Aaron Parker's stealthpuppy

I recently posted a script for removing unnecessary files and pruning files based on their age, which can be used at logoff to keep profile sizes manageable - Reducing Profile Size with a Profile Clean Up Script.

Andrew Morgan (@andyjmorgan) has kindly translated my very basic VBscript to PowerShell. This can be used as a standalone script or the function (remove-itembyage) could be integrated into your own scripts and has the added benefit of in-built help and the ability to run silently.

Just like the original script, this could be executed at logoff, before the profile is saved back to the network, to perform two actions:

1. Delete all files of a specific file type in a specified folder, including sub-folders
2. Delete all files older than X days in a specified folder, including sub-folders

For example, you could use the script to delete all .log or temporary files below %APPDATA% that aren’t required to be roamed, or delete all Cookies older than 90 days to keep the Cookies folder to a manageable size.

Note: the script listing below has the -whatif parameter applied when calling the function, so no deletes will occur unless the parameter is removed.

function remove-itembyage{ <# .SYNOPSIS remove items from folders recursively. .DESCRIPTION this function removes items older than a specified age from the target folder .PARAMETER Days Specifies the ammount of days since the file was last written to you wish to filter on. .PARAMETER Path Specifies the path to the folder you wish to search recursively. .PARAMETER Silent Instructs the function not to return any output. .EXAMPLE PS C:\> remove-itembyage -days 0 -path $recent This command searches the $recent directory, for any files, then deletes them. .EXAMPLE PS C:\> remove-itembyage -days 5 -path $recent This command searches the $recent directory, for files older than 5 days, then deletes them. .EXAMPLE PS C:\> remove-itembyage -days 10 -path $appdata -typefilter "txt,log" This command searches the $cookies directory, for files older than 10 days and end with txt or log extensions, then deletes them. .EXAMPLE PS C:\> remove-itembyage -days 10 -path $cookies -typefilter "txt,log" -silent This command searches the $cookies directory, for files older than 10 days and end with txt or log extensions, then deletes them without a report. .NOTES http://blog.stealthpuppy.com/user-virtualization/profile-clean-up-script-powershell-edition/ for support information. .LINK http://blog.stealthpuppy.com/user-virtualization/profile-clean-up-script-powershell-edition/ #> [cmdletbinding(SupportsShouldProcess=$True)] param( [Parameter(Mandatory=$true, Position=0,HelpMessage="Number of days to filter by, E.G. ""14""")] [int]$days, [Parameter(Mandatory=$true, Position=1,HelpMessage="Path to files you wish to delete")] [string]$path, [string]$typefilter, [switch]$silent) #check for silent switch if ($silent){$ea="Silentlycontinue"} Else {$ea="Continue"} #check for typefilter, creates an array if specified. if (!($typefilter)){$filter="*"} Else{$filter=foreach ($item in $typefilter.split(",")){$item.insert(0,"*.")}} if (test-path $path){ $now=get-date $datefilter=$now.adddays(-$days) foreach ($file in get-childitem "$path\*" -recurse -force -include $filter | where {$_.PSIsContainer -eq $false -and $_.lastwritetime -le $datefilter -and $_.name -ne "desktop.ini"}){ if (!($silent)){write-host "Deleting: $($file.fullname)"} remove-item -literalPath $file.fullname -force -ea $ea }#end for }#end if Else{ if (!($silent)){write-warning "the path specified does not exist! ($path)"} }#end else }#end function #Get KnownFolder Paths $appdata=$env:appdata $Cookies=(new-object -com shell.application).namespace(289).Self.Path $History=(new-object -com shell.application).namespace(34).Self.Path $recent=(new-object -com shell.application).namespace(8).Self.Path $profile=$env:userprofile #commands remove-itembyage -days 0 -path $appdata -typefilter "txt,log" -silent -whatif remove-itembyage -days 90 -path $cookies -silent -whatif remove-itembyage -days 14 -path $recent -silent -whatif remove-itembyage -days 21 -path $history -silent -whatif remove-itembyage -days 14 -path "$appdata\Microsoft\office\Recent" -silent -whatif

Reducing Profile Size with a Profile Clean Up Script – PowerShell Edition is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

I was quite relieved and grateful to receive the Microsoft MVP award again for 2012:

Congratulations! We are pleased to present you with the 2012 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in App-V technical communities during the past year.

A big thank-you to the community, other App-V MVPs and the App-V product team. Here’s to another full year.

App-V MVP renewed for 2012 is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Windows profiles become larger over time – it’s an inescapable fact. This means that if you are using roaming profiles, logons (and logoff) will be longer and longer. It’s not just individual file sizes, but also the number of files stored in a profile that will make the synchronisation process slower.

One approach to reducing profile sizes is to exclude certain folders. A better solution is to ditch roaming profiles and use a third-party solution to manage roaming of the user environment.

However, there will still be folders that need to be roamed to maintain the experience that users expect when moving between devices (i.e. consistency). For those folders we can implement some maintenance to keep them at a manageable size – that is remove files that are not needed in a roaming profile (e.g. log files) or delete files older than a specific number of days.

Warning: there’s a reason that Windows doesn’t do this maintenance itself – only each application vendor will have an understanding of whether specific files are required or can be discarded (hence the roaming and local portions of AppData). However, as any experienced Windows admin knows – many vendors either don’t test for or don’t care about roaming scenarios, therefore I strongly recommend testing this approach before production deployment.

As a part of an upcoming version of this configuration, I’ve created a script that will execute at logoff, before the profile is saved back to the network, that will perform two actions:

1. Delete all files of a specific file type in a specified folder, including sub-folders
2. Delete all files older than X days in a specified folder, including sub-folders

So for example, you could use the script to delete all .log files below %APPDATA% or delete all Cookies older than 90 days.

The script is extremely simple on purpose and I recommend testing thoroughly before implementing – use at your own risk; however feedback is welcome.

' Profile clean up - remove unneeded or old files before logoff ' -------------------------------------------------------------- ' Original scripts: ' http://www.wisesoft.co.uk/scripts/vbscript_recursive_file_delete_by_extension.aspx ' http://ss64.com/vb/syntax-profile.html ' http://csi-windows.com/toolkit/csigetspecialfolder Option Explicit On Error Resume Next 'Avoid file in use issues Dim strExtensionsToDelete, strAppData, strUserProfile, objFSO, strCookies, strHistory, strRecent, objShellApp Set objFSO = createobject("Scripting.FileSystemObject") Set objShellApp = CreateObject("Shell.Application") Const CSIDL_COOKIES = "&H21" Const CSIDL_HISTORY = "&H22" Const CSIDL_RECENT = "&H08" Const CSIDL_APPDATA = "&H1A" Const CSIDL_PROFILE = "&H28" ' Folder to delete files from (files will also be deleted from Subfolders) strUserProfile = objShellApp.NameSpace(cint(CSIDL_PROFILE)).Self.Path strAppData = objShellApp.NameSpace(cint(CSIDL_APPDATA)).Self.Path strCookies = objShellApp.NameSpace(cint(CSIDL_COOKIES)).Self.Path strHistory = objShellApp.NameSpace(cint(CSIDL_HISTORY)).Self.Path strRecent = objShellApp.NameSpace(cint(CSIDL_RECENT)).Self.Path ' Main RecursiveDeleteByExtension strAppData, "tmp,log" RecursiveDeleteOlder 90, strCookies RecursiveDeleteOlder 14, strRecent RecursiveDeleteOlder 21, strHistory RecursiveDeleteOlder 14, strAppData & "\Microsoft\Office\Recent" 'RecursiveDeleteOlder 5, strAppData & "\Sun\Java\Deployment\cache" 'RecursiveDeleteOlder 3, strAppData & "\Macromedia\Flash Player" 'RecursiveDeleteOlder 14, strUserProfile & "\Oracle Jar Cache" Sub RecursiveDeleteByExtension(ByVal strPath,strExtensionsToDelete) ' Walk through strPath and sub-folders and delete files of type strExtensionsToDelete Dim objFolder, objSubFolder, objFile, strExt If objFSO.FolderExists(strPath) = True Then Set objFolder = objFSO.GetFolder(strPath) For Each objFile in objFolder.Files For each strExt in Split(UCase(strExtensionsToDelete),",") If Right(UCase(objFile.Path),Len(strExt)+1) = "." & strExt then WScript.Echo "Deleting: " & objFile.Path objFile.Delete(True) Exit For End If Next Next For Each objSubFolder in objFolder.SubFolders RecursiveDeleteByExtension objSubFolder.Path,strExtensionsToDelete Next End If End Sub Sub RecursiveDeleteOlder(ByVal intDays,strPath) ' Delete files from strPath that are more than intDays old Dim objFolder, objFile, objSubFolder If objFSO.FolderExists(strPath) = True Then Set objFolder = objFSO.GetFolder(strPath) For each objFile in objFolder.files If DateDiff("d", objFile.DateLastModified,Now) > intDays Then If UCase(objFile.Name) <> "DESKTOP.INI" Then WScript.Echo "Deleting: " & objFile.Path objFile.Delete(True) End If End If Next For Each objSubFolder in objFolder.SubFolders RecursiveDeleteOlder intDays,objSubFolder.Path Next End If End Sub

