10324A ENU TrainerHandbook

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T
10324A
Implementing and Managing Microsoft
Desktop Virtualization
ii Implementing and Managing Microsoft Desktop Virtualization
Information in this document, including URL and other Internet Web site references, is subject to change without notice.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain
name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright
laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be
reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no
representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the
products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of
Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of
Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any
changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from
any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply
endorsement of Microsoft of the site or the products contained therein.
2010 Microsoft Corporation. All rights reserved.
Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
All other trademarks are property of their respective owners.
Product Number: 10324A
Part Number: X17-41915

Released: 10/2010
MICROSOFT LICENSE TERMS
OFFICIAL MICROSOFT LEARNING PRODUCTS - TRAINER EDITION
Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They apply to the Licensed
Content named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft
updates,
supplements,
Internet-based services, and
support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply.
By using the Licensed Content, you accept these terms. If you do not accept them, do not use the Licensed
Content.
If you comply with these license terms, you have the rights below.
1. DEFINITIONS.
a. Academic Materials means the printed or electronic documentation such as manuals, workbooks, white papers,
press releases, datasheets, and FAQs which may be included in the Licensed Content.
b. Authorized Learning Center(s) means a Microsoft Certified Partner for Learning Solutions location, an IT
Academy location, or such other entity as Microsoft may designate from time to time.
c. Authorized Training Session(s) means those training sessions authorized by Microsoft and conducted at or
through Authorized Learning Centers by a Trainer providing training to Students solely on Official Microsoft Learning
Products (formerly known as Microsoft Official Curriculum or MOC) and Microsoft Dynamics Learning Products
(formerly know as Microsoft Business Solutions Courseware). Each Authorized Training Session will provide training on
the subject matter of one (1) Course.
d. Course means one of the courses using Licensed Content offered by an Authorized Learning Center during an
Authorized Training Session, each of which provides training on a particular Microsoft technology subject matter.
e. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or analog device.
f. Licensed Content means the materials accompanying these license terms. The Licensed Content may include, but
is not limited to, the following elements: (i) Trainer Content, (ii) Student Content, (iii) classroom setup guide, and (iv)
Software. There are different and separate components of the Licensed Content for each Course.
g. Software means the Virtual Machines and Virtual Hard Disks, or other software applications that may be included
with the Licensed Content.
h. Student(s) means a student duly enrolled for an Authorized Training Session at your location.
i. Student Content means the learning materials accompanying these license terms that are for use by Students and
Trainers during an Authorized Training Session. Student Content may include labs, simulations, and courseware files
for a Course.
j. Trainer(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer and b) such other
individual as authorized in writing by Microsoft and has been engaged by an Authorized Learning Center to teach or
instruct an Authorized Training Session to Students on its behalf.
k. Trainer Content means the materials accompanying these license terms that are for use by Trainers and Students,
as applicable, solely during an Authorized Training Session. Trainer Content may include Virtual Machines, Virtual Hard
Disks, Microsoft PowerPoint files, instructor notes, and demonstration guides and script files for a Course.
l. Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as a base virtual hard
disk or differencing disks) for a Virtual Machine that can be loaded onto a single computer or other device in order to
allow end-users to run multiple operating systems concurrently. For the purposes of these license terms, Virtual Hard
Disks will be considered Trainer Content.
m. Virtual Machine means a virtualized computing experience, created and accessed using Microsoft Virtual PC or
Microsoft Virtual Server software that consists of a virtualized hardware environment, one or more Virtual Hard Disks,
and a configuration file setting the parameters of the virtualized hardware environment (e.g., RAM). For the purposes
of these license terms, Virtual Hard Disks will be considered Trainer Content.
n. you means the Authorized Learning Center or Trainer, as applicable, that has agreed to these license terms.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and electronic), Trainer Content,
Student Content, classroom setup guide, and associated media.
License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center location or per Trainer
basis.
3. INSTALLATION AND USE RIGHTS.
a. Authorized Learning Centers and Trainers: For each Authorized Training Session, you may:
i. either install individual copies of the relevant Licensed Content on classroom Devices only for use by Students
enrolled in and the Trainer delivering the Authorized Training Session, provided that the number of copies in use
does not exceed the number of Students enrolled in and the Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by classroom Devices and
only for use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided that the
number of Devices accessing the Licensed Content on such server does not exceed the number of Students
enrolled in and the Trainer delivering the Authorized Training Session.
iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to use the Licensed
Content that you install in accordance with (ii) or (ii) above during such Authorized Training Session in accordance
with these license terms.
i. Separation of Components. The components of the Licensed Content are licensed as a single unit. You may not
separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license terms will apply to
the use of those third party programs, unless other terms accompany those programs.
b. Trainers:
i. Trainers may Use the Licensed Content that you install or that is installed by an Authorized Learning Center on a
classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content. You may install
and Use one copy of the Licensed Content on the licensed Device solely for your own personal training Use and
for preparation of an Authorized Training Session.
B. Portable Device. You may install another copy on a portable device solely for your own personal training Use
and for preparation of an Authorized Training Session.
4. PRE-RELEASE VERSIONS. If this is a pre-release (beta) version, in addition to the other provisions in this agreement,
these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not contain the same
information and/or work the way a final version of the Licensed Content will. We may change it for the final,
commercial version. We also may not release a commercial version. You will clearly and conspicuously inform any
Students who participate in each Authorized Training Session of the foregoing; and, that you or Microsoft are under no
obligation to provide them with any further content, including but not limited to the final released version of the
Licensed Content for the Course.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to Microsoft, without
charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to
third parties, without charge, any patent rights needed for their products, technologies and services to use or interface
with any specific parts of a Microsoft software, Licensed Content, or service that includes the feedback. You will not
give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties
because we include your feedback in them. These rights survive this agreement.
c. Confidential Information. The Licensed Content, including any viewer, user interface, features and documentation
that may be included with the Licensed Content, is confidential and proprietary to Microsoft and its suppliers.
i. Use. For five years after installation of the Licensed Content or its commercial release, whichever is first, you
may not disclose confidential information to third parties. You may disclose confidential information only to
your employees and consultants who need to know the information. You must have written agreements with
them that protect the confidential information at least as much as this agreement.
ii. Survival. Your duty to protect confidential information survives this agreement.
iii. Exclusions. You may disclose confidential information in response to a judicial or governmental order. You
must first give written notice to Microsoft to allow it to seek a protective order or otherwise protect the
information. Confidential information does not include information that
becomes publicly known through no wrongful act;
you received from a third party who did not breach confidentiality obligations to Microsoft or its suppliers;
or
you developed independently.
d. Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs you is the end date
for using the beta version, or (ii) the commercial release of the final release version of the Licensed Content, whichever
is first (beta term).
e. Use. You will cease using all copies of the beta version upon expiration or termination of the beta term, and will
destroy all copies of same in the possession or under your control and/or in the possession or under the control of any
Trainers who have received copies of the pre-released version.
f. Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta version (in either print
and/or CD version) and distribute such copies to Students and/or Trainers. If Microsoft allows such distribution, you
will follow any additional terms that Microsoft provides to you for such copies and distribution.
5. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.
a. Authorized Learning Centers and Trainers:
i. Software.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft Windows Vista,
Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced Server and/or other Microsoft products
which are provided in Virtual Hard Disks.
A. If the Virtual Hard Disks and the labs are launched through the Microsoft Learning Lab Launcher,
then these terms apply:
Time-Sensitive Software. If the Software is not reset, it will stop running based upon the time indicated on the
install of the Virtual Machines (between 30 and 500 days after you install it). You will not receive notice before
it stops running. You may not be able to access data used or information saved with the Virtual Machines
when it stops running and may be forced to reset these Virtual Machines to their original state. You must
remove the Software from the Devices at the end of each Authorized Training Session and reinstall and launch
it prior to the beginning of the next Authorized Training Session.
B. If the Virtual Hard Disks require a product key to launch, then these terms apply:
Microsoft will deactivate the operating system associated with each Virtual Hard Disk. Before installing any
Virtual Hard Disks on classroom Devices for use during an Authorized Training Session, you will obtain from
Microsoft a product key for the operating system software for the Virtual Hard Disks and will activate such
Software with Microsoft using such product key.
C. These terms apply to all Virtual Machines and Virtual Hard Disks:
You may only use the Virtual Machines and Virtual Hard Disks if you comply with the terms and
conditions of this agreement and the following security requirements:
o You may not install Virtual Machines and Virtual Hard Disks on portable Devices or Devices that are
accessible to other networks.
o You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at the end of each
Authorized Training Session, except those held at Microsoft Certified Partners for Learning Solutions
locations.
o You must remove the differencing drive portions of the Virtual Hard Disks from all classroom Devices at
the end of each Authorized Training Session at Microsoft Certified Partners for Learning Solutions locations.
o You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or downloaded from
Devices on which you installed them.
o You will strictly comply with all Microsoft instructions relating to installation, use, activation and
deactivation, and security of Virtual Machines and Virtual Hard Disks.
o You may not modify the Virtual Machines and Virtual Hard Disks or any contents thereof.
o You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an Authorized Training
Session will be done in accordance with the classroom set-up guide for the Course.
iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip art, animations,
sounds, music, shapes, video clips and templates provided with the Licensed Content solely in an Authorized
Training Session. If Trainers have their own copy of the Licensed Content, they may use Media Elements for their
personal training use.
iv. iv Evaluation Software. Any Software that is included in the Student Content designated as Evaluation
Software may be used by Students solely for their personal training outside of the Authorized Training Session.
b. Trainers Only:
i. Use of PowerPoint Slide Deck Templates . The Trainer Content may include Microsoft PowerPoint slide decks.
Trainers may use, copy and modify the PowerPoint slide decks only for providing an Authorized Training Session.
If you elect to exercise the foregoing, you will agree or ensure Trainer agrees: (a) that modification of the slide
decks will not constitute creation of obscene or scandalous works, as defined by federal law at the time the work is
created; and (b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training Session, Trainers may
customize and reproduce, in accordance with the MCT Agreement, those portions of the Licensed Content that are
logically associated with instruction of the Authorized Training Session. If you elect to exercise the foregoing
rights, you agree or ensure the Trainer agrees: (a) that any of these customizations or reproductions will only be
used for providing an Authorized Training Session and (b) to comply with all other terms and conditions of this
agreement.
iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and use the Academic
Materials. You may not make any modifications to the Academic Materials and you may not print any book (either
electronic or print version) in its entirety. If you reproduce any Academic Materials, you agree that:
The use of the Academic Materials will be only for your personal reference or training use
You will not republish or post the Academic Materials on any network computer or broadcast in any media;
You will include the Academic Materials original copyright notice, or a copyright notice to Microsofts benefit in
the format provided below:
Form of Notice:
2010 Reprinted for personal reference use only with permission by Microsoft Corporation. All
rights reserved.
Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of
Microsoft Corporation in the US and/or other countries. Other product and company names
mentioned herein may be the trademarks of their respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed Content. It may change
or cancel them at any time. You may not use these services in any way that could harm them or impair anyone elses use
of them. You may not use the services to try to gain unauthorized access to any service, data, account or network by any
means.
7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights to use the
Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation,
you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any
technical limitations in the Licensed Content that only allow you to use it in certain ways. You may not
install more copies of the Licensed Content on classroom Devices than the number of Students and the Trainer in the
Authorized Training Session;
allow more classroom Devices to access the server than the number of Students enrolled in and the Trainer delivering
the Authorized Training Session if the Licensed Content is installed on a network server;
copy or reproduce the Licensed Content to any server or location for further reproduction or distribution;
disclose the results of any benchmark tests of the Licensed Content to any third party without Microsofts prior written
approval;
work around any technical limitations in the Licensed Content;
reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent that applicable law
expressly permits, despite this limitation;
make more copies of the Licensed Content than specified in this agreement or allowed by applicable law, despite this
limitation;
publish the Licensed Content for others to copy;
transfer the Licensed Content, in whole or in part, to a third party;
access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not been authorized
by Microsoft to access and use;
rent, lease or lend the Licensed Content; or
use the Licensed Content for commercial hosting services or general business purposes.
Rights to access the server software that may be included with the Licensed Content, including the Virtual Hard Disks
does not give you any right to implement Microsoft patents or other Microsoft intellectual property in software or
devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must
comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws
include restrictions on destinations, end users and end use. For additional information, see
www.microsoft.com/exporting.
9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed Content marked as NFR
or Not for Resale.
10. ACADEMIC EDITION. You must be a Qualified Educational User to use Licensed Content marked as Academic Edition
or AE. If you do not know whether you are a Qualified Educational User, visit www.microsoft.com/education or contact
the Microsoft affiliate serving your country.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail to comply with
the terms and conditions of these license terms. In the event your status as an Authorized Learning Center or Trainer a)
expires, b) is voluntarily terminated by you, and/or c) is terminated by Microsoft, this agreement shall automatically
terminate. Upon any termination of this agreement, you must destroy all copies of the Licensed Content and all of its
component parts.
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and
support services that you use, are the entire agreement for the Licensed Content and support services.
13. APPLICABLE LAW.
a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the
interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws
of the state where you live govern all other claims, including claims under state consumer protection laws, unfair
competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country
apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country.
You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does
not change your rights under the laws of your country if the laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed as-is. You bear the risk of using it.
Microsoft gives no express warranties, guarantees or conditions. You may have additional consumer rights
under your local laws which this agreement cannot change. To the extent permitted under your local laws,
Microsoft excludes the implied warranties of merchantability, fitness for a particular purpose and non-
infringement.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT AND
ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES,
INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
anything related to the Licensed Content, software, services, content (including code) on third party Internet sites, or
third party programs; and
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the
extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or
exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential
or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement
are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses dans ce contrat
sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute utilisation de ce
contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie expresse. Vous pouvez
bnficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier.
La ou elles sont permises par le droit locale, les garanties implicites de qualit marchande, dadquation un usage particulier
et dabsence de contrefaon sont exclues.
LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES DOMMAGES. Vous
pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement hauteur de
5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres dommages, y compris les dommages spciaux,
indirects ou accessoires et pertes de bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code) figurant sur des sites
Internet tiers ou dans des programmes tiers ; et
les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit stricte, de ngligence ou
dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage. Si votre pays
nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects, accessoires ou de quelque nature que
ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas votre gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits prvus par les lois
de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre pays si celles-ci ne le
permettent pas.
Implementing and Managing Microsoft Desktop Virtualization ix
x Implementing and Managing Microsoft Desktop Virtualization
Acknowledgements
Microsoft Learning would like to acknowledge and thank the following for their contribution towards
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.
Gary DunlopContent Developer

Gary Dunlop is based in Winnipeg, Canada and is a technical consultant and trainer for Broadview
Networks. He has authored a number of Microsoft Learning titles and has been an MCT since 1997.
Damir Dizdarevic Content Developer

Damir Dizdarevic is a manager of the Learning Center at Logosoft d.o.o. (Sarajevo, Bosnia and
Herzegovina) and an MCT. He has worked as a subject matter expert and technical reviewer on several
MOC courses, and has published more than 350 articles in various IT magazines such as Windows ITPro.
He is an MVP for Windows Server Infrastructure Management, and an MCSE, MCTS, and MCITP (Windows
Server 2008 and Exchange Server 2007). He specializes in Windows Server and Exchange Server.
Slavko Kukrika Content Developer

Slavko Kukrika has been a Microsoft Certified Trainer (MCT) for over 12 years. He holds title Business
Desktop Deployment Specialist among others. He has delivered many courses on standardized desktop
deployment, on such topics as Windows Vista Preinstallation and Microsoft Deployment Toolkit.
Stan Reimer Content Developer

Stan Reimer is president of S. R. Technical Services Inc, and he works as a consultant, trainer and author.
Stan has extensive experience consulting on Active Directory and Exchange Server deployments for some
of the largest companies in Canada. Stan is the lead author for two Active Directory books for Microsoft
Press, and is currently working on an Exchange Server 2010 Best Practices book, also for Microsoft Press.
For the last six years, Stan has been writing courseware for Microsoft Learning, specializing in Active
Directory and Exchange Server courses. Stan has been an MCT for 11 years.
Nelson Ruest Technical Reviewer

Nelson Ruest is a technology futurist, who is focused on virtualization and constant service delivery.
Together with his partner, Danielle Ruest, Nelson has written more than a dozen books and hundreds of
articles on Microsoft technologies. He recently concluded an extended multicity tour on virtualization in
the US.
Implementing and Managing Microsoft Desktop Virtualization xi
Contents
Module 1: Overview of Desktop and Application Virtualization
Lesson 1: Overview of Virtualization 1-3
Lesson 2: Overview of Virtualization Management 1-20
Lesson 3: Planning an Application and Desktop Virtualization
Deployment 1-38
Lab: Planning Desktop Virtualization Scenarios 1-52
Module 2: Implementing Windows Virtual PC and Windows XP Mode

Lesson 1: Installing Windows Virtual PC 2-3
Lesson 2: Configuring Windows Virtual PC 2-20
Lesson 3: Installing, Configuring, and Managing the
Windows XP Mode 2-35
Lesson 4: Creating and Deploying Custom Images of
Lab: Implementing Windows Virtual PC and Windows XP Mode 2-53
Module 3: Implementing Microsoft Enterprise Desktop Virtualization

Lesson 1: Overview of MED-V 3-3
Lesson 2: Implementing MED-V Management Servers 3-16
Lesson 3: Implementing a MED-V Client 3-23
Lab: Implementing MED-V 3-31
Module 4: Configuring and Deploying MED-V Images

Lesson 1: Configuring MED-V Images 4-3
Lesson 2: Deploying MED-V Images 4-16
Lab: Configuring and Deploying MED-V Images 4-25
Module 5: Managing a MED-V Deployment

Lesson 1: Implementing the MED-V Workspace Policy 5-3
Lesson 2: Working with a MED-V Workspace 5-17
Lesson 3: Reporting and Troubleshooting MED-V 5-26
Lab: Managing a MED-V Deployment 5-34
Module 6: Implementing Microsoft Application Virtualization

Lesson 1: Introduction to Application Virtualization 6-3
Lesson 2: Planning for Application Virtualization 6-15
Lesson 3: Deploying Application Virtualization Servers 6-27
Lab: Implementing Application Virtualization 6-36
Module 7: Planning and Deploying App-V Clients

xii Implementing and Managing Microsoft Desktop Virtualization
Lesson 1: Overview of the App-V Client 7-3

Lesson 2: Installing and Configuring the App-V Client 7-14
Lab A: Deploying the App-V Client in Stand-Alone Mode 7-24
Lesson 3: Managing Client Configuration Features 7-28
Lab B: Managing Client Configuration Features 7-41
Module 8: Managing and Administering Application Virtualization

Lesson 1: Using the Application Virtualization Management Console 8-3
Lesson 2: Publishing Applications into the App-V Environment 8-12
Lab A: Publishing Applications in the App-V Environment 8-27
Lesson 3: Performing Advanced Administration Tasks for
Application Virtualization 8-32
Lab B: Implementing License Enforcement 8-43
Module 9: Sequencing Applications for Virtualization

Lesson 1: Overview of Application Sequencing 9-3
Lesson 2: Planning and Configuring the Sequencer Environment 9-11
Lesson 3: Performing Application Sequencing 9-19
Lesson 4: Advanced Sequencing Scenarios 9-27
Lab: Sequencing Applications for Virtualization 9-37
Module 10: Configuring Remote Desktop Services and RemoteApp

Lesson 1: Overview of RDS 10-3
Lesson 2: Publishing RemoteApp Programs by Using RDS 10-13
Lesson 3: Accessing RemoteApp Programs from Clients 10-27
Lab: Configuring RDS and RemoteApp Programs 10-42
Module 11: Implementing User State Virtualization

Lesson 1: Overview of User State 11-3
Lesson 2: Configuring Roaming Profiles and Folder Redirection 11-15
Lab: Implementing User State Virtualization 11-30
Module 12: Configuring Virtual Desktop Infrastructure

Lesson 1: Overview of Windows Server 2008 R2 Hyper-V 12-3
Lesson 2: Introduction to VDI 12-17
Lesson 3: Configuring Personal and Pooled Virtual Desktops 12-31
Lab: Configuring Virtual Desktop Infrastructure 12-42
Module 13: Summary of Desktop Virtualization Technologies

Lesson 1: Review of Desktop Virtualization Technologies 13-3
Lesson 2: Real-World Usage Scenarios 13-17
Lab Answer Keys

About This Course xiii
About This Course

This section provides you with a brief description of the course, audience, suggested prerequisites, and
course objectives.
Course Description
This five-day, instructor-led course provides you with the knowledge and skills to implement and manage
desktop virtualization solutions. This course provides an overview of virtualization and the various
Microsoft products that you can use to implement and deploy a virtualization solution. The course
explains how to configure and manage a MED-V deployment. Then, it describes the procedures for
deploying an App-V solution by implementing App-V servers and clients and by sequencing applications.
The course then covers the configuration of Remote Desktop Services and RemoteApp programs. Finally,
the course describes the concept of user state virtualization and procedures for configuring the Virtual
Desktop Infrastructure (VDI).
Audience
This course is intended for Microsoft Windows Server 2008 system and desktop administrators who
will manage and implement desktop and application virtualization technologies within their networks.
The students for this course typically are responsible for implementing their organizations desktop and
application virtualization, or their information technology (IT) management has directed them to research
and/or implement desktop and application virtualization in the existing environment. Students should
have a minimum of 1.5 years of experience working with Windows Server 2008 as a server or desktop
administrator. This course does not require prior experience with virtualization. However, we highly
recommend familiarity with virtualization concepts and management tools.
Student Prerequisites
This course requires that you meet the following prerequisites:
Basic skills with Windows Command line
Monitoring and Management Tools
Networking
AD DS, including Group Policy deployments
Performance Monitoring
Troubleshooting
Course Objectives
After completing this course, students will be able to:
Plan desktop virtualization scenarios.
Implement and configure Windows Virtual PC and the Windows XP mode.
Implement Microsoft Enterprise Desktop Virtualization.
Configure and deploy MED-V images.
Manage a MED-V deployment.
Implement App-V servers.
Plan and deploy Application Virtualization clients.
xiv About This Course
Administer the App-V infrastructure by using the App-V Management Console.

