInstall=YES
DeploymentType=NEWCOMPUTER
DoNotCreateExtraPartition=NO

; ==============================================
; Control specific settings for virtual machines

[ByVM]
Subsection=VM-%IsVM%

[VM-True]
; Prevent creation of BDE partition on VMs
DoNotCreateExtraPartition=YES

;=================================
; Machine specific configurations

[<insert VM UUID here]
OSDComputerName=<VM name>
TaskSequenceID=<task sequence short code>
XenAppRole=WORKER
PVSTemplate=TRUE

Under the [Settings] heading, I’ve created three custom properties XenAppRole, PVSTemplate and WindowsUpdate. These properties enable a few things:

XenAppRole – valid values for this property are CONTROLLER and WORKER. This controls the installation of XenApp and whether XenApp is then configured as a Controller (hosts the XML broker and enumerates applications and zones etc) or a Worker (hosting user sessions and applications). If this property is not set against a computer record, then XenApp will not be installed
PVSTemplate – this controls whether a computer is the master template for Provisioning Services. The only valid value is TRUE. If this is set, then during the MDT task sequence, the computer image will be converted to a PVS image
WindowsUpdate – this property controls whether Windows Update is run during the task sequence. Valid values are TRUE or FALSE. Set this to FALSE during testing to reduce the amount of time to deploy and capture an image.

To control the creation (or not) of the BitLocker boot partition, a combination of the property DoNotCreateExtraPartition and detection of a virtual machine (the ByVM and VM-True sections) is used. This allows us to ensure that the partition is not created on virtual machines where it isn’t required.

The end of CustomSettings.ini (under machine specific configurations, is a sample heading for a target computer. Target computers are best identified by their UUID. This allows the MDT task sequence to match the machine it’s running on against the properties set in CustomSettings.ini.

In the next article, I’ll cover some specifics around the task sequence used to deploy Windows, install XenApp and capture the PVS image. In the meantime if you want to get more detail on this approach email me at aaron (at) stealthpuppy.com.

Hands off my gold image – Microsoft Deployment Toolkit details is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V 5 PowerShell One Liners – Adding and Publishing App-V Client Packages

2012-10-30T09:55:20Z

App-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.

Using PowerShell to drive the App-V Client opens up plenty of great scenarios. Here’s how to use PowerShell to import a package (from a UNC path), publish it globally so that it’s available for all users logging onto the local machine and stream the package into the cache.

Add-AppvClientPackage -Path "\\Server\Packages\MozillaFirefox16_pkg\MozillaFirefox16.appv" | Publish-AppvClientPackage -Global | Mount-AppvClientPackage -Verbose

The Path property on the Add-AppvClientPackage command should take any local, UNC or HTTP path. This is a quick and dirty method of importing and testing App-V 5 packages into a machine for testing.

This example command should be easy enough to extend to import and publish a number of packages stored in target folder.

App-V 5 PowerShell One Liners – Adding and Publishing App-V Client Packages is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V 5 PowerShell One Liners – Adding and Publishing App-V Server Packages

2012-10-29T12:43:27Z

App-V 5.0 is PowerShell driven, which means opportunity for automating and scripting tasks that might have to be completed manually or might have been a challenge to script previously.

Using PowerShell to drive the App-V Management Server opens up plenty of great scenarios. Here’s how to use PowerShell to import a package (from a UNC path), publish it and grant access to a domain group, all on one line.

Import-AppvServerPackage -PackagePath "\\Server\Packages\MozillaFirefox16_pkg\MozillaFirefox16.appv" | Publish-AppvServerPackage -Verbose | Grant-AppvServerPackage -Groups "lab\Domain Users" -Verbose

The PackagePath property on the Import-AppvServerPackage command should take any UNC or HTTP path, just like the Management Server UI.

This example command should be easy enough to extend to import and publish a number of packages stored in target folder.

App-V 5 PowerShell One Liners – Adding and Publishing App-V Server Packages is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Hands off my gold image – Automating Citrix XenApp/PVS Image Creation

2012-11-24T20:15:52Z

Citrix Provisioning Services is a great solution for the rapid deployment of Windows workloads from a master image. However, rapid deployment is not a replacement for a consistent, repeatable method of creating that master image.

Today I covered this in my talk at Citrix Synergy, along with my colleague Jonathan Eyton-Williams – “Hands off my gold image!“. This article will show you how to automate the deployment of a Windows image from bare metal to a finalised PVS image. This is part of an approach that we use for deployment within Kelway.

To keep things simple I’ll focus on the minimum pieces required to get this working. From here you should be able to expand the approach to include any number of components in your build.