Reducing Profile Size with a Profile Clean Up Script is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Adobe released a new security advisory for Reader and Acrobat 9 and X this week to address details of an upcoming fix to these versions for a 0 day vulnerability. Exploits for this vulnerability exist for Reader and Acrobat 9 and are currently active:

A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

Since the release of Reader and Acrobat X, there have been no malware that has been effective against the Protected Mode (sandbox) feature of version X. From Adobe’s blog post on this issue:

I’d like to take this moment to encourage any remaining users still running Adobe Reader or Acrobat 9.x (or worse, older unsupported versions) to PLEASE upgrade to Adobe Reader or Acrobat X. We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install. Help us help you by running the latest version of the software!

If you have any version of Adobe Reader other than X deployed, you should seriously consider migrating to the new version as a matter of priority. That’s not “lets consider doing this in the next month” – you should stop reading this post and get started deploying Reader X now.

Furthermore if are deploying or have deployed Reader X, I can’t recommend virtualizing it with application virtualization. The reason for this is that Protected Mode is not compatible and is not supported with application virtualization. It doesn’t work with Citrix App Streaming, Microsoft App-V or VMware ThinApp (it may be possible with the current version of ThinApp, but I haven’t confirmed).

In short – leaving Protected Mode enabled will protect your users and devices and because Protected Mode is incompatible with the isolation that application virtualisation introduces, I recommend that you do not deploy Reader X with application virtualization solutions.

But.. what about those scenarios when a virtualized application needs to call a locally installed Reader X? Until the app virt vendors fully support Protected Mode, the best you can do is ensure that Protected Mode is only disabled when Reader runs within the virtualization environment and is not completely disabled. Until then, the best we can do is cross our fingers and hope it doesn’t happen to us.

Don’t put yourself at risk by virtualizing Adobe Reader X is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Because Office is a core application of most desktop deployments, user interaction with Office and the user experience are important factors in the deployment of Office. From an administration perspective, providing a seamless user experience requires managing the user preferences of an application, independent of the application delivery method.

Multiple App-V packages are common

Microsoft recommends sequencing applications on the same operating system as the target clients are running. This means that if your target clients are running Windows XP and Windows 7, then you should create two App-V packages for each application – one for each operating system.

However, in practice it is often advisable to sequence on the lowest common denominator. In the example with Windows XP and Windows 7 clients, sequencing should be performed on Windows XP. In the event that a package does not then execute correctly on Windows 7, then the application should be re-sequenced on Windows 7.

The same applies to x86 and x64 processor architectures – if you are deliverying 32-bit applications to both x86 and x64 Windows, you should sequence in a 32-bit Windows environment. If you find that a 32-bit virtual application package executes OK on x86 Windows but not on x64 Windows, you will have to create two packages, one for each processor architecture.

There are several reasons for this, but they’re out of scope of a discussion on profile management; however what this highlights is that if you have multiple packages for the same application due to different operating systems and/or processor architectures, again the only way to improve the user experience is to rely on a third party profile management solution that works independently of the App-V package.

App-V and User Profiles

The default behaviour of App-V is to not only virtualize the application, but also the user profile locations for that application (HKEY_CURRENT_USER and %APPDATA%). This means that that profile information for the Microsoft Office packages will be stored, in its entirety, in the PKG.

The implication of this is that the settings for a virtualized Office package will be specific to that package – that is, a user’s Office settings will not only be specific to a version of Office but also specific to an individual Office package.

Consider the following scenarios:

• A user moves between desktops where Office Standard has been deployed to the first desktop, but Office Professional has been deployed to the second. These will be different App-V packages, so by default, no user preferences will be shared
• You create an Office package which has been released to production and later find issues with the package that requires re-creating it from scratch – user preferences from the old package will not be shared with the new package
• You find that you need to create multiple Office packages for different platforms – for example a package for desktops and a package for Remote Desktop Session Host servers. These are separate App-V packages and user preferences will not be consistent across those packages

Each scenario will result in separate App-V packages for the same applications.

If you need to upgrade a package or migrate between Office versions, you now have a further challenge that you would not have if Office were installed instead of virtualized.

By implementing a 3rd party profile management solution, you gain the ability to manage user’s Office preferences independent of the Office version (App-V package version or Office version) and remove the reliance on a specific Office package. A profile management solution will allow you to create, update and re-create Office packages without affecting the end-user experience.

What solution should I use?

The user profile management or user state virtualization tools built into Windows aren’t able to see into the App-V virtual environment and therefore aren’t able to manage an application user preferences independent of the App-V package. If you would like to manage user preferences more granularly, a 3rd party solution will be required.

A profile management solution that is capable of managing user preferences inside and across App-V packages will provide you with the flexibility and consistency of user experience required to support a core application like Microsoft Office. Without providing users with a consistent user experience or one that matches their existing Office deployments, user acceptance will be low.

For an objective comparison of the 3rd party solutions available, see the following white paper: UEM Smackdown: Head-to-head analysis of Appsense, Citrix, Immidio, Liquidware Labs, Microsoft, Quest, RES, Scense, Tricerat and others

Delivering Office with App-V – The Need for Profile Management is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

This is a guest post from Nicke Källén, an App-V MVP from Sweden. He posts as Znack on the TechNet Forums, and you can read more articles from Nicke at his blog here.

The .NET Framework and Visual C++ Redistributables are components or application dependencies that have started to be considered as operating system components and the question of whether to include the .NET Framework and/or the Visual C++ Redistributables has been revisited quite a few times by Microsoft.

Since the release of App-V 4.5 it has been recommended that all versions of the .NET Framework are installed natively, however since the release of App-V 4.5 Cumulative Update 1 this was subsequently revised for Windows XP and this allowed versions earlier than the .NET Framework 3.5 Service Pack 1 to be part the package.

As a good practice any sequencing machine should be setup in a similar way as the client and therefore its key to synchronize the levels of the .NET Framework and Visual C++ Redistributables on both the sequencer and client computers. Visual C++ Redistributable are prerequisites for both the client and the Sequencer, however the current level is different depending on which version you are installing.

Microsoft have not explicitly stated that it is not possible to include the Visual C++ Redistributables within a virtualized application; however an older Knowledgebase article (939084) states that they should be available locally on a client computer.

As illustrated on the official .NET Framework support statement, the .NET Frameworks are included in all newer operating systems (Windows 7 includes .NET Framework 3.5 Service Pack 1 and below). Windows XP Service Pack 2 (and thereby we can also presume Windows Server 2003) is the only platform that would successfully execute a virtualized package containing .NET Framework while not having it available natively. The Application Virtualization 4.5 Cumulative Update 1 client would allow this due to a new mini-filter driver introduced in the update.

Regardless of whether it is possible to virtualize certain versions of .NET Framework on older platforms – it seems to be an more scalable and future-proof strategy to ensure that .NET Framework and Visual C++ Redistributables are available on any target machines for any virtualized application to use.