Sequence applications for deployment by using the App-V infrastructure or a standalone installation.
Configure and use Remote Desktop Services and RemoteApp programs.
Implement user state virtualization.
Configure and use Virtual Desktop Infrastructure.
Course Outline
This section provides an outline of the course:
Module 1, Overview of Desktop and Application Virtualization
Many organizations are exploring the use of virtualization to optimize their information technology
environment and to streamline their IT management practices. Microsoft provides several products and
technologies that enable organizations to implement virtualization solutions in many different ways. This
module provides an overview of the Microsoft virtualization technologies and provides information on
planning and managing virtualized environments.
Module 2, Implementing Windows Virtual PC and Windows XP Mode
Windows 7 has introduced new version of Microsoft Virtual PC software, to support creating virtual
machines with various operating systems within same virtual environment. Also, Windows 7 brings
Windows XP Mode, a pre-created virtual machine with Windows XP Professional SP3 installed, for
supporting older applications and to make migration to Windows 7 more convenient. In this module, you
will learn how to configure and use Windows Virtual PC, virtual machines as well as how to use Windows
XP Mode.
Module 3, Implementing Microsoft Enterprise Desktop Virtualization
Microsoft Enterprise Desktop Virtualization (MED-V) is an enterprise solution that enables incompatible or
unsupported applications to be available in a virtual environment, and then used by the end users as if
they were installed locally on their computers. However, the applications availability from the virtual
environment is seamless, or invisible, to the user. It provides a virtual environment for legacy applications,
and it enables central administration of applications.
MED-V is built on Windows Virtual PC 2007 Service Pack 1 (SP1), and it is available for Windows clients
such as the Windows XP, Windows Vista, and Windows 7 operating systems.
Module 4, Configuring and Deploying MED-V Images
MED-V uses virtualization to provide an isolated environment, in which you can run legacy applications
and publish applications to the host. A virtual image contains the virtual machine and MED-V enables
central management of the images. There are certain prerequisites that you must meet when you create a
MED-V image. This module describes the purpose and functionality of MED-V images, and the procedures
for configuring and testing of the images. The module also explains how to pack and upload MED-V
images to the image repository on a MED-V server.
Module 5, Managing a MED-V Deployment
Managing the MED-V environment typically is one of the most time-consuming activities for MED-V
administrators. After you deploy the MED-V infrastructure, you must define MED-V Workspaces by
configuring MED-V policies. You then need to enable the workspaces for the users and set options to
configure the workspaces that will be available to the users.
About This Course xv
MED-V users work in two separate environments, the host operating system and the MED-V Workspace. If
you seamlessly integrate published applications with the host, users typically cannot differentiate them
from the locally installed applications.
Besides a configurable virtual environment and a seamless integration with the host, MED-V also provides
reporting and diagnostics capability. The reporting feature requires Microsoft SQL Server, and it logs
MED-V events and provides three basic report types. The MED-V client provides a diagnostics mode,
policy updates, and diagnostic log gathering that you can use to troubleshoot MED-V issues.
Module 6, Implementing Microsoft Application Virtualization
The Microsoft Application Virtualization 4.5 Service Pack 1 (App-V 4.5 SP1) and the App-V 4.6 client and
sequencer software provide the latest updates to application virtualization technology. This release
includes new capabilities that make it easy for enterprise Information Technology (IT) organizations to
support large-scale, global application virtualization implementations. This module provides an overview
of application virtualization and App-V components. The module also covers the App-V infrastructure, the
deployment scenarios, and the procedures for installing and configuring App-V servers and App-V clients.
Module 7, Planning and Deploying App-V Clients
The App-V Client software is the one component that you always require to implement Microsoft App-V
solutions. Therefore, deploying the App-V client requires careful consideration of various factors. You
should consider the best client to deploy, the method of deployment, and the configurations required for
the deployment. You should also be aware of the prerequisites for installing the client.
This module provides an overview of the desktop and remote desktop client including the several
installation methods. The module also describes the recommendations for deploying and managing the
App-V client.
Module 8, Managing and Administering Application Virtualization

After you deploy the Microsoft Application Virtualization (App-V) infrastructure, you should be able to
manage and administer the App-V solution by using the Application Virtualization Management Console
to perform daily management tasks. This console enables you to control the entire App-V environment
from a single workstation. You deploy the Application Virtualization Management Console on the
administrative workstation, and then use it to perform administrative tasks, such as publishing virtualized
applications, modifying published applications, and configuring version upgrades.
This module provides an overview of the Application Virtualization Management Console and the
permissions that users must have to administer the App-V Management Server. The module also covers
the steps you must take to perform these administrative tasks, and how to enforce license compliance and
manage server groups and server objects.
Module 9, Sequencing Applications for Virtualization
To use applications in an App-V solution, you must first package them into a form that can run in a
virtualized environment. You can use the Microsoft Application Virtualization (App-V) Sequencer to create
these application packages.
You can sequence applications that you plan to deploy by using the App-V infrastructure or standalone
installation. By using App-V sequencing, you create a set of files that contain the all the information about
the application that is required for the application to run in a virtual environment. The App-V Sequencer
provides several packaging options that you can choose based on your specific requirements.
This module describes how to use install and configure the App-V Sequencer to create application
packages. The module also describes how to upgrade existing packages and create standalone packages.
xvi About This Course
Module 10, Configuring Remote Desktop Services and RemoteApp
Remote Desktop Services (RDS) provide a form of virtualization known as presentation virtualization.
Although you connect to a remote desktop or to individual remote applications, your experience is similar
to running local applications on your computer. With features such as device redirection, single sign-on,
and RD Easy Print, it is not easy to distinguish between remote and local applications.
This module provides an overview of Remote Desktop Services and their role services, and the procedures
for connecting to an RD Session host. The module also describes RemoteApp programs the methods for
accessing them. The module also explains how to using RD Gateway to access RDS infrastructure securely
from an external network.
Module 11, Implementing User State Virtualization
User state virtualization is a concept that allows administrators to provide more flexible client
environments, and to provide users with ability to have documents and settings following them from
computer to computer. Also, this concept provides better ability to backup and centralize user data, as
well as to prevent data loss.
This module discusses technologies that provide user state virtualization and various ways to provide
virtualization. This module also discusses how to configure roaming profiles and users folder redirection
as part of user state.
Module 12, Configuring Virtual Desktop Infrastructure
Using virtualization technologies for desktop virtualization can be very convenient. Microsoft provides
virtual desktop infrastructure (VDI) as a technology that relies on Hyper-V and Remote Desktop Services
(RDS) to enable administrators to configure virtual desktops as working environments instead of real
physical desktop computers. In order to use VDI, you should be familiar with Hyper-V, RDS as well as with
features and configuration procedures for VDI.
Module 13, Summary of Desktop Virtualization Technologies
This module summarizes the various desktop virtualization technologies that are covered in this course.
The module compares the features of these technologies, and it also provides examples of real-world
scenarios in which you would implement these virtualization technologies.
About This Course xvii
Course Materials
The following materials are included with your kit:
Course Handbook A succinct classroom learning guide that provides all the critical technical
information in a crisp, tightly-focused format, which is just right for an effective in-class learning
experience.
Lessons: Guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.
Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.
Module Reviews and Takeaways: Provide improved on-the-job reference material to boost
knowledge and skills retention.
Lab Answer Keys: Provide step-by-step lab solution guidance at your finger tips when its
needed.
Course Companion Content on the http://www.microsoft.com/learning/companionmoc/ Site:

Searchable, easy-to-navigate digital content with integrated premium on-line resources designed to
supplement the Course Handbook.
Modules: Include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and answers
and Module Reviews and Takeaways sections, which contain the review questions and answers, best
practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios
with answers.
Resources: Include well-categorized additional resources that give you immediate access to the most
up-to-date premium content on TechNet, MSDN, Microsoft Press
Student Course files on the http://www.microsoft.com/learning/companionmoc/ Site: Includes the
Allfiles.exe, a self-extracting executable file that contains all the files required for the labs and
demonstrations.
Course evaluation At the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.
To provide additional comments or feedback on the course, send e-mail to

support@mscourseware.com. To inquire about the Microsoft Certification Program, send e-mail
to mcphelp@microsoft.com.
xviii About This Course
Virtual Machine Environment

This section provides the information for setting up the classroom environment to support the business
scenario of the course.
Virtual Machine Configuration

In this course, you will use Microsoft Virtual Server 2005 R2 with SP1 to perform the labs.
The following table shows the role of each virtual machine used in this course:
Virtual machine Role

10324A-NYC-DC1 Windows Server 2008 R2 domain controller in the Contoso.com
domain
10324A -NYC-CL1 Windows 7 client in the Contoso.com domain
10324A -NYC-SVR1 Windows Server 2008 R2 member server in the Contoso.com domain
Software Configuration
The following software is installed on each VM:
Windows Server 2008 R2 Enterprise
Windows 7
Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way.
All of the virtual machines are deployed on each student computer.
Course Hardware Level

To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment
configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions
(CPLS) classrooms in which Official Microsoft Learning Product courseware are taught.
The classroom computers require the following hardware and software configuration.
Hardware Level 6
Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor
Dual 120 gigabyte (GB) hard disks 7200 RM SATA or better*
6 GB RAM expandable to 8GB or higher
DVD drive
Network adapter
Super VGA (SVGA) 17-inch monitor
About This Course xix
Microsoft Mouse or compatible pointing device

Sound card with amplified speakers
*Striped
Additionally, the instructor computer must be connected to a projection display device that supports
SVGA 1024 x 768 pixels, 16-bit colors.
xx About This Course
Overview of Desktop and Application Virtualization 1-1
Module 1
Overview of Desktop and Application Virtualization
Contents:
Lesson 1: Overview of Virtualization 1-3
Lesson 2: Overview of Virtualization Management 1-20
Lesson 3: Planning an Application and Desktop Virtualization
Deployment 1-38
Lab: Planning Desktop Virtualization Scenarios 1-52
1-2 Implementing and Managing Microsoft Desktop Virtualization
Module Overview
Many organizations are exploring the use of virtualization to optimize their information technology (IT)
environment and to streamline their IT management practices. Microsoft provides several products and
technologies that enable organizations to implement virtualization solutions in many different ways. This
module provides an overview of the available Microsoft virtualization technologies, and provides
information on planning and managing virtualized environments.
Lesson 1
Overview of Virtualization
During the last few years, virtualization has become a key component to enable organizations to deal with
the cost and complexity of managing an IT environment. You can use virtualization to decrease how much
it costs significantly to provide IT services by enabling organizations to decrease the number of physical
servers they need to provide network services and applications. You also can use virtualization to provide
new options for deploying or managing applications for users.
This lesson provides an overview of the various options available for enabling virtualization within the IT
infrastructure.
Challenges of Traditional Network Environments
Key Points
Most organizations consider using virtualization because of the challenges that they are facing and the
associated benefits that it provides. The following sections describe some of the challenges that
organizations are facing.
Data Centers Are Reaching Capacity

In many organizations, data centers quickly reach capacity for power and space. These organizations
frequently deploy new servers for every new project or requirement. However, most organizations find it
cost-prohibitive to build new data centers.
Data centers also require large amounts of power for cooling and running servers. As the cost of
electricity increases, this can add significant cost to running the IT infrastructure and waste resources.
Server Utilization Is Very Low

Most servers run at very low utilization, which is a problem that often exacerbates capacity for data
centers. It is common for servers to run at less than 10 percent of capacity. This issue typically develops
over time as organizations purchase more-powerful servers to replace end-of-life, underutilized servers.
For example, it is common for organizations to replace old servers that are running at less than 5 percent
utilization with new servers that are several times more powerful, but without a corresponding increase in
server load.
Managing Physical Servers Requires Significantly More Effort

As organizations have deployed more and more physical servers, the amount of effort required to
manage these servers has increased. With each server, you must manage hardware failures and replace
hardware as the warranty expires or as the hardware ages. In many cases, moving servers to new physical
hardware requires significant effort.
Supporting Legacy Systems Can Be Difficult

Legacy hardware and systems become increasingly costly to maintain. Many organizations have business
applications that were developed many years ago, and which the organizations have not upgraded to run
on new operating systems or hardware. Maintaining the old systems is expensive, and the potential of
system failure is high. However, the cost of updating the systems typically is very expensive.
Application Compatibility Can Be Complicated

Most large organizations run many different applications, frequently including different versions of the
same applications. The applications can be expensive to deploy and maintain, and they may be
incompatible, either with the operating systems that the organization deploys or with other required
applications.
User Environments Are More Flexible

In a traditional IT environment, most users work at desktop computers located in the organizations
offices. These desktop computers run a single operating system and all of the applications that users
require. However, organizations are replacing this traditional environment with a much more complex
work place. In many organizations, users work from outside the office, either as part of a mobile workforce
or from home. Users now use a wide variety of clients, including portable computers, which frequently are
disconnected from the network, Internet kiosks, home computers, and mobile devices.
Question: Why are your organizations exploring the use of virtualization?

Virtualization Modes
Key Points
Virtualization separates the components of the applications and operating system that users work with
from the actual physical components that provide the application or operating system services. For
example, virtual machines provide all of the functionality of physical servers. However, the operating
system is not tied to any particular piece of hardware, and can be made available where it is most
convenient. Applications traditionally run on an operating system that is running on a particular piece of
hardware. With application and presentation virtualization, those applications might run on a centralized
server or in a virtual environment that is completely portable to other operating systems or hardware
devices.
Virtualization Solutions
Microsoft provides virtualization solutions that address the virtualization requirements for most
organizations:
Server virtualization. Windows Server 2008 Hyper-V and Microsoft Virtual Server 2005 release 2
(R2) enable server virtualization, so that you can run multiple virtual machines on a single physical
server. This allows you to utilize server hardware resources more fully while allowing you to maintain
operational isolation and security.
Application virtualization. Application virtualization enables you to run applications in a virtualized
environment on a users desktop. Application virtualization separates the application configuration
layer from the desktop operating system, which reduces the potential for application conflicts. With
application virtualization, you isolate the application from the underlying operating system because
you encapsulate it in a virtual environment. With application virtualization, you also can configure
centralized servers to distribute the applications and simplify the distribution of updated virtual
applications. Microsoft Application Virtualization (App-V) is an example of an application
virtualization platform.
Desktop virtualization. You can provide desktop virtualization by running Microsoft Virtual PC on the
Windows Vista operating system, or Windows Virtual PC and Windows XP Mode on the Windows
7 operating system. Desktop virtualization enables you to run multiple operating systems on a single
workstation, and to run an incompatible legacy or line-of-business (LOB) application in a virtual
machine that you host on a more-current desktop operating system.
Microsoft provides a way to manage a complex desktop virtualization environment through Microsoft
Enterprise Desktop Virtualization (MED-V). With MED-V, you can create and manage a centralized
collection of Virtual PC images, and then deliver those images to client computers as necessary.
Presentation virtualization. Remote Desktop Services (RDS) in the Windows Server 2008 R2 operating
system provides presentation virtualization. RDS is an upgrade of Terminal Services, which was in
previous Windows versions. Presentation virtualization enables you to run applications and maintain
application storage on centralized servers, while providing users with a familiar application interface
on their workstations.
Microsoft also provides Virtual Desktop Infrastructure (VDI), which integrates the functionality of
presentation and desktop virtualization. With VDI, you configure desktop operating systems as virtual
machines that are hosted on a Hyper-V infrastructure. These virtual machines are made available to users
through an RDS infrastructure, so that users can connect to the virtual machines through a Remote
Desktop Protocol (RDP) connection.
User state virtualization. User state virtualization enables users to take advantage of separating their
files and profile information from a specific computer, which makes it easy for users to begin working
when you issue them a new computer. User state virtualization also makes it easy for users to move
between computers, or to experience the same desktop environment when using one of the other
virtualization technologies.
Virtualization management. One of the critical components in deploying virtualization is your ability
to manage the solution, including both the physical and virtual components. The Microsoft System
Center suite of tools provides virtualization management. Tools such as Microsoft System Center
Configuration Manager, System Center Operations Manager, and System Center Virtual Machine
Manager (VMM) provide a familiar set of tools for managing both the virtual environment and the
physical layer that hosts the virtual environment.
Cloud computing. Cloud computing enables organizations to purchase IT services from external
organizations. These IT services can include e-mail service hosting, Web site hosting, or online
applications. With cloud computing, organizations can purchase only the services that they require
without significantly increasing the cost and complexity of managing their IT infrastructure.
What Is Server Virtualization?
Key Points
Server virtualization enables you to configure one or more virtual machines that emulate a physical
computer. Multiple virtual machines can run on one physical server, with all of the virtual machines
sharing the resources available on the physical server.
Microsoft provides three products for server virtualization:
Microsoft Virtual Server 2005 R2
Windows Server 2008 Hyper-V
Windows Server 2008 R2 Hyper-V
Note: Windows Server 2008 R2 Hyper-V uses the same underlying technology to enable server
virtualization as Windows Server 2008, but it also provides improved performance and significant new
features, including Live Migration and Cluster Shared Volumes.
Benefits of Server Virtualization

Server virtualization provides many benefits, which include:
Server consolidation. Many servers that organizations deploy are underutilized. By deploying multiple
virtual machines on fewer physical servers, you can increase the server resource utilization
significantly while decreasing the number of physical servers. You can deploy many virtual machines
on one physical server. In most organizations, this will result in a significant decrease in power and
space consumption in the data centers.
Service or application isolation. Server virtualization enables you to run each service or application on
an isolated operating system. This means that you can prevent one application from impacting
another application when upgrades or changes are made. This is preferable to running multiple
applications or services on a single operating system.
Simplified server deployment. By creating standard virtual machine builds, you can deploy new server
builds more easily. Because you are deploying virtual machines rather than physical servers, you also
do not need to acquire new hardware, and locate data center space and power, for each new server.
Note: You may need to invest in new server and storage hardware when you first implement server
virtualization, but an important result of server virtualization is the decrease in the number of physical
servers that your organization has.
Increased service and application availability. Because the service or application no longer connects
directly to a specific piece of hardware, it is much easier to ensure high availability and recoverability.
With Live Migration in Windows Server 2008 R2, you can move a virtual machine to another physical
server with users experiencing little or no service outage.
Multiple operating systems can run on one consistent platform. With server virtualization, you can
deploy multiple operating system technologies on a single hardware platform. For example, you can
deploy Windows Server 2003, Windows Server 2008, and Linux on one Windows Server 2008 R2
Hyper-V host. Server virtualization also makes it much easier to replace hardware when it becomes
obsolete or fails.
What Is Desktop Virtualization?
Key Points
Desktop virtualization provides new options for deploying client desktops by enabling several ways to
virtualize the desktop. Traditionally, users work on a specific piece of hardware that is running a single
operating system and all applications.
Client-Hosted Desktop Virtualization

Client-hosted desktop virtualization uses Microsoft Virtual PC on Windows Vista and Windows Virtual PC
on Windows 7 to enable users to run multiple virtual machines on their Windows desktop. Client-hosted
desktop virtualization creates a separate environment on the desktop, allowing incompatible legacy or
LOB applications to operate within their native environment on a more-current desktop operating system.
In Windows 7, Microsoft provides a preconfigured Windows XP virtual machine that can be run as a
Windows Virtual PC virtual machine. Windows XP mode enables you to run applications seamlessly from a
Windows 7 computer or from the Windows XP virtual machine.
Virtual Desktop Infrastructure

VDI extends the concept of desktop virtualization by running client operating systems as virtual machines
on a data centers servers. This means that the virtual client computers are not running on the user
desktop, but on a centralized
Hyper-V environment in the data center. Users can interact with the virtual machines by using regular
computers or thin clients, and then establishing remote desktop connections to the virtual machines. In
Windows Server 2008, VDI has been integrated with RDP to provide a consistent client experience.
VDI enables you to centralize a users desktop for easier management. The users have an individualized
desktop experience with full administrative control over desktop and applications. Therefore, VDI can be a
very effective solution for users who need to access their work environment from anywhere, including
from a PC that their company does not own. By centralizing the management of the client virtual
machines, you do not need to be as concerned about the location or the device from which the user is
connecting.
Microsoft Enterprise Desktop Virtualization

The Microsoft Desktop Optimization Pack (MDOP) includes MED-V, which enhances the management of
the virtual machines that deploy to user desktops. MED-V adds four additional features and advantages
on top of Virtual PC to enable enterprise deployment of desktop virtualization:
A virtual image repository and delivery of images, which simplifies the process of creating, testing,
delivering, and updating virtual images.
Centralized management and monitoring, which manages the life cycle of a virtual machine.
Usage policy and data transfer control, which is an endpoint agent that enforces usage policies for
the virtual machine.
A seamless end-user experience.
What Is Application Virtualization?
Key Points
You can use application virtualization to create virtual applications that you then can distribute to user
desktops. Each virtual application includes its own registry entries, specific dynamic-link libraries (DLLs),
and other resources. When you deploy a virtual application, it uses its own copy of these shared resources.
Because the virtual application runs in an isolated environment, incompatible applications can share the
same workstation.
Microsoft App-V is an application virtualization solution.
Benefits of Application Virtualization

Application virtualization provides the following benefits:
Application virtualization enables organizations to run potentially incompatible applications on the
same client computer. Applications commonly share various application or operating system
components with other applications on the client computer. For example, one application might
require a specific version of a DLL, while another application on that system might require a different
version of the same DLL. Installing both applications may result in one of the applications overwriting
the DLL that the other requires. With application virtualization, each application can have its own
version of all required files and settings on the client computer.
Application virtualization makes preparation significantly easier. Since you encapsulate applications in
an isolated virtual environment, there is less of a requirement to test new applications for conflicts
with existing applications before you roll them out.
From the users perspective, a virtual application looks just like any other application. The user may
start it from the Start menu, from a desktop icon, or by file extension association. The application
appears in Task Manager, and it can use printers, network connections, and other resources that
attach to the machine.
Virtual applications are easy to deploy and manage. You can stream a virtual application from a
server, on demand, so the user can download it automatically the first time he needs to use it. If you
must update an application, administrators can update the servers version of the application, and the
updated files then download the next time the client computer needs to run the application.
What Is Presentation Virtualization?
Key Points
Presentation virtualization runs applications on a central server, with only the application interface, mouse
movements, and keystrokes sent across the network between the central server and the client computer.
Presentation virtualization creates virtual sessions in which the executing applications project their user
interfaces remotely. Each session might run only a single application, or it might present users with a
complete desktop that offers multiple applications.
Presentation virtualization was available for several Windows Server versions as Terminal Services. In
Windows Server 2008 R2, the name for the presentation virtualization feature is Remote Desktop Services,
or RDS.
Benefits of Presentation Virtualization

Running applications on a shared server offers several benefits, including:
You can centralize your data. This means that you can store it safely on a central server rather than on
multiple desktop machines, which improves security because information is not spread across many
different systems.
You can reduce the cost of managing applications significantly. For example, rather than updating
each application on each individual desktop, you can change only the single shared copy on the
server. Presentation virtualization also allows using simpler desktop operating system images or
specialized desktop devices, commonly called thin clients, both of which can lower management
costs.
You can combine application virtualization with presentation virtualization to reduce the issues with
incompatibilities between applications. You can install App-V applications on RDS host servers, and
then run multiple instances of potentially incompatible applications on the centralized server.
In some cases, presentation virtualization can improve performance. For example, if a client or server
application needs to access large amounts of data from a central database, it may be quicker to run
the application on an RDS host that is located close to the data, rather than pull the data across a
slow network connection to the client.
What Is Microsoft Desktop Optimization Pack?
Key Points
MDOP provides a package of desktop management and virtualization solutions that is available for
Microsoft Software Assurance customers. Many of the application and desktop virtualization products are
available as part of MDOP. MDOP includes the following components:
Microsoft App-V. This application virtualization and streaming solution transforms applications into
centrally managed services that are available when and where you need them.
Microsoft MED-V. This provides deployment and management of virtual PC images. You can deploy
these virtual PC images to user desktops to address application compatibility issues.
Microsoft Asset Inventory Service. This hosted service runs a complete scan of the software installed
on every computer in your environment, and then provides you with intelligent reports and analysis
to understand and better manage your software assets.
Microsoft Diagnostic and Recovery Toolset (DaRT). This provides powerful tools to accelerate desktop
repair for unbootable desktop computers.
Microsoft Advanced Group Policy Management. This enables Group Policy object (GPO) versioning,
change management, and delegation.
Microsoft Desktop Error Monitoring. This makes desktops more stable by causing the client to send
error messages, as they occur, to a central database.
Note: You can download all of the tools, with the exception of App-V, only as part of the MDOP. App-
V is available as a separate download.
What Is Cloud Computing?
Key Points
Cloud computing is a new virtualization option that enables organizations to purchase IT services from
Internet-based service providers or to provide IT services through the Internet. These services can include
servers, storage, or networking resources. The services may be running on virtual environments based on
Hyper-V or one of the other virtualization options. The actual server and storage deployment is largely
transparent to the users who consume the services. They typically are concerned only with being able to
access their required applications easily.
A cloud computing environment normally includes:

