Manually Creating Optimized Windows Images for VMware Horizon VMs | VMware – VDI Optimization Principles
It’s up to each organization to determine the best approach to updating VDI. This script was designed to suit your environment and requirements. These files contain lists of apps to be removed, and services to be disabled. If you do not wish to remove a particular app or disable a particular service, edit the corresponding text file and remove the item.
Finally, there are local policy settings that can be imported into your device. It is better to have some settings within the base image, than to have the settings applied through the group policy, as some of the settings are effective on the next restart, or when a component is first used.
Other software layers of the VDI solution provide the users easy and seamless access to their assigned VMs, often with a single sign-on solution. Traditional virtual machine, where the VM has its own virtual disk file, starts up normally, saves changes from one session to the next.
The difference is how the user accesses this VM. There might be a web portal the user logs into that automatically directs the user to their one or more assigned VDI VMs. Image-based persistent virtual machine, optionally with personal virtual disks. A VM is created, and one or more virtual disks are created and assigned to this disk for persistent storage.
When the VM is started, a copy of the base image is read into the memory of that VM. At the same time, a persistent virtual disk is assigned to that VM, with any previous operating system changes merged through a complex process. Changes such as event log writes, log writes, etc. In this circumstance, operating system and app servicing might operate normally, using traditional servicing software such as Windows Server Update Services, or other management technologies. At some point updates must be applied to the master.
This is where implementations decide how the user persistent changes are handled. It might also be that the changes the user makes are kept through monthly quality updates, and the base is reset following a Feature Update. When a non-persistent VDI implementation is based on a base or “gold” image, the optimizations are mostly performed in the base image, and then through local settings and local policies.
With image-based non-persistent VDI, the base image is read-only. When a non-persistent VM is started, a copy of the base image is streamed to the VM. Activity that occurs during startup and thereafter until the next reboot is redirected to a temporary location. Users are usually provided network locations to store their data. In some cases, the user’s profile is merged with the standard VM to provide the user with their settings.
One important aspect of non-persistent VDI that is based on a single image is servicing. Updates to the operating system and components are delivered usually once per month. With image-based VDI, there is a set of processes that must be performed to get updates to the image:. This means the users are redirected to other VMs. The base image is then opened and started up.
All maintenance activities are then performed, such as operating system updates,. NET updates, app updates, etc. Windows 10 performs a set of maintenance tasks, automatically, on a periodic basis. There is a scheduled task that is set to run at AM every day by default. This scheduled task performs a list of tasks, including Windows Update cleanup. You can view all the categories of maintenance that take place automatically with this PowerShell command:.
One of the challenges with non-persistent VDI is that when a user logs off, nearly all the operating system activity is discarded. Therefore, optimizations intended for a Windows computer that saves state from one session to the next are not applicable.
Indexing might be a partial waste of resources, as would be any disk optimizations such as a traditional defragmentation.
If preparing an image using virtualization, and if connected to the Internet during image creation process, on first logon you should postpone Feature Updates by going to Settings , Windows Update. Windows 10 has a built-in capability called the System Preparation Tool , often abbreviated to “Sysprep”.
The Sysprep tool is used to prepare a customized Windows 10 image for duplication. The Sysprep process assures the resulting operating system is properly unique to run in production. There are reasons for and against running Sysprep.
In the case of VDI, you might want the ability to customize the default user profile which would be used as the profile template for subsequent users that log on using this image. You might have apps that you want installed, but also able to control per-app settings.
The alternative is to use a standard. ISO to install from, possibly using an unattended installation answer file, and a task sequence to install applications or remove applications.
Anytime that Windows defaults are changed, questions arise regarding supportability. Once a VDI image VM or session is customized, every change made to the image needs to be tracked in a change log. At troubleshooting, often an image can be isolated in a pool and configured for problem analysis.
Once a problem has been tracked to the root cause, that change can then be rolled out to the test environment first, and ultimately to the production workload.
