One of the great promises of application virtualization is dynamic delivery of software to end-points; however delivering plugins or add-ons to installed (i.e. not virtualized) software has thus far been a stumbling block.

Internet Explorer has been particularly challenging due to the inability to separate the browser from the OS in a supported manner. So using App-V to deploy plugins like Flash or Java has meant changing the user experience with virtualization or falling back to standard install methods.

App-V 5.0 delivers some good news though, with the ability to seamlessly run an installed application inside a specified virtual environment. This means that the Flash plugin can be delivered as a virtual package and made available to Internet Explorer without resorting to hacks or changing the user experience by providing a special shortcut. Providing Office add-ins would also benefit from the same approach.

Sebastian Gernert recently posted about the new RunVirtual feature in App-V 5.0 that can be used to launch a specified process or processes within a specific App-V package. RunVirtual is simple to implement but does require packages to be global.

RunVirtual works by the App-V client intercepting the process launch (CreateProcess) with AppvVemgr.sys and loading the process into the specified virtual environment.

Implementing RunVirtual

To illustrate implementing the RunVirtual feature, I’ll demonstrate delivering plugins to a Windows 7 client running Internet Explorer 9. In this example, I’m managing the App-V client with PowerShell to show what’s going on under the hood. This process would be simplified with Configuration Manager or the native App-V infrastructure.

Publishing Packages

Before deployment to a client PC, I’ve sequenced the follow applications into App-V 5.0 packages and saved them to the network:

• Adobe Reader X
• Adobe Flash Player 11
• Oracle Java 7

During sequencing I’ve not performed any special steps to prepare the environment – there is no bearing on deployment during the sequencing stage.

Each package has been added to the client and published globally with the following commands:

Add-AppvClientPackage –Path \\server\Packages\AdobeReaderX_pkg\AdobeReaderX.appv | Publish-AppvClientPackage -Global<br>Add-AppvClientPackage –Path \\server\Packages\AdobeFlashPlayer11\AdobeFlashPlayer11.appv | Publish-AppvClientPackage -Global<br>Add-AppvClientPackage –Path \\server\Packages\OracleJava7\OracleJava7.appv | Publish-AppvClientPackage -Global

Whilst Adobe Reader can be used just like any other application, Flash and Java aren’t particularly useful on their own.

Enabling a Connection Group

Only a single package can be applied to a process with the RunVirtual feature. This means that to provide Internet Explorer with access to several packages, we need to first add each package to a Connection Group and add that to the client.

Connection Groups are defined via XML files that list each member package. If we’re managing the App-V client with PowerShell, the Connection Group descriptor files need to be created manually. I won’t go into detail here; however below is the listing for the descriptor file for a Connection Group that contains the Internet Explorer Plugins:

<?xml version="1.0" ?>
<appv:AppConnectionGroup
xmlns="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup"
xmlns:appv="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup"
AppConnectionGroupId="61BE9B14-D2B4-41CE-A6E3-A1B658DE7000"
VersionId="E6B6AA57-F2A7-49C9-ADF8-F2B5B3C8A42F"
Priority="0"
DisplayName="Internet Explorer Plugins">
<appv:Packages>
<appv:Package DisplayName="Adobe Flash Player 11" PackageId="6a22f839-2d22-46dc-9c63-2649e370fce2" VersionId="792c8000-509c-4b1a-b4d7-58be65436d1a" />
<appv:Package DisplayName="Adobe Reader X" PackageId="abf1cd38-03cf-42af-8b27-564c4b9fcd1e" VersionId="818bc4eb-50f2-4fd4-90e4-9c8ed097e1e9" />
<appv:Package DisplayName="Oracle Java 7" PackageId="7112a4ca-2fe9-4606-b673-e13ea8589294" VersionId="4887ecd0-ce7b-48f6-bad6-4d8197e3821e" />
</appv:Packages>
</appv:AppConnectionGroup>

Save the file as InternetExplorerPlugins.xml and copy to the client PC. The Connection Group is added and enabled (most importantly, globally), with the following command:

Add-AppvClientConnectionGroup -Path .\InternetExplorerPlugins.xml | Enable-AppvClientConnectionGroup -Global

PackageId/GroupId and VersionId from the Connection Group descriptor file are important to note when configuring RunVirtual.

Configure RunVirtual

Enabling the RunVirtual feature for a process is achieved via a Registry key in HKLM: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual. Each target process requires a key below the RunVirtual key and then the package ID and version ID listed in the default value.

So using Internet Explorer (iexplore.exe) and the Connection Group for the plugins, listed above, the data to add to the Registry would look like this:

• Key: HKLM\SOFTWARE\Microsoft\AppV\Client\RunVirtual\iexplore.exe
• Default Value: 61be9b14-d2b4-41ce-a6e3-a1b658de7000_e6b6aa57-f2a7-49c9-adf8-f2b5b3c8a42f

(Note the underscore between Package ID and Version ID to make up the data stored in the registry value.)

However – I have found that RunVirtual doesn’t start the virtual environment (VE) if details for a Connection Group are supplied. Documentation on this feature is scant, so it’s hard to tell whether this behaviour is by design or not.

If the Package and Version ID are of a member package are provided, then the Connection Group VE is loaded, so we do get the desired effect. In my test case, I’ve added the Package and Version ID of the primary package (Flash) to the registry.

Once the key is created and populated, start or restart the target process and the plugins will be available. Internet Explorer add-ons can now be virtualized and delivered to IE seamlessly. Even Adobe Reader can now be virtualized and embedded PDFs will still work.

The End to installing Plugins?

RunVirtual is a great new feature of App-V 5.0 that has only been possible with the re-architecture of App-V. The ability to provide add-ons or plugins for installed software without changing the user experience is brilliant. A feature that agent-less application virtalization solutions won’t be able to match.

However it’s still early days for App-V 5.0, so it remains to be seen how widely this feature will be used. At this point, it only works with global (i.e. not user targeted) packages and requires a change to the real registry. It is though, a feature with a lot of promise and I’m looking forward to it simplifying desktop images.

App-V 5.0 delivers Internet Explorer Plugin Nirvana is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Connection Groups (or Dynamic Suite Composition v2) in App-V 5.0 are great for enabling separate App-V packages to talk to each other. Connection Groups are easy enough to deploy with the App-V Management Server or Configuration Manager 2012; however that isn’t the case for stand-alone scenarios or 3rd party ESDs.

Adding a Connection Group to the client, first requires creating a definition file in XML. Without the App-V Management Server or ConfigMgr (where the resulting file ends up on the client), you’ll need to do that manually. Crafting XML files from scratch using Notepad isn’t my idea of fun.

What’s in a Definition File?

A Connection Group definition file contains the details about the Connection Group and the member packages. Each Connection Group has it’s own group and version ID (GUIDs).