Requirements

This approach is based on the use of the Microsoft Deployment Toolkit (MDT), a task sequence to deploy the operating system and some scripting.

At a minimum you need a location to store the MDT deployment share. This can be a dedicated server or any network file storage location that supports SMB. For the purposes of this article, I will use a dedicated virtual machine running Windows Server 2008 R2.

Setup and configure MDT

To install and configure MDT, download and install the following components:

Microsoft Deployment Toolkit (MDT) 2012 Update 1

Plus

Windows Assessment and Deployment Kit (ADK) for Windows 8

I recommend using the ADK instead of WAIK; however if you’re using a hypervisor that does not support Windows 8, install the WAIK.

Import OS, binaries and scripts

To fill out MDT, we need to import operating systems, applications and scripts, updates and drivers.

Import the Windows Server 2008 R2 OS image from the ISO. Ideally you’ll be installing Windows from volume license media, but for the purposes of testing, there’s nothing preventing you from using TechNet, MSDN or evaluation media.

Add the following as applications in MDT:

Microsoft .NET Framework 4 – this is required by XenConvert; however you’ll also need other dependencies for your environment, for example the Visual C++ Redistributables
Citrix XenApp 6.5 – the simplest way to do this is just import the entire XenApp 6.5 ISO
Citrix XenApp 6.5 hotfixes – these need to be installed separately after XenApp is installed
Citrix Provisioning Services Device Target – this is obviously needed to connect to PVS and stream the image
Citrix XenConvert – install the latest version of XenConvert to manage the conversion process from the installed image to the PVS VHD
The Convert PVS image script

Create a task sequence

A task sequence is required to install and configure an operating system on an end-point, this is essentially the core of MDT. There is a one-to-one mapping between a task sequence and an operating system, so you’ll need to create a task sequence for every version or edition of Windows you are looking to deploy.

Create a Standard Server Task Sequence
Choose the operating system, in this case Windows Server 2008 R2
Edit unattend.xml to configure features and enable roles such as Remote Desktop Services Session Host
Edit the task sequence to perform the required installation and configuration steps during deployment
Create application bundles to simplify task sequences and control the order of installation of applications
Configure CustomSettings.ini to control a task sequence and end-points with physical and custom properties
Create or update the Windows PE boot image. This could be mounted as an ISO into a virtual machine or delivered via PXE. Because we’re using MDT and PVS together on the same network, it’s simpler to mount the Windows PE ISO and leave PXE support for PVS.

Create the PVS image

Capturing the image into PVS will have to be performed while the MDT task sequence is running. This can be a challenge, so we need to ensure that all application and dependencies are installed and all reboots have completed. You’ll need to be confident that the image is complete before conversion.

During this step there are a number of items to complete in order:

Optimise the image for delivery via PVS – essentially replacing the ‘Optimise for PVS’ button in the XenConvert wizard. These are Registry changes that the wizard rights to a .REG file before importing, so this was easy to capture.
Run ngen to compile the .NET Framework assemblies. This will take some time.
Rearm Windows and Office (2010 or 2013)
Capture the image, whilst accounting for the fact that the PVS conversion is occurring during the MDT deployment. We need to edit the local install, capture the local install, cleanup the captured image and then ensure the MDT deployment can continue unhindered. If this does not happen, then the MDT deployment will continue to run every time the PVS image is delivered to an end-point.

The Pieces

So that you don’t need to reinvent the wheel completely, I’ve made available here the following components:

A sample CustomSettings.ini that includes the customisations used in this deployment
The Windows Server 2008 R2/Citrix XenApp 6.5 task sequence and unattend.xml
Citrix XenApp installation and configuration script
The Citrix XenApp Hotfixes script
Microsoft .NET Framework 4 installation script
Citrix Provisioning Services Device Target x64 install script
Citrix XenConvert install script
XenConvert/PVS image conversion script

XenApp 6.5/PVS automation with MDT samples

Finally

Hopefully this is enough to get you started. In some future posts I’ll discuss some of these steps in more detail. If you’d like to know some more detail before then, contact me at: aaron (at) stealthpuppy.com

Next up: Hands off my gold image – Microsoft Deployment Toolkit details

Hands off my gold image – Automating Citrix XenApp/PVS Image Creation is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Adobe Reader XI Deployment

2012-11-09T14:08:22Z

Adobe Reader XI is now available and along with this release comes some interesting tools for deployment:

Citrix XenApp enhancements for better performance (it’s not clear whether this specifically XenApp or RDS enhancements. Hopefully this means reduced memory requirements)
New App-V support, including a Package Accelerator (presumably this is App-V 4.6, not 5.0)
GPO Template for the most common enterprise settings (this includes a hand full of settings; however removing menu and toolbar items still requires resorting to Javascript)

There’s a full list of new features in this blog post: Announcing Adobe Reader XI. All of the bits that are currently available can be downloaded here:

Customisation

Customisation of Reader XI with the Adobe Customization Wizard XI is the same approach as previous versions and I have a comprehensive post on deploying Adobe Reader X which will largely apply to XI, but Adobe does have customisation and deployment documentation available:

The Adobe Customization Wizard XI for Windows is now available and the administration experience does not change massively (or at all) from previous versions.

