I’ve spent a couple of years learning from scratch (with no prior knowledge of VDI environments) how to package applications, common stumbling blocks, best practices and picked up some very handy tricks along the way, which I’ll share below.
This post gives a newbies understanding of what non-persistent VDI is, what application layer is/does, and how to add Microsoft Office Add-Ins into your gold image.
What are non-persistent VDI desktops?
Non-persistent desktops mean when you log off, the desktop is destroyed and rebuilt from a template. A persistent desktop means you can log back into the same machine (be it virtual or physical).
What is a master image or ‘Gold image’?
The master image or ‘Gold Image’ is a template that will be cloned to produce your virtual desktop. It contains the chosen OS (typically Windows or Linux), core applications that are required by everyone in the business (typically MS office, plug-ins, anti-virus and any bespoke business apps that cannot be controlled or added at a later stage). To create a gold image there’s a number of best practices to follow. Read about How To Optimize A Gold Image
What is application layering?
Layering is the technical name for adding another application to a desktop without manually installing it. Common technologies in the marketplace that perform layering (in one way or another) are Microsoft App-V, VMWare Appvolumes, ProfileUnity FlexApp , Citrix XenApp – these tools can visualise an application for streaming/mounting/layering into a desktop that is cloned from your master image. This allows you to provide staff the software they need, when they need and retain control of the licencing, patching, updating and versioning of the software your company uses.
Why use layering? I like installing it!
Over time it’s easy for a typical desktop computer to become a graveyard of applications. A typical small company might have an IT estate of 20-50+ physical computers, each with different software installed on them based on ad-hoc requests from staff. This represents all kinds of challenges (licencing, maintenance, patching levels, vulnerabilities) and, what if someone decides to hot desk without taking their PC with them? Moving your IT to a non-persistent, virtual desktop model lets you work from anywhere, from (just about) any device.
A bit about virtualizing your apps…
Given what we’ve learned so far, app layering sounds like the golden bullet for desktop delivery but it’s not quite the case. Lots of applications designed for Windows call upon files and frameworks that sit within the operating system (C++ libraries, .NET frameworks, Windows patching/OS files and .dll’s…you name it) – although a layered application can still read these files in the OS, you’ll often find apps that require Windows features like .NET Framework or a specific Microsoft KB update patch, and typically these cannot be virtualized using layer and must be installed into your image.
It’s important to try to discover what is installed in your current desktop estate per-use case. Each business will have dozens of use-cases, before you can move to a virtual platform you need to understand what your base image should contain.
I recently discovered we could not package Microsoft Dynamics CRM Outlook 2011 plugin using FlexApp because it relies on Windows Foundation Identity service amongst other bizarre Microsoft prerequisites.
We were forced to add the plug-in into the company’s master image, and find a method for toggling it on/off for those who required it…
Installing a Microsoft Office add-in on your Master Image and controlling load behaviour
- Find out how to control the load behavior – the best way to do this is to use the registry. All applications write to the machine registry when they’re installed.
- Open run > regedit
- In this example we’ll look at a Microsoft Office Add-in. Browse to HKEY_Local_Machine\Software\Microsoft\Office\Excel\AddIns (the other suite apps will have their own keys within the \Office\ Root. This location is also valid under HKEY_Current_User. Some vendors use locations like HKLM\Software\VendorName
- Search the registry for ‘LoadBehaviour’ or ‘Behavior’ or the plug-in name – we want to first find the key that controls it, then test if it works.
- Typically the registry data value of 0 is ‘Disabled’ – the plugin will not load when MS Office is opened. If LoadBehavior=1 this is enabled. Other values such as 3 are common – vendor documentation can inform you on what the values are and how that affects the plugin. Here’s an example
- Now you understand load behaviour, you can configure group policy to set the value in the registry (as a machine or user policy) based on which users you want the plugin to be enabled for.
- Example: Create a new GPO that uses User > Preferences > Registry that includes Enable and Disable load behaviours based on a user group membership. If the user is a member of PowerPivotExcel then set the registry value under HKEY_Local_Machine\Software\Microsoft\Office\Excel\AddIns\LoadBahavior to 1 (enable). Create another policy preference to default the load behaviour for all users to 0 – remmeber, we always want this plugin to be disabled unless somebody needs it, so you must configure a default rule.
- Alternatively, you can set the load behaviour to 0 in HKLM settings when you first install the plugin. In a linked clone environment, your master image will be cloned with this default behaviour in place.
Application troubleshooting tools
if you have trouble finding which registry keys are changed during an installation these tools can help –
- RegShot allows you to take a before-and-after snapshot of your registry and see a historical view of file system changes.
- ProcMon provides a real-time log of all system internal processes.
- Ctrl+x to clear the log
- Ctrl+E to enable logging
- Then use the Filter option to sort the output by Operation > ‘RegKeyAddValue’ or similar events. This can be used extensively for any other kind of troubleshooting, not just registry related.
- WhatChanged is similar to RegShot.
Removing Start Menu Short Cuts in Windows 10
You don’t want all of your users to see you’ve installed an app that they don’t use.
Another location to check is %appdata%\Roaming\Microsoft\Windows\Start Menu
Best Practice Before You Deploy!
- Check the vendors administrative guide for any command line switches that can be used during the installation to minimise this. Remember, most software developers like to receive as much data about how their product is being used which causes bloat and unwanted features to be included in a ‘default’ installation i.e. diagnostics being sent over your network. Always check the vendor’s installation guide for command line switches or tricks for disabling unwanted features. Be weary!
- Is the default load behaviour set?
- Does your method for enabling the plugin work?
- Is the plugin the desired version, or can it be updated? Microsoft plugins can be patched and updated by running windows update.