A typical definition file will look something like this:

<?xml version="1.0" encoding="UTF-8"?>
<appv:AppConnectionGroup xmlns="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup" xmlns:appv="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup" AppConnectionGroupId="715f39d8-1b48-4b9a-95e6-d33370564b33" VersionId="9cdf46f3-6716-43d3-b533-5c697878f51f" Priority="2" DisplayName="Adobe Apps">
  <appv:Packages>
    <appv:Package DisplayName="Adobe Reader X" PackageId="abf1cd38-03cf-42af-8b27-564c4b9fcd1e" VersionId="818bc4eb-50f2-4fd4-90e4-9c8ed097e1e9" />
    <appv:Package DisplayName="Adobe Flash Player 11" PackageId="6a22f839-2d22-46dc-9c63-2649e370fce2" VersionId="792c8000-509c-4b1a-b4d7-58be65436d1a" />
  </appv:Packages>
</appv:AppConnectionGroup>

To create the file, we need to generate GUIDs for the group and version IDs, supply a Connection Group display name and priority, and then add the package and version IDs for each member package.

Enter PowerShell

To simplify the process of creating the definition file for a Connection Group, I’ve written a PowerShell function that will handle the heavy lifting for you. New-AppvConnectionGroupFile will create the definition file from a list of App-V packages passed to it.

The function will output the definition file to a specified path and then return that file as an object that you can do further processing with.

#---------------------------------------------------------------------------
# Author: Aaron Parker
# Desc:   Function that uses the App-V 5.0 client to create Connection
#         Group description (XML) files for use with stand alone clients or
#         test scenarios
# Date:   Jan 06, 2013
# Site:   http://blog.stealthpuppy.com
#---------------------------------------------------------------------------

Function New-AppvConnectionGroupFile {
    <#
        .SYNOPSIS
            Creates an App-V 5.0 Connection Group definition file.
 
        .DESCRIPTION
            Creates an XML-based Connection Group definition file from packages added to the current system.

            Packages can be filtered before being passed to the function to control which packages are included in the Connection Group.
 
        .PARAMETER DisplayName
            Specifies the display name of the Connection Group.
 
        .PARAMETER Priority
            Specifies the priority of the Connection Group.

        .PARAMETER Path
            Specifies the App-V connection group definition file to output.

        .PARAMETER Packages
            The packages to include in the Connection Group.
 
        .EXAMPLE
            PS C:\> New-AppvConnectionGroupFile -DisplayName "Internet Explorer Plugins" -Priority 0 -FilePath InternetExplorerPlugins.xml -Packages $Packages

            Creates a Connection Group file named 'InternetExplorerPlugins.xml' with a display name of 'Internet Explorer Plugins' from packages contained within the array $Packages.

        .EXAMPLE
            PS C:\> Get-AppvClientPackage -Name Adobe* | New-AppvConnectionGroupFile -DisplayName "Adobe Apps" -Priority 10 -FilePath AdobeApps.xml

            Creates a Connection Group file named 'AdobeApps.xml' with a display name of 'Adobe Apps' from packages passed via the pipeline from Get-AppvClientPackage.
 
        .NOTES
            See http://blog.stealthpuppy.com/ for support information.
 
        .LINK

http://blog.stealthpuppy.com/code/creating-app-v-5-0-connection-groups-with-powershell/

     #>
 
    [CmdletBinding(SupportsShouldProcess=$True)]
    Param(
        [Parameter(Mandatory=$True, HelpMessage="Connection Group descriptor XML file path")]
        [string]$Path,
        [Parameter(Mandatory=$True, HelpMessage="Display name of the Connection Group")]
        [string]$DisplayName,
        [Parameter(Mandatory=$False, HelpMessage="Connection Group priority")]
        [int]$Priority,
        [Parameter(Mandatory=$True, ValueFromPipeline=$True, HelpMessage="Packages to include in the Connection Group")]
        [System.Array]$Packages
        )

    BEGIN {

# Template XML for an App-V Connection Group description file. Easier than building from an XML object
$templateXML = @' 
<?xml version="1.0" encoding="UTF-8" ?>
<appv:AppConnectionGroup
xmlns="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup"
xmlns:appv="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup"
AppConnectionGroupId="GUID"
VersionId="GUID"
Priority="0"
DisplayName="Display Name">
<appv:Packages>
<appv:Package DisplayName="Package1" PackageId="GUID" VersionId="GUID" />
</appv:Packages>
</appv:AppConnectionGroup>
'@

        # Write out the template XML to a file in the current directory
        $templateXMLFile = $pwd.Path + "\ConnectionGroupTemplate.XML"
        $templateXML | Out-File -FilePath $templateXMLFile -Encoding utf8 -Force

        # Create a new XML object and read the template XML file into this object
        $xml = New-Object XML
        If ((Test-Path $templateXMLFile) -eq $True ) { $xml.Load($templateXMLFile) } Else { Write-Warning -Message "Unable to read template XML file." }

        # Apply the display name and GUIDs to the XML object
        $xml.AppConnectionGroup.DisplayName = $DisplayName
        $xml.AppConnectionGroup.AppConnectionGroupId = ([guid]::NewGuid()).ToString()
        $xml.AppConnectionGroup.VersionId = ([guid]::NewGuid()).ToString()
        $xml.AppConnectionGroup.Priority = $Priority.ToString()

        # Clone the existing package entry to use for new entries
        $newPackage = (@($xml.AppConnectionGroup.Packages.Package)[0]).Clone()
    }

    # Process each supplied App-V package into the XML object
    PROCESS {
        ForEach ( $Package in $Packages ) {
            Write-Progress "Adding packages"
            
            $newPackage = $newPackage.Clone()
            $newPackage.DisplayName = $Package.Name
            $newPackage.PackageId = ($Package.PackageId).ToString()
            $newPackage.VersionId = ($Package.VersionId).ToString()

            # Output appending the child XML entry to null to prevent displaying on screen
            $xml.AppConnectionGroup.Packages.AppendChild($newPackage) > $null
        }
    }

    END {

        # Remove the template package entry from the XML
        $xml.AppConnectionGroup.Packages.ChildNodes | Where-Object { $_.DisplayName -eq "Package1" } | ForEach-Object  { [void]$xml.AppConnectionGroup.Packages.RemoveChild($_) }

        # Save the completed XML to disk
        $xml.Save($Path)

        # Delete the template XML file from disk
        If (Test-Path $templateXMLFile) { Remove-Item $templateXMLFile -Force -ErrorAction SilentlyContinue }

        # Return the new Connection Group description XML file so that it might be processed by other functions
        If (Test-Path $Path ) { Return Get-Item $Path } Else { Write-Warning "Failed to save Connection Group definition file." }
    }
}

Copy and paste the code above into a PowerShell window (or the ISE) to enable the function. You could also save code to a PowerShell module to make it more accessible.

Examples

The function includes help and examples, so that you can view them from within PowerShell (the PowerShell ISE makes that simple). Use the Get-Help cmdlet to view details.

Using the function requires supplying a Display Name and Priority for the Connection Group as well as the list of App-V packages to include in the group. To supply the packages, first ensure they have been added to the local client, so that they can be queried with Get-AppvClientPackage.

In this example, I’ve added the list of packages to the variable $Packages and then supplied that to the New-AppvConnectionGroupFile function. This results in the definition file AdobeApps.xml with any Adobe package included in it.