This document intentionally avoids touching system services, policies, or tasks that affect security. After that comes Windows servicing. The ability to service VDI images outside of maintenance windows is removed, as maintenance windows are when most servicing events take place in VDI environments, except for security software updates.
Consider supportability when altering default Windows settings. Difficult problems can arise when altering system services, policies, or scheduled tasks, in the name of hardening, “lightening”, etc. Consult the Microsoft Knowledge Base for current known issues regarding altered default settings. The guidance in this document, and the associated script on GitHub will be maintained with regards to known issues, if any arise.
In addition, you can report issues in several ways to Microsoft. You can use your favorite search engine with the terms “”start value” site:support. You might note that this document and the associated scripts on GitHub do not modify any default permissions.
If you are interested in increasing your security settings, start with the project known as AaronLocker. For more information, see “AaronLocker” overview. One of the goals of a VDI image is to be as light as possible. One way to reduce the size of the image is to remove UWP applications that won’t be used in the environment. With UWP apps, there are the main application files, also known as the payload. There is a small amount of data stored in each user’s profile for application specific settings.
There is also a small amount of data in the ‘All Users’ profile. Connectivity and timing are important factors when it comes to UWP app cleanup.
If you deploy your base image to a device with no network connectivity, Windows 10 can’t connect to the Microsoft Store and download apps and try to install them while you are trying to uninstall them. This might be a good strategy to allow you time to customize your image, and then update what remains at a later stage of the image creation process.
If you modify your base. WIM before you install, the apps won’t be installed to begin with and your profile creation times will be shorter. Later in this section there is information on how to remove UWP apps from your installation.
WIM file. A good strategy for VDI is to provision the apps you want in the base image, then limit or block access to the Microsoft Store afterward. Store apps are updated periodically in the background on normal computers. The UWP apps can be updated during the maintenance window when other updates are applied. For more information see Universal Windows Platform Apps.
UWP apps that are not needed are still in the file system consuming a small amount of disk space. For apps that will never be needed, the payload of unwanted UWP apps can be removed from the base image using PowerShell commands. In fact, if you remove those from the installation. WIM file using the links provided later in this section, you should be able to start from the beginning with a very slim list of UWP apps. Run the following command to enumerate provisioned UWP apps from a running operating system, as in this truncated example output from PowerShell:.
UWP apps that are provisioned to a system can be removed during operating system installation as part of a task sequence, or later after the operating system is installed. This might be the preferred method because it makes the overall process of creating or maintaining an image modular. Once you develop the scripts, if something changes in a subsequent build, you edit an existing script rather than repeat the process from scratch.
Here are some links to information on this topic:. Removing Windows 10 in-box apps during a task sequence. Windows 10 Keeping apps from coming back when deploying the feature update. Each UWP app should be evaluated for applicability in each unique environment. You’ll want to install a default installation of Windows 10 , then note which apps are running and consuming memory.
For example, you might want to consider removing apps that start automatically, or apps that automatically display information on the Start Menu, such as Weather and News that might not be of use in your environment. If utilizing the scripts from GitHub, you can easily control which apps are removed before running the script. After downloading the script files, locate the file ‘AppxPackages.
See the section Customization for details. For more information, see the Windows Server powershell forum. To enumerate currently installed Windows Features, run the following PowerShell command:. Next, you might want to remove the Windows Media Player package. There are two Windows Media Player packages in Windows 10 You can use the built-in Dism. A Dism. The Windows technology involved is called Features on Demand.
Any settings made to this file will be applied to any subsequent user profiles created from a device running this image. You can control which settings to apply to the default user profile, by editing the file ‘DefaultUserSettings. One setting that you might want to consider carefully, new to this iteration of settings recommendations, is a setting called TaskbarSmallIcons.
You might want to check with your user base before implementing this setting. TaskbarSmallIcons makes the Windows Task Bar smaller and consumes less screen space, makes the icons more compact, minimizes the Search interface, and is depicted before and after in the following illustrations:.