Extracting Reader XI from the installer is the same as previous versions – run the following command:

AdbeRdr11000_en_US -nos_o"C:\Folder" -nos_ne

Restricting user interface elements in Acrobat/Reader XI is the same as previous versions. This cannot be performed by Group Policy but requires Javascript instead. Here’s an example Javascript that you can use to hide the most common menu items:

//HideMenu.js

// [Help - Repair Adobe Reader Installation]
app.hideMenuItem("DetectAndRepair");

// [Help - Check for Updates]
app.hideMenuItem("Updates");

// [Help - Purchase Adobe Acrobat]
app.hideMenuItem("Weblink:BuyAcrobat");

// [Help - Digital Editions]
app.hideMenuItem("eBook:Digital Edition Services");

// [Help - Online Support]
app.hideMenuItem("OnlineSupport");

// [Help - Online Support - Knowledge Base]
app.hideMenuItem("KnowledgeBase");

// [Help - Online Support - Adobe Support Programs]
app.hideMenuItem("AdobeExpertSupport");

// [Help - Online Support - Adobe User Community]
app.hideMenuItem("AdobeUserCommunity");

// [Help - Online Support - Accessibility Resource Center]
app.hideMenuItem("AccessOnline");

// [Help - Online Support - Generate System Report]
app.hideMenuItem("SystemInformation");

// [Help - Product Improvement Options]
app.hideMenuItem("UsageMeasurement");

// [File - Share Files Using SendNow Online]
app.hideMenuItem("SPAObject 51");

// [File - CreatePDF Online]
app.hideMenuItem("SPAObject 47");

Save this file as HideItems.js and copy the file into %ProgramFiles%\Adobe\Reader 11.0\Reader\Javascripts.

To create a custom transform file, open the extracted AcroRead.msi, set your required options and save the transform file. The following table list some recommended options to set via the Customization Wizard. Review these settings to see how they might apply in your environment.

Section	Item and Settings
Personalization Options	Suppress display of End User License Agreement (EULA) [Enabled]
Installation Options	Default viewer for PDF files [Installer will decide]
	Remove all versions of Reader [Enabled]
	Enable Optimization [Enabled]
	Enable Caching of installer files on local hard drive [Enabled]
	Run Installation [Unattended]
	If reboot required at the end of installation [Suppress reboot]
Files and Folders	Destination Computer [ProgramFilesFolder / Adobe /Reader 11.0 / Reader / Javascripts / HideItems.js]
Shortcuts	Remove [Desktop / Aobe Reader XI shortcut]
Security	Protected View [Off / Files from potentially unsafe locations / All files]
WebMail Profiles	Prevent end user from configuring WebMail profile [Enabled]
Online and Adobe online services Features	Disable product updates [Enabled]
	Load trusted root certificates from Adobe [Enable & Install silently]
	In Adobe Reader, disable Help > Purchase Adobe Acrobat [Enabled]
	Disable Help > Digital Editions [Enabled]
	Disable Product Improvement Program [Enabled]
	Disable Viewin of PDF with Ads for Adobe PDF [Enabled]

Deployment

Deployment of Reader XI will be largely the same as Reader X and 9 before it, so if you’ve deployed Reader previously there’s little new.

Although Adobe Reader is free you’ll need to agree to and obtain a license to distribute it in your own environment. Obtaining a license is simple, you’ll just need to answer a few questions such as the number of copies, how you will distribute Reader, which platforms and some information on your company including contact information. To apply for the license go to the Adobe Runtimes / Reader Distribution License Agreement.

To deploy Reader in your environment, you would continue to use the same approaches you are using today. Now might be the time to look at delivering Reader with App-V as this is now officially supported. The only hurdle will continue to be in browser (embedded) viewing of PDFs under Internet Explorer.

Whilst the Group Policy management support is great and way overdue, there’s currently only a handful of settings – don’t expect the same level of policy configuration that we get with Microsoft Office. It remains to be seen whether more will be required in production environments.

Finally..