Normally the following can be recommended to be setup both on the sequencer and the client; (32-bit versions only linked below. 64-bit versions in case of availability are recommended also in case of having a 64-bit target environment)

Visual C++ 2005 SP1

• http://www.microsoft.com/downloads/en/details.aspx?familyid=200b2fd9-ae1a-4a14-984d-389c36f85647&displaylang=en
• http://www.microsoft.com/downloads/en/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2&displaylang=en

Visual C++ 2008 SP1

• http://www.microsoft.com/downloads/en/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c&displaylang=en
• http://www.microsoft.com/downloads/en/details.aspx?FamilyID=a5c84275-3b97-4ab7-a40d-3802b2af5fc2&displaylang=en

Visual C++ 2010

• http://www.microsoft.com/downloads/en/details.aspx?familyid=A7B7A05E-6DE6-4D3A-A423-37BF0912DB84&displaylang=en

.NET Framework 1.1 / 2.0 / 3.0 / 3.5 / 4.0

• http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0a391abd-25c1-4fc0-919f-b21f31ab88b7&displaylang=en
• http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ab99342f-5d1a-413d-8319-81da479ab0d7&displaylang=en
• http://support.microsoft.com/kb/959209
• http://www.microsoft.com/downloads/en/details.aspx?FamilyId=262D25E3-F589-4842-8157-034D1E7CF3A3&displaylang=en

The Application Virtualization Client requires Visual C++ 2005 SP1 along with the ATL security update and the Visual C++ 2008 SP1 along with its ATL security update; however the Sequencer only installs Visual C++ 2005 SP1 along with its ATL security update.  This of course requires the manual tasks of assuring that both are aligned on the same level in prerequisites.

Reading section 3.2 from the 4.6 sequencing whitepaper gives some specific examples how to resolve possible SxS issues when sequencing on a 64-bit sequencer – something which can be avoided if being prepared and already natively offering both 32-bit and 64-bit redistributables on both sequencer and client machine.

Not documented anywhere and purely untested, normally these following redistributables can also be recommended in maintaining natively;

Visual J#

• http://www.microsoft.com/downloads/en/details.aspx?FamilyID=E3CF70A9-84CA-4FEA-9E7D-7D674D2C7CA1
• http://www.microsoft.com/downloads/en/details.aspx?familyid=f72c74b3-ed0e-4af8-ae63-2f0e42501be1&displaylang=en

Visual Studio 2010 F# Runtime 2.0

• http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5f0a79f8-925f-4297-9ae2-86e2fdcff33c&displaylang=en

Further reading and resources

• Application Virtualization 4.5 Release Notes
• Guide to sequencing .NET 4.0 with App-V 4.6 SP1
• Support for .NET in Microsoft Application Virtualization (4.5) and 4.5 Cumulative Update 1
• Support for .NET in Microsoft Application Virtualization 4.5 (App-V)
• Error message when you try to start a sequenced application in the Microsoft App-V (SoftGrid) client: “Error code: xxxxxx-xxxxxx2C-800736B1″
• Microsoft Application Virtualization 4.6 Sequencing Guide
• Visual C++ Libraries as Shared Side-by-Side Assemblies
• Howto: Deploy VC2008 apps without installing vcredist_x86.exe

App-V FAQ: Can I virtualize the .NET Framework or Visual C++ Redistributables? is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

This is a guest post from Jurjen van Leeuwen, an App-V MVP (new for 2011) and independent consultant based in Norway. You can read more from Jurjen at his web site.

Provider Policies are ‘rules’ that apply when users launch virtual applications from a Microsoft App-V Management Server using RTSP(s). Other App-V infrastructure scenarios or the use of the HTTP(s) protocol don’t support the use of Provider Policies.

The ‘rules’ allow App-V administrators to control the following settings:

• Server access – The Active Directory group that can connect to the server through the Provider Policy.
• Authentication – If authentication is required to connect to the server or the use of applications.
• Logging – Record application usage data in the App-V data store.
• Licensing – Whether or not to audit or enforce application licenses.
• Client refresh behaviour – At which interval and events the client checks with the server for application changes. For example new applications and shortcuts, removed or disabled applications. At a refresh, the client will also communicate the application usage logging with the server if configured.

Why would I use them?

Besides the Provider Policy created by the installation process of the App-V Management Server, called the Default Provider, you would basically need multiple Provider Policies if you require maintaining different configurations of the settings mentioned in the previous paragraph. For example different Provider Policies are required for auditing AND enforcing licensing: If you have one or more applications where you want to enforce licensing and monitor license usage for some other applications you will need two different Provider Policies. Another example would be a separate Provider Policy which doesn’t require authentication for specific applications for contractors.

How do I use them?

Only the App-V Management Server offers the use of Provider Policies which itself requires Active Directory and Microsoft SQL to hold the App-V data store.

When installing the App-V Management Server one Provider Policy is created by default, called Default Provider. This Provider Policy is tied to the default created server group which is named Default Server Group, if no other name was specified during the App-V Management Server setup.

To create a new Provider Policy right click the Provider Policies node in the App-V Management Console and choose: New Provider Policy. The Properties screen allows for naming the new Provider Policy and the configuration of the client refresh behaviour. The minimum interval for a scheduled refresh is 30 minutes.

In the Group Assignment screen select the Active Directory groups that have access to the App-V server through this Provider Policy. A minimum of one group is required. The user has to be a member of this group when the Authentication checkbox is set on the Provider Pipeline screen.

The Provider Pipeline screen allows the following options to be set:

Authentication: This checkbox forces authentication in the session. If the App-V client can’t use the current user’s credentials, a login box is shown to the user to provide them. Disabling this checkbox allows any user to launch applications from the App-V server through this Provider Policy. The Authentication dropdown box only has one option: Windows Authentication.

With the Enforce Access Permission Settings checkbox enabled the user can only launch an application if he is a member of an Active Directory group specified on the Access Permissions tab under the Properties of an Application.

Log Usage Information: With this checkbox selected, application usage data is stored in the App-V data store. This allows administrators to generate a basic report from the Management Console or extract this information by other means.

Licensing: When enabled this setting allows for monitoring (auditing) or enforcing application licenses. Auditing still allows the use of applications even when the license count would exceed. Licenses are created in the Application Licenses node of the Management Console and an application is assigned to a license.

After creating the Provider Policy, the Provider Pipeline tab under Properties shows an Advanced button. Under this button the corresponding modules (.dll files) to the checkboxes are shown.

There are two ways to control which Provider Policy applies in a session between the client and the server:

1. The default Provider Policy configured for the Server Group: On the General tab of the Server Group properties specify the default Provider Policy to use:

In this case the Provider Policy applies when users connect to a server from this Server Group.

2. With the Policy specified in the Application’s OSD file: In the CODEBASE tag add the Provider Policy to the HREF value by appending .SFT file name with the following text: ?Customer=ProviderPolicyName. For example:

HREF="RTSPS://%SFT_SOFTGRIDSERVER%:322/WINZIP.001/WINZIP.001.sft?Customer=MyProviderPolicy"

Any Provider Policy specifically assigned in an OSD file will overrule the Provider Policy configured at on the Server Group.

Additional Resources

• How to Customize an Application Virtualization System in the Server Management Console
• For more information on App-V infrastructure scenarios take a look at the App-V FAQ #20
• The Ultimate Guide to Application Licensing and Provider Policies for Application Virtualization 4.5

For more information on streaming, publishing and client configuration when using HTTP take a look at these links:

• A guide to App-V publishing and streaming using IIS
• HTTP Publishing in App-V (Part 1)
• Support for Client Reporting over HTTP

App-V FAQ: What are Providers Policies? is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Here’s something that I’ve been looking to share with the community for some time – something to get you started when implementing AppSense Environment Manager 8.x.

Comments and feedback welcome.

Introduction

Standardising on an Environment Manager configuration across various organisations or implementations is a difficult challenge; however there are many components of a Windows desktop that are common across all deployments.

An Environment Manager Baseline Configuration

The Environment Manager Baseline configuration is an example configuration that can be used as a starting point for implementing Environment Manager to replace roaming profiles. In addition it includes some examples of what you can achieve with Environment Manager policy actions.

The Configuration in Detail

The configuration intended as a starting point for your own environment, whether you are using Personalization Server or not. The idea being that you can configure roaming with nothing more than the EM agent, the config and a file share.

Once you start moving management of personalization from EM policy to Personalization Server, some nodes (or conditions and actions) may not be suitable and should be removed or disabled where Personalization Server is managing the same applications.