Also, to reduce the transmitting of images over the VDI infrastructure, you can set the default background to a solid color instead of the default Windows 10 image. You can also set the logon screen to be a solid color, as well as turn off the opaque blurring effect on logon. The following settings are applied to the default user profile registry hive, mainly in order to reduce animations. If some or all of these settings are not desired, delete the settings not to be applied to the new user profiles based on this image.
The goal with these settings is to enable the following equivalent settings:. For Windows 10, version , the following are the optimization settings applied to the default user profile registry hive to optimize performance:. In the local policy settings, you might want to disable images for backgrounds in VDI. If you do want images, you might want to create custom background images at a reduced color depth to limit network bandwidth used for transmitting image information.
If you decide to specify no background image in local policy, you might want to set the background color before setting local policy, because once the policy is set, the user has no way to change the background color. It might be better to specify ” null ” as the background image.
There is another policy setting in the next section on not using background over Remote Desktop Protocol sessions. If the equivalent settings are not specified in any other way, such as group policy, the settings would still apply. The following settings were chosen to not counter or conflict with any setting that has anything to do with security.
These settings were chosen to remove settings or disable functionality that might not be applicable to VDI environments. We recommend using a low resolution, non-complex image so less data is transmitted over the network each time the image is rendered.
If you enable this policy setting, automatic learning stops, and any stored data is deleted. Users can’t configure this setting in Control Panel. Windows doesn’t connect to an online font provider and only enumerates locally-installed fonts. Disable passive polling check box Enabled. Use this setting if you’re on an isolated network or using a static IP address. Offline files Allow or disallow use of Offline Files.
In the disabled state, no Teredo interfaces are present on the host. The Connect to suggested open hotspots , Connect to networks shared by my contacts , and Enable paid services are turned off, but users on this device can enable them. If you enable this setting, apps and system features won’t be able to receive notifications from the network from WNS or by using notification-polling APIs. Enabled Device installation Prevent device metadata retrieval from the Internet Enabled Device installation Prevent Windows from sending an error report when a device driver requests additional software during installation Enabled Device installation Turn off Found New Hardware balloons during device installation.
Turns off web-to-app linking and http s URIs are opened in the default browser instead of starting the associated app. The Windows device is not discoverable by other devices, and can’t participage in cross-device experiences. If you enable this policy setting, all Windows Update features are removed.
Windows automatic updating is also disabled; you’ll neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website. If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer won’t contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities.
NOTE: Only use this policy if you have an alternate means to the latest certificate revocation list. This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator NCSI to determine whether your computer is connected to the Internet or to a more limited network As part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address.
If you enable this policy setting, NCSI does not run either of the two active tests. With this setting enabled, the background image shows without blur. If you disable or do not configure this policy setting, the local computer clock doesn’t synchronize time with NTP servers. NOTE: Consider this setting very carefully. Windows devices that are joined to a domain should use NT5DS. Virtual machines sometimes use “enhancements” or “integration services”.
If you enable this policy setting, the advertising ID is turned off. Apps can’t use the ID for experiences across apps. If you choose the Force Deny option, Windows apps are not allowed to access account information and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access the call history and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access contacts and employees in your organization cannot change it.
If you choose the Force Allow option, Windows apps are allowed to access email and employees in your organization cannot change it.
If you choose the Force Deny option, Windows apps are not allowed to access location and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access messaging and employees in your organization cannot change it.
If you choose the Force Deny option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access notifications and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access tasks and employees in your organization cannot change it.
If you choose the Force Deny option, Windows apps are not allowed to access the calendar and employees in your organization can’t change it. If you choose the Force Deny option, Windows apps are not allowed to access the camera and employees in your organization can’t change it. If you choose the Force Deny option, Windows apps are not allowed to access the microphone and employees in your organization can’t change it.
If you choose the Force Deny option, Windows apps are not allowed to access trusted devices and employees in your organization can’t change it. If you choose the Force Deny option, Windows apps are not allowed to communicate with unpaired wireless devices and employees in your organization can’t change it.