$Packages = Get-AppvClientPackage -Name Adobe*
New-AppvConnectionGroupFile -Path C:\Packages\AdobeApps.xml -DisplayName "Adobe Apps" -Priority 2 -Packages $Packages

Taking this a step further, I can use a single line of PowerShell to query for a filtered list of packages on the local client, passing that to my function that will create the definition file. The Connection Group is then immediately added to the client and enabled.

Get-AppvClientPackage -Name Adobe* | New-AppvConnectionGroupFile -Path C:\Packages\AdobeApps.xml -DisplayName "Adobe Apps" -Priority 2 | Add-AppvClientConnectionGroup | Enable-AppvClientConnectionGroup -Global

Finally

This is version 1 of this function, so corrections and feedback are welcome. As always use at your own risk.

Creating App-V 5.0 Connection Groups with PowerShell is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

I currently use a MacBook Pro for my personal and work use every day – it’s my primary computing device. It goes with me almost everywhere, so invariably I am moving between secure (e.g. home) and non-secure or public locations (including the office).

Each location therefore, has different contexts – at home I might connect to my Synology NAS and I don’t need to lock the laptop when I walk away from it. Work is a very different context – I don’t have access to the NAS and I’m in a public location where I should be locking the desktop when it’s not in use.

Manually mounting remote shares or changing security settings for each locations is repetitive and time consuming. Surely there’s a better way?

I’m not that keen on writing shell scripts in OS X to automate the process, so I was impressed to come across ControlPlane. With this tool I can define different contexts and then enable certain actions based on those contexts.

So here’s how I’m using ControlPlane to make life easier by performing tasks as I move between home and work (or any other locations).

Installing ControlPlane

Downloading and installing ControlPlane is very simple – download the disk image (DMG file) and drag ControlPlane to your Applications folder.

Launch ControlPlane and enable ‘Start ControlPlane at login’ (if it’s not running, actions won’t fire). Here I’ve also set a default context (Secure). This is important because I want the secure actions firing by default with other actions only firing if I connect to a specific context (such as Home).

I’ve enabled the display of the context name in the menu bar so that I can easily see which context the laptop is in:

Configuring Contexts

Create a Context with a name, Evidence Sources (properties of a location, physical configuration, peripherals, time of day etc) and Rules (these define evidence sources that describe the context).

I’ve created three Contexts – Home, Mobile (for use with a MiFi-style device) and Secure. Rules are applied to Home and Mobile, whilst Secure has no rules applied and thus applies to any location that isn’t Home or Mobile.

To define the Home context, I’ve used the ‘WiFi BSSID’ rule to define that if the MacBook has a connection to my home router, then I must be at home. 100% confidence is enabled on this rule because I know it’s highly unlikely that I’ll be connected to the same SSID and MAC address at any other location.

I could use various other evidence sources; however I’ve found that a WiFi connection is the simplest approach for my needs.

Enabling Actions

For each Context I’ve enabled various actions. When the laptop connects to my home WiFi, the following actions will take place:

• Disable the requirement to enter my password when opening the lid or after a screensaver fires (System Preferences / Security & Privacy / General)
• Mounting a share (or shares) on the NAS
• Enabling Time Machine

When the Secure context is enabled, the follow actions take place:

• Enable the requirement to enter a password when the desktop is locked
• Disable Time Machine (without access to the NAS, there’s little use in Time Machine running)

Action Details

ControlPlane provides a plethora of actions and enabling or disabling Time Machine is straight forward. Mounting a remote share or enabling/disabling the screen lock are a little more nuanced.

Mounting or dismounting a remote share requires the full path to that share. That full path can be found via Get Info from the right-click context menu on the share.

I could also unmount the same share when I leave the Home context.

A shell script is needed to configure the requirement for a password when unlocking OS X. This uses the defaults command to directly modify the system preferences. Here’s the commands to lock:

defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0

And here are the commands to unlock:

defaults write com.apple.screensaver askForPassword -int 0
defaults write com.apple.screensaver askForPasswordDelay -int 3600

Save these commands in text files on the file system (e.g. enable-passwordlock.sh and disable-passwordlock.sh) and mark them as executable with:

chmod u+x <script name>.sh

Then add System actions in ControlPlane to execute the shell scripts at in the right context:

Life is Good

With ControlPlane I’ve got a great (and free) solution to automating some common actions that I’ve previously been performing manually as I move between home and work. First world problems solved again.

In this article I’ve only shown a couple of examples of what’s possible with ControlPlane, so I recommend checking it out for yourself to see how it can improve your workflows.

Context based automation in Mac OS X is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

February 8^th 2013 is the date for the 2^nd European App-V User Group Conference, which will take place at Microsoft Netherlands HQ (right next to Schiphol Airport).

The first European App-V User Group in 2011 was a great success also due the overwhelming number of attendants. Over 100 people from 14 different countries took part in the event.

This is the chance to hear from a number of App-V MVPs, including Falko Gräfe, Nicke Källén, Ment van der Plas, Ruben Spruijt, Jurjen van Leeuwen, Kalle Saunamäki and Rodney Medina. In addition, Madelinde Walraven and Sebastian Gernert from Microsoft Support will also be present.

The initiative is focused on bringing people from the App-V community together to learn about Microsoft App-V from the experts and to share experiences and real-world knowledge, plus it will be an excellent opportunity to learn about Microsoft App-V 5.0. The events is sponsored by Login Consultants, but is free from commercial messaging.

If you would like to participate, seats are limited to be sure to register ASAP. See the agenda for a list of all topics for the day.

Unfortunately, I can’t make it this year – I’ll be sipping some lagers in Bruges.

Don’t miss out on the greatest (App-V) show on Earth is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

I’ve previously written articles on virtualizing Mozilla Firefox, but with Firefox releases more regular these days and the release of App-V 5, it makes sense to split details on configuring Firefox for an enterprise deployment and virtualizing Firefox into separate articles.

Whilst this article will cover some recommendations for configuring a Firefox deployment in an enterprise that can be used when virtualizing Firefox with various solutions, including App-V.

Features to control in an enterprise

There are a number of features that might be considered for disabling or configuring in an enterprise environment where users generally won’t have administrative rights and IT may want to control the default user experience.

These might include:

• Import Wizard – Firefox starts a wizard on first run that imports settings from other browsers. You may want to remove this wizard to simplify the startup of Firefox
• Automatic updates for Firefox – Options / Advanced / Update / Firefox updates. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
• Mozilla Maintenance Service – Firefox installs an updater service that allows updating Firefox automatically, whilst avoiding UAC prompts. This service should be disabled or not installed in a controlled environment including under application virtualization
• Default browser check – Options / Advanced / General – Always check to see if Firefox is the default browser on startup. Under App-V 4,x, once Firefox is isolated from the OS, the user won’t be able to make it the default browser (this will work under App-V 5)
• The ‘Welcome to Firefox’ tab, the ‘Know your rights’ and ‘Improve Firefox’ notifications

There is a way to control many of these settings through Group Policy, but if we get these right at install time, there’s no need for the overhead of GPOs. I will cover using a few of these customisations to ensure these features are disabled for any new Firefox profile.