Go forth and deploy.

Adobe Reader XI Deployment is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Replacing Redirected Folders and Offline Files with AppSense DataNow

2012-08-08T20:30:52Z

Note: this article covers a product that is in beta at the time of writing; therefore the specifics of the approach outlined in this article may be subject to change. This is not a recommendation to use this approach in production; rather it’s an exercise in understanding what’s possible with a new data synchronisation product.

Redirected Folders and Offline Files are fundamentally broken

Redirected Folders and Offline Files are currently the de-facto standard for making user data available across corporate PCs running Windows. Redirected Folders provides users with a consistent view of their data, whilst Offline Files makes that data available when disconnected from the network.

Sounds awesome on paper right? With the performance and synchronisation issues that you might experience, it’s far from a perfect solution but it’s the best one we’ve had to date. What’s disappointing is that improvements in these features have been far and few between. Even in Windows 8, they’re not much different from what was introduced in Windows 2000.

Perhaps eventually we’ll be able to replace both features with different approaches, instead of attempting to fix the unfixable. Maybe I shouldn’t be so hard on these technologies because they were great when introduced, but in my view they’re not up to task for user data management in today’s desktop. Where’s the corporate version of SkyDrive with on premise data?

There’s various 3^rd party “cloud” solutions aimed at this data problem now – Citrix ShareFile, Oxygen Open Storage Grid, RES HyperDrive and AppSense DataNow, to name a few. I wanted to take a look at the integration between DataNow and the traditional way of providing users with their data.

What is AppSense DataNow?

DataNow is AppSense’s new data management product, currently in public beta – available for download for testing and feedback. In its current form (as least as far as this beta in concerned), DataNow provides an easy way to access to corporate data (stored on user home drives) from mobile devices, Windows PCs and Macs.

Access is proxied through a virtual appliance, located in the DMZ or on the Internal network, whilst the data remains in its existing location (i.e. file servers inside the trusted network). The DataNow client then accesses that data over HTTP.

With this overview in mind, I should be able to use DataNow to synchronise data to laptops and even desktops and standard folder redirection for hosted desktops in the data centre (i.e. those desktops right next to the file storage).

The idea being that this approach should provide users with a consistent view of their data regardless of how they are accessing the desktop, with the bonus being that I can now extend the same access to mobile devices.

Approaches

When installing the DataNow client, the user’s data is synchronised locally to a DataNow folder – similar in approach to Dropbox or SkyDrive. Here’s three ways that I could aggregate my local folders (Documents, Desktop etc.) with the DataNow folder:

Leverage Windows 7 Libraries – include folders below the DataNow folder in the Documents, Music, Pictures and Videos Libraries. This will work, there’s even methods of scripting changes to the Libraries, but we miss out on important folders such as Favorites and the Desktop
Create Junction Points – create junction points for each of the user folders to folders in the DataNow folder. This will cover all user folders, but junction points aren’t a very elegant solution
Use Folder Redirection delivered by AppSense Environment Manager (EM) – redirect each of the user folders below the DataNow folder

The first two approaches are far from ideal whilst using Folder Redirection with EM holds the most promise, as Folder Redirection is arguably the easiest to implement and undo.

Implementation

To ensure that this will work, I’ve configured the following in a lab environment:

A home directory configured on the user account in Active Directory. I’ve started with a clean home directory
An AppSense DataNow appliance hosted on vSphere, configured for Active Directory in the lab environment. Configuring DataNow is out of scope of this article, however I’ve first ensured that DataNow is running correctly
Two Windows 7 VMs – one with x86 Windows and the other with x64 Windows
Both Windows 7 VMs are running the AppSense Environment Manager and DataNow agents
The DataNow folder is stored at %USERPROFILE%\DataNow
An Environment Manager configuration that will redirect the user folders below the DataNow folder at %USERPROFILE%\DataNow. For example, the Documents folder is redirected to %USERPROFILE%\DataNow\Documents

You may wonder why I haven’t used Group Policy to perform folder redirection – this is because Group Policy won’t allow you to redirect a user folder to a sub-folder of %USERPROFILE%. I guess Microsoft doesn’t want us creating a quantum singularity by redirecting %USERPROFILE%\Documents to %USERPROFILE%\Documents\Documents.

With Folder Redirection implemented and the DataNow client configured, the user folder looks like this:

Whilst the DataNow folder contains each of the redirected user folders:

Note that I’ve not redirected Downloads or Saved Games.

After logging into the DataNow client for the first time, each of the redirected folders are synchronised to the home drive:

Synchronisation works between the local DataNow folder and the home drive and I’m able to make changes on each machine and see the changes on the other. There are some oddities during synchronisation, but I’ve put this down to beta software as I’ve seen synchronisation improve between each beta release.