If you choose the Force Deny option, Windows apps won’t have access to control radios and employees in your organization can’t change it. If you choose the Force Deny option, Windows apps are not allowed to make phone calls and employees in your organization can’t change it.
If you choose the Force Deny option, Windows apps are not allowed to run in the background and employees in your organization can’t change it.
If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. This policy setting prevents Windows tips from being shown to users.
If you enable this policy setting, users will no longer see personalized recommendations from Microsoft and notifications about their Microsoft account. SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet. When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work.
The user will also not be able to view the location of the last use of their active digitizer on their device. File Explorer Turn off caching of thumbnail pictures Enabled File Explorer Turn off display of recent search entries in the File Explorer search box Enabled File Explorer Turn off the caching of thumbnails in hidden thumbs.
Users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the Suggestions setting.
If you enable this policy setting, user won’t be suggested matches when entering Web addresses. The user can’t change the auto-complete for setting web addresses. If you enable this policy setting, browser geolocation support is turned off. If you disable this policy setting, the entry points and functionality associated with this feature are turned off.
If you enable this policy setting, the user cannot use the Compatibility View button or manage the Compatibility View sites list. Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop. If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background. If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
If you enable this setting the automatic download and update of map data is turned off. If you enable this policy setting, features that generate network traffic on the Offline Maps settings page are turned off.
Note: This might turn off the entire settings page. This policy setting allows backup and restore of cellular text messages to Microsoft’s cloud services. Turns off compatibility lists in Microsoft Edge. If you disable this setting, the Microsoft Compatibility List isn’t used during browser navigation. Directs Edge to open with blank content when a new tab is opened. Disables autofill on address bar. If you enable this setting, Do Not Track requests are always sent to websites asking for tracking info.
If you disable this setting, employees can’t use Password Manager to save their passwords locally. Users can’t see search suggestions in the Address bar of Microsoft Edge.
If you enable this setting, you can configure one or more Start pages. Windows Defender SmartScreen is turned off and employees can’t turn it on.
Jump to content. Ask question. Upvote if you also have this question or find it interesting. Learn more. Follow, to receive updates on this topic.
Sign in to follow this Followers 2. Asked by Travis Watkins vitrual apps and desktops licensing. Travis Watkins 0.
Travis Watkins 0 Members 2 posts. Posted March 2. Share this post Link to post. Recommended Posts. Mark this reply as best answer, if it answered your question.
Upvote if you found this answer helpful or interesting. Carl Stalhood 14, Posted March 3. Please sign in to comment You will be able to leave a comment after signing in Sign in now.
Vdi windows 10.Recommended settings for VDI desktops
If you deploy your base image to either a device with no network connectivity, Windows 10 cannot connect to the Microsoft Store and download apps and try to install them while you are trying to uninstall winddows. The Sysprep process assures the resulting operating system is properly unique to run in production. It can be deferred for this many days to any non-zero value, such as, and so on. Note If utilizing vdi windows 10 scripts from GitHub, you can easily control which apps are removed before running смотрите подробнее script. Whether from Microsoft Update, vdi windows 10 from your internal resources, apply available updates including Windows Defender signatures.
Recommended configuration for VDI desktops | Microsoft Learn
Considerations you must take into account when creating a Windows system image are different if you plan to deploy vdi windows 10 desktops rather than physical desktops:. Therefore, with virtual desktops, one-time system actions must be configured in the base image, and one-time user actions must be configured in the default user profile. These procedures include creating a VM, installing and configuring a Windows wndows system, optimizing vdi windows 10 OS, and installing the various VMware agents required for desktop deployment.
Important : The procedures in this guide are sequential vdi windows 10 build on one another, so make sure to complete each procedure in each chapter before moving on to the next. Familiarity with networking and storage in a virtual environment, Active Directory, identity management, and directory services is assumed.
Knowledge of other technologies, such vdi windows 10 Horizon is also helpful. Vdk the golden image is well worth the time and effort involved. Savings are returned on a variety of fronts. By trimming the image, you can reduce vdi windows 10 amount of required disk space by up to 80 windkws, which translates to a significant reduction in the time it takes to create desktop pools up to 3 times faster.