A data center that contains virtualization hosts and storage. In the Microsoft solution, these hosts are
running Hyper-V.
Virtual servers, storage and network resources located in the data center.
A highly available and high bandwidth network connection to the Internet.
Automated processes and tools for deploying and configuring virtual machines. These processes may
be managed entirely by the online service provider, or may be exposed to the customer to manage
their own virtual environment.
Tools for managing the interaction of local and cloud computing. Many organizations still host most
IT services locally even as they begin to move some services to the cloud. You can use this integration
tool to ensure that users can gain seamless access to both local and cloud resources. For example,
most organizations will still run Active Directory Domain Services (AD DS) locally. Ideally, users
should be able to authenticate once to their local domain, and gain access to all required services
regardless of whether they are located internally or in the cloud.
Benefits of Cloud Computing

Cloud computing provides several benefits for organizations:
Flexible deployment options. The organization may host the data center that provides cloud services
or an external hosting provider, such as Microsoft or a third party, may host it.
Scalability. In a cloud-computing scenario, all service components are virtual, which makes it very easy
to scale up or down, as necessary. For example, if an organization requires more resources, it can
deploy additional virtual machines in the data center. If the organization requires fewer resources, it
can save money by removing virtual machines or by reusing the physical resources for another
purpose.
Potential for decreased cost. By purchasing online services from a hosting provider, organizations
often can implement services for a cost that is significantly less than hosting the services locally.
More reliable and effective services. Some services require constant monitoring and specialized skills.
By purchasing these services from an online service provider, organizations can take advantage of the
infrastructure and skills that are available at the hosting provider, but which may be prohibitively
expensive for a small organization.
Question: Has your organization moved any services to an environment that is hosted online? If so, which
services?
Discussion: Implementing Virtualization Solutions
Key Points
Contoso, Ltd is a large enterprise with multiple locations, and data centers in London, New York City, and
Sydney, Australia. Contoso, Ltd also has several smaller branch offices and many users who work outside
of the office.
Contoso, Ltd has collected the following information about the current computing environment:
Server utilization for most of the data center servers is less that 10%.
Contoso, Ltd has deployed multiple servers in many of the branch offices. These servers are difficult to
deploy and manage because the wide are network (WAN) links to some of the branch offices that
have very little available bandwidth.
Many of the users working outside of the office require a standard set of business applications. Some
of the users who run these applications are mobile users who are using company-issued laptops,
while other users work from home on their personal computers.
Contoso, Ltd has developed a large number of business applications, using different development
platforms, and many of the applications do not use current technologies or may not run on the latest
operating systems.
Question: How will virtualization help Contoso, Ltd address the issues in its current computing
environment?
Lesson 2
Overview of Virtualization Management
Implementing virtualization can add complexity to your IT infrastructure management. Virtualization

requires that you manage both the physical and virtual environments.
The design of many of the Microsoft System Center tools helps you manage the virtualized data center.
This lesson introduces some of the issues that relate to managing a virtualized environment, and
introduces the System Center products that you can use to manage and maintain the virtual
environments.
Managing a Virtual Environment
Key Points
Virtualization technologies provide a range of benefits. Yet as an organizations computing environment
becomes more virtualized, it also may become more complex. A virtualized environment that you do not
manage well can be less reliable, and more expensive, than its unvirtualized counterpart. For example, if
an organization implements a Hyper-V environment without considering high availability, a single server
failure may affect many virtual servers. If an organization implements VDI or MED-V, an outage in the
server infrastructure may prevent users from accessing the virtual desktops that they need to do their
work.
There are several issues that you should consider regarding the deployment and management of
virtualized environments.
One of the primary benefits of a virtualized environment is the option to deploy almost any virtual
component rapidly. If you require an additional server, it is easy to deploy a new virtual machine in
Hyper-V. If you must update an application or deploy a new one, App-V or Windows Server 2008 R2
RemoteApp makes it easy. However, to take advantage of the rapid deployment features, you must
have the required infrastructure in place. This may require additional planning, tools for deploying
components quickly, and monitoring to verify that the additional resources are available on the
current infrastructure.
You realize the many benefits of virtualization when you centralize the virtual components on a small
number of physical servers. This means that it is critical to ensure that the physical servers are highly
available, or that you configure the service or application deployment to be highly available. This
requires advanced monitoring and management tools.
You often perform the management of physical and virtual machines by using separate management
solutions. This may mean that administrators must learn how to use multiple tools, which may not
provide consistent information. Using a single set of administrative tools to manage both
environments simplifies the management processes.
Managing multiple desktops, applications, and servers is complex. With virtualization, the complexity
level may increase because each physical computer now has additional components that you must
manage. For example, a desktop computer running Windows 7 also may be running a Windows XP
mode virtual machine. To ensure your networks security, you must install and manage updates and
antivirus products on both the Windows 7 computer and Windows XP mode virtual machine. A
management system that can handle all assets, regardless of whether they are virtual or physical,
saves time and reduces the number of required resources.
Effective physical and virtual machine management can optimize the benefits of using virtualization
technologies. This includes monitoring and managing hardware and software in a distributed
environment. Monitoring both the software running on physical machines, and the physical machines
themselves, enables administrators to know what is happening in their environment. It also lets them
respond appropriately to running tasks and taking other actions to fix problems that occur.
Overview of Microsoft System Center
Key Points
Microsoft developed the Microsoft System Center products and solutions, which assist enterprises with the
planning, delivery, and operation lifecycle of their entire infrastructure. These solutions capture and
aggregate knowledge about an infrastructure, policies, processes, and best practices. They can help
optimize the IT structure, reduce costs, improve application availability, and enhance service delivery.
You can use many of the System Center products to manage your virtualized IT environment and your
physical components, as well.
You can use System Center to manage the virtual environment in the following ways:
A fundamental challenge in systems management is monitoring and managing the hardware and
software in a distributed environment. Operations Manager 2007 R2 enables operations staff to
monitor both the software running on physical machines and the virtual machines themselves, given
the strong similarities between physical and virtual environments. Additionally, you also can use
Operations Manager 2007 to monitor and manage virtual machines and other aspects of a virtualized
world.
Another concern for people who manage a computing environment is installing software and
managing its configuration. While it is possible to perform these tasks manually, automated solutions
provide a better approach in all but the smallest environments. To allow this, Microsoft provides
System Center Configuration Manager 2007. Similar to Operations Manager, Configuration Manager
handles virtual environments in much the same way as physical environments.
As organizations move towards virtualization for their current servers, the process of converting the
physical machines to virtual machines, and then managing the virtual machines, can be complex. To
address this situation, Microsoft provides VMM 2008 R2, which you can use to manage virtual
machines on hosts running Microsoft Virtual Server 2005, Hyper-V, or VMware. Among other things,
this tool helps you choose the virtualization workloads, creates the virtual machines that will run
those workloads, and converts physical computers to virtual machines. You also can integrate
VMM 2008 R2 with Operations Manager 2007 R2 to provide enhanced reporting and management
capabilities.
To ensure that you can recover a virtualized environment, you must ensure that you deploy a
disaster-recovery system that can back up and restore both the physical servers and virtual machines.
You can use System Center Data Protection Manager 2007 Service Pack 1 (SP1) and Data Protection
Manager 2010 to back up and restore servers running the virtual and virtualized components.
Using Virtual Machine Manager to Manage Virtual Environments
Key Points
VMM is the primary tool that you use to manage virtual machines that are running on Hyper-V. VMM
provides a management tool that lets you manage multiple physical host computers and the virtual
machines that are running on the host computers.
VMM provides the following features:
Enables management of virtual environments that are running on different host platforms. You can
use VMM 2008 to manage host computers and virtual machines that are running Windows Server
2008 or Windows Server 2008 R2 Hyper-V, Virtual Server 2005 R2, and VMware ESX Server. With
VMM, you can use a single interface to manage the host server configuration, and deploy and
manage virtual machines on the host servers.
Physical and virtual machine conversion. You can use VMM to convert a physical computer to a
virtual machine while the physical machine is online. You also can use VMM to convert Virtual Server
2005 and VMware-based virtual machines to Hyper-V.
Intelligent virtual machine placement. When you create a new virtual machine or use VMM to move a
virtual machine from one host to another, VMM 2008 analyzes the available physical hosts and
provides a recommendation as to the best location for the virtual machine. You can integrate this
process with Operations Manager 2007, which enables the intelligent placement process to factor in
past performance characteristics to ensure the best possible match between the virtual machine and
its host hardware.
Self-Service Portal. VMM provides the Service Manager Self-Service Portal that enables users to create
and manage their own virtual machines. The VMM administrators retain complete control of the
environment, because they can set permissions that restrict which users can create virtual machines,
what templates users can use to create virtual machines, and where users can create the virtual
machines.
VMM Library. VMM 2008 provides a centralized library to store various virtual machine components,
such as offline machines, templates, virtual hard disks, and other virtualization components.
Administrators can use the components in the library to deploy virtual machines rapidly using
standardized templates.
Windows PowerShell integration. VMM 2008 is built on the command line and scripting
environment that Windows PowerShell provides. VMM provides Windows PowerShell cmdlets that
allow administrators automate VMM management tasks.
Operations Manager 2007 integration. VMM 2008 includes the Performance and Resource
Optimization (PRO) feature, which enables dynamic management of virtual resources though
management packs for Operations Manager 2007. The PRO feature enables administrators to set
rules for moving or configuring virtual machines based on the host server performance.
Note: For detailed information on deploying and managing System Center Virtual Machine Manager
2008 R2, see Course 10215A, Implementing and Managing Microsoft Server Virtualization.
Protecting Virtualized Environments with Data Protection Manager
Key Points
Data Protection Manager (DPM) is a solution for disk-based and tape backups that enables you to back
up physical servers and virtual machines. After an initial full backup, the express backups that DPM
performs are significantly faster than typical full backups, because DPM backs up only disk block changes.
You can use DPM to back up both the host server and the guest virtual machines.
Host Backups
Host backups require that you install a DPM protection agent only on the host server, not in each virtual
machine. This can result in significant cost savings when compared to guest backup, which requires that
you install the DPM protection agent in each virtual machine.
You can perform a host backup of a single virtual machine. When you perform a host backup, this backs
up the entire virtual machine as a single unit. However, the backup is not application aware. Therefore,
you can recover only the entire virtual machine, not just specific data.
Virtual Machine or Guest Backups

A guest backup uses the same process as backing up a physical server. You install a DPM protection agent
on each virtual machine, and then DPM communicates with that agent to perform the backup. Because
the DPM protection agent is running in the virtual machine, it is aware of the applications running in the
server. This allows granular recovery of data within the virtual machine. For example, a backup performed
on a virtualized Exchange server could recover a single message database.
You can use guest backups to back up both virtual machines that support Volume Shadow Copy Service
(VSS) backups and virtual machines that do not. You cannot use a VSS back up to back up the virtual
machine if the guest operating system does not support VSS or if an application in the guest does not
support VSS.
When backing up a guest virtual machine that does not support VSS, DPM has to hibernate the guest, and
then perform a host-based backup of the virtual machine. DPM takes a snapshot of the virtual machine,
and then the virtual machine is restored. The outage experience with this method is very short, but
noticeable. After the guest resumes, the backup occurs from the snapshot, and DPM backs up only disk
blocks that have changes. This results in a backup process that is much faster than a typical full backup of
virtual machine files.
If the operating system and applications in the guest support VSS backups, the DPM protection agent
uses VSS writers to make data within the guest consistent. Applications running on the guest must have
an appropriate VSS writer. The hypervisor then provides the DPM protection agent with access to the
consistent version of the data for backup. There is no interruption in service at any point during the
backup process. The backup is completely transparent to users.
Monitoring Virtual Environments by Using Operations Manager 2007
Key Points
You can use Operations Manager 2007 R2 to monitor servers and their applications from a central
location. To do this, you install an agent on remote systems. The agent gathers events and performance
information about the remote systems, and then forwards it to Operations Manager 2007. The data that
the agent gathers is based on rules that Operations Manager 2007 stores and distributes to the agent
monitoring each server. Operations Manager 2007 also generates alerts based on the rules.
You create the rules in Operations Manager 2007 by importing management packs. The rules in
management packs are appropriate for most environments, and are based on best practices. However,
you can modify the rules to meet the needs of your specific environment. You also can create your own
rules.
Centralized monitoring and alerting is important for any environment, but it is particularly important for
virtualized environments where you can add many additional resources quickly and easily.
Monitoring Host Computers

You can use Operations Manager 2007 to monitor host server performance by using the same
management packs that you would use to monitor other Windows servers. Additionally, Operations
Manager 2007 provides a number of management packs to integrate with virtualization technologies,
including:
Server Virtualization Management Pack for System Center Operations Manager 2007 helps to
monitor the health and performance of VMM components, including library servers, self-service Web
servers, and the entire virtualized environment.
Application Virtualization 4.5 Management Pack monitors the health and performance of Microsoft
Application Virtualization Management Servers and Microsoft Application Virtualization Client
requests.
Windows Server Hyper-V Management Pack monitors the health and performance on Hyper-V host
computers.
Remote Desktop Services Management Pack monitors each of the Remote Desktop server roles.
Virtualization Reports
Operations Manager 2007 also provides several reports that you can use to plan and monitor the
virtualized environment, including:
The Virtualization Candidates report helps to identify physical computers that are good candidates
for virtualization. This report displays performance and hardware information for physical computers,
which you can sort and filter to select the appropriate candidates.
The Virtual Machine Allocation report enables you to calculate chargeback to cost centers, such as
departments. To use this report, you must assign a cost center to the appropriate virtual machines.
The Virtual Machine Utilization report contains information about the utilization of virtual processors,
memory, and disk space in virtual machines. You can use this report to identify virtual machines that
need additional resources or that have been allocated too many resources.
The Host Utilization report contains information about the utilization of processors, memory, and disk
space on hosts. You can use this report to identify hosts that need virtual machines removed or that
have sufficient resources free for hosting additional virtual machines.
The Host Utilization Growth report shows the percentage of change in resource usage and number of
virtual machines. You can use this for trend analysis, to predict when you will require additional hosts.
Monitoring Virtual Machines

You also can monitor the virtualization guests just as you would a physical server. This involves installing
the Operations Manager agent on each guest. After you install the agent, you can monitor both the guest
operating system and applications installed in the guest. To monitor specific applications in a guest, a
management pack for that application is imported into Operations Manager 2007.
Maintaining a Virtual Environment by Using Configuration Manager 2007
Key Points
You can use Configuration Manager 2007 R2 to manage and maintain both physical and virtual
environments, and it treats a virtual machine just like any standard physical machine. Depending upon
deployment settings, you can manage a virtual environment by:
Automatically deploying the Configuration Manager client through standard discovery and
deployment methods. You can discover both physical and virtual machines, and automatically deploy
the Configuration Manager client to both.
Maintaining inventory of all virtual clients that are deployed throughout the environment.
Deploying applications through standard software deployment mechanisms. You can deploy
applications to both virtual and physical machines.
Managing software updates for both physical and virtual machines through standard update
processes.
Deploying virtualized applications to desktop clients. You can integrate Configuration Manager with
App-V 4.5 or newer to distribute the virtual applications prepared in App-V to desktop computers.
Integrating with Virtual Machine Manager 2008 and the Offline Virtual Machine Servicing Tool to
maintain updates on virtual machines stored within a VMM library. One of the biggest challenges in a
virtual environment is managing virtual machines that are not always running on the network, or
maintaining virtual machines that are stored within virtual machine libraries. You can accomplish this
by integrating features provided by Virtual Machine Manager 2008 and the Offline Virtual Machine
Servicing Tool version 2.0.1.
Managing Desktop Virtualization
Key Points
Desktop virtualization enables you to run multiple desktop operating systems, either on a users client
computer or on a server running Hyper-V. Implementing desktop virtualization can increase the
complexity of managing your network in several ways:
Individual users may use multiple desktops, both physical and virtual. In a traditional network, you
only have to ensure that you update and configure one client computer per user to meet the
corporate standards. With desktop virtualization, each user may have several client computers that
you must maintain.
As users move from one desktop computer to another, they might have very different user
environments on each computer. For example, they might configure their desktop on their main
computer with short cuts, mapped drives, and other settings. When they launch a virtual desktop, the
customized settings may not be available, which leads to user inefficiency.
Deploying virtual desktops can be difficult. If only a few users in your organization need virtual
desktops, you might be able to manually enable and configure the virtual desktops. However if you
have a large number of users that need to use virtual desktops, it becomes very difficult to manually
configure each virtual desktop. In this scenario, you need some means to automate the deployment
of standardized virtual desktops.
Microsoft provides several tools for managing desktop virtualization:
You can use tools such as Configuration Manager to manage both physical and virtual desktops. With
Configuration Manager, you can monitor and maintain updates on all computers.
You can use the user state virtualization technologies to provide users with a consistent experience on
all desktops. You can use tools such as Group Policy and roaming user profiles to configure the user
desktop, map network drives, and redirect folders so that these settings are available across multiple
desktop computers.
You can use MED-V to configure, manage, and deploy virtual desktops based on Virtual PC 2007.
With MED-V, you can create standard virtual desktop computers and then deploy them to users.
You can use VDI to manage a centralized virtual desktop deployment. With VDI, you can configure
standard virtual desktops that will run on a Windows Server 2008 R2 Hyper-V server, and provide RDP
access to those virtual machines. You can configure virtual machines with the same configuration for
all users, or you can provide a virtual desktop that the user can customize.
Managing Application Virtualization
Key Points
You can use application virtualization to enable users to run virtual applications on their user desktops.
Implementing application virtualization increases the complexity of managing the user environment in
several ways.
Users may need to be able to run the applications in several different desktop scenarios. They may
need to run the applications from desktop computers in the office, on mobile computers that may be
connected to the corporate network, connected from the Internet, or disconnected from all networks.
Users in different locations in the organization may require access to the same applications.
Distributing applications to users in locations such as branch offices can be complicated.
Virtual applications may require security updates or users might require new versions of the virtual
applications. Applying updates to virtual applications is more difficult than updating client operating
systems or applications that are installed on the client operating systems.
You must prepare applications to run in a virtual environment before you can deploy them to users.
Some applications may require fairly complex virtual environments.
Microsoft provides several tools for managing the application virtualization environment.
You can use the App-V Management server to manage the deployment of virtual applications to
client computers. The App-V Management console provides a single location for configuring and
deploying virtual applications.
App-V provides a variety of options for deploying virtual applications to users. App-V can use
multiple protocols, and also provides options for deploying multiple servers in different locations to
deploy the same applications. You can also create virtual applications as .msi files, which you can then
deploy by using Group Policy or Configuration Manager, or install them on client computers that are
disconnected from the network.
You can update App-V applications with new versions on the App-V Management server and the
applications will automatically be distributed to clients.
You can use the App-V Sequencer to package applications to prepare them for deploying them to
client computers. The App-V sequencer provides a wizard-driven approach for creating virtual
applications, and also provides complete customization of the virtual environment that the
application will run in.
Managing Presentation Virtualization
Key Points
Presentation virtualization enables users to run applications installed on centralized servers. Implementing
presentation virtualization introduces some complexities to managing an organizations network.
Users who are not familiar with desktop virtualization may not understand how to launch remote
applications and how the remote application interacts with their usual desktop environment.
Users may need to connect to the remote applications from a variety of locations. These locations
could include computers on the internal network as well as from computers in branch offices or
computers outside the network.
In a desktop virtualization deployment, multiple applications may be installed on the same host
server. Some of these applications may not be compatible with other applications running on the
same server.
Windows Server 2008 R2 provides several features that optimize the deployment of presentation
virtualization:
Remote Desktop RemoteApp. With RemoteApp, you can publish the shortcuts for applications
running on the RD Session Host computer on the user desktop. Users can launch the application
using the normal procedures, and the applications user interface appears on the desktop as if that
application were running locally.
Remote Desktop Web Access. RD Web Access provides another means for users to launch
RemoteApps or connect to remote desktops. RD Web Access provides a Web site that lists all of the
applications and desktops that the user has permission to access.
Remote Desktop Gateway. RD Gateway provides a secure way for users outside of the organization to
connect to applications running on the RD Session Host computers. With RD Gateway, all RDP
connections are tunneled through HTTPS.
RemoteApp and Desktop Connections. This client application allows users running Windows 7 to
easily connect to RemoteApp programs and Remote Desktops. When you configure RemoteApp and
Desktop Connections, all of the applications and remote desktops that the user can access are listed
on the users Start menu. This list is dynamically updated as new applications or remote desktops
become available.
You can combine application virtualization with presentation virtualization by deploying virtual
applications on a Remote Desktop Session Host server. This enables organizations to run applications
that are not compatible with other applications on the same server, and make both applications
available to users through RDS.
Lesson 3
Planning an Application and Desktop Virtualization
Deployment
Application and desktop virtualization provide organizations with options for managing application
compatibility issues, and you can use them to address some of the issues with deploying new desktop
operating systems. These tools also provide options for deploying applications to users outside an
organization or who run thin or mobile clients.
This lesson describes some of the scenarios for deploying application and desktop virtualization, and
provides guidance for planning these virtualization solutions.
Scenarios for Desktop and Application Virtualization
Key Points
Desktop and application virtualization are designed to address issues with which many large organization
need to deal. These issues relate to the applications that users need to be able to run, and to the locations
or physical systems that users are using to run the applications.
Application Compatibility Issues

In many organizations, a primary reason for deploying desktop and application virtualization is to address
application compatibility issues. The issues can take one of two forms:
An application may not be compatible with the desktop operating system. Many organizations have
applications that were developed many years ago using technologies very different from what current
desktop operating systems expect. These applications may not run on the new desktops, or they may
require extensive changes to the operating system or application in order to run.
Two applications may not both be able to run on the same desktop computer. In some cases,
applications may use incompatible technologies or may require different versions of the same
application file. Some users may be required to run both applications.
Mobile Users
Many organizations have a mobile workforce that may work both inside and outside the office. In most
cases, these users carry laptop computers, but the users may need to be able to do their work regardless
of whether they are connected to the internal network, connected to the Internet, or completely
disconnected from any network.
Standard Users
In many organizations, large groups of users require the same user desktop with access to the same set of
applications. In some cases, users may require access to just one or two applications. In other cases, they
may require access to a complete set of business applications. Traditionally, the organization assigns these
users to a standard business desktop computer.
If the standard user environment is quite static, and the organization assigns all users to an individual
desktop computer, there may not be any reason to implement virtualization for these users. If the users
need to run incompatible applications, the users may require solutions for addressing application
compatibility. In some cases, you may be able to deploy thin clients to all standard users, and then use
VDI to provide the users with the required work environment.
External Users
Some organizations have users who work from outside the corporate network and who do not use
computers that the internal IT department manages. These users may be contract workers, consultants, or
people who work from home. Frequently, these users require access to a very specific set of applications
or servers, and do not require a full desktop or set of applications.
Question: What types of workers do you have in your organization? What options will you explore to
virtualize their environment?
Choosing a Desktop and Application Virtualization Solution
Key Points
Microsoft provides several different options for implementing desktop and application virtualization. You
can use some of the solutions to address more than one business scenario.
Desktop Virtualization
You can use desktop virtualization to address the following scenarios:
Application and operating system compatibility issues. If applications require an older operating
system, consider deploying Windows Virtual PC or Windows XP Mode. These options mean that users
can run the older operating system in a virtual machine that is running on the user desktop.
External users. If external users need access to a full desktop computer rather than just an application,
consider enabling this by using VDI. With VDI, you can provide users with a preconfigured desktop
that includes all of the applications required for their tasks.
Mobile users. If a large number of mobile users require virtual desktops, consider managing the
virtual desktop deployment by using MED-V. By doing this, you can manage and distribute the
appropriate virtual machines to all users while the users are connected to the network. Users can then
take these virtual desktops with them when they leave the office.
Application Virtualization
You can use application virtualization to address the following scenarios:
Compatibility issues with running multiple applications on a single host. If two applications cannot
both run on the same operating system, consider using App-V to create an isolated environment in
which one or both of the applications can run.
Application compatibility issues in presentation virtualization scenarios. You can deploy the App-V
client on Remote Desktop Session Host servers, which enables potentially incompatible applications
to run on the same remote server.
Presentation Virtualization
You can use presentation virtualization to address the following scenarios:
Mobile or external users. Implement Remote Desktop Gateway and provide access to only the specific
applications or computers that are required. With Remote Desktop Gateway, you can restrict what
users can connect to and what they can access. For additional security, you can integrate RD Gateway
with Network Access Protection to ensure that clients are compliant with your corporate security
requirements.
Application compatibility issues. For scenarios where applications require separate environments,
consider deploying one of the applications in an RDS deployment. By using features such as
RemoteApp, you can make the user experience with both applications virtually identical.
User State Virtualization