The configuration includes examples for roaming user personalization by explicitly choosing specific portions of the user profile to roam. It also includes examples of managing applications by using the Process Started and Network Connected triggers.

Downloads

Each download is a ZIP file containing the configuration and documentation to help explain the config in more detail.

Current version

New! November 2011, updated configuration version 3.1.

EM Baseline Configuration 3.1 for AppSense Environment Manager 8.1+

Change log:

• Added create folder actions on application and Desktop Settings export as a workaround for when the export fails to complete. Child actions of the delete folder action don’t fire if the delete folder action fails
• Added Pin/Unpin to Taskbar/Start Menu on first logon. See reusable node ‘Desktop Settings policy actions’
• Added create %LOCALAPPDATA% variable if user logs onto Windows XP / Windows Server 2003
• Swapped User Process actions using RegEx queries back to individual processes – Office 2010 etc. RegEx queries don’t appear to be working in every scenario
• Added roaming for Lync 2010
• Added Office 2007 and Office 2003 examples for App-V delivery
• Disabled example nodes (except above)
• Added create folder action: %PROFILE_CACHE% before copy of %PROFILE_SOURCE%\COMPUTER.TXT
• Disabled Reusable Condition ‘If Laptop (WMI)’ because it’s not currently used in the config
• Updated Notes on various action and conditions

Previous versions

EM Baseline Configuration 3.0 for AppSense Environment Manager 8.1+

Note: Version 3.0 or 3.1 are not compatible with EM 8.0, use version 2.1 below:

EM Baseline Configuration 2.1 for AppSense Environment Manager 8.0

AppSense Environment Manager 8 Baseline Configuration is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Several months ago, I used the The Archivist to create an archive and analysis of tweets with the #AppV hash tag. 1,740 tweets later (not all of which I’m sure are App-V related), we get an interesting picture of conversations around App-V. To view the archive visit this URL: http://bit.ly/appvarchive 

The top users who have been tweeting about App-V over the past several months:

Quite a few of the top URLs have already expired or link to non-existent pages. What’s interesting though, is most of the top URLs link to several App-V videos on TechNet – I had hoped that community created content might feature more prominently.

It’s an interesting exercise and although the graphs that are rendered are a little buggy, I think the data is worthwhile reviewing.

An Archive and Analysis of #AppV Tweets is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Mozilla has just released Firefox 8, so it’s time to look at virtualizing the new version. It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little more effort. Here’s how to successfully sequence Mozilla Firefox 8.x.

What you lose by virtualizing Firefox

Virtualizing Firefox with App-V will isolate the application from the OS, so the following features will not be available once Firefox has been sequenced:

• Firefox Jump Lists in the Start Menu and Taskbar
• The ability set the browser as default

Firefox features to disable

There are a couple of features that should be disabled when running Firefox under App-V:

• Automatic updates for Firefox – Options / Advanced / Update – Automatically check for updates to: Firefox. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
• Default browser check – Options / Advanced / General – Always check to see if Firefox is the default browser on startup. Once Firefox is isolated from the OS, the user won’t be able to make it the default browser

I will cover using a couple of customisation to ensure these features are disabled for any new Firefox profile.

Managing the Firefox profile – virtualize or not?

Firefox stores preferences, extensions and other user datain:

• %APPDATA%\Mozilla (preferences, bookmarks etc.); and
• %LOCALAPPDATA%\Mozilla (browser cache)

The default behaviour of the App-V Sequencer is to exclude %LOCALAPPDATA% – this is a good thing and I don’t recommend removing this exclusion. %APPDATA% will be included by default and whether you leave this location included in the package will depend on your specific deployment requirements; however my recommendation is to exclude this location by adding %CSIDL_APPDATA%\Mozillato the exclusion list in your sequence. On the client, Firefox will then create a new profile in the real file system when the user starts the browser for the first time. There are several reasons why this approach is a good idea:

• Some of the configuration files within the Firefox profile include hard-codes paths – challenging if your App-V virtual drive changes between clients
• Virtualizing the profile increases the complexity of upgrading Firefox packages especially challenging given Mozilla’s new approach to Firefox releases. By storing the Firefox profile on the real file system, Firefox can be deployed via completely unrelated packages – no need to create upgrade versions
• Users can potentially create multiple Firefox profiles, with each stored in the users’ PKG file. The minimum size for a new Firefox profile is 12Mb – the PKG file will grow by 12Mb for each new Firefox profile created

By excluding %APPDATA% and not virtualizing the user profile you will gain some flexibility with your Firefox deployment.

Configuring Firefox Defaults

If a Firefox profile is not virtualized within the package any options set during the monitoring phase won’t be captured. Fortunately Firefox can be configured with defaults for any new profile so that it will contain your required configuration options.

Mozilla has made it easy to deploy custom default settings and preferences – by adding files to %ProgramFiles%\Mozilla Firefox\defaults\profile (change the path to suit your environment), new Firefox profiles will pick up a copy of these files when the profile is created. I will walk through adding a couple of files to this location to ensure that any new Firefox profile receives the required settings. You can find more detailed documentation on these features in the following articles:

• User.js file
• Prefs.js file
• UserChrome.css and Chrome element names and IDs
• Enterprise Build Of Firefox For Deployment

To enforce user settings we can leverage user.js and the use UserChrome.css to remove those user interface elements. Available below is a copy of user.js that disables automatic updates of Firefox and checking whether it is the default browser:

Firefox user.js

A simple approach to extending the options in user.js and prefs.js is to install Firefox and configure it the way you would like. Then open prefs.js from the new profile and use the entries to create custom versions.

Available here is a copy of userChrome.css that will remove from the user interface the options to enable browser updates and set Firefox as the default browser:

Firefox userChrome.css

Sequencing Platform

I have sequenced Firefox 8 on a clean Windows 7 SP1 x86 VM with all current updates and no other applications other than the App-V Sequencer. I’ve configured a Q: drive using a second vDisk, rather than let the Sequencer create a Q: drive for me. I’ve used a VFS install and tested successfully; however if you would prefer a MNT install just change the install folder when installing Firefox

The Firefox version available from Mozilla is an x86 application (x64 build are available from other sources), so I generally recommend sequencing Firefox on Windows 7 x86 virtual machine even though you may be deploying to 64-bit Windows. However confirm this in your own environment and re-sequence for 64-bit platforms if required.

Sequencer Configuration

Before Sequencing, add the following exclusions:

• %CSIDL_APPDATA%\Mozilla
• %CSIDL_COMMON_APPDATA%\Microsoft\RAC
• \REGISTRY\USER\%SFT_SID%\Software\Microsoft\Windows\CurrentVersion\Internet Settings

If you are adding Adobe Flash Player to the package, add these exclusions as well:

• %CSIDL_APPDATA%\Adobe
• %CSIDL_APPDATA%\Macromedia
• %CSIDL_WINDOWS%\Installer

I have included these in a Package Template for Firefox that you can download from here:

App-V Package Template for Firefox

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. Sequencing Firefox will require the following steps:

• Install Firefox
• Configure profile defaults
• Optionally add global add-ons and install plug-ins such as Adobe Flash Player

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Firefox package if required.

• Mozilla Firefox installer command line arguments – use the INI file approach to control where Firefox is installed and to prevent the addition of a desktop shortcut, if required
• After installing Firefox, copy user.js to %ProgramFiles%\Mozilla Firefox\defaults\profile
• Copy userChrome.css to %ProgramFiles%\Mozilla Firefox\defaults\profile\chrome
• Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
• If you are including Adobe Flash player in the package, be sure to disable the auto-update notification

For an example script that will automate the install and configuration of Firefox, see the script below:

@ECHO OFF SET SOURCE=%~dp0 SET SOURCE=%SOURCE:~0,-2% REM Create the Firefox answer file ECHO [Install] > %SOURCE%\Firefox8.ini ECHO ; InstallDirectoryName=Firefox8 >> %SOURCE%\Firefox8.ini ECHO ; InstallDirectoryPath=Q:\Mozilla Firefox 7.0 en-GB >> %SOURCE%\Firefox8.ini ECHO QuickLaunchShortcut=false >> %SOURCE%\Firefox8.ini ECHO DesktopShortcut=false >> %SOURCE%\Firefox8.ini ECHO StartMenuShortcuts=true >> %SOURCE%\Firefox8.ini REM Install Firefox - the START command will not work if the Firefox setup filename includes spaces START /WAIT FirefoxSetup8.exe /INI=%SOURCE%\Firefox8.ini REM Configure Firefox profile defaults MD "%ProgramFiles%\Mozilla Firefox\defaults\profile\chrome" COPY %SOURCE%\user.js "%ProgramFiles%\Mozilla Firefox\defaults\profile\user.js" COPY %SOURCE%\userChrome.css "%ProgramFiles%\Mozilla Firefox\defaults\profile\chrome\userChrome.css"Shortcuts

If the monitoring phase was successful the Sequencer should create a single shortcut for Firefox. If you are including Flash Player, add an additional shortcut for the Flash Player Control Panel applet using “C:\Windows\System32\FlashPlayerCPLApp.cpl” as the target.