Generally speaking though, this approach gives me what I’m after- synchronisation between the home drive and a Windows device that I can take offline, and even synchronise that data across the Internet as long as DataNow is available externally. The best part is that there is no Folder Redirection to the network (so no latency introduced by the network) and no Offline Files configured.

Conclusion

DataNow is currently in beta and by no means is the only product I could have used for this test, but in its current form, it’s let me give the kick in the teeth that Folder Redirection (to the network) and Offline Files deserves. This is really just a proof-of-concept, but hopefully with time this should become more robust and with any luck the default approach for providing data offline on laptops without changing or impacting the user experience.

Note: under no circumstances should you take this article as a recommendation from me for synchronising the AppData\Roaming folder – synchronising or redirecting AppData should never be undertaken lightly as it is not a solution, it is delayed failure.

Replacing Redirected Folders and Offline Files with AppSense DataNow is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Delivering Citrix XenApp Controllers and Workers with the Microsoft Deployment Toolkit

2012-08-02T17:27:05Z

Here’s a quick a dirty method of controlling whether your Microsoft Deployment Toolkit (MDT) task sequence deploys a XenApp Controller (broker, XML service) or Worker (session host).

Let’s assume that you are automating the deployment of your XenApp image using MDT in an environment with XenApp Controllers and Workers. It makes sense to use the same task sequence to deploy both XenApp roles because there’s not a lot of difference between both server types (maybe on the Controllers we could avoid installing applications).

The use of a custom task sequence variable can provide a method of controlling which role is deployed, but I’ve first defined installation scripts for XenApp as applications in MDT. I have two applications:

Citrix XenApp Controller 6.5
Citrix XenApp Worker 6.5

Behind the scenes, these applications run a script that will install and configure XenApp. For the XenApp Worker, the script defines /ImaWorkerMode:True when running XenAppConfigConsole.exe to configure XenApp after installation. Both applications have been added to a single task sequence that will automate the installation of Windows Server 2008 R2 with Citrix XenApp 6.5 (along with dependencies and applications).

In CustomSettings.ini, under the Settings define a custom property named XenAppRole:

[Settings]
Priority=UUID, Default
Properties=XenAppRole

Next we need to define the role for a specific machine. For this example I’m using the UUID of the target to identify a machine, also defined in CustomSettings.ini; however you could also use the MDT configuration database to define the machine properties.

Because this is a custom property I can choose what ever value I like, so I’ve creatively chosen WORKER or CONTROLLER. The following example shows the configuration for a specific machine named XENAPP1 identified from its UUID:

[F1373B42-1F37-75FC-B166-A2E578E28B1E]
OSDComputerName=XENAPP1
XenAppRole=CONTROLLER

Now in the task sequence, modify the conditions (on the Option tab) of each step. In my case I have the XenApp components as child items of a group. In this case I’ve also added a condition that only processes this group if the XenAppRole property exists (regardless of role):

On the XenApp Controller step, create a condition that detects whether XenAppRole has been set to CONTROLLER:

On the XenApp Worker step, create a condition that detects whether XenAppRole has been set to WORKER:

Simple and straightforward – I get a clean, consistent build of XenApp 6.5 and control over which role is deployed to an end-point by changing one line in CustomSettings.ini.

Delivering Citrix XenApp Controllers and Workers with the Microsoft Deployment Toolkit is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Mailbag – Pre-caching App-V 4.6 packages on Laptops using AppSense Environment Manager 8

2012-07-26T21:46:47Z

Rory asks via Twitter – can we pre-cache App-V packages on laptop clients so that all applications are available offline, using AppSense Environment Manager?:

As with many solutions in Environment Manager, there’s probably a number of ways to achieve this – here’s just one.

The Logic

In Rory’s scenario, he’s using the App-V Management Server to deliver packages. This means that packages are delivered to users only and not to the client (i.e. globally). First up we’ll need to work out what we’re trying to achieve here:

Is the client a laptop?
How do we determine whether the laptop can contact the streaming source?
How to cache all of the packages to the client?
We’ll most likely also need to ensure that the pre-caching doesn’t run too often or doesn’t run over a VPN connection

Determining whether the local machine is a laptop is quite simple, but we’ll need to resort to some custom code to that. Fortunately we don’t need to re-invent the wheel – we can use this code by Rob van der Woude that uses WMI to look for a battery:

If IsLaptop( "." ) Then
	' WScript.Echo "Laptop"
	' Return Success
	WScript.Quit 0
Else
	' WScript.Echo "Desktop or server"
	' Return failure
	WScript.Quit 1
End If