You can integrate user state virtualization with most other virtualization technologies. For example, you
can use user state virtualization to ensure that users have a consistent work environment when they use
their standard desktop, a virtual desktop, or a virtual application.
What Are Virtualization Solution Accelerators?
Key Points
To assist organizations in developing and delivering a virtualization strategy, Microsoft has developed free
solution accelerators. These automated tools help accelerate assessment, planning, and deployment of
Microsoft technologies, such as Windows Server 2008 or virtualization.
Some of the Microsoft Virtualization Solution Accelerators include:
Microsoft Assessment and Planning Toolkit (MAP). You can use MAP to conduct network-wide
deployment-readiness assessments that focus on whether you can migrate Microsoft technologies
from servers to desktops and applications. Using MAP, you now can determine which servers you can
upgrade to Windows Server 2008 R2, which servers you can migrate to virtual machines on Windows
Server 2008 R2 Hyper-V, which applications you may want to virtualize by using App-V, and which
client computers you can upgrade to Windows 7.
Infrastructure Planning and Design Guides. The Infrastructure Planning and Design (IPD) Guides are
free guides that describe the architectural considerations, and also streamline the design processes,
for planning of Microsoft infrastructure technologies. Each guide addresses a unique infrastructure
technology or scenario including server virtualization, application virtualization, terminal services
implementation, and more. Microsoft has released the following IPD guides that relate to
virtualization:
Selecting the Right Virtualization Technology
Windows Server Virtualization
Windows Server 2008 R2 Remote Desktop Services.
Microsoft Application Virtualization 4.6
Windows Optimized Desktop Scenarios
Microsoft Enterprise Desktop Virtualization
Hyper-V Security Guide. Implementing virtualization can increase the number of security issues that
you must consider because you need to secure both the host computer and the virtual machines. The
Hyper-V Security Guide provides guidance and recommendations to address key security concerns
about server virtualization.
Security Compliance Management Toolkit Series. This includes several different security toolkits that
you can use to help your organization plan, deploy, and monitor security baselines for Windows
operating systems, including Windows 7, Windows Vista, and Windows Server 2008, and for
applications such as the Microsoft Office 2007 system and Internet Explorer 8.
Microsoft Deployment Toolkit. This provides guidance and tools to accelerate the deployment of
client and server operating systems. The Microsoft Deployment Toolkit supports the deployment of
Windows Server 2003, Windows Server 2008, the virtualization role on Windows Server 2008, and
other applications. Most organizations use the Microsoft Deployment Toolkit primarily to deploy
client desktops.
A typical IT project lifecycle includes three core phases: planning, delivery, and operation. Solution
accelerators provide guidance and tools for each of these three key elements of the Microsoft Operations
Framework (MOF).
What Is the Windows Optimized Desktop Scenarios IPD?
Key Points
The Windows Optimized Desktop Scenarios IPD provides detailed guidance for mapping user and
business requirements that relate to end users to the Microsoft desktop and application virtualization
solutions. The guide includes two components:
Windows Optimized Desktop Scenario Assessment. This document provides detailed information on
how to use the desktop scenarios and selection tool to identify virtualized solutions for your work
place.
Windows Optimized Desktop Scenario Selection Tool. The Microsoft Excel spreadsheet enables you
to select the user and business requirements that apply to your user populations, and then it
identifies which desktop scenarios and virtualization solutions apply to your user population.
Using the Windows Optimized Desktop Scenarios IPD

When using this guide, you will complete the following steps:
1. Understand the Windows Optimized Desktop scenarios. The guide groups users into one of the
following scenarios:
Office Worker.
Mobile Worker.
Task Worker.
Contract Worker.
Access from Home.
2. Identify the target user populations for which you want to optimize desktops. In most organizations,
you will not be able to implement virtualization for all users at once, so it is important that you
identify the specific group of users that are included in the current project.
3. Match user groups with scenarios. You can use the Windows Optimized Desktop Scenario Selection
Tool to map the user population to the desktop scenarios. This tool asks a series of questions related
to user and business requirements, and then indicates the desktop scenario that applies to the user.
4. Preview the scenario solutions. For each desktop scenario, the guide provides a mapping of potential
virtualization products and technologies that can be used to address the requirements.
5. Evaluate relevant Windows Optimized Desktop scenarios. As a final step, you will evaluate the
potential solutions to determine which solutions best suit* your organizations requirements or
capacity. The tool provides multiple solutions for each scenario, so you will need to identify which of
the solutions you will implement.
Demonstration: Identifying Desktop Virtualization Scenarios
Key Points
In this demonstration, you will see how to use the Windows Optimized Desktop Scenario Select Tool v1.1
to identify desktop virtualization scenarios and solutions.
Demonstration steps:
1. On the NYC-CL3 computer, start the Windows Optimized Desktop Scenario SelectionTool
v1.1.xls from Documents folder.
2. Review the options available on the Instructions and Scenario Selection tabs.
Question: What do you think of the Windows Optimized Desktop Scenarios Selection Tool? Are there
selection criteria missing? How will you use the results that this tool produces?
Virtualization and Licensing
Key Points
Microsoft provides many different licensing options depending on the customers requirements. At the
highest level, Microsoft provides the following licensing options:
OEM: You can purchase this type of license only when you purchase a new computer.
Retail: You can purchase this type of license separately from a new computer purchase, and you can
use it to upgrade current software or install new software. With this option, each copy of the software
requires a separate license.
Volume license: This type of license provides the most flexibility as it is the only type of license that
you can use to deploy multiple copies of software with a single license.
Volume License Options

Most organizations will purchase volume licenses to ensure that a single license can be used to deploy
Microsoft software to multiple computers. As organizations consider buying volume licenses, they have
the following three options:
Open License (for organizations with 250 or less desktops) or Select Agreement (for organizations
with 250 or more desktops). With this option, organizations can choose the desktop operating
systems and the specific applications that will deploy with each desktop. Software Assurance is an
option with this type of licensing.
Open Value or Enterprise Agreement. With this option, organizations identify a standard desktop with
applications and client access licenses, and then licenses all of its desktops based on this standard
desktop. The organizations pay for the cost of purchasing the software, and this option includes
Software Assurance.
Open Value Subscription or Enterprise Value Subscription. With this option, organizations identify a
standard desktop with application, and then licenses all desktops based on this standard desktop. The
organizations pay an annual fee for renting the software, and this option includes Software Assurance.
Note: With the volume license options, organizations also have the option of including client access
licenses (CALs). The CAL options include a core CAL, which enables access to Windows Servers,
Exchange Servers, Microsoft Office SharePoint, and a System Center Configuration Manager client.
Additional CAL options include Office Communication Server CALs, Operations Manager licenses, and
an Enterprise CAL option, which includes enterprise access to Exchange Server, SharePoint Server, and
Office Communications Server.
Microsoft Licensing and Virtualization

Implementing desktop virtualization can increase the complexity of determining what licenses you
require. In general, the following principles apply:
Microsoft licensing is consistent regardless of whether applications or desktops run in a virtual or
physical environment. For example, to run Microsoft Office in a virtual machine requires the same
license as running the applications on a physical computer. Accessing a SharePoint server from a
virtual machine requires the same CAL as accessing SharePoint from a physical computer.
In a desktop virtualization deployment, Microsoft provides a subscription license called Windows
Vista Enterprise Centralized Desktops (VECD) which allows customers to use Windows in virtual
machines centralized on server hardware. With the Windows Vista Enterprise and Windows 7
Enterprise editions, users can run four or less additional desktop operating systems in virtual
machines. To run virtual desktops in a VDI deployment, you will need RDS CALs and licenses for all
desktop operating systems that are running simultaneously.
In an application virtualization deployment, you can run virtual applications using the same license
that you use for running local applications. If you license a desktop to run Microsoft Office, you can
run the Office applications locally or in a virtual environment.
You can issue RDS CALs per device or user. You can reuse per-device licenses but these license types
do limit the number of devices that can connect at one time. Per user licenses enable users to connect
using multiple devices.
Some virtualization licenses are available only to customers with Software Assurance. For example,
MED-V is available only with MDOP, which is available only to customers with Software Assurance.
Planning a Virtualization Deployment
Key Points
You can use desktop and application virtualization to address significant business requirements within
organizations. However, within large organizations that have diverse user groups, implementing
virtualization can be complicated and likely will not address all business requirements at once. Consider
the following recommendations when planning a desktop and virtualization deployment:
Start small. It is highly unlikely, and we do not recommend, that you should virtualize your entire
environment immediately. To gain a better understanding of the process for implementing
virtualization, and to gain experience in managing a virtual environment, start with a small pilot
project. Ensure that you plan this project well and test it thoroughly to ensure that the initial user
experience with virtualization is as positive as possible.
Address a critical business need. To enhance the visibility and viability of virtualization in your
organization, ensure that your initial projects address a critical business need. For example, one of the
easiest virtualization solutions to deploy is RD Gateway. For organizations with a large number of
users who work outside of the corporate network but who require access to internal applications and
data, RD Gateway often can address one of the most critical business needs.
Implement virtualization incrementally. For many of the virtualization solutions, you can implement
the solutions incrementally. For example, if you are considering an App-V deployment for a small
group of users, you can begin by manually distributing the App-V clients and applications. Over time,
you can incorporate automatic streaming of the client and applications. If deploying desktop virtual
machines running in Windows Virtual PC, you can begin by deploying the virtual machines manually,
and then later adding MED-V to manage the virtual machine images. By deploying virtualization
incrementally, you can gain the benefits of the solutions without investing in the entire infrastructure
that may be required to automate the solution fully.
Consider the target user group. When considering a virtualization solution, ensure that you keep the
target user group in mind. For example, if you need to deploy a virtualization solution for only a small
group of users, you likely will use a different virtualization solution than if you need to deploy the
same virtualization solution for a large group of users. You also should consider the users locations. If
all the users are in the office, and you assign them to the same desktop computer, you can use a
different virtualization solution than if the target audience consists of mobile or external users.
Consider addressing application compatibility options outside of virtualization. The desktop and
application virtualization solutions provide great tools for dealing with application compatibility
issues, but in some cases, it may be better to rewrite the application. For example, if all users in your
organization need to run an application that can run only in old Windows versions, rewriting the
application may enable you to improve the application without deploying and maintaining an entire
virtualization environment for that one application.
Question: What additional considerations will you need to include when planning virtualization projects
in your organization?
Lab: Planning Desktop Virtualization Scenarios
Lab Scenario
Contoso, Ltd., is a large corporation with offices in New York, London, and Tokyo, and branch offices in
several other cities. Contoso is planning to implement application and desktop virtualization to address
several critical business requirements. As a member of project team, you are responsible for analyzing the
user and business requirements and identifying the best virtualization solutions for your organization.
Lab Setup
For this lab, you will plan the virtual environment assigned to you. Before you begin the lab, you must:
1. Start the 10324A-NYC-DC1 virtual machine. This virtual machine should remain running for the rest
of the course.
2. Start the 10324A-NYC-CL3 virtual machine.
3. Connect to 10324A-NYC-CL3, and log on as Contoso\Administrator with the password Pa$$w0rd.
Exercise 1: Identifying Virtualization Solutions

Scenario
In preparation for starting the virtualization project, Contoso, Ltd has several analysts that are collecting
information on the organizations user population. The analysts have collected the following information:
Contoso, Ltd has 7,800 employees, with another 800 short-term and long-term contractors.
About 75 percent of employees are in the main offices in New York, London, and Tokyo. Another 15
percent are in smaller branch offices, while the last 10 percent are mobile users. The mobile users
travel between the main offices, branch offices, and to client sites.
Approximately 500 users at each main office work as sales support personnel. These users require
access to e-mail, Intranet Web sites, and a business application that requires that you install a client
on each computer. These users share 250 desktop computers, which have limited hardware resources.
Because of budget constraints, Contoso, Ltd cannot upgrade the hardware that these users are using.
The mobile users require access to most of their applications while disconnected from the network, as
well as when they are connected from outside the network. The laptops that the organization
provides to mobile users run Windows XP Professional Edition. The corporate security policy states
that users must encrypt all data that is stored on their mobile computers.
Contoso, Ltd has started migrating the user desktops for all users in the main offices and branch
offices from Windows XP to Windows 7. At the same time, they are replacing the laptops that mobile
workers use with laptops that run Windows 7. This project should be complete within six months.
One application used by a small number of users in the main offices and by all mobile users is
incompatible with Windows 7. Contoso, Ltd has started a project to update the application so that it
will be compatible with Windows 7, but this project will take more than a year. During this time, the
users need to be able to run the current application. During the transition, users also may need to run
both the old and new versions of the application.
The contractors perform a variety of tasks for Contoso, Ltd. Most contractors work as sales support
staff in the countries where Contoso, Ltd does not have an office. Some contractors work for software
vendors and require access to servers on the Contoso, Ltd corporate network to support their
software. Contractors cannot store corporate data on their computers. The contractors are currently
connecting to the internal network by using a VPN. However, a new corporate security policy dictates
that only laptop computers that are members of the internal AD DS domain can connect to the
corporate network through the VPN. Contoso, Ltd will enforce this policy within three months.
Contoso, Ltd is not planning to issue laptops to the contractors.
The main tasks for this exercise are:
1. Identify the user groups at Contoso, Ltd.
2. Identify the virtualization solutions.
3. Develop a prioritized list of projects to implement virtualization.
Task 1: Identify the user groups at Contoso, Ltd.

1. Review the scenario information.
2. List all unique user groups at Contoso. For each group, identify the user or business requirements that
make the groups unique.
Task 2: Identify the virtualization solutions

1. On NYC-CL3, open the Windows Optimized Desktop Scenario Selection Tool from the Documents
folder.
2. Choose two of the user groups that you identified in the first task, and then enter the information
into the tool.
User group Selections
3. For the two user groups, identify the products and technologies that the selection tool suggests.
User group Products and technologies
Task 3: Develop a prioritized list of projects to implement virtualization

1. Based on the proposed virtualization solutions and the scenario, develop a list of projects that will
meet all of the user and business requirements.
2. Assign a priority to each project, assuming that you will implement the projects in the order that you
set.
3. Be prepared to discuss your answers.
Results: After this exercise, you will have identified the user groups that may require virtualization at
Contoso, identified virtualization solutions that could be implemented to address the organizations
business requirements, and developed a prioritized list of projects to implement application and
desktop virtualization.
To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.

2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
Module Review and Takeaways
Review Questions
1. Your organization has been monitoring the servers in your data center and has identified several
servers that are running at less than 5 percent utilization. How can you ensure that you utilize the
hardware in your data center appropriately?
2. You are considering deploying an application virtualization solution, but you are concerned about the
amount of effort that it will require to deploy virtual applications to a large number of users. What
tool can you use to simplify this process?
3. The users in your organization are using a variety of user desktops, including both physical and virtual
computers. The users would like to have the same desktop configuration and be able to access the
same mapped drives and data from each desktop. How can you enable this?
Real-World Issues and Scenarios

1. Your organization is testing a custom application. The testers report that when they install the
application on computers running an older version of the same application, they get errors. How
could you address this issue?
2. Your organization has several hundred part-time employees who work outside of the office. The
employees all need to run an application that has to access a database server located in the main
offices data center. How can you make this application available to users?
3. Your organization is planning to upgrade all client workstations to Windows 7 Enterprise Edition. Five
users need to run an application that only runs on Windows XP. How should you address this issue?
Best Practices Related to Planning a Virtualization Deployment

Supplement or modify the following best practices for your own work situations:
When planning or implementing virtualization, it is important to start slowly. You can increase the
level of virtualization as you gain experience with the technology. By starting small, you have a better
chance of ensuring that the first experience with virtualization is positive.
Server virtualization has the potential to significantly decrease the costs of running your
organizations IT infrastructure significantly. As you implement Hyper-V, calculate the cost savings,
and then use that information to convince management to pay for more virtualization.
The cost benefits of implementing desktop and application virtualization may be more difficult to
quantify. If you are implementing a solution to address application compatibility issues, you can
compare the cost of implementing App-V to the cost of rewriting the application. If you are
considering implementing a solution such a Med-V or VDI, you will need to invest quite a bit of
money to develop the infrastructure before you see any benefit.
Consider virtualization as one option when addressing user, security, or business requirements. You
can use virtualization to address many requirements, but you may be able to address the same
requirements without virtualization.
Implementing Windows Virtual PC and Windows XP Mode 2-1
Module 2
Implementing Windows Virtual PC and Windows XP Mode
Contents:
Lesson 1: Installing Windows Virtual PC 2-3
Lesson 2: Configuring Windows Virtual PC 2-20
Lesson 3: Installing, Configuring, and Managing the
Lesson 4: Creating and Deploying Custom Images of
Lab: Implementing Windows Virtual PC and Windows XP Mode 2-53
Module Overview
Windows 7 has introduced a new version of Microsoft Virtual PC software that supports the creation
of virtual machines with various operating systems within same virtual environment. Additionally,
Windows 7 includes Windows XP Mode, a precreated virtual machine that is running Windows XP
Professional Service Pack 3 (SP3), and which supports older applications and enables more convenient
migration to Windows 7. In this module, you will learn how to configure and use Windows Virtual PC
virtual machines and how to use Windows XP Mode.
Lesson 1
Installing Windows Virtual PC
Virtual PC software was introduced several years ago as a virtualization platform on workstations and
desktop computers. It enables users to use the same physical host machine to install and run several
virtual machines simultaneously that have the same, or different, operating systems. To provide the same
capability in Windows 7, Microsoft released a new version of Virtual PC, known as Windows Virtual PC.
In this lesson, you will learn about Windows Virtual PC, and its features and requirements.
What Is Windows Virtual PC?
Key Points
Windows Virtual PC is the latest Microsoft client virtualization technology designed for Windows 7,
and it enables you to run virtual machines on Windows 7 operating systems. This allows for testing,
development, and support of applications made for older operating systems.
Windows Virtual PC is a successor of Virtual PC, which Connectix developed originally for the
Macintosh and released in June 1997. Connectix then released the first version of Virtual PC for
Windows-based systems, version 4.0, in June 2001. In 2003, Microsoft acquired Connectix, and
continued to develop this product. Virtual PC 2004 was first version of this software that Microsoft
developed, and in 2006, Microsoft released it as a free virtualization product for client platforms.
Microsoft then built and released the next version, Virtual PC 2007, to support the Windows Vista
operating system. After the release of Windows 7, Microsoft developed Windows Virtual PC to
provide virtualization on this new platform.
Unlike other virtualization platforms such as Virtual Server or Hyper-V, Windows Virtual PC is not for
usage in server virtualization scenarios. Although you can install some server operating systems in the
Virtual PC environment, we do not support that scenario in a production environment. The primary
purpose of Windows Virtual PC is to provide a platform for learning, testing, development, and
support of older applications. Additionally, Virtual PC and Virtual Server, are not based on Hypervisor
technology, like Hyper-V. This means that communication with physical hardware is through
emulating hardware devices inside the virtual machine. That approach provides somewhat lower
performance than hardware-based virtualization, such as Hyper-V.
Note: In Windows Virtual PC terminology, we will be referring to the terms host and guest to
differentiate between operating systems that are running directly on the physical hardware (hosts)
from operating systems that are running inside virtual machines (guests). Basically, the physical
machine, or host, has hardware and software capabilities that are sufficient to support the running of
one or more virtual machines (guests). In Hyper-V terminology, hosts and guest are typically called
parent and child partitions.
Question: Do you use any virtualization software for testing, learning, or development?
Question: Have you ever used any version of Virtual PC?
Question: If so, what operating systems did you run inside the Virtual PC environment?
Question: Do you use any other virtualization products, such as Hyper-V or other non-Microsoft
solutions?
Features of Windows Virtual PC
Key Points
Windows Virtual PC provides several new features, such as providing seamless integration of the
virtualized and physical environments, and the ability to leverage the capabilities of the new hardware
(mostly processors).
The following sections describe the most important new features of Windows Virtual PC.
USB support
Windows Virtual PC now supports many USB devices, such as printers, scanners, flash memory sticks and
external hard disks, digital cameras, and smart card readers. After a user connects a USB device to a
physical computer, he can choose if that device will be available exclusively to one virtual machine or if it
is shared with other virtual machines. This enables much easier sharing of resources, and greater flexibility
and functionality for applications that are running in virtual machines. Later topics will provide more detail
on USB support in Windows Virtual PC.
Device redirection, and drive and folder sharing
Windows Virtual PC supports the redirection of some hardware devices and their functionalities to virtual
machines. For example, you can redirect printers and smart cards to virtual machines.
Beside this, Windows Virtual PC can share hard drives with the physical computer. From the virtual
machine, you can access all hard drives that connect to the physical computer. Users also can access their
Windows 7 known folders, such as Documents, Pictures, Desktop, Music, and Videos, from within a
virtualization Windows environment like Windows XP Mode.
Windows XP Mode
Windows XP Mode is a new benefit of Windows 7 Professional, Ultimate, and Enterprise, and provides
additional application compatibility. It allows you to install and run many of your productivity applications
for Windows XP directly from your Windows 7-based PC. It utilizes Windows Virtual PC and Remote
Desktop Services (RDS) to provide a virtual Windows XP environment for Windows 7. Later lessons will
provide more detail on Windows XP.
Clipboard sharing
With Windows Virtual PC you can share the Clipboard between the physical machine and the virtual host.
For example, you can cut and paste between your Windows 7 host and any virtual machine.
Multithread support
In Windows Virtual PC, users can run multiple virtual machines concurrently, each running in its own
thread. This improves stability and performance.
Note: Windows Virtual PC does not include drag-and-drop functionality between the host and the
guest operating system.
Question: For you, what is the most important feature of Windows Virtual PC?
Software Requirements for Windows Virtual PC
Key Points
To install and use Windows Virtual PC software, you must fulfill several requirements.
From the software perspective, the most important requirement is to run the Windows 7 operating
system. You can install Windows Virtual PC on the following host operating systems:
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Enterprise
Windows 7 Professional
Windows 7 Ultimate
As guest operating systems, we support the following operating systems:
Windows XP Service Pack 3 (SP3) Professional
Windows Vista Enterprise Service Pack 1 (SP1) and newer versions
Windows Vista Ultimate Service Pack 1 (SP1) and newer versions
Windows Vista Business Service Pack 1 (SP1) and newer versions
Windows 7 Professional
Windows 7 Ultimate
Note: Although you can install Windows Virtual PC software on both the 32-bit and 64-bit versions of
Windows 7, inside the virtual machine, you can run only the 32-bit version of any supported operating
system.
We support virtual applications only on Windows Vista Enterprise or Ultimate, Windows 7 Enterprise or
Ultimate, and Windows XP Professional SP3. Virtual applications are applications that you install inside
virtual machines but which you run on the desktop of the physical host computer. From the end users
perspective, a virtual application launches the same way as a local application. The end user clicks the
applications shortcut in the Start menu or on the desktop. Virtual applications are a key feature of
Windows Virtual PC. They enable you to run applications transparently in a guest operating system
when they are not fully compatible with the host operating system.
You also can run other guest operating systems. However, we do not support this, and in this scenario,
you may experience impaired functionality of the virtual machines.
Question: Which version of Windows 7 is not supported as a host operating system?