First Run Tasks and Primary Feature Block

If the steps above have been followed for exclusions, installation and configuration of Firefox, there will be no first run tasks to complete. Additionally the resultant package will be reasonably small so there is no need to create the Primary Feature Block. Because you don’t need to complete first run tasks or create the Primary Feature Block, you could automate the entire end-to-end process of creating a Firefox package using the App-V Sequencer command-line interface.

Finally

Save your package and deploy. With compression enabled, the package should be around 22Mb.

Sequencing Mozilla Firefox 8 is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Here’s how to successfully sequence Google Chrome 15; however the same approach should work for Chrome 13, 14 and 16 and maybe even some other versions.

What you lose by virtualizing Chrome

Virtualizing Chrome with App-V will isolate the application from the OS, so the following features will not be available once Chrome has been sequenced:

• Chrome Jump Lists in the Start Menu and Taskbar
• The ability set the browser as default
• The Chrome sandbox (maybe)

Note: Note that disabling the sandbox will reduce the browser security. This is not recommended and as such, I actually do not recommend virtualizing Chrome, if it is to be your regular browser.

Managing the Chrome profile – virtualize or not?

Chrome stores preferences, extensions and other user datain:

• %LOCALAPPDATA%\Google\Chrome\User Data\Default (preferences, bookmarks etc. and browser cache)

I don’t know why Google has chosen this location by default, however I suspect that it may be to encourage users to signup for a Google account to enable the native syncing features of the browser. The Chrome User Data folder can become very large and that’s without the Cache folder. You could potentially hit the limit of the user PKG file size.

Whether you the Chrome user profile in the package will depend on your specific deployment requirements; however my recommendation is to use this sync feature and leave the User Data outside of the App-V package.

There are a couple of reasons why this approach is a good idea:

• Some of the configuration files within the Chrome profile include hard-codes paths – challenging if your App-V virtual drive changes between clients
• Virtualizing the profile increases the complexity of upgrading Chrome packages especially challenging given how often the browser is updated. By storing the Chrome profile on the real file system, Chrome can be deployed via completely unrelated packages – no need to create upgrade versions

By not virtualizing the user profile you will gain some flexibility with your Chrome deployment.

However, if you absolutely must place the Chrome profile in the virtual environment, then here’s a couple of approaches to including the User Data folder in the App-V package:

1. Use the –user-data-dir and –disk-cache-dir command line parameters to specify an alternate location for the User Data and Cache folders
2. Remove the exclusions for the Local AppData location from the Sequencer before sequencing

For the first approach, add the parameters to the command line, placing the User Data folder in the roaming portion of the profile and the browser cache in the local portion:

chrome --user-data-dir=%AppData%\Google\Chrome\User Data --disk-cache-dir=%LocalAppData%\Google\Chrome\User Data

The second approach doesn’t require any command line parameters, but it will require modifying the default Sequencer exclusions and some scripting:

• Remove the default exclusions of %CSIDL_LOCAL_APPDATA% and %CSIDL_PROFILE%\Local Settings
• Add an exclusion for %CSIDL_LOCAL_APPDATA%\Google\Chrome\User Data\Default\Cache or %CSIDL_PROFILE%\Local Settings\Google\Chrome\User Data\Default\Cache, depending on the operating system you are sequencing on
• Post sequencing, set the folder to Merge with Local and add a pre-launch script that creates the Cache folder outside of the virtual environment

The first approach would be the easiest way to go.

Chrome features to disable

There are a couple of features that should be disabled when running Chrome under App-V:

• Browser auto updates. Chrome updates should be delivered via new App-V packages
• Default browser check. Once Chrome is isolated from the OS, the user won’t be able to make it the default browser

Disabling browser auto updates on Windows requires setting a policy. This can be done via Group Policy, delivered post sequence, or placing the policy directly into the package. To deliver the setting via Group Policy, ensure that the Policies key is not captured in the package.

To set the policy during sequencing, run the following command:

REG ADD HKLM\SOFTWARE\Policies\Google\Update /v AutoUpdateCheckPeriodMinutes /d 0 /t REG_SZ /f

Google Update should also be excluded from the package, which I discuss below. The default browser check can be disabled with a couple of approaches including the master preferences file.

Configuring Chrome Defaults

If a Chrome profile is not virtualized within the package any options set during the monitoring phase won’t be captured. Fortunately Chrome can be configured with defaults for any new profile so that it will contain your required configuration options. Google has made it simple to deploy custom default settings and preferences – by adding a preference file to the same folder where Chrome is installed, Chrome will use these master preferences for any new user who runs Chrome.

For information on what these master preferences are, see the Chromium administrators documentation on master preferences. I’ve included a sample master_preferences file in which I have set several defaults including removing the default browser check, preventing Google from adding a shortcut to the user’s desktop on first run and setting a home page.

Google Chrome Master Preferences

Remove the .txt file extension to use.

Sequencing Platform

I have sequenced Google Chrome 15.0.874.106 on a clean Windows 7 SP1 x86 VM with all current updates and no other applications other than the App-V Sequencer. I’ve configured a Q: drive using a second vDisk. I’ve used a VFS install because installing Chrome to the Q: drive isn’t an option, unless you want to move the application manually.

Sequencer Configuration

Before Sequencing, add the following exclusions:

• \REGISTRY\USER\%SFT_SID%\Software\Microsoft\Windows\CurrentVersion\Internet Settings
• %CSIDL_COMMON_APPDATA%\Microsoft\RAC
• %CSIDL_WINDOWS%\Microsoft.NET
• %CSIDL_WINDOWS%\Installer
• %CSIDL_PROGRAM_FILES%\Google\Update
• %CSIDL_WINDOWS%\Tasks

The last two exclusions will prevent Google Update related binaries from being captured. Additionally disable the option to “Allow Virtualization of Services” to prevent the capture of the Google Update services.

I have included these options in a Package Template for Chrome that you can download here:

Google Chrome App-V Sequence Template

Sequencing Chrome

Download the Google Chrome Enterprise (or MSI) installer. Sequencing Chrome will require the following steps:

1. Install Chrome using the Windows Installer file
2. Delete the cached copy of the Chrome installer, which won’t be required once delivered with App-V
3. Move chrome.exe to the same folder as the current version’s binaries (or vice-versa).

With the default folder structure, Chrome will execute during sequencing, but won’t execute once delivered to a client. The debug.log file will contain entries similar to this:

[1106/180706:ERROR:client_util.cc(231)] Could not get Chrome DLL version. [1106/180706:ERROR:client_util.cc(268)] Could not find exported function RelaunchChromeBrowserWithNewCommandLineIfNeeded

4. Copy the master_preferences file to the same location as chrome.exe to configure user profile defaults
5. Disable browser auto updates
6. Prevent the Sequencer from deleting the Chrome application folder once the monitoring phase is finished. To see why the Sequencer may process a reboot task that deletes the Chrome install folder read this article: The Case of the Disappearing Application during Sequencing.