By default, Windows generates native images and видела jaksta streaming media recorder portable free download извиняюсь disk cleanup actions after being idle for 10 minutes, which can use a full core for up to an hour. When dindows a large pool, this means that the cluster might not be usable for up to an hour after deployment. With image optimization, however, this process could be reduced to 30 seconds. When a user logs on, the portion of vdi windows 10 time devoted to creating a standard user profile can take up to 30 seconds, but when optimized, this portion на этой странице logon time could be reduced to 3.
A default deployment can use up to 2 GB of active memory, but with optimization, memory requirements can be reduced significantly up to 50 percent. An optimized deployment can reduce CPU usage by up to 40 percent, allowing for up to a percent increase in VM density on the physical vSphere host. Because of the earlier-mentioned disk-space savings, you realize cache-usage improvements as well.
Deactivating unneeded features and compressing the Wwindows files means a larger portion can fit in the cache, which can reduce the amount of IOPS required by up to percent.
The following operating systems have been tested using the procedures wundows in this guide. The table shows the example sizing and login duration that we achieved in our testing. Only bit operating systems were tested, but any bit operating system that has a corresponding bit version listed should work vdi windows 10 the same way.
All operating systems were tested with all updates available as of mid-June Note : Vdi windows 10 screenshots in this guide are from Windows vdi windows 10 21H1. If you have a different OS version, some screens might look slightly different, but in general they are quite similar. KMS treats each activated clone as a computer with a newly issued license.
In a production environment, you must vdi windows 10 Windows. In an evaluation environment, you can create the VM and log in without activating Windows. LTSC means long-term servicing channel.
This edition receives only security updates but no feature updates. OS upgrades are released only once every three years or so. This edition is meant for specialized systems that perform a single important task—such as PCs that control medical equipment, point-of-sale systems, and ATMs. In general, the latest version is recommended, which, at the time of writing, is 7.
Before you can perform the procedures in this guide, you must have certain infrastructure components installed and configured. If you are using a VMware vSphere infrastructure, which can reside either on-premises or on one or more cloud platforms, verify that you have the following components installed and configured:.
If you plan to create Horizon desktop pools or RDSH server farms, ideally at this point you would also have Horizon Connection Server installed and configured. The Horizon Cloud Service is a VMware-managed virtual desktop and application solution that vdi windows 10 desktops as a service using a Microsoft Azure public cloud infrastructure.
This guide you are currently reading describes how to manually create все youtube app for windows 10 pc этом VM image. However, vdi windows 10 is recommended to automate the process of image creation. Each desktop pool or RDSH server farm uses a golden virtual machine VM image, which serves раз and install google earth for windows 10 считаю the model for the deployed virtual desktops.
Note : The table that 01 describes the small amount of RAM on the ESXi host that is required for video overhead in addition to system memory. This VRAM size requirement depends in on the display resolution and number of monitors configured for end users.
Important : You are not yet finished with the Customize Hardware wizard page. Now that you have edited the virtual hardware settings, you can configure the VM options. Note : In the next step, you are going to deactivate the hotplug feature.
To prevent this option from appearing, you will deactivate the wihdows. When using VMware App Volumes, you must either add enough controllers for the maximum windoas of disks you will be using or not set this option. You will accept most of the default settings and specify that you are doing a new installation rather than an vdi windows 10.
The screen at which you enter audit mode depends on which Windows vdi windows 10 system you are using. For example, some operating systems will automatically log in to Windows after a restart operation, vdi windows 10 others will prompt for user credentials. If prompted, use Administrator for the user name and leave the password field blank. Note : Different Windows operating systems provide different prompts after the initial installation. The following screenshot shows the prompt after you install Windows 10 21H1.
VMware Tools is a /19125.txt of vdi windows 10 windowx modules that enable several features in VMware products for better vdi windows 10 of, and seamless user interactions with, guests operating systems. For example, VMware Tools can run scripts that automate OS operations and can synchronize the time in the vdi windows 10 operating system with the time on the vSphere host.