Hardware Requirements for Windows Virtual PC
Key Points
Windows Virtual PC requires that you have hardware that can support virtualization. The following
sections detail the requirements that you must meet to be able to install and run this software.
CPU with hardware assisted virtualization support
Your computer must have a CPU with hardware-assisted virtualization capability. This feature typically is
available in the computers basic input/output system (BIOS). Although manufacturers have been shipping
hardware virtualization in PCs for three years, hardware virtualization is not available in all PCs. Therefore,
even if your PC is new, it may not have hardware virtualization. Additionally, some manufacturers of new
PCs turn off hardware, so you will have to turn it on before you can use it. For instructions on how to
enable this feature, consult your computers documentation.
Note: AMD-V and Intel VT are names of CPU-specific hardware-virtualization features that you must
enable to use Windows Virtual PC. Since most computers come with a CPU from one of these two
manufacturers, you should look into your computers BIOS for these options. In some BIOS versions,
this feature is called Virtualization Technology or Virtualization support, but does not state the official
manufacturer name.
If you want to check whether your computer supports hardware-assisted virtualization, you should
download and run the Hardware Assisted Virtualization Detection Tool. Download this tool for free
from http://go.microsoft.com/fwlink
/?LinkId=163321.
Microsoft has released an update for Windows Virtual PC that is specific to Windows XP virtual
machines, such as Windows XP mode. This update removes the requirement to have hardware-assisted
virtualization support on a CPU. This means that if you are going to run only Windows XP virtual
machines in Windows Virtual PC, your computer does not need to have hardware-assisted
virtualization at the CPU level. You should install this update after you install Windows Virtual PC, and
you can find it at http://support.microsoft.com/kb/977206. Be aware that if you are running other
operating systems inside your virtual machine, they will require hardware virtualization support.
Memory
We recommend that you have at least 2 gigabytes (GB) of random access memory (RAM) in a host
machine if you want to run one or more virtual machines within Windows Virtual PC. When allocating
memory for virtual machines, you should leave at least 512 megabytes (MB) for the host machine. The
amount of memory that each virtual machine requires depends on the operating system that you install
on it.
Note: If you are using a 32-bit host operating system, you will not be able to allocate more than 4 GB
of RAM on the physical host. If you want to run several virtual machines simultaneously, we
recommend that you use 64-bit version of Windows 7 as a host operating system because it can
allocate more than 4 GBs of RAM.
Hard drive
We recommend that you have at least 15 GB of free space for each virtual machine that you plan to host.
Virtual machines can require significant storage, depending on the number of applications that you install
inside them. They sometimes require more storage than the host operating system. Also, we recommend
that you store virtual machines on separate volume. For best performance, you should use another hard
drive that you install in the host machine
Other hardware
If you want to run Windows Virtual PC, the host computer does not require any other hardware
components, such as graphic card, sound card, CD or DVD drive, network cards, USB, or parallel and serial
ports. However, if you have this hardware in place, you will experience better functionality when using the
virtual machines.
Question: What is the benefit of running the 64-bit version of Windows 7 as the host operating system?
Architecture of Windows Virtual PC
Key Points
Windows Virtual PC architecture differs from other Microsoft virtualization platforms because it combines
technologies that are available in the Virtual Server and Hyper-V architectures to provide the best
experience and usability for end user.
Windows Virtual PC is not built on hypervisor technology like the Hyper-V server, but instead uses the
Virtual Machine Extensions (VMX) kernel to provide support similar to that which the hypervisor provides.
VMX Kernel is built upon the VMX of Intel Virtualization Technology (Intel VT) technology. It includes the
Virtual Machine Monitor (VMM) runtime layer, which provides support for virtual machine execution,
memory management, intercept and exception handling, and routing of interrupts that virtual machines
raise.
In Virtual PC, Virtual Server, and Windows Virtual PC, device support was primarily done through
hardware emulation. In Windows Virtual PC, the disk, network, and display subsystems present themselves
as physical devices that the guest operating system detects at startup, and are indistinguishable (to the
guest) from real hardware. However, guest operating systems cannot access physical hardware directly,
but rather, only by using device emulators to go through the host operating system.
The guest operating system loads the drivers for these corresponding devices, and they execute
input/output (I/O) commands as they would in a real environment. These I/O commands are intercepted
by the VMM runtime, which is the VMX/ SVM kernel that triggers callbacks of device emulators running
within the user mode process VPC.exe. Windows Virtual PC uses VPCBus-based devices coexisting with the
current device framework.
Windows Virtual PC, unlike products such as Virtual Server and Hyper-V Server, has additional
optimization for end users, but not necessarily for experienced IT professionals. It provides some features
that are not available on server virtualization products to enable integration between the host and the
guest operating system, and to provide greater flexibility and ease of use. Although Windows Virtual PC is
built on the Virtual Server engine, it provides much more integration between host and guest operating
systems than Virtual Server. In Virtual Server and Hyper-V server, this type of integration can be a security
issue, while Windows Virtual PC provides integration as an additional convenience for the end user.
You connect to a virtual machine by using RDS technology. When users initiate a connection to a virtual
machine, they initiate a console Remote Desktop Protocol (RDP) session using port 3389. Using the same
technology, Windows Virtual PC can use device sharing and device redirection between the host and the
guest operating system.
Question: What are the most important differences between Windows Virtual PC and Hyper-V?
Windows Virtual PC Modes
Key Points
Unlike virtual machines that are running inside the Hyper-V environment or inside Virtual Server, and
therefore are mostly independent from the host operating system, you can integrate virtual machines in
Windows Virtual PC with the host operating system with less or more integration details.
Integration between the guest and host operating systems in Windows Virtual PC depends mostly on the
integration components, which are software components installed inside the virtual machine that provide
communication and integration between the host and guest operating systems. In previous Virtual PC
versions, it was known as Virtual Machine Additions.
In Windows Virtual PC, you can achieve this integration at four levels:
No integration
If you do not install integration components in a virtual machine, or the guest operating system does not
support them, there is essentially no integration between the host and the guest operating system. The
only interaction in this scenario is by using an emulated console so that you can interact with the virtual
machine when the boot process begins. However, there is no device redirection, folder integration, or
mouse sharing between the host and the guest operating system.
Basic Integration Mode
The Basic Mode provides basic integration features between the virtual machine and the host, including
mouse and keyboard integration, USB support, time sync, and heartbeat parity. Integration features such
as clipboard sharing, drive sharing, and printer redirection are not available in this mode, which is useful
for power users in software development and test scenarios, where it is important to display the system-
level settings and BIOS messages explicitly as the virtual machine boots up.
Enhanced Integration Mode

The majority of users will prefer this mode, because it is easy to use, and it provides the complete set of
integration features described above. For example, this mode provides the saved credentials feature so
that users do not have to login each time they launch the virtual machine. You implement Enhanced
Mode by using a connection channel based on the Microsoft RDP protocol.
Virtual Application Mode: Seamless Integration
Virtual Applications Mode is a seamless solution to application compatibility. You likely will find that this is
the most preferable way to launch and run your virtual applications, because they will integrate seamlessly
with the Windows 7 desktop and Start menu. When you install an application in the virtual machine, this
mode publishes a shortcut automatically to the Start menu of Windows 7.
Question: In which scenarios will you use the No Integration mode?

Features of Virtual Machine Integration
Key Points
Integration features improve the experience of using a virtual machine by providing features that improve
interactions between the virtual machine and the physical computer, as well as between the operating
systems of both.
Integration features are available for all supported guest operating systems.
The Integration Components package, which Windows Virtual PC includes, contains the integration
features. For all other supported guest operating systems, you must install the Integration Components
package in the guest operating system to make the integration features available. Please be aware that an
updated version of the package may be released for a specific guest operating system. In that case,
upgrade the Integration Components package in the guest operating system.
After the integration features are available, you can turn most of them on or off by modifying the virtual
machines Integration Features settings. The two exceptions are mouse integration and time
synchronization, which are turned on when the package is installed. Mouse integration makes it possible
for you to move the mouse seamlessly between the desktops of the host operating system and the guest
operating system. Time synchronization keeps the time in the guest operating system synchronized with
the host operating system.
The integration features that you can turn on or off include:

Audio. This setting controls whether audio input and output for the virtual machine is redirected to
audio devices in the host, or is managed by an emulated audio device. To improve audio
performance, clear the check box for a virtual machine that is running Windows XP, and select the
check box for a virtual machine that is running Windows Vista or Windows 7.
Clipboard. You can copy and paste data between the host and guest operating systems. For example,
you can copy a URL from the browser in a guest operating system, and paste it to a browser in the
host operating system.
Printer. You can use the printer that is available on the physical computer inside the virtual machine.
This allows you to print directly from a virtual application that you are using in the virtual machine
Smart cards. Virtual machine can access smart card readers that you install on the physical computer.
This means that you can use these cards (and certificates) for authentication, authorization, and
encryption inside the virtual machine.
Hard drives. This feature shares the drives that you select on the host with the virtual machine, so that
you can access host data easily from the virtual machine. This feature also makes it possible to access
the host desktop and Documents folder from virtual applications when you select those resources to
share.
Features of Virtual PC 2007 SP1
Key Points
Along with Windows Virtual PC, which is designed for Windows 7, Virtual PC 2007 SP1 is desktop
virtualization software for earlier versions of Windows, such as Windows Vista. You also can run Virtual PC
2007 SP1 on Windows 7, but not in parallel with Windows Virtual PC.
Unlike Windows Virtual PC, Virtual PC 2007 SP1 does not require that hardware virtualization support is
present in the host computers hardware, although it can utilize it. Therefore, you can install Virtual PC
2007 SP1 on older hardware to provide virtualization platform, even if there is no hardware virtualization
support available.
Virtual PC 2007 SP1 does not provide some of the features that Windows Virtual PC provides. One of
these features is USB support, which means that you cannot provide access to USB devices to virtual
machines that you create with Virtual PC 2007 SP1. Also, Virtual PC 2007 SP1 does not provide virtual
application integration with host operating systems, and you cannot use drive sharing the way that you
can in Windows Virtual PC. The creation of new virtual machines in Windows Virtual PC integrates in an
interface that is like Windows Explorer, while Virtual PC 2007 SP1 uses a separate console for that.
Conversely, Windows Virtual PC does not support drag and drop support between the host and guest
operating systems which Virtual PC 2007 SP1 does.
When you deploy virtual machines, and you plan to switch from Virtual PC 2007 SP1 to Windows Virtual
PC, you should consider following:
The virtual machine additions components, also known as Integration Components Virtual PC 2007
SP1 are not compatible with Windows Virtual PC. This means that you must uninstall them before
migrating virtual machines from Virtual PC 2007 SP1 to Windows Virtual PC.
Save state files that you create in Virtual PC 2007 SP1 are not compatible with Windows Virtual PC.
You must delete save state files prior to migration.
You must recreate the virtual machines configuration when you migrate virtual machines from
Virtual PC 2007 SP1 to Windows Virtual PC.
Question: What is a main reason to Virtual PC 2007 SP1 instead of Windows Virtual PC?
Lesson 2
Configuring Windows Virtual PC
Before starting to use virtual machines, you must configure the software options for Windows Virtual PC
and create some components that the virtual machines need, such as virtual hard disks (VHDs). You also
must configure virtual hardware settings for each virtual machine, such as networking and USB devices.
If you want to use virtual machines efficiently, it is very important to understand VHDs, including what
types of VHDs exist and how to use them.
This lesson discusses the configuration of virtual machine settings, and the creation and usage of
components that virtual machines need.
Virtual Machine Settings
Key Points
If you want to create and use virtual machine in the Windows Virtual PC environment, you have to create
the virtual machines configuration and configure the settings inside the configuration.
The virtual machine configuration is an XML-formatted file that describes the hardware configuration of a
virtual machine in essentially the same way that you describe a physical machines hardware components.
Since virtual machines in Windows Virtual PC do not directly access hardware, the configuration file is
used to configure the virtual machines hardware options and components, and defines resources, such as
RAM memory, that will be taken from the host machine when you start the virtual machine.
You can configure the following settings for virtual machines in Windows Virtual PC:
Name. The name setting defines the virtual machines name. This is not the name of the virtual
computer, or operating system, that the virtual machine represents, but rather just the name of the
configuration file.
Memory. This setting is where you enter the amount of RAM memory that the virtual machine will
allocate from the physical host when you start it. Note that the specified amount of RAM is used only
when the virtual machine is running. When calculating the amount of RAM memory that will be
available to one machine, take into account the number of virtual machines that will be running
simultaneously and the amount of RAM that should remain available for a host operating system.
Note: An example would be if you are going to run three virtual machines simultaneously, and you
have 4 GB of RAM memory, then you should not allocate more than 1GB of RAM per virtual machine.
Windows Virtual PC does not support memory over commitment.
Hard disk (1, 2, 3). These options allow you to move VHD files to the virtual machine. You can add
three VHDs to one virtual machine, and you must define at least one. On the hard disk, you also can
start the wizard to create new VHDs and modify existing ones.
DVD drive. The DVD Drive setting option allows you to use a physical DVD drive from the host
computer or to map the ISO image file as a DVD to the virtual machine.
COM1, COM 2. These settings enable you to configure usage of physical Component Object Models
(COM) ports inside virtual machine or map virtual COM ports to a named pipe or text file.
Networking. The Networking option enables you to add four network adapters to a virtual machine,
and change the connection state of each network adapter. Each network adapter in virtual machine
can be mapped directly to any physical network adapter in host machine, use network address
translation (NAT) through physical network adapter, use Internal Network for communication
between virtual machines, or be in disconnected state. This will be discussed later in more detail.
Integration features. These features and their corresponding settings allow you to configure the level
of integration between the virtual machine and the physical host. You can allow audio, printer,
clipboard, and smart-card sharing, and also allow access to physical drives in the host computer. If
you want to use integration features, you must install integration components in the virtual machine.
Keyboard. The Keyboard setting determines how your computer or virtual machine will respond to
keyboard shortcuts such as ALT+TAB. The default behavior is to pass these shortcuts to the virtual
machine only when you are running in full screen mode. Otherwise, keyboard shortcuts execute on
the host operating system.
Logon Credentials. The Logon Credentials setting enables you to delete all saved credentials if you
previously chose to save credentials that users are entering when they log on to virtual machines.
Auto Publish. The Auto Publish setting enables you to configure whether the virtual machine will
publish virtual applications automatically to the Windows 7 host machine. If you are going to use
Windows Virtual PC to support older applications, we recommend that you to enable this option.
Close. The Close setting enables you to define the virtual machines behavior when the user clicks a
button to close the virtual machine window. You can choose to be prompted for action each time
you try to close the virtual machine window or choose a preconfigured action, such as Hibernate.
If you want to make changes to the virtual machine configuration, you can do it by opening the Settings
dialog box after right-clicking the virtual machine icon in the Virtual Machines folder window. For most
changes to occur, you must turn off the virtual machine. However, you can make some changes, such as
mapping a virtual DVD drive to an .ISO file or physical drive, or changing settings for the virtual network
adapter s connection, even while the virtual machine is running. Conversely, you must perform other
changes, such as changing the amount of allocated RAM memory or adding VHDs to the virtual machine,
when the machine is turned off.
Features of VHDs
Key Points
VHDs are files on the physical machine that store the hard-disk contents of a virtual machine. Windows
Virtual PC treats each VHD file as a separate hard disk, and each virtual machine can have three VHD files
attached. You must have at least one VHD attached to the virtual machine if you want to run it.
The VHD file format is an open standard and does not depend on virtualization technology in use, and to
the host and guest operating systems. Because of that, Windows Virtual PC, Virtual Server, and Hyper-V all
use the same format of VHD files.
Note: You cannot directly use VHD files from one virtualization platform in another platform, since
Integration Components are not compatible between platforms. For example, if you want to use VHD
from a Virtual Server-based virtual machine in Windows Virtual PC, you first must uninstall Virtual
Machine Additions before attaching a VHD to the machine in Windows Virtual PC.
Types of VHDs
There are three types of VHDs: fixed-size disks, dynamically expanding disks, and differencing disks.
Fixed-size disks take up all of the space that the VHD is allowed to have. For instance, if you create a fixed
disk that is 64 GB, the VHD file will occupy 64 GB of hard-disk space from the time of creation, and its size
will never vary. However, this type of disk provides the best performance for virtual machines, and we
recommend that you use it if you have a disk-intensive application in the virtual machine.
Dynamically expanding disks increase in size to take up space as required. The size that you specify when
you create a dynamically expanding disk indicates the maximum size to which the disk can grow. For
instance, if you create a dynamically expanding disk of size 64 GB, the VHD file might initially occupy only
a few hundred kilobytes (KB). It then will grow upon usage to occupy the maximum size that you specify
(64 GB). Note, however, that the guest operating system believes it has the full 64 GB from the start.
Additionally, these disks do not shrink automatically when you delete some files inside the virtual
machine. You must use the Compact option for this. Dynamically expanding disks have a little slower
performance than fixed-size disks, to which you can convert them, if necessary.
Differencing disks are a VHD that you use to isolate changes to a VHD or the guest operating system by
storing them in a separate file. A differencing disk is associated with another VHD that you select when
you create the differencing disk. This means that the disk to which you want to associate the differencing
disk must exist first. Later topics will provide more detail on these types of disks.
Native VHD Support in Windows 7
In addition to the ability to use VHD files as storage, Windows 7 provides native support for booting from
a VHD file rather than from the system boot files on the systems hard disk. Booting from VHD enables
you to mount a VHD as a bootable drive and, as the name implies, boot from it. This can be very useful
for creating multiple operating-system installations without having to create multiple operating-system
partitions on your hard drive. However, when you boot a physical machine from a VHD, you do not start a
virtual machine. Instead, you use a VHD instead of the physical drive. The operating system that is booted
from the VHD has the same level of access to hardware as an OS installed in the traditional way.
What Are Differencing Disks?
Key Points
One specific type of disk that you can use inside a virtual machine is a differencing disk. A differencing
disk is a VHD that you use to isolate changes to a VHD or the guest operating system by storing them in a
separate file.
A differencing disk is always associated with another VHD that you select when you create the
differencing disk. This means that the disk to which you want to associate the differencing disk must exist
first. This VHD is the parent disk, and the differencing disk is typically called the child disk. The parent disk
is sometimes called the base disk.
The parent disk can be any type of VHD, even another differencing disk. The differencing disk stores all
changes that would otherwise be made to the parent disk if the differencing disk is not in use. The
differencing disk provides an ongoing way to save changes without altering the parent disk. You can use
the differencing disk to store changes indefinitely, as long as there is enough space on the physical disk
where you store the differencing disk. The differencing disk expands dynamically as data is written to it,
and it can grow as large as the maximum size that you allocate for the parent disk when you created it.
When you create the differencing disk and attach it to the virtual machine, the operating system reads
data from both the parent disk and the differencing (child) disk at once.
You typically do not use differencing disks in production environments.
Note: We recommend that you write-protect or lock the parent disk before using the differencing
disk. Otherwise, if some other process modifies the parent disk, all differencing disks related to it
become invalid, and all data written to the differencing disks is lost. You also need to modify the
virtual machine by replacing the parent disk with the differencing disk. Otherwise, you will receive an
error when you try to start the virtual machine because it cannot use a read-only disk.
Managing the contents of differencing disks

You can distribute the contents that the differencing disk stores by merging the differencing disk with the
parent disk. This modifies the parent disk with all the changes that the differencing disk stores, and then
deletes the differencing disk. There also is an option to merge changes to a new disk. Merging to a new
VHD retains both the parent disk and the differencing disk in their current state, and creates a new VHD
that is a combination of the contents of the parent disk and the differencing disk. You can use this new
disk as a parent for a new virtual machine.
Using multiple differencing disks with one parent disk

You can associate more than one differencing disk to a parent, which means that virtual machines can
share one parent disk but have their own differencing disk. This can be useful in a variety of scenarios. For
example, a test engineer or call-center technician could have a dozen or more virtual machines with
different configurations, such as different software updates and installed applications. The virtual
machines could share a parent disk that contains the operating system, which is common to all virtual
machines, and each virtual machine could have its own differencing disk to store the configuration that
differs from the parent.
Note: If you use multiple differencing disks that share a parent disk containing an operating system,
you must apply any software updates to each differencing disk. If you apply the software update to the
parent disk, all differencing disks associated with that parent disk would be unusable.
Chaining differencing disks

You can chain differencing disks, which means that a differencing disk can have another differencing disk
as a parent disk. Depending on how you design the chain, you can save considerable disk space. For
example, if you want to test upgrade scenarios or version compatibility, you could use a parent disk as the
base and a chain of differencing disks for the consecutive versions. This approach would save disk space if
each differencing disk contained one update only.
Note: Chaining several differencing disks and connecting it to one virtual machine can impair
performance, as the operating system must read from several VHD files at the same time. Because of
that, we recommend that you keep the number of chained differencing disks under five.
When you create a chain of differencing disks, it is particularly important to lock all disks except the
most recent child disk. Any changes made to any older disks would invalidate all later disks in the
chain. However, the most recent child disk must be writable so that a virtual machine can use it.
Question: What can you achieve by associating multiple differencing disks to one parent disk?
What Are Undo Disks?
Key Points
Undo Disks is a feature that saves changes to a virtual machines data and configuration in a separate
undo disk file in case you want to reverse the changes. The feature provides you with a way to decide
whether to modify a virtual machine and its disks permanently each time you end a virtual machine
session or revert the virtual machine to its initial state. When you enable Undo Disks, it applies to all VHDs
installed on the virtual machine.
When you run a virtual machine that is using Undo Disks, any changes to a VHD are temporarily stored in
an undo disk (.vud) file, rather than in the original VHD file. This is very similar to using differencing disks.
However, there are two notable differences. A differencing VHD is associated with one VHD rather than
with the virtual machine, and you are not prompted to decide what to do with the changes when you
shut down a virtual machine.
When you enable Undo Disks, you have the following options to manage them.
Apply changes. This option updates the original VHD with all changes that were stored in the undo disk
file. This is similar to merging a differencing disk with its parent disk. You can access this option through
Virtual Machine settings.
Discard changes. This option deletes the undo disk file and leaves the original hard disk file unchanged.
Windows Virtual PC creates a new, empty undo disk file the next time you turn on the virtual machine.
You can do this by choosing the Turn off and delete changes option when closing the virtual machine
or by choosing the Discard Changes option from the Virtual Machine settings.
When you discard or apply changes on an undo disk, that action applies to all changes that it stores. In
other words, you cannot selectively delete or apply changes on an undo disk.
The undo disk file is always created in the same folder as the virtual machine configuration file.
Note: Undo disks do not contain virtual machine configuration changes.