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Chrome package if required. Here’s an example script that will perform the tasks above:

START /WAIT GoogleChromeStandaloneEnterprise.MSI ALLUSERS=TRUE /QB- RD /Q /S "%ProgramFiles%\Google\Chrome\Application\15.0.874.106\Installer" ROBOCOPY "%ProgramFiles%\Google\Chrome\Application\15.0.874.106" "%ProgramFiles%\Google\Chrome\Application" /mov /e COPY master_preferences "%ProgramFiles%\Google\Chrome\Application\master_preferences REG ADD HKLM\SOFTWARE\Policies\Google\Update /v AutoUpdateCheckPeriodMinutes /d 0 /t REG_SZ /f REG ADD "HKLM\System\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations /d "" /t REG_MULTI_SZ /fShortcuts

For Chrome to run successfully under App-V there are a few additional command line parameters that will need to be added to the Chrome shortcut at the configure applications stage:

• –disable-custom-jumplist: Disables the Windows 7 Jump List, which doesn’t work once Chrome is virtualized any way
• –no-default-browser-check: A further flag to prevent the browser from prompting the user to set it as default
• –in-process-plugins: Run plugins inside the renderer process. May be optional, but has been required in the past when virtualizing Chrome
• –no-sandbox: Not required; however I have found that extensions do not install if this parameter has not been added

For the full list of command-line parameters for Chrome and Chromium see this page: List of Chromium Command Line Switches

With the sandbox running, you will see an error similar to this when attempting to add an extension:

Note: Note that disabling the sandbox will reduce the browser security. I recommend testing the browser functionality and see if you can get away without disabling the sandbox.

The browser will notify you when the sandbox is disabled:

First Run Tasks and Primary Feature Block

If the steps above have been followed for exclusions, installation and configuration of Chrome, there will be no first run tasks to complete. Additionally the resultant package will be reasonably small so there is no need to create the Primary Feature Block. Because you don’t need to complete first run tasks or create the Primary Feature Block, you could automate the entire end-to-end process of creating a Chrome package using the App-V Sequencer command-line interface.

Finally

Save your package and deploy. With compression enabled, the package should be around 36Mb.

Sequencing Google Chrome 15 is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

In the official Microsoft TechNet forums, a question had been asked about sequencing Google Chrome and the poster states that when using the Chrome Enterprise Installer (a downloadable MSI for deployment inside an organisation), Chrome installs OK during the monitoring phase, but the folder is deleted at the end of monitoring and thus isn’t captured.

I thought that that behaviour was a little strange, so decided to test this out myself and to my surprise I could replicate the issue. To track down what was going on, I had to perform some troubleshooting.

I tested this on a virtual machine running Windows 7 SP1 x86 and could see from browsing to the Google installation folder (C:\Program Files\Google\Chrome) that the Application sub-folder was being removed after the monitoring phase was complete. To work out which process was deleting the folder, I’ve used Process Monitor. To see what was going on, I’ve reset my VM back to a clean snapshot, started the App-V Sequencer and Process Monitor and set a filter in Process Monitor for Path beginning with C:\Program Files\Google\Chrome\Application and then re-started the sequencing process.

With this filter, I was able to see that the process that was deleting the folder is the Sequencer itself (SFTSequencer.exe). Click the screenshot for a larger view.

The next most obvious place to look then is the Sequencer log file, hopefully it will hold some information about why the folder is being deleted. To view the Sequencer log, browse to C:\Program Files\Microsoft Application Virtualization Sequencer\Logs and open sft-seq-log.txt.

In this file I can see a number of lines where the Sequencer is attempting to copy files that no longer exist:

[11/03/2011 21:45:34 VRB VFSX] ...failed getting long path name for the file (C:\Program Files\Google\Chrome). Error: 2 [11/03/2011 21:45:34 VRB CORE] GetShortPathName failure using: C:\Program Files\Google\Chrome. Error is: 2 [11/03/2011 21:45:34 VRB CORE] Could not copy C:\Program Files\Google\Chrome to Q:\Google Chrome\VFS\CSIDL_PROGRAM_FILES\Google\Chrome.  Error is: 2. [11/03/2011 21:45:34 VRB VFSX] ...failed getting long path name for the file (C:\Program Files\Google\Chrome\Application). Error: 3 [11/03/2011 21:45:34 VRB CORE] GetShortPathName failure using: C:\Program Files\Google\Chrome. Error is: 2 [11/03/2011 21:45:34 VRB CORE] Could not copy C:\Program Files\Google\Chrome to Q:\Google Chrome\VFS\CSIDL_PROGRAM_FILES\Google\Chrome.  Error is: 2. [11/03/2011 21:45:34 VRB CORE] CopyResourceToVFS failed. [11/03/2011 21:45:34 VRB VFSX] ...failed getting long path name for the file (C:\Program Files\Google\Chrome\Application\15.0.874.106). Error: 3 [11/03/2011 21:45:34 VRB CORE] GetShortPathName failure using: C:\Program Files\Google\Chrome. Error is: 2 [11/03/2011 21:45:34 VRB CORE] Could not copy C:\Program Files\Google\Chrome to Q:\Google Chrome\VFS\CSIDL_PROGRAM_FILES\Google\Chrome.  Error is: 2. [11/03/2011 21:45:34 VRB CORE] CopyResourceToVFS failed.

A few lines previous to these is this line:

[11/03/2011 21:45:26 VRB RTSK] Reboot processing detected need to delete \??\C:\Program Files\Google\Chrome.

The Sequencer is doing exactly what’s it being told to do – process a reboot task at the end of the monitoring phase and delete the application. Interestingly though, only the Application sub-folder is being deleted, not the entire Chrome parent folder.

To get an idea of why, I’ve used WhyReboot, a fantastic free tool for finding out why a reboot has been requested. How many times have you suspected that an application installer asks to reboot Windows when it’s not actually needed?

Going through the sequencing process again and running WhyReboot before ending monitoring, gives me an idea of why the reboot has been requested:

PendingFileRenameOperations is a Registry value that lists file system operations that must be processed during a reboot or shutdown. Generally these types of operations need to be processed on reboot because there are open file handles that are only released once the system shuts down.

So what’s writing this entry to PendingFileRenameOperations and why does this only happen during sequencing? To find out, I’ve reached for Process Monitor again, but unfortunately I haven’t been able find which process is writing to the PendingFileRenameOperations value, as Process Monitor didn’t find any RegSetValue operations.

Circumstantial evidence points to SETUP.EXE, but without Process Monitor giving me more information I can’t say for sure. I do however, have a workaround that allow me to sequence Chrome – before finishing the monitoring phase, I clear the PendingFileRenameOperations data with this command:

REG ADD "HKLM\System\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations /d "" /t REG_MULTI_SZ /f

The Case of the Disappearing Application during Sequencing is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

When attempting to install the Office 2010 Deployment Kit for App-V using a MAK activation key, via the following command-line (or similar):

MSIEXEC /I OffVirt.msi PIDKEYS=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX USEROPERATIONS=1

You might receive the following error:

This is due to the key used on the command line and not actually any pre-existing component of Office, as the message suggests. If you are not using a MAK key – that is a key available for a volume license deployment of Office, then the installation will result in the error above. The only way to fix this issue is to ensure you are using a MAK or KMS key for Office 2010.

Keys from Retail or boxed media, or a TechNet or MSDN subscription cannot be used for deploying Office 2010 via App-V. Making it particularly difficult for those looking to get experience virtualizing Office 2010 with App-V without purchasing a volume license.

(Neither the Office or App-V teams at Microsoft have any control over keys available on TechNet or MSDN)

Delivering Office with App-V – The Deployment Kit and Product Key issues is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Surely one of the main goals of any good desktop delivery project is to remove the user’s reliance on any single device?

To achieve that goal, we need to ensure that the user’s environment is available across any device. Whether the desktop is a physical PC, Remote Desktop server or running on a virtual machine in the data centre, providing the user with a consistent view of their applications allows them to be productive as soon as they logon.

Once we achieve device independence, users should rightly expect that their data and preferences will be available where ever they logon. At least, that’s what I would expect – I don’t care too much how I access an application, I’d like some consistency when I do access them. I’d like my favourites to follow me (Google got this right with Chrome), I’d like my application settings to follow me, and of course my data as well.

How do we do this in a corporate environment today, with multiple operating systems and often multiple versions of an application? I can bet you aren’t achieving that with standard Roaming Profiles.