Locking down and controlling Firefox options

Firefox can be configured with defaults for any new profile and locked down so that it will contain your required configuration options. Mozilla has made it easy to deploy custom default settings and preferences – by adding some specific files at install time (assuming the default install location):

• %ProgramFiles%\Mozilla Firefox\defaults\pref\local-settings.js
• %ProgramFiles%\Mozilla Firefox\Mozilla.cfg
• %ProgramFiles%\Mozilla Firefox\override.ini
• %ProgramFiles%\Mozilla Firefox\defaults\profile\chrome\userChrome.css

Firefox itself and any new user profile will be configured with desired preferences and locked down. You can find more detailed documentation on these features in the following articles:

• local-settings.js and Mozilla.cfg (Locking preferences)
• override.ini and Firefox command line options
• UserChrome.css and Chrome element names and IDs
• Enterprise Build Of Firefox For Deployment

To enforce user settings we can leverage the ability to lock Firefox preferences and use UserChrome.css to remove the associated user interface elements.

Local-settings.js

Local-settings.js is used to tell Firefox to read Mozilla.cfg for some configuration items. Add the following lines to local-settings.js:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

Mozilla.cfg

Here’s is where we can lock specified Firefox preferences. In the listing below, we’ve disabled the auto-update feature, the ‘Welcome to Firefox’ tab, the ‘Know your rights’ and ‘Improve Firefox’ notifications. The last (highlighted) line will disable the ability to set the browser as default.

This is useful where you would like to restrict this functionality and is applicable to App-V 4.x environments where attempting to set a virtualized Firefox as default won’t work. Under App-V 5, remove this line so that users can set Firefox as the default browser if they wish.

lockPref("app.update.auto", false);
lockPref("app.update.enabled", false);
lockPref("app.update.service.enabled", false);
lockPref("toolkit.telemetry.prompted", true);
lockPref("browser.rights.override", true);
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);

Override.ini

To disable the browser Import Wizard on first run, place the following lines into override.ini

[XRE]
EnableProfileMigrator=false

userChrome.css

Mozilla has made it a fairly straight forward process to remove browser user interface elements using userChrome.css. Where browser functionality has been disabled, we can remove the corresponding UI to avoid user confusion. Enter the following lines into userChrome.css; however remove the highlighted line if you would like users to be able to set Firefox as the default browser:

/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that aren't suitable for application virtualization */

/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }

/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }

/* Help - About - Check for Updates button */
#updateButton { display: none !important; }

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. For most deployments the installer won’t require modification and installation can be automated by passing an INI file with setup configuration details to the installer. This enables you to control setup and set options such as preventing the desktop shortcut from being added, or control the target directory that Firefox is installed to (useful when virtualizing).

An installation script for Firefox should perform the following tasks:

• Install Mozilla Firefox with installer command line arguments – use the INI file approach to control for finer control over the installation
• After installing Firefox, copy the configuration files to the correct locations
• Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
• Optionally set Mozilla Maintenance service to disabled, if it is installed

For an example script that will automate the install and configuration of Firefox using the recommendations outlined in this article, see the script below. Note the highlighted line, where I can change the target installation directory for Firefox:

@ECHO OFF
SET SOURCE=%~dp0
SET SOURCE=%SOURCE:~0,-1%
SET INSTALLPATH=%ProgramFiles%\Mozilla Firefox

REM Create the Firefox answer file
ECHO [Install] > %SOURCE%\Firefox.ini
REM    InstallDirectoryName=Firefox >> %SOURCE%\Firefox.ini
ECHO InstallDirectoryPath=%INSTALLPATH% >> %SOURCE%\Firefox.ini
ECHO QuickLaunchShortcut=false >> %SOURCE%\Firefox.ini
ECHO DesktopShortcut=false >> %SOURCE%\Firefox.ini
ECHO StartMenuShortcuts=true >> %SOURCE%\Firefox.ini
ECHO MaintenanceService=false >> %SOURCE%\Firefox.ini

REM Install Firefox - the START command will not work if the Firefox setup filename includes spaces
START /WAIT /D %SOURCE% FirefoxSetup19.0.2.exe /INI=%SOURCE%\Firefox.ini

REM Configure Firefox profile defaults and preferences locking
IF NOT EXIST "%INSTALLPATH%\defaults\profile\chrome" MD "%INSTALLPATH%\defaults\profile\chrome"
COPY /Y %SOURCE%\userChrome.css "%INSTALLPATH%\defaults\profile\chrome\userChrome.css"
IF NOT EXIST "%INSTALLPATH%\defaults\pref" MD "%INSTALLPATH%\defaults\pref"
COPY /Y %SOURCE%\local-settings.js "%INSTALLPATH%\defaults\pref\local-settings.js"
COPY /Y %SOURCE%\Mozilla.cfg "%INSTALLPATH%\Mozilla.cfg"
COPY /Y %SOURCE%\override.ini "%INSTALLPATH%\override.ini"

REM Disable the Mozilla Maintenance Service to prevent updates (in the event the service is installed)
sc config MozillaMaintenance start= disabled

If the installation has been configured correctly, Firefox should start and not display the Import Wizard or any of the other prompts and start-up tabs. Additionally, if you navigate to about:config, a number of preferences should be listed as locked:

To make it easier, I’ve included the configuration files and the installation script listed above in a single ZIP file that you can download here:

Mozilla Firefox Enterprise Install and Configure Scripts

Finally

The approach outlined in this article should provide you with a deployment of Firefox that can be used in an enterprise where control of the browser is required. I’ve only covered a few of the things that are possible when customising the installation and if you dig a little deeper you can come up with a setup to suit your own environment.

This is also a key approach to use when virtualising Firefox. Controlling the browser options and automating the installation will assist in producing better application virtualization packages.

Further Reading

Here’s some other articles from around the tubes that cover this topic and are also useful references:

• Customizing the Firefox Installer on Windows (2012)
• Install and Configure Firefox 18 silently

Prepare Mozilla Firefox for Enterprise Deployment and Virtualization is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

The App-V 5 Sequencer, just like version 4.6 SP1, includes support for Sequencer Templates. These are an ideal approach for ensuring the use of the same set of Sequencer settings and exclusions across all packages.

App-V 5 captures many additional locations that weren’t captured by the version 4 Sequencer. This isn’t generally an issue for packages; however excluding unneeded data means that data isn’t streamed to clients unnecessarily. Listed below is sequencer template that includes a few additional locations that I’d recommend excluding.

In the listing below, the highlighted line is a local folder into which all application installations are executed from (i.e. setup has been copied locally to the sequencing VM). This ensures that any files created by the application setup are not captured during installation.