Function IsLaptop(myComputer)
' This Function checks if a computer has a battery pack.
' Argument:	myComputer	[string] name of the computer to check, or "." for the local computer
' Written by Rob van der Woude
' http://www.robvanderwoude.com
	On Error Resume Next
	Set objWMIService = GetObject( "winmgmts://" & myComputer & "/root/cimv2" )
	Set colItems = objWMIService.ExecQuery( "Select * from Win32_Battery", , 48 )
	IsLaptop = False
	For Each objItem in colItems
		IsLaptop = True
	Next
	If Err Then Err.Clear
	On Error Goto 0
End Function

Add this to a Reusable Condition (or even an inline condition if you’d like) that includes this code as a Custom Condition. Make sure to set the Custom Condition Type to VBscript and enable ‘Evaluate Once Per Session’ and ‘Run As System User’.

Next up, you may want determine whether the client can contact the streaming source (what ever that is – App-V Management Server, App-V Streaming Server, HTTP or even a UNC path). You could use native Computer IP Address condition and make the assumption that the remote host is available because the client is located in a known network, or ping the remote host using PowerShell in a Custom Condition. Alternatively an Active Directory Site Membership might suffice, however this may require listing all of your AD sites which isn’t ideal.

For a Computer IP Address condition, choose Condition / Computer / Computer IP Address and configure the required IP range. Ensure that ‘Evaluate Once Per Session’ is disabled – because the client IP address may change during a single session. Repeat this for multiple IP ranges.

To use a PowerShell script instead, create a Custom Condition, set the Type to PowerShell, disable ‘Evaluate Once Per Session’ and set ‘Run As System User’.

$servers = "appv1.domain.local"
If (!(Test-Connection -Cn $server -BufferSize 16 -Count 1 -ea 0 -quiet))
{
	exit 0
Else
	exit 1
}

Now that we know the client is a laptop and we know that it can contact the streaming source, we can run the command to cache the applications. You’ll need an Execute Action to run this command:

"%ProgramFiles%\Microsoft Application Virtualization Client\SFTTRAY.exe" /HIDE /LOADALL

This will load all packages and ensure that the progress bar is not shown.

If you are publishing packages to users, configure this action to run in the current user’s context. If you are delivering packages globally and using a streaming source, configure this action to run in the System context.

Implementing

To put this into action, we’ll need to think about when to run the SFTTRAY command. User Logon might be an obvious choice, but this could potentially slow down the logon process; however we do need run the action not long after logon because we can’t run it before the user disconnects the machine or logs off (running the action at logoff, would delay logoff). There are a number of ways we can run the SFTTRAY action:

At User Process Started for %ProgramFiles%\Microsoft Application Virtualization Client\sftdcc.exe launches – this will run at logon, but the logon process should be mostly complete by this time
At Network Connected – we have an opportunity to cache packages when connecting back to the corporate network if the laptop is resuming from sleep mode
Session Locked – this is a great time to cache packages because the user is not interacting with the desktop

I’ve included a sample configuration below that uses each of these approaches by applying the logic in a Reusable Node linked to each of the triggers listed above.

Download the configuration shown above from here:

Environment Manager configuration - Cache App-V packages

Mailbag – Pre-caching App-V 4.6 packages on Laptops using AppSense Environment Manager 8 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

White Paper – The Definitive Guide to Delivering Microsoft Office with App-V

2012-07-24T16:09:56Z

Using application virtualization to simplify your gold image by delivering what’s most likely the most common component of any image – Microsoft Office, continues to be a popular topic. But is it the right approach?

Microsoft has some great guidance on using App-V 4.6 to deliver various versions of Office, but there’s no single place that brings them together with a discussion on what you need to consider before virtualizing Office. This is where community discussion can help.

I’m extremely happy to make this white paper available, which is the result of a lot of time and effort and a companion piece to a talk that I gave at BriForum London back in May.

The Definitive Guide to Delivering Microsoft Office with App-V

The paper is divided into two parts:

Part 1: To virtualize or not to virtualize – a discussion on the pros and cons of virtualizing Office and what you should be considering if you are going to virtualize Office rather than deliver it as a component of your core gold image
Part 2: Virtualizing Office with App-V – a detailed walkthrough that goes beyond the Microsoft documentation for sequencing and delivering Office 2010, 2007 and 2003 with App-V 4.6

The aim of this document is to be the best resource for virtualizing Office 2010, 2007 and 2003 with App-V 4.6 SP1 & SP2 available. Feedback, corrections and criticisms are welcome.