I’ve recently finished working on a project consisting of migrating to Windows 7 which also includes delivering desktops and applications using Citrix XenDesktop and XenApp. A key component of the migration was to provide users with some consistency across those desktops.

That’s not as simple as task as it may sound. How do you migrate user settings and preferences from the previous operating system and roam settings between Windows 7 and Windows Server 2008 R2 (and with any luck, back again)?

Another barrier, and a surprising one to me, is that (depending on the size of the organisation) all architecture and engineering teams need to be on board with the roaming train. Having dealt with a team that was responsible for some of the core applications, who didn’t understand roaming, clear direction on the approach to the user environment is critical.

So my goal has been is this – provide the user with a single set of preferences across all operating systems. Even moving those preferences to down level versions of Windows if the project demands it. There will always be a certain subset of preferences that can’t be moved across Windows versions; however for the most part this is achievable.

I asserted this during my sessions at BriForum this year, in London and Chicago, User Environment Smack Down – a single profile per user provides the best user experience.

However what if you don’t want that? Perhaps it’s a valid approach for a user to have completely separate profiles per machine. So I thought that a completely non-scientific poll might be an interesting way to find out your thoughts. Have you say by voting in the poll embedded below:

View This Poll

So how do you get to a single profile? For an independent review of the 3rd party solutions available for achieving a consistent user environment regardless of device, download the User Environment Smack Down white paper from brianmadden.com. We’ve been hard at work on version 1.1 which is due very soon.

One profile, or Two, or Three, or… is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

I’ve been doing some work recently virtualizing various versions of Office in App-V plus managing user preferences for those Office packages. Here’s something interesting that I’ve found – the size of the profile settings for a default installation of Office 2010 is massively different in size over previous versions of Office.

Here’s a look at my user profile where I’ve been running Office 2010, Office 2007 and Office 2003 and capturing the user preferences for those applications with a third-party management tool:

In this screenshot, the profile sizes for each versions of Office breaks down like this:

• Office 2010 – 7150Kb
• Office 2007 – 767Kb
• Office 2003 – 33Kb

And that’s compressed too. So in my profile, the user preferences for Office 2010 are 9 times larger than for Office 2007 and 216 times larger than the preferences for Office 2003!

If you’re in the process of or have upgraded to Office 2010, have you thought about the additional data that you’ll be managing (whether proactively or not)? If you’re stuck with “managing” user preferences with Roaming Profiles, you’re just masking this issue and will have no real insight into how much space this stuff is consuming.

What do you do about it? I think the only solution is to use a third party user environment management (or user virtualization, if you like) solution from one of the vendors covered in this white paper: User Environment Management Smackdown*. Go read it to find out what you can do with a solution that actually manages the user layer.

*OK, yes it’s a shameless plug – I helped write the paper.

Comparing User Profiles Sizes for Microsoft Office Suites is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

If you have issues installing the Office 2010 Deployment Kit for App-V (OffVirt.msi) to install the licensing component for a virtualized Office 2010 package, it may fail to install. A typical command line to install the licensing component look like this:

START /WAIT MSIEXEC /I OffVirt.msi PROPLUS=1 PROJECTPRO=1 VISIOPRO=1

However, by default OffVirt.msi runs silently and offers no errors, so to troubleshoot we need to log the install to a file (using the /l*v switch). In the log, you might find lines similar to the following:

CAInstallLicenses: OMSICA : Initializing CustomAction CAInstallLicenses CAInstallLicenses: Populating the Token Store CAInstallLicenses: Installing license: sl.RAC.GENERIC.PRIVATE CAInstallLicenses: Error: Failed to open Token Store HResult: 0x80070424.

Toward the end of the log, the Windows Installer will report a return code of 1603:

CustomAction CAInstallLicenses returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

Fortunately the fix is easy – ensure the correct OffVirt.msi for your target platform is used. Windows x86 requires the 32-bit version and Windows x64 requires the 64-bit version. Note that the version of OffVirt.msi that you use is for the target Windows platform, not the Office 2010 package you have sequenced.

Delivering Office with App-V – Error 0×80070424 installing the Office 2010 Deployment Kit is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

If you follow any of the following guidance from Microsoft for sequencing Office with App-V:

• Prescriptive Guidance for Sequencing Office 2010 in App-V 4.6 SP1
• Prescriptive guidance for sequencing Office 2010 using Microsoft App-V 4.5 or 4.6
• Prescriptive guidance for sequencing 2007 Office programs in Microsoft App-V

you will end up with a package that will include the following folders in the virtualized user profile (those folders captured during sequencing that will end up in the PKG file):

The folders captured under %CSIDL_APPDATA%\Microsoft are those folders that have been created during the first-run tasks – folders created when you launch an Office application and perform some standard tasks.

If you’re familiar with delivering applications with App-V (or any type of application virtualization platform) and managing the user environment, the portions of the user profile for an application will also be virtualized (unless you do something like this) and will end up in the PKG file.

To see what this looks like at runtime, here’s a view of a profile before running Office applications that have been delivered by App-V:

After executing each of the Office applications in the package (I’ve used a package with Office 2010 Professional Plus with Visio and Project) and using just about every feature in those applications:

There’s an additional 10 folders that have been created with 8 of those related to Office. This has left me with the majority of the Office user profile being virtualized and stored in the PKG file, whilst the rest is now stored on the real file system. This probably doesn’t have too much impact to the user if I’m using Roaming Profiles so that Office settings follow the user, but what happens for support?

The service desk now has to manage Office settings for the user in two places. If the aim is repair the Office settings by resetting the App-V package deleting the PKG file, a portion of the Office settings will remain. This is not an ideal solution – the profile for an application should virtualized entirely or not be virtualized at all.

Do that, you will need to add an additional step during sequencing – create those folders that during the monitoring phase. I do this via a script (that also installs and configures Office) that will create the folders listed in the table below. If you do that, the entire Office profile will now be virtualized.

Folder%APPDATA%\Microsoft\AddIns%APPDATA%\Microsoft\Bibliography%APPDATA%\Microsoft\Clip Organizer%APPDATA%\Microsoft\CLView%APPDATA%\Microsoft\Document Building Blocks%APPDATA%\Microsoft\Excel%APPDATA%\Microsoft\Forms%APPDATA%\Microsoft\InterConnect%APPDATA%\Microsoft\MS Project%APPDATA%\Microsoft\Office%APPDATA%\Microsoft\OneNote%APPDATA%\Microsoft\Outlook%APPDATA%\Microsoft\PowerPoint%APPDATA%\Microsoft\Proof%APPDATA%\Microsoft\Publisher%APPDATA%\Microsoft\Publisher Building Blocks%APPDATA%\Microsoft\Queries%APPDATA%\Microsoft\QuickStyles%APPDATA%\Microsoft\SharePoint Designer%APPDATA%\Microsoft\Signatures%APPDATA%\Microsoft\Stationery%APPDATA%\Microsoft\Templates%APPDATA%\Microsoft\UProof%APPDATA%\Microsoft\Word%APPDATA%\Microsoft\Media Catalog%APPDATA%\Microsoft\Graph%APPDATA%\Microsoft\InfoPath%APPDATA%\Microsoft\Themes%APPDATA%\Microsoft\OIS%APPDATA%\Microsoft\VSTAHost%APPDATA%\Microsoft\VSCommon%APPDATA%\Microsoft\VSTA%APPDATA%\Microsoft\Web Server Extensions%APPDATA%\Microsoft\IMJP10%APPDATA%\Microsoft\IME12%APPDATA%\Microsoft\IMJP8_1%APPDATA%\Microsoft\IMJP9_0%APPDATA%\Microsoft\IMJP12

Delivering Office with App-V – The User Profile is post from stealthpuppy.com. Except as noted otherwise, this work is ©2005-2011 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Preface: I don’t speak legalese and this post is based on my own intepretation of the iTunes distribution agreement.

I’ve previously talked about virtualizing Apple iTunes with App-V; however after taking a look through the distribution agreements that you’re supposed to accept, I’m under the impression that doing so doesn’t adhere to the agreement.

If you’re looking to distribute iTunes and QuickTime in your environment, Apple requires that you obtain an agreement to do so. There are two agreements – one for universities and another for corporations (uni’s actually have 2 – one for CD distribution, another for distribution from a server).