Attached here is a downloadable copy of the template listing:

App-V 5 Sequencer Template

<?xml version="1.0" encoding="utf-8"?>
<SequencerTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <AllowMU>true</AllowMU>
  <AppendPackageVersionToFilename>true</AppendPackageVersionToFilename>
  <AllowLocalInteractionToCom>false</AllowLocalInteractionToCom>
  <AllowLocalInteractionToObject>false</AllowLocalInteractionToObject>
  <FileExclusions>
    <string>[{Profile}]\NTUSER.DAT</string>
    <string>[{Local AppData}]Low</string>
    <string>[{AppVPackageDrive}]\Packages</string>
    <string>[{CryptoKeys}]</string>
    <string>[{Common AppData}]\Microsoft\Crypto</string>
    <string>[{Common AppData}]\Microsoft\Search\Data</string>
    <string>[{Cookies}]</string>
    <string>[{History}]</string>
    <string>[{Cache}]</string>
    <string>[{Local AppData}]</string>
    <string>[{LocalAppDataLow}]</string>
    <string>[{Personal}]</string>
    <string>[{Profile}]\Local Settings</string>
    <string>[{Profile}]\NTUSER.DAT.LOG1</string>
    <string>[{Profile}]\NTUSER.DAT.LOG2</string>
    <string>[{Recent}]</string>
    <string>[{Windows}]\Debug</string>
    <string>[{Windows}]\Logs\CBS</string>
    <string>[{Windows}]\Temp</string>
    <string>[{Windows}]\WinSxS\ManifestCache</string>
    <string>[{Windows}]\WindowsUpdate.log</string>
    <string>[{AppVPackageDrive}]\$Recycle.Bin</string>
    <string>[{AppVPackageDrive}]\System Volume Information</string>
    <string>[{AppData}]\Microsoft\AppV</string>
    <string>[{Local AppData}]\Temp</string>
    <string>[{ProgramFilesX86}]\Microsoft Application Virtualization\Sequencer</string>
    <string>[{AppVPackageDrive}]\Boot</string>
    <string>[{Windows}]\ServiceProfiles</string>
    <string>[{Windows}]\AppCompat</string>
    <string>[{Windows}]\Logs</string>
    <string>[{SystemX86}]\wbem</string>
    <string>[{SystemX86}]\config</string>
    <string>[{SystemX86}]\SMI</string>
  </FileExclusions>
  <RegExclusions>
    <string>REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography</string>
    <string>REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Internet Settings</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Streams</string>
    <string>REGISTRY\MACHINE\SOFTWARE\Microsoft\AppV</string>
    <string>REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AppV</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\AppV</string>
    <string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\AppV</string>
  </RegExclusions>
  <TargetOSes />
</SequencerTemplate>

App-V 5 Sequencer Template is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little preparation. Before embarking on sequencing Firefox, please refer to this companion article – Prepare Mozilla Firefox for Enterprise Deployment and Virtualization – which covers configuring a Firefox installation for virtualizing. It’s important that Firefox is configured correctly for virtualization by disabling specific features.

User Experience

Typically, virtualizing an application changes the user experience due to the introduction of isolation. With App-V 5 there’s no such change to the way users might interact with Firefox. Users can even set a virtualized Firefox as their default browser.

Firefox features to disable

There are a couple of features that should be disabled when running Firefox under App-V 5:

• Automatic updates for Firefox – Options / Advanced / Update / Firefox updates. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
• Mozilla Maintenance Service – Firefox installs an updater service that allows updating whilst avoiding UAC prompts. This service should be disabled or not installed

Read the article Prepare Mozilla Firefox for Enterprise Deployment and Virtualization for full details on removing these options during installation.

Managing the Firefox profile

Firefox stores preferences, extensions and other user data in:

• %APPDATA%\Mozilla (preferences, bookmarks etc.); and
• %LOCALAPPDATA%\Mozilla (browser cache)

The default behaviour of the App-V Sequencer is to exclude %LOCALAPPDATA% – this is a good thing and I don’t recommend removing this exclusion. %APPDATA% will be included by default and whether you leave this location included in the package will depend on your specific deployment requirements; however my recommendation is to exclude this location by adding [{AppData}]\Mozilla to the exclusion list in your sequence. On the client, Firefox will then create a new profile in the real file system when the user starts the browser for the first time.

Virtualizing the profile increases the complexity of upgrading Firefox packages especially challenging given Mozilla’s approach to Firefox releases. By storing the Firefox profile on the real file system, Firefox can be deployed via completely unrelated packages – no need to create upgrade versions. By excluding %APPDATA% and not virtualizing the user profile you will gain some flexibility with your Firefox deployment.

Sequencing Platform

Sequence Firefox on a clean Windows 7 SP1 x86 VM with all current updates and no other applications other than the App-V Sequencer. The Firefox version available from Mozilla is an x86 application, so I generally recommend sequencing Firefox on Windows 7 x86 virtual machine even though you may be deploying to 64-bit Windows. However confirm this in your own environment and re-sequence for 64-bit platforms if required.

Sequencer Configuration

Before sequencing, add the following recommended exclusions. :

• [{AppData}]\Mozilla
• [{Common AppData}]\Microsoft\RAC
• REGISTRY\USER\ [{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Download the following Sequencer Template as a starting point for your Firefox sequence:

App-V 5 Sequencer Template

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. Sequence Firefox by following these high level steps:

• Install Firefox
• Configure profile defaults and preferences locking
• Optionally add global add-ons and install plug-ins such as Adobe Flash Player (assuming you want this in the same package)

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Firefox package if required.

• Mozilla Firefox installer command line arguments – use the INI file approach to control where Firefox is installed and to prevent the addition of a desktop shortcut, if required
• After installing Firefox, copy user.js to %ProgramFiles%\Mozilla Firefox\defaults\profile
• Copy userChrome.css to %ProgramFiles%\Mozilla Firefox\defaults\profile\chrome
• Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
• If you are including Adobe Flash player in the package, be sure to disable the auto-update notification

Before sequencing, copy all of the required files into the sequencing VM, which should like something like this:

For a walkthrough of the sequencing process, using the installation script outlined in the Firefox deployment article, see the following screenshots:

[Show as slideshow]

First Run Tasks and Primary Feature Block

If the steps above have been followed for exclusions, installation and configuration of Firefox, there will be no first run tasks to complete. Additionally the resultant package will be reasonably small so there is no need to create the Primary Feature Block. Because you don’t need to complete first run tasks or create the Primary Feature Block, you could automate the entire end-to-end process of creating a Firefox package using the App-V 5 Sequencer PowerShell module.

Automating the Firefox sequence

With the provided script, sequencing Firefox with the App-V 5 PowerShell module is very simple. Use the PowerShell script below to create a Firefox package based on the steps outlined above.

Import-Module AppvSequencera
New-Item -Path C:\Packages\MozillaFirefox19 -ItemType Directory
CD C:\Packages\Firefox19
New-AppvSequencerPackage -Name "Mozilla Firefox 19" -TemplateFilePath .\AppV5SequencerTemplate.appvt -OutputPath C:\Packages -PrimaryVirtualApplicationDirectory C:\MozillaFirefox -Installer .\InstallFirefox.cmd

Finally

Save your package and deploy. With compression enabled, the package should be around 27Mb.

Sequencing Mozilla Firefox with App-V 5.x is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

If you’re attending BriForum London next week, I have a couple of lightning round sessions on Thursday at 13:40:

• Should Office Be in the Base Image?
• The Definitive Guide to Deploying Microsoft Office with App-V

This is really a single topic, but with any luck the discussion should be good and I’ll share my tips for successfully virtualising Office, if I haven’t talked you out of it in the first part of the presentation.