Windows Virtual PC does not support snapshots like Hyper-V does. Undo disks provide similar
functionality.
Demonstration: Creating VHDs
In this demonstration, your instructor will show you how to create various types of VHDs.
Create a dynamically expanding VHD in Windows Virtual PC.
Create a differencing VHD in Windows Virtual PC.
Create a VHD in Windows 7 Disk Management.
Attach VHDs.
USB Support in Windows Virtual PC
Key Points
Windows Virtual PC supports USB devices in virtual environments. This means that you can access various
USB devices, such as USB memory sticks, printers, or scanners, from applications that are installed in the
virtual machine. You can install up to eight USB devices inside the virtual environment.
USB architecture in Windows Virtual PC
Windows Virtual PC uses the Redirection Policy Manager (RPM) of the Windows to provide the USB
redirection in a virtual machine. It loads an alternate driver in the lieu of the original driver to redirect the
device to a virtual machine. WVPC creates a virtualized host controller in the virtual machine that is
offered by using a Virtual PC bus channel.
USB architecture consists of a server-side component running in the host operating system and a client-
side component that is running in the virtual machine. The server side involves a connector driver to
manage USB devices and a stub instance for every USB device. The client side implements a VPC bus-
enumerated virtual host controller that supports the subset of the USB driver interfaces that are necessary
for compatibility with the supported devices. The redirection process also triggers the connector driver to
send commands to the guest to create the physical device object (PDO) for the redirected device. Then
the stub driver, connector driver, and the virtual bus or hub driver work in unison to enable
communication of commands, responses, and data between the physical USB device and the redirected
USB device.
USB device usage in Windows Virtual PC
You can use USB devices in two ways: sharing and redirection. In the default mode, with all integration
features enabled, you can use storage devices, printers, and smart cards without having to redirect the
device manually, by simply sharing it with the physical host. This requires that the device driver is available
both in the virtual machine and on the host.
If the driver is not available in Windows 7, but is available for the operating system inside the virtual
machine, you can redirect the device to the virtual machine. This means that access to the device will be
available only to the virtual machine.
Using Group Policy to manage device redirection

You can use Group Policy to prevent the redirection of selected USB devices to a virtual machine, such as
for security or compliance reasons. You can do this at the per device or device-class level. Additionally,
you can prevent the use of all USB devices inside a virtual machine. These settings are helpful in an
organization where users are not allowed to use these devices in the physical machine.
These Group Policy settings can be found by clicking Computer Configuration Administrative
Templates, clicking System, clicking Device Redirection, and then clicking Device Redirection
Restrictions.
Networking Options for Virtual Machines
Key Points
Inside the Virtual Machine settings console, you can configure networking options if you want to connect
a virtual machine to different type of networks.
You can connect each virtual machine to four networks, which means that you can have up to four virtual
network adapters installed inside a virtual machine. The Virtual PC host application emulates Intel DEC
21140A network cards. Each emulated network adapter is assigned a unique media access control (MAC)
address in the range 00-03-ff-XX-XX-XX. The last three octets are calculated using the host network
adapter MAC address. For each network adapter, you can configure the different types of networks that it
connects to, including:
Not connected. If you configure the network adapter as not connected, that means that it has no
connection to any network. It appears in the device manager of the virtual machine, but it is in a
disconnected state. It is the same as a physical network adapter, with no connection.
Internal Network. When you connect the virtual network adapter to this network, it can connect only
to the other virtual machines on the same physical machine. Software switch, also known as virtual
switch, inside Windows Virtual PC forwards the packets directed for the destination virtual machine
without connecting to any external network on the host. This is useful for cases where you want to
connect to two or more machines completely isolated from the network.
Note: In Hyper-V terminology, Internal Network is used for communication between virtual machines,
and between virtual machines and the host operating system. In Windows Virtual PC, you cannot
communicate with the host via this network.
Host network adapter. This option provides you with the ability to connect the virtual machine
network adapter to any physical network adapter in the host machine, in bridge mode. This enables
you to connect to the external network by using the host network adapters. When you connect the
virtual machine by using this option, the virtual card has a unique presence on the network, just like
any other physical host machine. This option requires that you install the Virtual PC network filter
driver in the hosts networking stack. This driver is installed during the Windows Virtual PC installation
process, and by default, it binds to all network adapters based on 802.3 802.11. To disable the Virtual
PC Network Filter, double-click on network adaptor in the Network and Sharing Center and click
Properties of the host machines physical network adapter, which prevents the virtual machine from
using it. If you connect the machine to a physical host adapter, it can communicate with all other
hosts on that network (physical and virtual) and with the host where the virtual machine resides.
Shared Networking (NAT). Shared networking, or NAT, is another way that the guest can connect to
the external network. The main difference between this and the bridge mode is that the virtual
machine is behind the NAT, and it does not have a unique identity in the external network. It supports
all connections that use TCP/IP. When you connect by using the bridge mode, you must use a
separate IP address for the guest, so if there is a shortage of IP addresses, this option may not work.
Conversely, NAT would be a good option in this scenario. You also can use this option when you do
not want to connect directly to an external network and remain behind this NAT. This acts as a strong
firewall that protects the guest from outside attacks.
There are certain limitations when you connect by using NAT. If the payload contains the source IP
address, then it may break when the IP address is replaced with the host because the payload still will
contain the guest IP address. We do not support connecting with a virtual private network (VPN) that is
inside the guest. Some VPN connections require the opening of raw sockets, which require administrative
privileges to open successfully. Conversely, the Windows Virtual PC application runs in the user context.
Applications that use TCP/IP, like browsing the Internet, Windows Live Messenger, and shared access, will
work when you connect by using NAT. We recommend that you connect by using the bridge mode when
the guest needs to use VPN.
Note: You can use shared networking only on the first network adapter in the virtual machine.
Question: If you use shared networking on a virtual network adapter, can the virtual machine
communicate with the host computer, such as when it needs to share files?
Demonstration: Creating and Configuring Virtual Machines
In this demonstration, your instructor will show you how to create and configure virtual machines in
Windows Virtual PC.
Create a virtual machine, and then configure it to use an existing disk.
Change the virtual machine configuration settings.
Start the virtual machine.
Demonstrate different networking types.
Lesson 3
Installing, Configuring, and Managing the Windows
XP Mode
Windows XP Mode is a benefit of using Windows 7 and Windows Virtual PC. It provides users with a
virtual machine that is preconfigured with Windows XP Professional SP3 installed, primarily to support
usage of older applications and devices that cannot work with Windows 7. Windows XP Mode supports
seamless application integration, which means that you can run applications installed inside the virtual
machine in a same way as you run existing applications installed locally on the Windows 7 machine.
This lesson focuses on installing, configuring, and managing Windows XP Mode on Windows 7.
What Is Windows XP Mode?
Key Points
Designed primarily with small businesses in mind, Windows XP Mode for Windows 7 enables a user to
install and run Windows XP applications directly from a Windows 7-based PC. With Windows Virtual PC,
Windows XP Mode works in Windows 7 Professional, Enterprise, and Ultimate, and provides a 32-bit
Windows XP Professional Service Pack 3 environment that is preloaded on a VHD. Since Windows XP
Mode is running inside the Windows Virtual PC environment, the same requirements apply as for other
virtual machines that are running inside Windows Virtual PC.
Windows XP Mode is not a part of Windows Virtual PC. You must download it separately from the
Microsoft Download Center, and then install it manually. We recommend that you download and install
Windows XP Mode first, and then install the Windows Virtual PC environment.
Note: Windows XP Mode is available only for Windows Virtual PC and Windows 7. You cannot use it
with Virtual PC 2007.
Using Windows XP Mode is faster and easier than creating your own virtual machine because Windows
Virtual PC creates the virtual machine for you, configures it to run Windows XP, and then installs the
following:
The Integration Components package. These components improve the experience of using a virtual
machine by providing features that improve interactions between the virtual machine and the
physical computer.
Support for virtual applications. This feature requires an update to the guest operating system. In
Windows XP Mode, this update is installed by default.
Additionally, since Windows XP Mode is free for Windows 7 users, you do not have to buy separate
licenses to run a virtual instance of Windows XP on your Windows 7 machine.
Note: Although some of the features of Windows Virtual PC improve the integration between the host
operating system and a guest operating system, such as Windows XP, the operating systems are
separate, and you must manage them separately. For example, to receive the maintenance benefits
that features and tools such as Windows Update and antivirus programs provide, you must install and
run them in the guest operating system.
Windows XP Mode provides users with number of productivity features and benefits, including:
Folder integration to allow accessing the hosting Windows 7 disk drives within XP mode.
Seamless applications to access the XP mode application in the All Programs menu from the hosting
Windows 7 machine.
USB support for XP Mode.
Clipboard sharing between a hosting Windows 7 machine and XP Mode.
Printer redirection for XP Mode.
All of these features are ready to use immediately after you install Windows XP Mode.
Note: The Windows XP virtual machine that is running in Windows XP Mode is networked by default
with the hosting Windows 7 machine by using NAT. You can change this in the virtual machine
settings.
When you use Windows XP Mode, you should consider that XP mode is, in effect, a virtual machine like
the other virtual machines that you create. It means that you can configure most settings for a Windows
XP Mode virtual machine,just like you would configure settings on any other virtual machine.
Storage required for running Windows XP Mode
By default, Windows XP Mode uses space on the system drive to store the virtual machine and VHDs. The
virtual machine requires two VHDs:
A parent VHD. The default location is %systemdrive%\Program Files
\Windows XP Mode. This is the preconfigured default drive inside the Windows XP Mode package,
which you download from the Microsoft Download Center.
A differencing VHD. By default, Windows XP Mode Setup creates this disk at
%systemdrive%\Users\<username>\AppData\Local\Microsoft\Windows Virtual PC\Virtual Machines.
This disk is specific for each user on the Windows 7 machine that is using Windows XP Mode. For
each user, a new differencing disk is created. This enables each user to configure his own Windows XP
Mode environment and applications.
Question: What is an example of a typical usage scenario for Windows XP Mode?

Demonstration: Setting Up Windows XP Mode
In this demonstration, your instructor will show you how to install and set up Windows XP Mode.
Start Windows XP Mode setup.
Create a password.
Configure the Windows Update options.
Configure drive sharing.
Set up Windows XP Mode.
Configure Windows XP Mode in full screen mode.
Publishing Virtual Applications
Key Points
If you are running a Windows XP Mode virtual machine as a guest operating system, you can run an
application installed in a virtual machine directly from the Start menu of the host operating system. This
makes it possible for you to run Windows 7 as the host operating system, and then use existing
applications, while avoiding problems that might occur if the applications are not compatible with
Windows 7. This method of running an application is called a virtual application.
You can publish and use virtual applications if the guest operating system is Windows XP Professional
Service Pack 3, Windows Vista Enterprise Service Pack 1, Windows Vista Ultimate Service Pack 1, Windows
7 Enterprise, or Windows 7 Ultimate. This scenario does not support other operating systems.
When you publish a virtual application to a Windows 7 host operating system, files on the host will be
associated with the virtual application if those files are not already associated with an application on the
host operating system. If the drive on which the file is stored is shared with the virtual machine, you can
double-click the file, and the virtual application will open the file.
Note: The system tray of the host operating system may include icons of programs that are running in
a virtual machine. For these programs, the tooltip includes (Remote) to help you identify which
programs are running in a virtual machine. If the same program is running in both the host and guest
operating systems, the system tray shows two instances of the same icon.
Automatic publishing of virtual applications
For each virtual machine inside Windows Virtual PC that is running a supported operating system, you can
configure Automatic Publishing of virtual applications inside the virtual machine to a physical host that is
running Windows 7. This means that each application installed inside the virtual machine will appear in
the Start Menu of the Windows 7 computer, and will work via seamless integration.
For a Windows-based virtual machine (Windows XP SP3 and newer versions), you need to install the
Update for Windows XP SP3 or above to enable RemoteApp or Update for Windows Vista SP1
or above to enable RemoteApp feature inside the virtual machine. Windows XP Mode VHD has this
package preinstalled. Also, you need to ensure that autopublishing is enabled in the virtual machine
settings. You can verify this by opening the settings for the virtual machine, and then navigating to Auto
Publish Setting.
By default, applications installed under the All Users profile are autopublished to the Windows 7 host.
Therefore, if an application has created its shortcuts in the All Users profile, no action is required from the
user. However, there are applications that do not install for the All Users profile, and which are installed
for the current user only. In that case, you should copy the application shortcut from the current user
profile to the All Users profile so that the application can be published.
Controlling application publishing

Though autopublishing works automatically, with virtually no user intervention required, there are ways in
which you can control publishing.
Exclude List
You may want some applications that you install in the guest to remain unpublished to the hosts Start
menu. For this purpose, there is a list inside the guest registry called the Exclude List. This list contains full
paths of applications that you do not want to publish to the hosts Start menu. The Exclude List is present
in the guest registry at HLKM\Software\Microsoft\Windows NT\CurrentVersion\Virtual
Machine\VPCVAppExcludeList.
Manual publishing
Another way you can control the applications that are published to the host Start menu is through
manual publishing. In this scenario, the user disables autopublishing, and then takes total control of what
is published to the hosts Start menu. This is very useful for IT administrators who want to restrict
applications that are published, irrespective of the number of applications that the user installs inside the
guest.
Applications that publish to the host Start menu have an entry in the guest registry that the WMI class
Win32_TSPublishedApplication manages. You can use scripting to manipulate this WMI class to publish,
and rescind publication of, applications manually.
Demonstration: Publishing and Working with Published Applications
In this demonstration, your instructor will show you how to publish applications and work with published
applications.
Demonstrate that the virtual machine has enabled Auto Publish.
Install Microsoft Access version 2.0 inside Windows XP Mode.
Show that application shortcuts are added to the Start menu in Windows 7.
Show that the Start menus search functionality finds them.
Start the virtual application.
Additional Considerations for Implementing Windows XP Mode
Key Points
After you deploy Windows XP Mode, you can perform additional configuration of the Windows XP virtual
machine. Some of most common management tasks and considerations for Windows XP mode are:
Joining Windows XP Mode virtual machine to workgroup or domain. Just like any other computer,
this machine can be domain or workgroup member. You do this by using the same procedures as
with a physical host. Before doing this, make sure that the virtual machine is connected to your
network so that it can access the workgroup or domain. In order for Windows XP Mode machine to
have access to the network, you should connect it to your physical adapter.
Managing saved credentials. When deploying Windows XP Mode, during its initial setup, you must
provide a password for a default user called XPMUser. This password is saved, so user is not prompted
to enter it when starting the Windows XP Mode virtual machine. This is very convenient, especially
when you are using virtual applications. However if you want to clear saved passwords for this or
other user accounts, you can do it by using the Settings menu for the virtual machine. You should be
aware that this account is a member of the Administrators group.
Using Undo Disks. When you are using a Windows XP Mode virtual machine, you can use the Undo
Disk option, which is disabled by default. You can enable it by using the Settings menu. This option is
useful if you want to revert a virtual machine to its pre-session state.
Using antivirus and antispyware protection. Windows XP Mode virtual machine does not have
antivirus or antispyware software installed. Since this machine behaves as any other computer on the
network, the host machine cannot protect it. Therefore, it is very important to update this machine
regularly through Windows Update service and to install antivirus and antispyware software,
especially if you are connecting this machine to the Internet.
Lesson 4
Creating and Deploying Custom Images of Windows
XP Mode
Besides using precreated Windows XP Mode virtual machine, you also can make your own virtual
machines. You can make VHD templates that you can use to create new virtual machines, or you can
convert physical hard disks that have Windows XP installed to VHDs. This lesson focuses on these tasks,
and provides you information about deployment techniques.
Creating a Custom Windows XP Image
Key Points
Some users may choose to use a custom Windows XP virtual machine instead of the precreated one in
Windows XP Mode. That means that to create a virtual machine manually, as well as the virtual hard drive,
and then install the supported operating system, which would be Windows XP. After that, you will need to
install the integration features to provide integration between the virtual machine and the Windows 7
host computer. Lastly, you have to install the available updates for the virtual machines operating system,
and the applications that you will use in the virtual environment. Additionally, we recommend that you
install antivirus software inside the virtual machine, because the host operating system does not protect it
from viruses.
Note: Building your own Windows XP Mode images requires Windows XP with Service Pack 3 and the
proper license.
If you want to use application integration features, you will need to install an update to the operating
system inside the virtual machine. If you have installed Windows XP SP3, you need update KB961742. If
you have Windows Vista installed, you need KB961741. These updates provide RemoteApp support inside
the virtual machine operating systems. RemoteApp is a technology from Windows Server 2008, and it
enables you to run remote or virtual applications, as well as local applications. A Windows XP Mode virtual
machine does not require this update, since it is preinstalled.
If you will be distributing a Windows XP virtual machine to several users, or you will be including it in a
Windows 7 image file, we recommend that you perform preparation with the Sysprep utility, especially if
the machine will have a network connection. The Sysprep utility will generalize the operating system
inside the virtual machine, and on the next boot, during it will create a new machine security identifier
(SID) that makes each machine setup unique.
To automate the setup wizard, you can use the Sysprep.inf answer file. Sysprep.inf is a text file that
contains settings for automating installation. The easiest way to build Sysprep.inf for automating
installation is to use Setup Manager, which is included in the Windows XP deployment tools.
Question: Why would you build your own Windows XP virtual machine instead of using Windows XP
Mode?
Capturing a Windows XP Image by Using the Disk2vhd Utility
Key Points
Disk2vhd is a utility that creates VHD versions of physical disks for use in Windows Virtual PC or Hyper-V
virtual machines, which makes the process of converting physical computers to virtual machine easier and
more convenient. It allows you to continue using the same volume with the same data from the physical
disk (and computer) in the virtual machine.
The difference between Disk2vhd and other physical-to-virtual tools is that you can run Disk2vhd on an
online system. Disk2vhd uses the Volume Snapshot capability, introduced in Windows XP, to create
consistent point-in-time snapshots of the volumes that you want to include in a conversion.
However, Disk2vhd cannot replicate computer hardware configuration to virtual machine hardware
configuration (like System Center Virtual Machine Manager 2008 does), so you will need to create a new
virtual machine with hardware characteristics similar to the physical computer, and then attach a disk to it.
Disk2vhd tool will create one VHD for each disk on which selected volumes reside. It preserves the
partitioning information of the disk, but only copies the data contents for volumes on the disk that you
select. This enables you to capture just system volumes and exclude data volumes, for example.
Note: Virtual PC supports a maximum virtual disk size of 127 GB. If you create a VHD from a larger
disk, it will not be accessible from a Virtual PC virtual machine.
To use VHDs that Disk2vhd produces, create a virtual machine with the desired characteristics, and add
the VHDs to the virtual machines configuration as integrated development environment (IDE) disks. On
first boot, a virtual machine that is booting a captured copy of Windows will detect the virtual machines
hardware and automatically install drivers, if they are present in the image. If the required drivers are not
present, you can install them via the Windows Virtual PC or Hyper-V integration components. You also
can attach them to VHDs using the Windows 7 or Windows Server 2008 R2 Disk Management or Diskpart
utilities.
Disk2vhd runs Windows XP SP2, Windows Server 2003 SP1, and newer versions, including x64 systems.
Note: Do not attach to VHDs on the same system on which you create them, if you plan to boot from
them. If you do so, Windows will assign the VHD a new disk signature to avoid a collision with the
signature of the VHDs source disk. Windows references disks in the boot configuration database (BCD)
by disk signature, so when that happens, Windows booted in a virtual machine will fail to locate the
boot disk.
Considerations for Deploying and Maintaining Windows XP Images
Key Points
Before you deploy the Windows XP virtual images that you created to client computers, you should
consider the following:
Files that should be included. Every virtual machine consists of two files. One is the configuration file,
with a .vmcx extension, and the other is the virtual hard drive with a .vhd extension. If you want to
have a virtual machine ready out-of-the-box, or manually import a virtual machine on another
computer, you need to have both files present.
Using differencing disks. The usage of differencing disks can affect performance. If you will be using
differencing disks, and if you are going to chain them, be sure to deploy all disks, together with the
parent disk, to clients that will be using Windows XP virtual machines.
Planning Antivirus and Security. When you run Windows XP Mode on a host computer, the antivirus
and security applications on the host computer do not provide coverage for the virtual machine that
is running Windows XP. Therefore, you must install any antivirus and other security applications in
your virtual Windows XP image.
Consult the license agreement for your antivirus and security applications to determine whether
installation on the host computer and in a virtual Windows XP image uses a single seat or two seats.
Most antivirus vendors are aware of the problem and working on licensing solutions to solve it.
Note: Microsoft Security Essentials is a free antimalware product that you can use to protect physical
and virtual environments. Consider using it to protect your virtual machines.
Management of updates. Before installing any applications on the virtual Windows XP image,
updating the image is important. Download and install the latest security updates from Microsoft
Update. Review any recommended and optional updates for installation, as well. For businesses that
do not have an update infrastructure, you can simply use Windows Update to update the virtual
Windows XP image. You also can manually download and install updates from the Microsoft
Download Center, but this makes little sense considering the ease and convenience of using Windows
Update. Organizations that have an update infrastructure like Windows Server Update Services
(WSUS) will use it to update their virtual Windows XP image.
Activation issues. Depending on the license program that your company has, you may have to
activate the virtual machine. Be aware that Windows Vista brings new Volume Activation 2.0, which
requires that you activate every machine.
Image Maintenance. After you deploy Windows XP virtual machines to your clients, you will have to
provide support and maintenance for these machines. This includes installing new versions of
software, installing updates and fixes, and other upkeep.
Process for Deploying Windows XP Mode Images
Key Points
It is much more convenient to deploy Windows XP virtual machines to client computers by using
Windows XP Mode virtual images instead of creating new Windows XP virtual machines.
You can customize a Windows XP Mode virtual machine prior to deployment to client machines. That
means that you can include your own applications, security updates, and settings inside this virtual
machine before deployment.
This process consists of several steps:
1. Determining readiness to run Windows XP Mode. Before deploying Windows XP Mode to client
computers, you must ensure that they are capable of running it. In some cases, you might need to
upgrade the hardware or free disk space. Although it is no longer necessary to have hardware
virtualization support on the CPU level in order to run Windows XP Mode, you must check if all
computers have enough memory and free space to run the Windows XP Mode virtual machine.
2. Customizing Windows XP Mode images. Before deployment to client computers, you will want to
perform additional customization of your Windows XP Mode virtual machine. The easiest way to do
this is to extract the VHD from the Windows XP Mode machine.
First, you should download Windows Virtual PC and Windows XP Mode from the Windows Virtual PC
Home Page, and then install them on a computer. Then copy the VHD from the Windows XP Mode
program files directory (%ProgramFiles%\Windows XP Mode\Windows XP Mode base.vhd) to an
alternate location. Do not create a differencing disk or use undo disks with this VHD. After copying
the VHD, remove the read-only attribute from the file, and create a virtual machine that uses it as a
primary VHD. By using this option, you are customizing the copy of the VHD that Windows XP Mode
provides. This VHD already has the required components installed.
After you boot your newly created virtual machine, you are ready to install applications in the
Windows XP Mode VHD file. You probably will want to install an antimalware application and some of
your business-related applications that you will use as virtual applications from Windows XP Mode.
Do not forget to install all available security updates, fixes, and service packs.
3. Preparing a Windows XP Mode image for deployment. After customizing the Windows XP VHD with
applications and security updates, you can prepare it for deployment to multiple computers. Do this
by running Sysprep. This removes the computers SID, resets the activation grace period, and
configures the image to run the setup wizard the next time it starts. The wizard will customize the
image for each installation, creating a unique computer name and SID.
Three files are required before you can run Sysprep, and you must copy all of them to C:\Sysprep:
Sysprep.exe. This program prepares the image for deployment.
Setupcl.exe. This file is required for running Sysprep.exe.
Sysprep.inf. This answer file automates all or part of the setup wizard. You can create it by using
Setup Manager or create it manually.
Use the following steps to prepare the image by running Sysprep:
1. On the virtual machine that is running Window XP Mode, create the folder Sysprep on drive C.
2. Copy Sysprep.exe and Setupcl.exe from the deployment tools to C:\Sysprep.
3. Copy the Sysprep.inf file you created in the previous section to C:\Sysprep.
4. Run C:\Sysprep\Sysprep.exe.
5. In the System Preparation Tool 2.0, select the Do not reset grace period for activation and Use
Mini-Setup check boxes. Then, click Reseal.
4. Deploy virtual machines. At this point, you have a customized Windows XP VHD that you can deploy.
Now, you need to distribute this VHD to each destination computer, create the VM configuration
(.vmc) file, and register the VM in Windows Virtual PC.
The steps for deploying virtual machines are:
1. Install Windows Virtual PC on each computer. Before deploying the Windows XP VHD, you must
deploy the Windows Virtual PC update to each computer on which you intend to deploy the
Windows XP VHD. Download the update from the Windows Virtual PC Home Page. You can host
the update on a network share and instruct users on how to install it (simply double-click the
.msu file to install it). You also can install the update by using a logon script or any software
deployment infrastructure that your organization uses. You also can include Windows Virtual PC
in your Windows 7 images to ensure its availability. The Microsoft Deployment Toolkit 2010
makes it easy to add updates during Windows 7 deployment.
2. Remove the Windows XP Mode shortcut from the Start menu. After deploying Windows Virtual
PC, you must remove the Windows XP Mode shortcut that Windows Virtual PC creates when you
install it. Otherwise, if users click the Windows XP Mode shortcut, Windows Virtual PC will prompt
them to download and install the Windows XP Mode package from the Microsoft download site.
You can write a script to remove this shortcut (%programdata%\Microsoft\Windows\Start
Menu\Programs\Windows Virtual PC\Virtual Windows XP.lnk) or you can use Group Policy
Preferences to remove it.
5. Deploy the Windows XP VHD to each computer. To deploy your virtual Windows XP image to
multiple computers, copy the VHD to each computer for each user. By default, Windows 7 stores VHD
files in %LOCALAPPDATA%\Microsoft\Windows Virtual PC\Virtual Machines. To deploy your
customized Windows XP VHD, copy the VHD file to this location for each user on each computer.
6. Create a virtual machine configuration file. You must create this file for each user on each computer.
Run cscript CreateVirtualMachine.wsf -p:<vhd_path> -vn:<virtual machine name> at an elevated
command prompt to create the virtual machine configuration file and register the VM with Windows
Virtual PC. You can download the script CreateVirtualMachine.wsf with Deploying Windows XP Mode
guide available in the section of this topic.
Lab: Implementing Windows Virtual PC and Windows

XP Mode
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. Ensure that the 10324A-NYC-DC1 and 10324A-NYC-CL2 virtual machines are running.
2. If required, connect to the virtual machines. Log on to the virtual machines as
Contoso\Administrator using the password Pa$$w0rd.
Exercise 1: Installing Windows Virtual PC

Scenario
In this exercise, you will first add Windows Virtual PC to Windows 7, explore its configuration options, and
then create a virtual machine. You also will install the integration features.