Here’s a quote from the university CD distribution agreement:

Licensee may not modify or alter the Software, or the Apple End User Agreement that accompanies the Software. The Software must be installed as part of the default installation of the Bundle without any additional action or selection required by the End User, using the installer provided by Apple. Installation must include all files as installed by such installer and Licensee must not interfere with the installer’s placement of the software alias icons on the desktop.

And here’s a quote from the corporate site license:

Licensee may not modify or alter the Software, the Apple installer or the Apple End User Agreement that accompanies the Software as provided by Apple to Licensee. As a condition of the rights granted herein, each installation of the iTunes and QuickTime Software must result in the iTunes and QuickTime Player icon residing on the desktop of each authorised user.

Based on my recipe for iTunes, I understand the process of virtualising the application to be breaking the agreement because we are doing a few things:

• Extracting the MSI’s from the iTunes installer – breaking the Apple installer
• Accepting the End User Agreement during the monitoring phase
• Probably not delivering the iTunes and QuickTime shortcuts to the desktop

I could configure my package such that the user still needs to accept the license agreement, but in a corporate environment do you really want to have to let users do that?

I could also deliver the iTunes and QuickTime shortcuts to the user’s desktop, but most users already have enough shortcuts and files on their desktops, I’m not going to force more on them. Forcing desktop shortcuts on users isn’t great user experience and quite frankly, Apple’s not going to dictate the user experience in my environment.

But ultimately it’s point 1 that has me concerned – if you interpret the agreement to the letter, then it sounds like application virtualization is breaking that agreement.

What do you think?

Is it legal to virtualize Apple iTunes? is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Great news – the first annual European App-V User Group has been announced, for Friday November 18, 2011 9:00 AM to be held at Microsoft HQ, in the Netherlands:

Welcome to our first annual European App-V User Group conference.

After a successful German edition in 2010, we were overwhelmed by the positive reactions, so we decided to expand our reach to the whole of Europe. We decided to see how many App-V experts we could gather on one event. Up till now we have 8 (!) out of 16 worldwide App-V MVPs found willing to attend the event and share their thoughts on App-V. This is almost the entire Europe based App-V MVP population!

The initiative is focused on bringing people from the App-V community together to learn about Microsoft App-V from the experts and share experiences and knowledge with each other. The event is sponsored by stakeholding companies, but is free of commercial messaging and gives an independent insight in the Microsoft App-V market.

We invite you to register for FREE and we are looking forward to welcome you on the event.

Keep an eye on the Twitter hashtag #AppVUG for more news, and sign up at the site if you’d like to attend. I’ll be there and presenting a session on virtualising Office with App-V.

First Annual European App-V User Group is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

It’s easy to virtualize Firefox with App-V; however getting it right takes a little more effort. Here’s how to successfully sequence Mozilla Firefox 7.x.

What you lose by virtualizing Firefox

Virtualizing Firefox with App-V will isolate the application from the OS, so the following features will not be available once Firefox has been sequenced:

• Firefox Jump Lists in the Start Menu and Taskbar
• The ability set the browser as default

Managing the Firefox profile – virtualize or not?

Firefox stores preferences, extensions and other user data in:

• %APPDATA%\Mozilla (preferences, bookmarks etc.); and
• %LOCALAPPDATA%\Mozilla (browser cache)

The default behaviour of the App-V Sequencer is to exclude %LOCALAPPDATA% – this is a good thing and I don’t recommend removing this exclusion.

%APPDATA% will be included by default and whether you leave this location included in the package will depend on your specific deployment requirements; however my recommendation is to exclude this location by adding %CSIDL_APPDATA%\Mozilla to the exclusion list in your sequence. On the client, Firefox will then create a new profile in the real file system when the user starts the browser for the first time.

There are several reasons why this approach is a good idea:

• Some of the configuration files within the Firefox profile include hard-codes paths – challenging if your App-V virtual drive changes between clients
• Virtualizing the profile increases the complexity of upgrading Firefox packages especially challenging given Mozilla’s new approach to Firefox releases. By storing the Firefox profile on the real file system, Firefox can be deployed via completely unrelated packages – no need to create upgrade versions
• Users can potentially create multiple Firefox profiles, with each stored in the users’ PKG file. The minimum size for a new Firefox profile is 12Mb – the PKG file will grow by 12Mb for each new Firefox profile created

By excluding %APPDATA% and not virtualizing the user profile you will gain some flexibility with your Firefox deployment.

Configuring Firefox Defaults

If a Firefox profile is not virtualized within the package any options set during the monitoring phase won’t be captured. Fortunately Firefox can be configured with defaults for any new profile so that it will contain your required configuration options.

Mozilla has made it easy to deploy custom default settings and preferences – by adding files to %ProgramFiles%\Mozilla Firefox\defaults\profile, new Firefox profiles will pick up a copy of these files when the profile is created.

I will walk through adding a couple of files to this location for to ensure that any new Firefox profile receives the required ; however you can find more detailed documentation on this feature in the following articles:

• Enterprise Build Of Firefox For Deployment

Firefox features to disable

There are a couple of features that should be disabled when running Firefox under App-V:

• Automatic updates for Firefox – Options / Advanced / Update – Automatically check for updates to: Firefox. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
• Default browser check – Options / Advanced / General – Always check to see if Firefox is the default browser on startup. Once Firefox is isolated from the OS, the user won’t be able to make it the default browser

user.js is used to configure Firefox options and enforce them and UserChrome.css is used to remove those options from the user interface.

Available below is a copy of user.js that disables automatic updates of Firefox and checking whether it is the default browser:

Firefox user.js

Here is a copy of userChrome.css that will remove updates and default browser options from user interface:

Firefox userChrome.css

Sequencing Platform

The Firefox version available from Mozilla is an x86 application (x64 build are available from other sources), so I recommend sequencing Firefox on Windows 7 x86 virtual machine even though you may be deploying to 64-bit Windows.

I’ve used a VFS install, so I have configured a second virtual hard disk to host the Q: drive. If you would prefer a MNT install just change the install folder when installing Firefox.

Sequencer Configuration

Before Sequencing, add the following exclusions:

• %CSIDL_APPDATA%\Mozilla
• %CSIDL_COMMON_APPDATA%\Microsoft\RAC
• \REGISTRY\USER\%SFT_SID%\Software\Microsoft\Windows\CurrentVersion\Internet Settings

If you are adding Adobe Flash Player to the package, add these exclusions as well:

• %CSIDL_APPDATA%\Adobe
• %CSIDL_APPDATA%\Macromedia
• %CSIDL_WINDOWS%\Installer

I have included these in a Package Template for Firefox that you can download from here:

App-V Package Template for Firefox

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. Sequencing Firefox will require the following steps:

• Install Firefox
• Configure profile defaults
• Optionally add global add-ons and install plug-ins such as Adobe Flash Player

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Firefox package if required.

• Mozilla Firefox installer command line arguments – use the INI file approach to control where Firefox is installed and to prevent the addition of a desktop shortcut, if required
• After installing Firefox, copy user.js to %ProgramFiles%\Mozilla Firefox\defaults\profile
• Copy userChrome.css to %ProgramFiles%\Mozilla Firefox\defaults\profile\chrome
• Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
• If you are including Adobe Flash player in the package, be sure to disable the auto-update notification

For an example script that will automate the install and configuration of Firefox, see the script below:

Firefox 7 Install Script for App-V

Shortcuts

If the monitoring phase was successful the Sequencer should create a single shortcut for Firefox. If you are including Flash 10.4 or above in the package, add an additional shortcut for the Flash Player Control Panel applet using “C:\Windows\System32\FlashPlayerCPLApp.cpl” as the target.

First Run Tasks and Primary Feature Block

If the steps above have been followed for exclusions, installation and configuration of Firefox, there will be no first run tasks to complete. Additionally the resultant package will be reasonably small so there is no need to create the Primary Feature Block.

Because you don’t need to complete first run tasks or create the Primary Feature Block, you could automate the entire end-to-end process of creating a Firefox package using the App-V Sequencer command-line interface.

Finally

Save your package and deploy. With compression enabled, the package should be around 22Mb.

Sequencing Mozilla Firefox 7 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.