If you’re coming to BriForum London, drop by and say Hi.

BriForum talk – Office and App-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

I’ve been fortunate enough to have performed technical editor duties on a couple of App-V books by Augusto Alvarez - Getting Started with Microsoft Application Virtualization 4.6 and Microsoft Application Virtualization Advanced Guide.

Packt Microsoft Carnival is a special offer by Packt Publishing during May where you can acquire several Microsoft’s titles with discounts.

Packt’s Microsoft Carnival includes a variety of titles on App-V, BizTalk, SharePoint, SQL Server, Silverlight, .NET Framework stack, XNA, Forefront, System Center and more. Packt has reduce the prices on its selected Microsoft titles by up to 30%. Some of the books include:

• Getting Started with Microsoft Application Virtualization 4.6
• Microsoft Application Virtualization Advanced Guide
• Microsoft SQL Server 2012 Performance Tuning Cookbook
• BizTalk Server 2010 Cookbook
• iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment
• Microsoft System Center 2012 Endpoint Protection Cookbook
• Microsoft Data Protection Manager 2010

Augusto’s two App-V books are also available in other stores, but the Packt Microsoft Carnival discount only applies in Packt Publishing site.

Augusto’s original post is here: App-V Books with Packt Publishing Discounts on May

App-V Books from Packt Publishing available with discounts in May is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

At Citrix Synergy 2012, I had the distinct pleasure of moderating a Geek Speak panel:  ”User Environment Management smackdown 2012″ with Shawn Bass, Helge Klein, Harry Labana from AppSense, Bob Janssen from RES Software and Mike Larkin from Citrix on the state of User Environment Management.

Feedback was good and I’m hoping that we might be able to do something new on this topic in Barcelona later this year.

Unfortunately I don’t think it was recorded, but if you’d like to see the slide deck, I’ve embedded it (via SkyDrive) below:

Citrix Synergy 2012 – Slide deck for Geek Speak Live ‘User Environment Management smackdown 2012′ is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

I shared a lightning round session at BriForum London 2012 with Dan Brinkmann. I rolled two lightning rounds (including Should Office Be in the Base Image?) into one with The Definitive Guide to delivering Office with App-V.

We were very lucky to have a great turn out considering the strong competition in the other sessions for that slot. Thanks to those who attended, it was very much appreciated.

If you’re interested in taking a look at the slide deck, I’ve embedded (via SkyDrive) it below:

BriForum London 2012 – Slide deck for The Definitive Guide to delivering Office with App-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Deploying Citrix Receiver (full or Enterprise) via an unattended command-line, may result in the installer running indefinitely and not completing until you interact with the target machine.

This behaviour will be seen on virtual machines (physical desktops shouldn’t be affected) regardless of hypervisor type. I have seen the issue on vSphere and Hyper-V and various type-2 hypervisors, but haven’t confirmed whether the issue exists on XenServer. By giving the virtual machine console focus and doing something as simple as moving the mouse cursor around, the Receiver installer will continue successfully.

Receiver can be silent installed using a command-line like this:

CitrixReceiverEnterprise.exe /noreboot /silent /includeSSON SERVER_LOCATION="http://storefront.demolab.test/Citrix/DemoLabStore/PNAgent/config.xml"

Taking a look at the installer’s log file (search in %TEMP% for the logs with the prefix CtxInstall- or TrollyExpress-) gives an indication of what the issue is. Looking for any time discrepancies, reveals a large gap between actions (which matchs the installer kicking off and me interacting with the target VM)

15:12:29: Information - CInstallationManager::InstallComponent(426) - Running InstallComponent method for: USB.
15:12:29: Information - CInstallationManager::InstallComponent(462) - Installing Component: ID = USB
15:12:29: Information - CInstallationManager::InstallComponent(598) - Component Install Commandline: REBOOT=ReallySuppress MSIDISABLERMRESTART=0 MSIRESTARTMANAGERCONTROL=0 ARPSYSTEMCOMPONENT=1 NEED_RECEIVER=n SILENT=1 SERVER_LOCATION="http://storefront.demolab.test/Citrix/DemoLabStore/PNAgent/config.xml" ALLUSERS=1
16:52:49: Information - CComponent::CreateRegistryRecords(621) - Writing registry records for uninstall.

Something to do with the USB support provided by Receiver for XenDesktop doesn’t install correctly when the virtual machine’s console does not have focus. Unfortunately the root cause might be a little more difficult to find.

Fortunately, though, it’s unlikely that USB support is required for a virtual machine running in the data centre. So to avoid installing the USB support and ensure the install completes, we can modify the Receiver components that are installed with a command-line similar to this:

CitrixReceiverEnterprise.exe /noreboot /silent /includeSSON ADDLOCAL=ReceiverInside,ICA_Client,SSON,SELFSERVICE,DesktopViewer,Flash,PN_Agent,Vd3d SERVER_LOCATION="http://storefront.demolab.test/Citrix/DemoLabStore/PNAgent/config.xml"

For more information on the command-line options for installing Receiver, see this page on eDocs: To configure and install the Citrix Receiver for Windows using command-line parameters

Automated Citrix Receiver deployment hangs indefinitely is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

There’s one thing that I can’t get enough of when automating Windows deployments, it’s ambiguous and confusing error messages. More please, I’m a sucker for punishment.

Here’s one I’ve been troubleshooting on and off for a while – an unattended Windows deployment via MDT fails with error 0×80004005, which is about as helpful as a brick life vest.

Similarly, the MDT log files are pretty useless in narrowing down a root cause. Whilst I couldn’t use the log files to help me discover the issue, I have been using MDT to deliver the same task sequence on multiple hypervisors in our lab environment.

As it turns out the issue can be caused by a fairly specific configuration – delivering Windows Server 2008 R2 with the Remote Desktop Services Session Host (RDSH) role enabled via UNATTEND.XML to a virtual machine on Hyper-V with Dynamic Memory enabled and the Startup RAM set to 512MB.

Dynamic Memory is probably something you would not run for RDSH in production, so there’s a few workarounds:

1. Set the Startup RAM higher than 512MB
2. Don’t use Dynamic Memory for an RDSH server (the recommend solution)
3. Use PowerShell to reconfigure the Dynamic Memory settings after Windows has been deployed to the virtual machine

Unattended Windows deployment fails with 0×80004005 under Hyper-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

While working on a PowerShell script to drive OS deployment through MDT, I’ve needed to obtain the UUID from a target virtual machine. Unfortunately this isn’t just a property of the VM that you get through Get-VM. Instead you’ll need jump through a few hoops to retrieve the right UUID.

I’ve haven’t had to re-invent the wheel on this one, as I’ve taken some tips from this VMware Community thread and a blog post by Ken Smith. I have simplified things a little by writing a function that you can use to return the UUID as a string from a virtual machine object (gathered from Get-VM) to the function.

To use the function, first ensure that PowerCLI is installed and that you’ve connected to a host or vCenter, so that a target VM can be returned and then passed to the function.