At the end of the previous exercise, Install Windows, you powered off the VM, which left the remote VM console dark, as shown in the following screenshot. If you closed that console, you need to open it again детальнее на этой странице you can begin this exercise.
If you did not power off the VM, you must do so or the Install VMware Tools winndows will not be available in the second screenshot. The following screenshot shows an example of successfully running this command. Deferring feature upgrades does not affect security updates. Click Restart now. Run Windows Update again until no more updates are available and no restarts are required.
If you plan to create VMware Horizon desktop or application pools or server farms, you must install Horizon Agent on the golden VM image so that VMware Horizon servers can communicate with and manage the VMs 1 you deploy.
Note : This procedure describes running the Horizon Agent installer in the guest operating system of a vSphere-based VM. Selecting this option configures the Windows Server machine as a single-user virtual desktop rather than as an RDS host. Log in to the OS of the VM as an Administrator, double-click the installer file to start the wizard, and click Next on the Welcome page.
The environment must be either IPv6 only or IPv4 only. Horizon does not support a mixed IPv6 and IPv4 environment. This screenshot shows an example of the screen that might appear when vdi windows 10 wihdows agent on Windows Server. The following screenshot shows an example of a screen for Windows Now that all the correct components are configured to be installed, click Install. Unlike traditional application profile management solutions, Dynamic Environment Manager captures only the settings that the administrator specifies.
This reduces login and logout time because less data needs to be loaded. User подробнее на этой странице is managed through folder redirection. To install this component, you run the same VMware Dynamic Environment Manager Setup wizard that you run to install the management console. Install this agent only vdi windows 10 you plan to use this functionality.
This procedure describes running the FlexEngine installer in the guest operating system of a vSphere-based VM. However, you are required to have по этому адресу Dynamic Environment Manager. Although our primary application-delivery mechanism is App Volumes, it might нажмите для деталей desirable to install select applications in the primary VM so that all clones get those applications in their base disk. Many applications have integrated auto-update windowss.
Install these applications and update them to the latest version, and then turn off vdi windows 10 deactivate the auto-update functionality to prevent the clones from updating individually. Horizon Cloud delivers feature-rich virtual desktops and applications using a purpose-built cloud platform that is scalable across multiple deployment vdi windows 10, including fully managed infrastructure from VMware and vdi windows 10 cloud infrastructure from Microsoft Azure.
The service supports a cloud-scale architecture that makes it easy to deliver virtualized Windows desktops and applications to any device, anytime. And, with a flexible subscription model, organizations can easily get up and running quickly.
When completing the import wizard, you select various check boxes in order to automatically install Horizon Agent and the App Volumes Agent. The following procedure describes the process. When prompted, log in with your AD credentials. RDP to the machine using the IP address listed and install wimdows applications and drivers that you want to have in the base image. OSOT includes customizable templates to activate or deactivate Windows system services and features, according to VMware recommendations and best practices, across multiple systems.
Because vdi windows 10 Windows system services are enabled by default, OSOT can be used to easily deactivate unnecessary services and features to improve performance. Note : This version of this document does not include instructions for using Windows mandatory profiles. We found that login times are nearly equivalent if you use default user profiles instead of mandatory user profiles. In this procedure, you download the OSOT, check for template vdi windows 10, analyze the list of recommended optimizations, and select and apply those optimizations.
Here you can select alternate defaults that will change the selection of optimizations. As an example for a persistent VM, you probably want to make changes to Windows UpdateSearchand Securityor you might want to keep certain Store Apps. If you prefer, you can revert to the old behavior in the Common Options:.
Generalizing a Windows image means removing computer-specific information so that vdi windows 10 image qindows be deployed throughout an enterprise. Note : This procedure pertains to vSphere-based VMs. The OSOT can perform the following tasks, which you were previously required winrows do manually for VMs that you plan to use in a vSphere infrastructure:.
After downloading and extracting the executables, right-click each file sdelete App Wjndows delivers applications that are not in the golden VM image.