1. Install Windows Virtual PC and the KB977206 update.
2. Create and configure a virtual machine.
Task 1: Install Windows Virtual PC and the KB977206 update

1. On NYC-CL2, install the Windows Virtual PC feature. The installation files are located at \\NYC-
DC1\E$\Labfiles\Mod02. Browse to this location with Windows Explorer and then double-click
Windows6.1-KB958559-x86.msu.
2. Restart NYC-CL2, and then log on as Contoso\Administrator with the password of Pa$$w0rd.
3. Open Windows Explorer, and browse to \\NYC-DC1\E$\Labfiles\Mod02. Install update KB977206
to remove the hardware virtualization requirement.
4. Restart NYC-CL2, and then log on as Contoso\Administrator with the password of Pa$$w0rd.
5. From the All Programs menu, click Windows Virtual PC to open the Virtual Machines folder.
Task 2: Create and configure a virtual machine

1. On NYC-CL2, in the Virtual Machines folder, click Create Virtual Machine.
2. Configure a new virtual machine with the following settings:
Name of virtual machine: VMWorkstation1
Accept default path for storing virtual machine
768 MB RAM memory
Use host computer network connections
Dynamically expanding hard drive stored in C:\VHDs. You will need to create this new folder.
Enable Undo Disks
Configure machine to go in hibernation when closed.
Results: After this exercise, you should have installed Windows Virtual PC and created a new virtual
machine.
Exercise 2: Using Windows XP Mode

Scenario
In this exercise, you will set up Windows XP Mode, install a legacy application, and explore how you can
publish Windows XP Mode applications to a Windows 7 host. You also will use a published application,
and find out how it seamlessly integrates with Windows 7.

1. Set up Windows XP Mode.
2. Install a legacy application, and then publish it to the host.
3. Use a published application from the Windows 7 host.
Task 1: Set up Windows XP Mode

1. On NYC-CL2, run WindowsXPMode_en-us.exe from \\NYC-DC1
\E$\Labfiles\Mod02\.
2. Install Windows XP Mode with the default settings.
3. Launch Windows XP mode with the following settings:
Installation folder: default
Password: Pa$$w0rd
Remember credentials: enabled
Automatic updates: enabled
4. In the Virtual Machines window , open Settings for the Windows XP Mode virtual machine, and
review the Integration Features settings.
Task 2: Install a legacy application, and then publish it to the host

1. In the Windows XP Mode virtual machine, open Windows Explorer, and browse to the C drive on
NYC-CL2. Open the folder called Labfiles\Office, and then double-click Setup.exe to install
Microsoft Office 4.3.with the following options:
Name: Admin
Organization: Contoso
Directory locations: default
Installation Type: Complete/Custom
Options List: Remove all check marks except Microsoft Access
2. From the All Programs menu, start Microsoft Access.
Task 3: Use a published application from the Windows 7 host

1. From NYC-CL2, start Microsoft Access.
2. Create a new database called DB1, and save it to C:\MSOffice.
3. Start the Windows XP Mode virtual machine.
4. Copy DB1.MDB from C:\MSOffice to the VHDs folder on drive C on NYC-CL2.
5. Start DB1.MDB from the NYC-CL2 machine by double-clicking the file.
6. Verify that the virtual application starts.
Results: After this exercise, you should have installed and configured Windows XP Mode.
To prepare for the next lab

following steps:

2. Right-click the virtual machines used in this lab, and then click Revert.

Review Questions
1. What is the main difference between Windows Virtual PC and Virtual PC 2007 SP1?
2. How does Windows XP Mode use differencing disks?
3. When preparing VHD images for distribution and usage on several computers, what must you do
before you start creating virtual machines with these disks?
Common Issues Related to Windows Virtual PC and Windows XP Mode

Issue Troubleshooting tip
The mouse moves slowly or inconsistently, and is

stuck in the virtual machine window.
When you try to install an application, you get the

error The Windows Installer does not permit
installation from a Remote Desktop Connection.
When you try to use Windows XP Mode, you

receive the following error: Cannot start Windows
XP Mode.
You cannot copy and paste files and folders

between the guest and host operating systems.

Contoso is discussing implementation of virtualization technologies in order to solve some problems and
optimize usage of resources. They want to convert some servers to virtual machines and limit the number
of workstations that developers are using for testing applications in various environments. They recently
upgraded most of their desktops to Windows 7. Desktop computers have 2 GB of RAM or more. The only
department that is not migrated to Windows 7 is the Accounting Department, and that is because of an
accounting application that is not working on Windows 7. Contoso is reviewing available virtualization
technologies from Microsoft, specifically Hyper-V, Virtual Server, and Windows Virtual PC.
What would you recommend to them to address their needs and issues?
Best Practices related to Windows Virtual PC and Windows XP Mode

Use Windows XP Mode whenever you need to provide support for older applications.
Do not use virtual machines hosted in Windows Virtual PC in a production environment, except for
supporting older applications on the local machine.
Avoid using too many chained differential drives.
Always mark parent drives as read-only before creating differential drives.
Tools
Tool Use for Where to find it
Disk2Vhd Converting physical hard drives to http://technet.microsoft.com/en-us

virtual hard drives /sysinternals/ee656415.aspx
Microsoft Security Antivirus and antispyware http://www.microsoft.com

Essentials protection of virtual machines /security_essentials/
Implementing Microsoft Enterprise Desktop Virtualization 3-1
Module 3
Implementing Microsoft Enterprise Desktop Virtualization
Contents:
Lesson 1: Overview of MED-V 3-3
Lesson 2: Implementing MED-V Management Servers 3-16
Lesson 3: Implementing a MED-V Client 3-23
Lab: Implementing MED-V 3-31
Module Overview
Microsoft Enterprise Desktop Virtualization (MED-V) is an enterprise solution that enables incompatible
or unsupported applications to be available in a virtual environment. End users then can use them as if
they were installed locally on their computers. However, the applications availability from the virtual
environment is seamless, or invisible, to the user. It provides a virtual environment for legacy applications,
and it enables central administration of applications. MED-V is built on Windows Virtual PC 2007 Service
Pack 1 (SP1), and it is available for Windows clients such as the Windows XP, Windows Vista, and
Windows 7 operating systems.
Lesson 1
Overview of MED-V
Microsoft provides different desktop virtualization solutions. While Virtual Desktop Infrastructure (VDI)
and Remote Desktop Services (RDS) provide remote virtual desktops and presentation virtualization, MED-
V provides a local virtual machine with a client operating system in which legacy applications can run.
MED-V enables users to access these legacy applications from the host computer, even when the
applications are not compatible with the host operating system.
MED-V provides a complete solution for centrally managing client virtual machines; storing, updating, and
distributing virtual images; and monitoring user activity. MED-V is part of Microsoft Desktop Optimization
Pack (MDOP) for Software Assurance, and the current version is MED-V 1.0 SP1.
What Is MED-V?
Key Points
Each new version of an operating system provides additional features, but also can cause compatibility
issues with older applications. Microsoft offers a variety of methods and tools to address applications that
are not working properly on a target operating system. However, every organization has a subset of
applications that it does not support or that do not work at all on a new version of an operating system.
The process of testing and fixing an application, or upgrading to a new version of it or finding an
alternative application, is costly and time-consuming. Meanwhile, users cannot take advantage of the new
operating system features, which often delays an organizations upgrade plans.
Technologies such as Windows Virtual PC and Windows XP Mode provide a solution for mitigating
application-compatibility issues by enabling you to use a virtualized environment. However, they lack
support for virtual-machine image delivery and central management of the deployed images. You can use
these technologies in small and unmanaged environments, but they do not provide the features and
flexibility that larger enterprises require.
MED-V solves compatibility issues with applications that do not run on a target operating system. MED-V
uses Virtual PC to provide a virtual environment that runs a legacy version of the operating system, such
as Windows XP, which enables you to mitigate application-compatibility issues. By using MED-V, you can
have administrative control over the creation, distribution, and management of virtual images, and ensure
that the images are current and comply with regulations.
MED-V enables you to do this in a seamless and transparent fashion that does not affect the end user.
Applications appear and run as if they were installed on the desktop, they are available on the Start menu
and can access the Clipboard, and users can pin them to the task bar.
Released in 2008, MED-V is part of MDOP for Software Assurance, and it is the first version that Windows
XP and Windows Vista desktops support. MED-V 1.0 SP1, which was released in 2010, adds support for
Windows 7 desktops.
Question: How does MED-V solve compatibility problems between legacy applications and host
operating systems?
MED-V Features
Key Points
MED-V allows you to deploy Virtual PC images to Windows desktops, and then manage them centrally,
while maintaining a seamless end-user experience. One of the main benefits of MED-V is the ability to
mitigate application compatibility when upgrading a desktop operating system. MED-V allows you to run
legacy applications in a virtual machine that is running an older Microsoft Windows, and it provides
seamless application integration of the applications with the host.
MED-V provides the following benefits:
Centralized deployment, management, and monitoring of deployed virtual images. MED-V provides
enterprise management and monitoring for the Virtual PC-based virtual environments. It enables you
to control access to virtual images, centrally administer configuration of virtual images, and publish
applications by using policies. It also provides a repository for virtual images, deployment of virtual
images to clients, and enables monitoring of user activity through reports.
Application provisioning based on Active Directory Domain Services (AD DS) users and groups. You
can assign a MED-V Policy to the AD DS users or groups. A MED-V Policy defines which virtual image
MED-V will use, which applications it will publish, and how it will integrate those applications with the
host. You can define a MED-V Workspace by using a policy, and you can use the same virtual image
for multiple Policies.
Using a MED-V Policy to configure usage policy. You can configure the MED-V virtual environment
by using MED-V Policies. Policies control various aspects of the virtual environment, such as
expiration of virtual machines, time limits for offline work, automatic redirection of predefined Web
sites to the virtual environment, and allocation of virtual machine memory.
Seamless and transparent integration of published applications. You can access published MED-V
applications from virtual images directly from the Windows 7 Start menu, as if they were installed on
the Windows 7 host itself. You can use the Search feature to find applications, and then pin them to
the taskbar.
Clipboard sharing and printer redirection. Based on the MED-V Policy settings, you can cut and paste
content between the host and a published application. You also can use printer redirection to print
directly from a MED-V published application to a printer attached to the host.
Question: What is the main benefit of using MED-V versus using Virtual PC or Windows XP Mode?
MED-V Architecture
Key Points
The MED-V solution contains both servers and clients, and requires infrastructure support. The MED-V
solution consists of the following components:
Administrator-defined virtual machine. This contains a full desktop environment, including an
operating system, applications, and optional management and security tools. A virtual machine image
is part of the Workspace policy. You can deploy it to the end users computer to provide an
environment for running legacy applications.
Image repository. This component stores virtual images on a standard Internet Information Services
(IIS) server 7.0 or newer, and then enables version management for virtual images, client-
authenticated image retrieval, and efficient download by using the Trim Transfer technology.
Management Server. This component associates workspaces, which include virtual images from the
image repository, and workspace policies to AD DS users or groups. The Management Server also
collects client events and stores them on a computer that is running a Microsoft SQL Server
database for monitoring and reporting.
Management Console. This enables administrators to control the Management Server and the image
repository, create Workspace policies, and manage the virtual images.
MED-V Workspace. This is the desktop environment, in which end users interact with the virtual
environment.
MED-V policy. This group of configurable settings defines how the virtualized environment and
applications perform on the end-user computer.
End user client. This component builds on Virtual PC, and provides a virtual environment for running
legacy applications. It provides authentication, virtual image retrieval, and enforcement of usage
policies. It also provides a single desktop experience, where applications installed in the virtual
machine are available through the standard desktop Start menu, and they integrate with other
applications on the user desktop.
You use the HTTP or HTTPS protocol for communication between the client and the servers.
Question: Do you need a separate server for the image repository?

Providing Scalability and High Availability with the MED-V Enterprise

Architecture
Key Points
The MED-V Management Server can support 5,000 users, depending on its hardware. However, the client-
server communication is rather lightweight: The default configuration has the clients polling the server for
policy every 15 minutes and for image updates every four hours. If you increase the policy polling time,
the server can support more clients.
The only client-server heavy-duty operation occurs when a new image is available, and multiple clients
retrieve several gigabytes (GBs) from the image repository. Since the images repository is a standard IIS
Web server, it is possible to add IIS servers as additional image delivery servers, and have them
synchronize images with the main images repository. You can place all the image delivery servers behind
a load balancer or use the Network Load Balancing (NLB) feature. To improve the download rate, to
optimize bandwidth efficiently, and further balance the load, you can place the image delivery servers in
multiple geographic locations. You can use Domain Name System (DNS) resolution to direct the MED-V
clients to the best available location. Alternatively, you can use a separate distribution mechanism, such as
Microsoft System Center Configuration Manager, to deliver the virtual images to the clients. The MED-V
client looks for the image in a location that you define. This eliminates the need for image download and
a Web infrastructure for MED-V image delivery.
The MED-V client operates independently of MED-V servers. If the Management Server malfunctions or
stops responding, all clients that are running a workspace can continue working. However, new attempts
to start a workspace run in offline mode, and online authentication, policy changes, and image updates
become unavailable. Additionally, the MED-V client aggregates events at the client side until the server
becomes available.
However, to ensure fast recovery from a server failure, MED-V supports a failover structure, in which you
can configure two MED-V servers in cluster mode, and then place all files that are mutual to both servers
on a file system. The server accesses the files from the file system rather than storing the files locally.
Question: Does a typical MED-V deployment utilize the Management Server heavily?
Overview of the Virtual Image Life Cycle
Key Points
MED-V manages virtual images through its whole life cycle. A typical virtual image life cycle proceeds
through the following steps:
Creation of a virtual image: Install operating system, applications, management tools, and security,
such as antivirus software, in the virtual machine inside Virtual PC. Prepare and test the virtual image
through the MED-V Management Console, and upload it to the MED-V image repository.
Definition of a MED-V Workspace: A workspace consists of a policy and an assigned virtual image. A
MED-V Policy defines a list of applications in the virtual image, which will be available to the users
through the Start menu. It also defines the configuration settings for the virtual machine; the Web
sites that users can view inside the virtual machine browser; the permissions to work offline and for
data transfers between the virtual machine and the host, such as file transfer, copy and paste, and
printing. You can provision a workspace to AD DS users and groups.
Delivery of the virtual image: You can deliver a virtual image to the MED-V client in the following
different ways:
Over a network.
By using standard HTTP or HTTPS protocols.
By using enterprise distribution mechanisms, such as System Center Configuration Manager.
By including it in the base workstation image, or on removable media, such as DVD.
By using the MED-V Packaging Wizard to create a self-install package.
Working with virtual machine: After you deploy a virtual machine to the MED-V client, you can
customize it and join it to a domain. After users authenticate against the MED-V Management Server,
they can work within the virtual machine. After the first online authentication, MED-V also supports
offline work, if the administrator permits that. Based on the policy settings, virtual images can be
persistent, whereby the virtual machine preserves any changes, or they can be revertible.
Management and update of the workspace: The MED-V Management Console enables administrators
to update policies, assign workspaces to additional users, remove users from the workspace, and
update the virtual images. MED-V then distributes all updates automatically to relevant users when
they work online.
Troubleshooting of malfunctioning clients: The MED-V Management Console presents an updated
report of all users, and provides detailed information on all client events. This helps the administrator
understand the source of problems, and then instruct the user on how to solve it. The MED-V
diagnostic tool runs automatically when client installation fails, and you can execute it manually in
other cases. You can use the report to understand the problems cause and to recommend to users
how to fix it.
Question: What are typical steps in the life cycle of a virtual image?
Using Trim Transfer to Deliver MED-V Images
Key Points
A MED-V virtual image is represented by a Virtual Hard Drive (VHD) file and this file contains the installed
operating system and applications. Images can be several GBs in size, and they are stored in the image
repository, which can be on an MED-V Management Server.
The MED-V advanced Trim Transfer deduplication technology accelerates the download of initial and
updated images over a local area network (LAN) or a wide area network (WAN), which reduces the
network bandwidth that you need to transport a MED-V image from the image repository to end users.
Trim Transfer is available only when you use an MED-V IIS-based image repository.
Trim Transfer technology uses existing local data to build the image, and leverages that, in many cases,
much of the virtual machine, such as system and application files, already exists on the end-user disk. For
example, if MED-V delivers an image containing Windows XP to a client that is running a local copy of
Windows XP, MED-V automatically removes from the transfer the redundant Windows XP elements that
the client makes available already. To ensure a valid and functional image, the MED-V client
cryptographically verifies the integrity of local data before it utilizes it, which ensures that the local blocks
of data are identical to those in the desired image. It does not use blocks that do not match.
If you use a different operating system on the MED-V client from the one in the virtual image, such as in a
Windows XP virtual image on the Windows 7 MED-V client, Trim Transfer does not provide an important
benefit, because most files on the host are different from the files in the virtual image.
This process is transparent and efficient with regard to bandwidth, and the transfers run in the
background, which utilizes unused network and CPU resources. When downloading a new version of a
virtual image that exists already on the MED-V client, it downloads only the changed elements, known as
deltas. This reduces the required network bandwidth and delivery time significantly.
The Trim Transfer process requires an initial host index process to run on the MED-V client. However,
indexing is time consuming, so MED-V enables administrators to control which folders the Trim Transfer
protocol indexes by modifying the ClientSettings.xml file. Images are configured to use Trim Transfer by
default when downloading from an image repository. However, several scenarios result in Trim Transfer
not providing the benefits that you might expect, including that:
The host operating system and the virtual machine operating system always are different.
You need to reduce the length of the first-time setup.
MED-V Workspace needs to be persistent instead of revertible.
Question: Would you benefit from using Trim Transfer if you deploy a Windows XP Service Pack 3 (SP3)
virtual image to a Windows 7 host?
Lesson 2
Implementing MED-V Management Servers
You can install a MED-V Management Server on Windows Server 2008 or Windows Server 2008 R2. It
provides a virtual images repository, and you can use it as a management point for configuring MED-V
clients. A MED-V server should be a domain member, and should use IIS for virtual image delivery.
Requirements for the MED-V Management Server
Key Points
The MED-V implementation includes both the server and client components. The MED-V Management
Server is responsible for storing the MED-V Workspace configuration, which includes MED-V Policy and
virtual images. MED-V logs user activity to a computer that is running SQL Server, which you can deploy
on the MED-V Management Server or on a separate server. Before accessing the MED-V Workspace, AD
DS authenticates users.
The following table lists the operating systems that support the MED-V Management Server.
Operating system Edition Service pack System architecture
Windows Server 2008 Standard or Enterprise SP1 or SP2 x86 or x64
Windows Server 2008 R2 Standard or Enterprise None x64

MED-V 1.0 SP1adds support for Windows Server 2008 R2. For nonproduction use, you can install MED-V
Management Server can on a desktop operating system.
Requirements for the MED-V Server