For example, I could use the following command to retrieve the UUID from a target VM:

PS C:\> Get-VM -VM "W7VM1" | Get-vSphereVMUUID
554c0342-c2c7-c3b7-8258-96eb00f62b0c

Code listing below:

#---------------------------------------------------------------------------
# Author: Aaron Parker
# Desc:   Function that uses retrieves the UUID from a specified VM and
#         transposes it into the right format for use with MDT/SCCM etc
# Date:   Mar 24, 2013
# Site:   http://blog.stealthpuppy.com
#
# Original code snippets from:
# http://communities.vmware.com/thread/239735
# http://www.keithsmithonline.com/2013/02/powershell-show-vmware-vm-UUID.html
#---------------------------------------------------------------------------

Function Get-vSphereVMUUID {
    <#
        .SYNOPSIS
            Retrieves the UUID from a specified VM and formats it correctly for use with MDT/SCCM etc.

        .DESCRIPTION
            Retrieves the UUID from a specified VM and formats it correctly for use with MDT/SCCM etc. Returns the UUID as a string that can be passed to other functions.

            Requires that a VM object is passed to the function. That object will first have to be created before being passed to this function.

        .PARAMETER VM
            Specifies the VM to retrieve the UUID from.

        .EXAMPLE
            PS C:\> Get-vSphereVMUUID -VM "W7VM1"

            Retrieves the UUID from a VM named W7VM1.

        .EXAMPLE
            PS C:\> $VM | Get-vSphereVMUUID

            Retrieves the UUID from a VM piped to this function.

        .NOTES
            See http://blog.stealthpuppy.com/ for support information.

        .LINK

http://blog.stealthpuppy.com/code/retrieving-a-vms-uuid-from-vsphere/

     #>

    [CmdletBinding(SupportsShouldProcess=$True)]
    Param(
        [Parameter(Mandatory=$True, ValueFromPipeline=$True, HelpMessage="Specify the VM to retrive the UUID from.")]
        [System.Object]$VM
        )

    BEGIN {
    }

    PROCESS {
        # Retrive UUID from vSphere
        $UUID = $VM | %{(Get-View $_.Id).config.UUID}

        #Transpose UUID into expected format
        # Section 1
        $UUID11 = $UUID.Substring(0,2)
        $UUID12 = $UUID.Substring(2,2)
        $UUID13 = $UUID.Substring(4,2)
        $UUID14 = $UUID.Substring(6,2)

        # Section 2
        $UUID21 = $UUID.Substring(9,2)
        $UUID22 = $UUID.Substring(11,2)

        # Section 3
        $UUID31 = $UUID.Substring(14,2)
        $UUID32 = $UUID.Substring(16,2)

        # Section 4
        $UUID41 = $UUID.Substring(19,4)

        # Section 5
        $UUID51 = $UUID.Substring(24,12)

        # Piece the strings together
        [string]$UUIDa = "$UUID14$UUID13$UUID12$UUID11"
        [string]$UUIDb = "$UUID22$UUID21"
        [string]$UUIDc = "$UUID32$UUID31"
        [string]$UUIDd = "$UUID41"
        [string]$UUIDe = "$UUID51"
        [string]$UUIDfixed = "$UUIDa-$UUIDb-$UUIDc-$UUIDd-$UUIDe"
    }

    END {
        # Return the UUID
        Return $UUIDfixed
    }
}

Retrieving a VM’s UUID from vSphere is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

With thanks to Nicke’s latest post, the App-V Recipes and Tips list has hit 400 links!

If you haven’t seen this list previously, this is the place to find recipes, tips, workaround and fixes for various applications that the community has built around Microsoft App-V. A big thanks to all those community members who have contributed to this list and shared their knowledge.

If you’d like to keep up to date, as links are added, there’s an RSS feed for the list, and the list itself is searchable (here’s an example for Firefox recipes).

Here’s to the next 400.

400 App-V Recipes! is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

At Citrix Synergy in Anaheim next month, I’ll have the opportunity to present a Geek Speak Live session – Hands Off My Gold Image! If you aren’t automating the creation of your gold images, there’s lots to learn in this session. Even if you are automating your gold images, perhaps there’s something new that I can still share with you. In this session, which will be demo heavy, I’ll show you some ways that you can deliver build automation with toolsets provided by Microsoft and Citrix.

I’m big on automation, especially when it comes to gold images. If you’re building images via a manual process, I contend that you cannot deliver the quality and consistency that is provided through an automated process. PVS, MCS/linked clones etc. are not a replacement for automation either. An open and repeatable build process improves the user experience and reduces the cost of support, because Windows is no longer a black box. Instead the entire process from start to finish, can be viewed, interrogated and understood by everyone.

In my role at Kelway, I get to talk many customers about how to better deliver and manage their physical and virtual desktop environments, but it’s still surprising to me that often automation is an afterthought.

So for this talk, I wanted to provide more than just anecdotal evidence, I’d like to back up my approach with some real data. That’s where I need 60 seconds of your time to contribute to a survey. Here’s a 5 question, anonymous survey designed to gather some details on OS automation in hosted desktop environments:

This survey will be available until at least Synergy in May, where I’ll present the results during my talk - Hands Off My Gold Image!

Take part in the OS Deployment Automation Survey is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Thanks to everyone who attended my Geek Speak Live session at Citrix Synergy 2013 in Anaheim yesterday. I’ll post details about the session and the slide deck next week for those who couldn’t attend.

In the mean time, here’s one of the demos that I ran during the session that shows using the Microsoft Deployment Toolkit to deploy WIndows 7 to a target VM and then capture that image into a PVS vDisk, completely hands free (apart from kicking the deployment off, of course).

Here’s a flow chart that gives an overview of what the script does:

The video is available in HD resolution (720) so you can see the full details.

Hands off my gold image! – Video: automated PVS image deploy and capture is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Here’s another demo that I showed during my Geek Speak Live session at Citrix Synergy 2013 at Anaheim yesterday.

In a 45 minute session on MDT and automating gold image deployments there’s not enough time for such a large topic, so perhaps I should have dropped this one; however this is interesting nonetheless. Using PowerShell to drive Hyper-V and MDT, this demo shows a full Windows 8 deployment from start to ready for user logon. This approach might be useful for persistent virtual desktops, or with a little more effort, using the image in a XenDesktop 7 desktop catalog created with PowerShell.

Here’s a flow chart that gives an overview of what the script does:

The video is available in HD resolution (720) so you can see the full details.

Hands off my gold image! – Video: Windows 8 zero-touch deployment is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Here’s a deployment demo that I showed during my Geek Speak Live session at Citrix Synergy 2013 at Anaheim last week as well as during BriForum London 2013 when I had the opportunity to co-present a session with fellow CTP, Jim Moyle.

Using PowerShell to drive vSphere, MDT, Atlantis ILIO and XenDesktop, this demo shows a full Windows 7 gold image deployment from a template VM. This script uses an MDT task sequence to deploy Windows to the VM, which is then cloned on the ILIO datastore. The created VMs, which are effectively persistent, are then imported into a new XenDesktop desktop catalog. This is largely an academic exercise at this point, but is has been intended as an exploration into an alternative to Citrix PVS.

Here’s a flow chart that gives an overview of what the script does:

The video is available in HD resolution (720) so you can see the full details.