This document is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Note: this is a independent effort; however it has been made available for free thanks to my employer Kelway

White Paper – The Definitive Guide to Delivering Microsoft Office with App-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Sequencing Mozilla Firefox with App-V 4.6

2013-03-16T23:04:02Z

It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little more effort. I’ve previously shown you how to sequence Firefox 8, Firefox 7 and Firefox 5. Before embarking on sequencing Firefox, please refer to this companion article - Prepare Mozilla Firefox for Enterprise Deployment and Virtualization - which covers configuring a Firefox installation for virtualizing. It’s important that Firefox is configured correctly for virtualization by disabling specific features..

User Experience

Typically, virtualizing an application changes the user experience due to the introduction of isolation. Virtualizing Firefox with App-V 4.6 will isolate the application from the OS, so the following features will not be available once Firefox has been sequenced:

The ability set the browser as default – isolation prevents this from working
Firefox Jump Lists in the Start Menu and Taskbar do work, but they don’t display icons correctly

Firefox features to disable

There are a couple of features that should be disabled when running Firefox under App-V:

Default browser check – Options / Advanced / General – Always check to see if Firefox is the default browser on startup. Once Firefox is isolated from the OS, the user won’t be able to make it the default browser
Automatic updates for Firefox – Options / Advanced / Update / Firefox updates. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
Mozilla Maintenance Service – Firefox installs an updater service that allows updating whilst avoiding UAC prompts. This service should be disabled or not installed

I will cover using a couple of customisations to ensure these user features are disabled in the UI for any new Firefox profile. This service is simple enough to handle by disabling it

Managing the Firefox profile

Firefox stores preferences, extensions and other user data in:

%APPDATA%\Mozilla (preferences, bookmarks etc.); and
%LOCALAPPDATA%\Mozilla (browser cache)

The default behaviour of the App-V Sequencer is to exclude %LOCALAPPDATA% – this is a good thing and I don’t recommend removing this exclusion. %APPDATA% will be included by default and whether you leave this location included in the package will depend on your specific deployment requirements; however my recommendation is to exclude this location by adding %CSIDL_APPDATA%\Mozilla to the exclusion list in your sequence. On the client, Firefox will then create a new profile in the real file system when the user starts the browser for the first time. There are several reasons why this approach is a good idea:

Some of the configuration files within the Firefox profile include hard-coded paths – challenging if your App-V virtual drive changes between clients
Virtualizing the profile increases the complexity of upgrading Firefox packages especially challenging given Mozilla’s approach to Firefox releases. By storing the Firefox profile on the real file system, Firefox can be deployed via completely unrelated packages – no need to create upgrade versions
Users can potentially create multiple Firefox profiles, with each stored in the users’ PKG file. The minimum size for a new Firefox profile is 12Mb – the PKG file will grow by 12Mb for each new Firefox profile created

By excluding %APPDATA% and not virtualizing the user profile you will gain some flexibility with your Firefox deployment.

Sequencing Platform

I have sequenced Firefox on a clean Windows 7 SP1 x86 VM with all current updates and no other applications other than the App-V Sequencer. I’ve configured a Q: drive using a second vDisk, rather than let the Sequencer create a Q: drive for me. I’ve used a VFS install and tested successfully; however if you would prefer a MNT install just change the install folder when installing Firefox.

The Firefox version available from Mozilla is an x86 application, so I generally recommend sequencing Firefox on Windows 7 x86 virtual machine even though you may be deploying to 64-bit Windows. However confirm this in your own environment and re-sequence for 64-bit platforms if required.

Sequencer Configuration

Before Sequencing, add the following exclusions:

%CSIDL_APPDATA%\Mozilla
%CSIDL_COMMON_APPDATA%\Microsoft\RAC
\REGISTRY\USER\%SFT_SID%\Software\Microsoft\Windows\CurrentVersion\Internet Settings

If you are adding Adobe Flash Player to the package, add these exclusions as well:

%CSIDL_APPDATA%\Adobe
%CSIDL_APPDATA%\Macromedia
%CSIDL_WINDOWS%\Installer

I have included these in a Package Template for Firefox that you can download from here:

App-V 4 Package Template for Firefox

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. Sequencing Firefox will require the following steps:

Install Firefox
Configure profile defaults and preferences locking
Optionally add global add-ons and install plug-ins such as Adobe Flash Player

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Firefox package if required.