Hands off my gold image! – Video: PowerShell, MDT, Atlantis ILIO and XenDesktop deployment is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Here’s an overview of my talk from Citrix Synergy 2013 – Hands off my gold image!  If you were unable to attend Synergy or missed my session, this is a short version of the talk, but hopefully it will give you an idea of what was covered.

In this session I’ve covered three main topics – why I believe that automating your gold iamges is important, who is and who isn’t automating their gold images based on the results of a poll that I conducted earlier this year, and then an overview of how to achieve automation with the Microsoft Deployment Toolkit.

Why is automation important?

When talking about gold image automation, I think it’s worth putting this topic into some context by using where I work as an example of how build automation is important from a consultancy perspective. At Kelway, we have a particularly busy EUC architecture and consulting team and we deal with (what I think is at least) a large number of customers implementing hosted desktop solutions.

We typically see build automation used in physical desktops environments (although this isn’t always the case) but strive to encourage customers to utilise some form of automated deployment in both physical and hosted desktops environments. For the consulting team that is delivering solutions in the field, it’s important they have a delivery framework for that build automation and we’ve settled on the Microsoft Deployment Toolkit as our tool of choice. This is good, not only for those customers who do not already have a deployment solution, but enables us to provide a standardised approach the fits in with any deployment solution/ESD.

Using an industry standard framework, allows us to deliver consistency and dependability across deployments whilst being able to take advantage of improvements that Microsoft delivers with each new release of MDT.

How easy is it to achieve build automation? One of the great benefits of MDT is its simple architecture; however that doesn’t mean that build automation is an easy task. Easy implies a short learning curve and for anyone that has a few years deploying Windows and/or has some basic scripting under their belt, it’s not a big jump to being able to automate an install of Windows and a set of applications.

That said, there’s no way around it – automation takes time and effort. Automation requires discipline and process must be followed (perhaps even created to start with). Third party (or even in-house) application developers can make also automation particularly challenging on the Windows platform.

The reward though, is a better user experience and a lower total cost of ownership of the desktop environment. Build automation provides a management framework that will always beat (but never replace) documentation. An engineer can look into the build process and see exactly what has been delivered into an environment, because no guesses have to be made or documentation translated.

At what point though, do you spend too much time trying to automate the desktop environment?

For a solutions provider or consulting practice, build automation speeds many of the common tasks required for a desktop environment. This is why a framework such as MDT is so important – it  provides faster deployment times but only as long as you’ve put the work in to start with.

In an engagement for smaller environments, automation can sometimes be a tough sell. There will invariably many additional tasks that might be time consuming to automate (typically application installs) and it’s not uncommon to find a single task that takes an inordinate amount of time to get right.

Perhaps in some environments, it’s important to strive to automate as much as is possible within a reasonable amount of time and deal with the remaining tasks manually, i.e. use the 80/20 rule to achieve the best bang for your buck.

Here’s an excellent example of where build automation can directly impact the user experience. Here’s the default user experience of a Windows Server 2008 R2 Remote Desktop Session Host server with the Desktop Experience feature enabled:

This is far from ideal from a user perspective – administrative tools are pinned to the taskbar by default, the wallpaper has Windows Server stamped on it and on first run of Internet Explorer the user is prompted with a first run wizard. This is just too noisy and creates a jarring experience for the user. Citrix provides a partial solution to this in XenApp 6.5, but this relies on Group Policy.

Most of these user experience issues could fixed with Group Policy; however that approach requires that Group Policy is processed at each logon (especially in a non-persistent desktop environment) and Group Policy typically enforces settings, instead of being a preference. If your goal is to reduce logon times, then move those settings in to your gold image instead. An automated build is an opportunity to ensure the default user experience (i.e. the default profile) is configured for first logon without a reliance on Group Policy or another UEM toolset.

Who’s doing it?

I received 100 responses to my poll which gave me a reasonable data set to draw some conclusions from; however given my audience I suspect the sample may not be completely representative of the broader hosted desktop deployments. The results are interesting nonetheless.

Here’s a breakdown of the hosted desktop / desktop virtualization solutions in use by respondents (multiple solutions could be selected). Citrix XenApp and XenDesktop were most popular by far, which is great for a presentation at Citrix Synergy.

Here’s how those hosted desktops are provisioned (multiple solutions could be selected). I could have removed the Other option from this question because in hind sight it didn’t actually make that much sense.

Here’s the tools used to creation the gold image for those desktops. The Other responses included solutions such as Matrix 42, RES Automation Manager and FrontRange DSM.

Finally, here what I was interested in – who is using automated build process and who is still manually building images from the Windows ISO.

I suspect that if we were to increase the data set, the percentage of manual builds would actually be higher than the 26% seen here.

So what about mixing this up a bit? Here’s the deployment types broken down by respondents using XenApp with Provisioning Services (at 23%):

And XenDesktop with Machine Creation Services (at 24%):

Again, I think the numbers of manual builds here are bit low if I compare against what I see in the real world. That said, my view is that 23/24% respondents using a manual build process is too high.

PVS and MCS are designed for delivery of the gold image, they are not a replacement for automating the creation of that image. What’s going to happen in those environments where the gold image has been built manually and it either needs to be recreated or the delivery mechanism needs to be changed? That manual image has become a black box that will be difficult to reverse engineer.

How do you do it?

By now, you must get the idea I’m a fan of the Microsoft Deployment Toolkit. Part of this reason is its simple architecture. At its simplest, MDT is just a share on the network.

It’s important to note that MDT provides light (or lite) touch deployments – user intervention is generally required to start a deployment. MDT is not agent based like System Center Configuration Manager and therefore does not provide any post-deployment management.

MDT has several major components:

• MDT deployment share – a share on a network locations that supports SMB
• CustomSettings.ini – this is used to control OS deployments and is a surprising flexible way of managing OS and application deployments and control of an end-point. If you are using 
• WinPE boot image – you can use the MDT console to create custom boot images used to start an OS deployment. Alternatively you could use Windows Deployment Services to boot the WinPE image across the network
• The target PC – a single task sequence in MDT can be used to deploy Windows to either physical or virtual machines (on any hypervisor), providing consistency across machine types

I have spent quite some time building our MDT deployment share out to become not only a standardised framework but also a library of core application installs. MDT allows anyone to build this in their own environments.

I won’t go into too much detail on MDT here, instead here’s a short list of resources and blogs that are excellent MDT references:

• Microsoft Deployment Toolkit on TechNet
• The Deployment Guys
• The Deployment Bunny
• Deployment Research
• Scriptimus Ex Machina
• MDT videos from MMS 2013

I’ve previously posted the demos that I delivered during this talk, which you can view here:

• Automated PVS image deploy and capture
  
• PowerShell, MDT, Atlantis ILIO and XenDesktop deployment
• Windows 8 zero-touch deployment

Wrapping up

After last year’s version of this talk, I posted a basic set of instructions and downloadable components that you can use to automate the deployment of a XenApp 6.5 PVS gold image.

Finally, I’d like you leave you with the key takeaways:

Hands off my gold image! A recap from Citrix Synergy 2013 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2013 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.