Mozilla Firefox installer command line arguments – use the INI file approach to control where Firefox is installed and to prevent the addition of a desktop shortcut, if required
After installing Firefox, copy user.js to %ProgramFiles%\Mozilla Firefox\defaults\profile
Copy userChrome.css to %ProgramFiles%\Mozilla Firefox\defaults\profile\chrome
Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
If you are including Adobe Flash player in the package, be sure to disable the auto-update notification

Before sequencing, copy all of the required files into the sequencing VM, which should like something like this:

Shortcuts

If the monitoring phase was successful the Sequencer should create a single shortcut for Firefox. If you are including Flash Player, add an additional shortcut for the Flash Player Control Panel applet using “C:\Windows\System32\FlashPlayerCPLApp.cpl” as the target.

First Run Tasks and Primary Feature Block

Finally

Save your package and deploy. With compression enabled, the package should be around 24Mb. For a walkthrough of the sequencing process, using the installation script outlined in the Firefox deployment article, see the following screenshots:

[Show as slideshow]

Sequencing Mozilla Firefox with App-V 4.6 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Unattended Windows deployment fails with 0×80004005 under Hyper-V

2012-06-26T17:45:05Z

There’s one thing that I can’t get enough of when automating Windows deployments, it’s ambiguous and confusing error messages. More please, I’m a sucker for punishment.

Here’s one I’ve been troubleshooting on and off for a while – an unattended Windows deployment via MDT fails with error 0×80004005, which is about as helpful as a brick life vest.

Similarly, the MDT log files are pretty useless in narrowing down a root cause. Whilst I couldn’t use the log files to help me discover the issue, I have been using MDT to deliver the same task sequence on multiple hypervisors in our lab environment.

As it turns out the issue can be caused by a fairly specific configuration – delivering Windows Server 2008 R2 with the Remote Desktop Services Session Host (RDSH) role enabled via UNATTEND.XML to a virtual machine on Hyper-V with Dynamic Memory enabled and the Startup RAM set to 512MB.

Dynamic Memory is probably something you would not run for RDSH in production, so there’s a few workarounds:

Set the Startup RAM higher than 512MB
Don’t use Dynamic Memory for an RDSH server (the recommend solution)
Use PowerShell to reconfigure the Dynamic Memory settings after Windows has been deployed to the virtual machine

Unattended Windows deployment fails with 0×80004005 under Hyper-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Aaron Parker

Hands off my gold image! – Video: Windows 8 zero-touch deployment

Hands off my gold image! – Video: automated PVS image deploy and capture

Take part in the OS Deployment Automation Survey

400 App-V Recipes!

Retrieving a VM’s UUID from vSphere

Sequencing Mozilla Firefox with App-V 5.x

User Experience

Firefox features to disable

Managing the Firefox profile

Sequencing Platform

Sequencer Configuration

Installing Firefox

First Run Tasks and Primary Feature Block

Automating the Firefox sequence

Finally

App-V 5 Sequencer Template

Prepare Mozilla Firefox for Enterprise Deployment and Virtualization

Features to control in an enterprise

Locking down and controlling Firefox options

Local-settings.js

Mozilla.cfg

Override.ini

userChrome.css

Installing Firefox

Finally

Further Reading

Don’t miss out on the greatest (App-V) show on Earth

Context based automation in Mac OS X

Installing ControlPlane

Configuring Contexts

Enabling Actions

Action Details

Life is Good

Creating App-V 5.0 Connection Groups with PowerShell

What’s in a Definition File?

Enter PowerShell

Examples

Finally

App-V 5.0 delivers Internet Explorer Plugin Nirvana

Implementing RunVirtual

Publishing Packages

Enabling a Connection Group

Configure RunVirtual

The End to installing Plugins?

Sequencing Apple iTunes 11 with App-V 5

iTunes 10 with App-V 4.6

iTunes Components

Prepare the Sequencing VM

User Profile

Sequencer Template

Installing iTunes

Sequencing iTunes

Virtualization Issues

DCOM

Driver

Deploying iTunes

Finally

Office 2013 Customization

Use Preference over Policy

Office Customization

User Settings Recommendations

Hands off my gold image – The Scripts

Approach to Scripting

Script Details

Microsoft .NET Framework 4 Full

Citrix XenApp 6.5

Citrix XenApp Hotfixes

Citrix Provisioning Services Device Target x64

Citrix XenConvert x64 2.x

Convert XenApp PVS Image

Finally

Hands off my gold image – The Task Sequence

Importing the Task Sequence

About the Task Sequence

About Unattend.xml

App-V 5 PowerShell One Liners – Adding and Publishing A Folder of App-V Client Packages

Converting CTX114501 to a readable format

App-V 5 PowerShell One Liners – Sequencing an application

Hands off my gold image – Microsoft Deployment Toolkit details