You should ensure that the MED-V Management Server has a dual processor with at least 2.8
gigahertz (GHz) and 2 GB random access memory (RAM). This recommendation assumes that the
MED-V server runs on a dedicated machine and that SQL Server runs on a separate machine.
Ensure the MED-V Management Server is joined to AD DS. You can add the Web server (IIS) role to
the same server or to another domain server.
MED-V Management Server requires that you install one of the following NET Framework
versions:.NET Framework 2.0 or newer
If you want to gather user activity and generate MED-V reports, your deployment also must include a
computer that is running SQL Server. You can install SQL Server on the MED-V Management Server or on
a separate server. If you use a separate SQL Server, you should install Microsoft SQL Server Management
Objects on the MED-V Management Server.
You can install MED-V servers on physical servers or in a Hyper-V virtualized environment.
You should have a relatively lighter load on the MED-V Management Server, because after you deploy the
MED-V Workspace, client computers check the server every 15 minutes for configuration changes. The
disk capacity must be sufficient to store the MED-V Workspace configuration files and virtual images if
image repository is on the same server. The MED-V Management Server also should have a fast network
connection to the clients to deploy virtual images.
The MED-V Management Server uses the SQL Server database to store client status and events. You can
install the SQL Server database on the same machine as the MED-V server, or you can place it on a
separate server that is running SQL Server.
After installation, you can configure the MED-V Management Server by using
MED-V Server Configuration Manager. You can administer the MED-V Management Server by using
MED-V Management Console, which you can install as part of the MED-V client. However, you cannot
install it on a server operating system.
Configuring IIS for a MED-V Management Server
Key Points
The image repository stores virtual images and enables virtual-image version management, client-
authenticated image retrieval, and the efficient upload and download of new virtual images or updates.
Each MED-V client needs a virtual image, and a workspace policy, to provide a virtualized environment for
running a legacy application. You can deploy virtual images to a client in several ways.
The image repository is based on an IIS Web server, and organizations can take advantage of the standard
Web scalability and high availability infrastructure. To improve download performance, organizations can
create image-repository replicas at branch offices or remote geographic locations.
The IIS server can coexist on the same server as the MED-V Management Server and the server that is
running SQL Server. In smaller implementations, you can have them all on the same server. However,
when the number of MED-V clients increases, you should install the IIS server, SQL server, and the
Management Server on separate servers. You also can also run the IIS server on a virtual machine. The IIS
server infrastructure must have sufficient throughput to deliver images to clients, and the disk subsystem
must meet the input/output (I/O) demands.
To add and configure Web server (IIS) for MED-V, you must perform the following steps:
Add the Web server (IIS) role. During the installation, when you are adding role services, select the
following supported authentication methods: Basic Authentication, Windows Authentication, and
Client Certificate Mapping Authentication.
Install Background Intelligent Transfer Service (BITS). Install this feature and the required role services.
MED-V virtual image upload requires BITS support.
Add the IIS virtual directory. This virtual directory points to the directory that will store virtual images.
By default, the C:\MED-V Server Images folder stores virtual images.
Configure BITS. Enable BITS in IIS. Additionally, you should allow clients to upload files to the IIS
server by using BITS, and they should upload them to the directory where you want to store virtual
images.
Configure additional Multipurpose Internet Mail Extensions (MIME) types. Add the .ckm
(application/octet-stream) and .index (application/octet-stream) MIME types to the directory in which
you want to store virtual images.
Optionally, you can change a TCP port on which the IIS Web site accepts connections, and you can
configure Windows Firewall to allow connections through that port.
Question: Which feature must you install on the MED-V server? Can you upload virtual images to the
MED-V server without installing this feature?
Deploying and Configuring a MED-V Management Server
Key Points
Installing and configuring a MED-V server is a straightforward process. After running the MED-V server
installation package, you need to accept the Microsoft Software License Terms, select an installation
folder, and then wait for the installation to finish. After the installation, you should configure the MED-V
server by running MED-V Server Configuration Manager, which is the default option in the last step of the
setup. The installation also adds, to the Start menu, a shortcut to the configuration tool.
You can use MED-V Server Configuration Manager for configuring the following settings:
Connections: Configure MED-V client connections settings. Define which protocols and ports to use
for connecting to MED-V server. HTTPS is an optional configuration, which you can set to provide
encryption and secure transactions between the MED-V Management Server and MED-V clients. To
configure HTTPS, you also must add a digital certificate to the server store, and then associate it with
the port that the MED-V Management Server uses. If you are using nonstandard ports, you should
add a Windows Firewall exception.
Images: Configure the virtual machine directory, which is the directory in which you want to store the
virtual images. You can specify a local or Universal Naming Convention (UNC) path to the image
directory on the image repository server, which should be accessible from the MED-V Management
Server. You also should specify the URL location of the folder in which you want to store virtual
images.
Permissions: Configure a list of users and groups who can access the MED-V server, typically by using
the MED-V Management Console, so that they can administer MED-V. For each of them, you can
configure read-only or read/write permissions. Read-only access allows users to view the MED-V
configuration and policies, but not modify them. If they have the Changes Allowed permission, which
gives them read/write permissions, users can save changes to the MED-V configuration, effectively
administering MED-V.
Reports: Enable reports and configure database settings. You can define a connection string, test the
connection, and then create a MED-V database on the computer that is running SQL Server.
Additionally, you can configure the database maintenance options, such as deleting old records,
clearing all data from the database, and dropping the database. If you do not install SQL Server
locally, the Reports tab provides instructions on how to install Microsoft SQL Server Management
Objects and connect to the remote SQL Server.
MED-V server configuration is saved to ServerSettings.xml file in the %PROGRAMFILES%\Microsoft
Enterprise Desktop Virtualization folder.
You can perform additional MED-V server configuration by using the MED-V Management Console. You
have the option of installing this console on the MED-V client, and you cannot install it on a server
operating system. You should install the MED-V Management Console on the administrative workstation,
from where you manage the MED-V environment. By using MED-V Management Console, you can
configure policy, images, and reports.
Question: Which tool can you use for configuring a MED-V Management Server? What can you configure
by using this tool?
Lesson 3
Implementing a MED-V Client
Only managed desktops support a MED-V client, which is a required component of a MED-V solution. The
MED-V client provides an environment for running legacy applications and a seamless integration with
the host. The MED-V client is available for Windows XP, Windows Vista, and Windows 7, and it depends
on a Virtual PC 2007 SP1, which is a prerequisite. You can deploy the MED-V client in several ways,
including manually or through a software distribution system.
You can use the MED-V client to perform centralized administration, apply the MED-V Workspace,
provide communication between virtual machines and hosts, and publish applications to a host.
MED-V Client Requirements
Key Points
Before installing the MED-V client, you first must install the Microsoft Virtual PC 2007 SP1 on the desktop
along with hotfix 958162. The MED-V client does not work with Windows Virtual PC.
Requirements for a MED-V client

The following operating systems support a MED-V client.
Operating System
system Edition Service pack architecture
Windows XP Professional Edition SP2 or SP3 x86
Windows Vista Business, Enterprise, or Ultimate SP1 or SP2 x86
Windows 7 Professional, Enterprise, or Ultimate None x86 or x64

MED-V 1.0 SP1 includes support for Windows 7. MED-V client does not run in native x64 mode, but
does run on Windows 64-bit (WOW64) mode on 64-bit computers.
The required RAM on a client varies, but the following table lists the suggested minimum amount of
RAM that different operating systems require.
Operating system Minimum required RAM
Windows XP Professional 1 GB
Windows Vista, Windows 7 x86 2 GB
Windows 7 x64 3 GB
The MED-V client is not supported in a Hyper-V environment for production use.
The MED-V Workspace supports following operating systems in a virtual machine:
Operating system Edition Service pack System architecture
Windows 2000 Professional SP4 x86
Windows XP Professional Edition SP2 or SP3 x86

We recommend Windows XP SP3 to ensure that the MED-V Workspace is compatible with future
MED-V versions.
Question: You evaluate MED-V 1.0 in the test environment, and you find that you cannot install a MED-V
client to the Windows 7 host. What must you do to use MED-V with Windows 7 clients?
Deployment Options for the MED-V Client
Key Points
You can deploy the MED-V client by:
Installing it manually. MED-V client is available as a Windows Installer package, and you can install it
manually. While you can use this method for setting up a test or pilot environment, this is not a good
approach if you want to deploy MED-V clients in a production environment.
Including it in the standard desktop image. You can include the MED-V client in the standard desktop
image. When you use this approach, the MED-V client deploys to all new clients.
Deploying it via software distribution system. If a company has an existing software distribution
system, such as Microsoft System Center Configuration Manager 2007 R2, you can use that for
deploying the MED-V client. When you install the MED-V client through a distribution system, you
may choose to retrieve the virtual image from the image repository or deliver it to a predefined
location by using the software distribution system. In this scenario, the MED-V Client would not
download the image from the repository.
Creating and installing the MED-V deployment package. By using MED-V Management Console, you
can create a deployment package. This provides a method of installing the MED-V client, its required
prerequisites, and any settings that the administrator predefines. The packaging wizard walks you
through the package creation by creating a folder on your local computer and transferring all
required installation files to it. You then can move the folders contents to multiple removable media
drives for distribution.
The MED-V client is available as a Windows Installer package, and it includes the MED-V client and the
MED-V Management Console. You must install the MED-V client on client computers for running MED-V
Workspaces. The MED-V Management Console is an administrative tool that you can use for creating and
maintaining images, MED-V Workspaces, and policies.
Note: You can install the MED-V client and MED-V Management Console only on Windows 7,
Windows Vista, and Windows XP-based computers. You cannot install them on server products.
During the MED-V client installation, you must accept the Microsoft Software License Terms, select a
destination folder for client installation, and then define the MED-V client settings. MED-V client settings
include the MED-V Management Servers address, the port and protocol it is using, the folder for the
virtual machines images, and the option to install the MED-V management application.
Question: What is the benefit of installing a MED-V client by using the MED-V deployment package?
What Is the MED-V Management Console?
Key Points
The MED-V Management Console is the primary MED-V administration tool. You can install it only on a
client operating system, and it is available as part of the MED-V client installation. You can use it for
managing the MED-V image life cycle through managing policies, images, and reports.
The MED-V Management Console user interface (UI) has the following sections:
MED-V management buttons. They correspond to the following three modules that you can manage
through the console.
Policy. You can use the Policy module to define the MED-V Workspace, their related settings, and
permissions. This includes the virtual machine configuration, published applications, and their
integration settings.
Images. You can use the Images module to manage the MED-V Workspace images. This module
enables you to create test images, and then package and upload those images to the image
repository.
Reports. You can use the Reports module for generating and viewing MED-V reports. Three
report types are available: Status, Activity log, and Error log.
Toolbar. This displays shortcuts, relevant to the selected management module, and user permissions.
For example, you can save a policy, add a workspace, and refresh or create a new report here.
Display pane. This displays configuration options corresponding to the selected management module.
You can configure policy, images, or reports options in this section.
You must log on to the MED-V Management Console before you can use it. For security reasons, the first
user that logs on to the MED-V Management Console becomes the only user on that computer that can
access the Management Console. The domain user name and password is used for MED-V management
login.
Question: Is the MED-V Management Console available as a Microsoft Management Console (MMC)
snap-in?
Demonstration: Creating a MED-V Installation Package by Using the

Packaging Wizard
Key Points
In this demonstration, you will see how to create a MED-V installation package by using the Packaging
Wizard, which is available as part of the MED-V Management Console.
1. On NYC-CL1, start the MED-V Management Console, and then log on as contoso\medv-admin with
a password of Pa$$w0rd.
2. Run the Packaging Wizard, and then on the Deployment Package page, click Next.
3. On the Workspace Image page, click Next without selecting Include image in the package.
4. On the MED-V Installation Settings page, point the MED-V installation files to where the installation
files are stored, and then click Next.
5. On the Additional Installation page, clear the Virtual PC and .NET Framework check boxes, and
then click Next.
6. On the Finalize page, enter the package destination, and then click Finish.
7. Open Windows Explorer, and then verify that the package has been created.
Question: In which tool can you find the Packaging Wizard?

Lab: Implementing MED-V
Lab Setup
1. Ensure that the 10324A-NYC-DC1, 10324A-NYC-CL1, and 10324A-NYC-CL2 virtual machines are
running.
Exercise 1: Configuring the Existing Infrastructure

Scenario
Contoso, Ltd., has a software assurance agreement with Microsoft, so you want to implement MED-V.
After reviewing the product documentation and several case studies, you decide that you first will
implement the MED-V infrastructure. In this lab, you will review the existing server infrastructure, and then
prepare it for MED-V deployment.

1. Verify that a MED-V database does not exist on Microsoft SQL Server.
2. Add Windows Server 2008 R2 role and features.
Task 1: Verify that a MED-V database does not exist on Microsoft SQL Server
1. On the NYC-DC1 server, open Windows Explorer and browse to E:\Labfiles\Mod03\SQL_Update.
Install SQLSysClrTypes.msi and SharedManagementObjects.msi.
2. On the NYC-DC1 server, run the Import and Export Data (32-bit) tool.
3. Verify in the Server name field that you are connected to NYC-DC1
\SQLEXPRESS.
4. Expand the Database drop-down box, and then verify that MED-V related database, medv, is not
available. Click Cancel.
Task 2: Add the Windows Server 2008 R2 role and features

1. On the NYC-DC1 server, add the Web Server (IIS) role and the following role services: Basic
Authentication, Windows Authentication, and Client Certificate Mapping Authentication. Leave
all other default selections.
2. On the NYC-DC1 server, add the Background Intelligent Transfer Service (BITS) feature and the
required role services.
Results: After this exercise, you should be logged on to all three computers, and you should have
added the required server roles and features to support a MED-V deployment.
Exercise 2: Deploying the MED-V Server

Scenario
After you verify that the infrastructure is ready, you can begin the MED-V deployment. Before deploying
the MED-V clients, you first must install and configure the MED-V Management Server. Additionally, you
have decided to store the image repository on the Web server (IIS) and to use SQL Server on the same
server as the MED-V Management Server. In this exercise, you will deploy the MED-V Management Server
infrastructure, and then ensure that the MED-V database is added on Microsoft SQL Server.

1. Install the MED-V Management Server on NYC-DC1.
2. Configure an IIS Web server for the MED-V Image Repository.
3. Use the MED-V Server Configuration Manager.
4. Verify that the MED-V database exists on SQL Server.
Task 1: Install the MED-V Management Server on NYC-DC1

Run E:\Labfiles\Mod03\MED-V_Server_x64_1.0.105.msi, accept the default values, and then install
the MED-V Management Server.
Task 2: Configure an IIS Web server for the MED-V image repository
1. On the IIS server on NYC-DC1, add the vimages virtual directory, and then point it to the C:\MED-V
Server Images folder.
2. Configure BITS Upload for the vimages IIS virtual directory, and then set it to Allow clients to
upload files.
3. Add two MIME Types for the vimages IIS virtual directory: .ckm file extension with
application/octet-stream MIME type, and .index file extension with application/octet-stream
MIME type.
Task 3: Use the MED-V Server Configuration Manager

1. On the NYC-DC1 server, run MED-V Server Configuration Manager, and then review the
Connections tab.
2. Verify that VMs Directory is set to C:\MED-V Server Images\, and then set VMs URL to http://nyc-
dc1/vimages.
3. Remove permissions for the Everyone group, add group Contoso\MED-V Administrators, and then
grant them Changes Allowed. Add group Contoso\MED-V Users, but do not grant them changes.
4. Click Create Database, and then click Test Connection. Start the MED-V Server when prompted.
5. Review file C:\Program Files\Microsoft Enterprise Desktop
Virtualization\Servers\ServerSettings.xml in Notepad.
Task 4: Verify that the MED-V database exists on SQL Server

1. On the NYC-DC1 server, run the Import and Export Data (32-bit) tool.
2. Verify in the Server name field that you are connected to
NYC-DC1\SQLEXPRESS SQL Server.
3. Expand the Database box, and then confirm that the MED-V related database, medv, is available.
Click Cancel.
Results: After this exercise, you should have installed and configured the MED-V Server, and
confirmed the creation of the MED-V database.
Exercise 3: Deploying the MED-V Client

Scenario
After you deploy the MED-V Management Server, you also must install the MED-V client. You want to test
different options for client deployment, such as manual installation and using the MED-V deployment
package. In this exercise, you will test both scenarios, as well as verify that the MED-V client can connect
to the server.
1. Install the MED-V client on NYC-CL1.

2. Verify connectivity to the MED-V Management Server, and create a MED-V deployment package.
3. Install a MED-V client by using the deployment package.
Task 1: Install the MED-V client on NYC-CL1

1. On NYC-CL1, run E:\Labfiles\Mod03\MED-V_1.0.105.msi.
2. Select Install the MED-V management application, and then in the Server address field, enter
nyc-dc1.
Task 2: Verify connectivity to the MED-V Management Server, and create a MED-V
deployment package
1. On NYC-CL1, run MED-V Management, and then authenticate as Contoso\medv-admin with the
password Pa$$w0rd.
2. Run the Packaging Wizard.
3. For MED-V installation file, point to E:\Labfiles\Mod03
\MED-V_1.0.105.msi, and then verify that nyc-dc1 is entered as the Server address.
4. For virtualization software, point to D:\Labfiles\Mod03\VPC 2007 SP1 x86.msi, and for installation
of Virtual PC QFE, point to E:\Labfiles\Mod03\KB974918 x86.msp. Uncheck Include installation
of Microsoft .NET Framework 2.0.
5. Enter E:\Labfiles\MED-V Client as the Package destination.
6. After you create the deployment package, explore the content of the E:\Labfiles\MED-V client folder
in Windows Explorer.
Task 3: Install a MED-V client by using a deployment package

1. On NYC-CL2, run \\nyc-cl1\med-v client\MedvAutorun.exe.
2. Accept the default value of C:\MED-V Images, and then click OK.
3. Verify that the MED-V shortcut is added to the desktop.
Results: After this exercise, you should have installed and configured MED-V clients on NYC-CL1 and
NYC-CL2, and created a MED-V client deployment package.

Do not shut down the virtual machines. You will use these virtual machines for the next lab.
Review Questions
1. Can you use MED-V to administer Windows XP Mode on Windows 7 computers?
2. Can you administer MED-V implementation from a MED-V server?
3. Is the complete virtual image always transferred to the MED-V client?
Common Issues Related to MED-V

Identify the causes for the following common issues related to Microsoft Enterprise Desktop Virtualization,
and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module.
You install a MED-V client successfully, but you are

not able to run MED-V Workspace.
When you try to install a MED-V client on

Windows Server 2008, you get an error.
You implemented MED-V in a test environment,

and cannot upload the virtual images to image
repository.
You would like to configure a

MED-V Management Server, but there is no
configuration option available on the Reports tab.
Configuring and Deploying MED-V Images 4-1
Module 4
Configuring and Deploying MED-V Images
Contents:
Lesson 1: Configuring MED-V Images 4-3
Lesson 2: Deploying MED-V Images 4-16
Lab: Configuring and Deploying MED-V Images 4-25
Module Overview
Microsoft Enterprise Desktop Virtualization (MED-V) uses virtualization to provide an isolated

environment, in which you can run legacy applications and publish applications to the host. A virtual
image contains the virtual machine and MED-V enables central management of the images. There are
certain prerequisites that you must meet when you create a MED-V image. This module describes the
purpose and functionality of MED-V images, and the procedures for configuring and testing of the
images. The module also explains how to pack and upload MED-V images to the image repository on a
MED-V server.
Lesson 1
Configuring MED-V Images
MED-V provides a virtualized environment that users can use to run legacy applications. MED-V virtual
machine images offer several benefits. Before creating MED-V images, you must be aware of their
requirements, such as supported operating systems. You can use the VM Prerequisite tool to further
prepare and optimize the operating system in the image for virtual environment. After you create an
image, you should test it. To test a MED-V image, you need to create a basic policy for testing.
Benefits of Using a MED-V Virtual Machine Image
Key Points
MED-V enables you to extend the user environment with published MED-V applications, while hiding the
complexity of the virtual machine environment from the end-user. You can use a virtual machine to
provide a separate environment to run legacy applications, even when the applications are not
compatible with the host operating system. End-users do not have to deal with the deployment or
management of the virtual machine or the integration of the virtual machine with the host operating
system. MED-V enables you to keep the updating and monitoring of MED-V images transparent from the
user.
There are many benefits of using MED-V virtual machine images:

A virtual machine is contained in the virtual image. A virtual image contains an operating system, as
well as legacy applications and other data. A virtual image is portable and by deploying the single
image, you can ensure that the same environment is available at multiple MED-V clients.
A virtual machine is isolated and independent from the host. Changes on the host do not affect the
virtual environment and changes in the virtual image do not affect the host. Applications from the
virtual machine are seamlessly integrated with the host and the end-user experience is similar to what
a user gets with locally installed applications.
A virtual machine is configured by a policy. You can manage a policy centrally, and store it on a MED-
V server. A policy can affect multiple clients. A policy configures a virtual machine and other settings,
including to which users or groups it applies. Policies enable central administration and you do not
have to configure each client individually.
Virtual machines can be configured differently. You can configure the same virtual machine image
differently for different users. You can publish different legacy applications and apply different
configuration settings to the same virtual image by using different MED-V policies.
A virtual machine can be a workgroup or domain member. Based on the requirements, you can
isolate a virtual machine from the network, connect it to the network, or configure it to be a domain
member.
A virtual image can be revertible or persistent. Changes in a virtual image can be persistent, like on a
desktop computer, or can be temporary and each time the virtual environment starts from the same
state. The concept of revertible and persistent virtual images is similar to Undo disks in Windows
Virtual PC. You would typically use a persistent virtual image when you want to preserve changes in
the virtual image, such as when a MED-V virtual machine is a domain member. You would use
revertible virtual image when you do not want to preserve changes in virtual image and you want to
start from the same state always.
MED-V Image Requirements
Key Points
A virtual image is represented by a Virtual Hard Disk (VHD) file and it is used by Virtual PC 2007 SP1,
which runs on the MED-V client. A virtual image contains an installed Windows operating system and
legacy applications that are available inside the virtual environment.
To create a virtual image, you must first install the supported operating system on a Virtual PC virtual
machine. MED-V supports the 32-bit editions of the Microsoft Windows 2000 Professional SP4
operating system and Windows XP Professional SP2 or SP3 operating systems in a virtual image. Newer
operating systems, such as the Windows Vista operating system and the Windows 7 operating system,
are supported as MED-V clients, but are not supported as an operating system inside the virtual image.
Because you use the same image for multiple MED-V clients, you must follow the Windows licensing
agreement and install a volume licensing copy of the operating system in the image. You must also install
the latest version of the Virtual Machine Additions in the image.
Note: You should be aware of the support timelines for the operating system and products that are
included in the virtual image. If antivirus is installed in the virtual image, you should ensure it is
updated.
To use a virtual image with MED-V, the image must include Microsoft .NET Framework 2.0 SP1 or newer,
which also requires the installation of Windows Installer 4.5. The virtual image should include all Windows
updates.
To prepare an operating system in the image for the virtualized environment, you must perform
additional configuration. These configuration tasks include:
Disable all unnecessary services inside the virtual machine or set them to manual.
Set power scheme to always on.
Disable hibernation.
Disable the automatic restart after a system failure.
Disable Undo Virtual PC disks, floppy disk and Shared Folders, because they are not supported by
MED-V.
After you install and configure the operating system, you need to install additional applications, which will
be published from the MED-V environment. You must follow the licensing requirements of the
applications and you should include their latest updates.
Before using a virtual image with MED-V, you should install and run the MED-V VM Prerequisite Wizard in
the virtual machine. This wizard helps to improve the virtual machine performance and streamline its
integration.
Note: If virtual image will be deployed to MED-V clients as persistent workspace, it should be
generalized. The only supported tool for that is Sysprep, a system preparation utility for the Windows
operating system.
Question: Can you have a MED-V image that has a 64-bit operating system installed?
Installing and Running the Virtual Machine Prerequisites Tool
Key Points
One of the steps in preparing a MED-V virtual image is to install and run the
MED-V VM Prerequisite Wizard. You can use this wizard to automate several of the prerequisite tasks and
configure the virtual machine for running optimally in the MED-V environment. For example, you can use
it to clear unnecessary temporary data, disable sounds, configure Internet Explorer settings, and enable
Windows Auto Logon.
The VM Prerequisites Wizard is part of the MED-V deployment and you can install it in the virtual machine
by running the MED-V_Workspace_1.0.105.msi Windows Installer package.
Note: The user running the virtual machine prerequisites tool must have local administrator rights and
must be the only user logged on.
The VM Prerequisites Tool has several configuration pages, which include:

Windows Settings: This page has options to clear personal history, local temporary directory, and
disable sounds.
Internet Explorer Settings: This page has options to disable auto complete, disable reuse of
windows, clear browsing history, and enable tabbed browsing in Internet Explorer 7.
Windows Services: This page has options to select the services that will be set to manual startup
mode.
Windows Auto Logon: This page has options to enable Windows Auto Logon and define username
and password, which will be used for auto logon.
The VM Prerequisites Tool automatically configures some of the settings that are required in the virtual
image for MED-V to properly function. These settings include disabling the screen saver or displaying
windows content while dragging. You cannot modify these settings in the VM Prerequisites Tool.
Note: Make sure that Group Policy objects do not overwrite the mandatory settings set in the
Prerequisites Tool.
Question: Is it mandatory to run the VM Prerequisite Tool before you deploy a MED-V image?
Preparing a MED-V Image for Domain Environment
Key Points
A MED-V virtual machine can be either in the workgroup or can be a domain member. As a domain
member, it has the same access as any other domain computer. Published MED-V applications can access
domain resources such as database servers or Windows SharePoint sites. To join a MED-V virtual
machine to the domain, you must use a persistent workspace.
If you want to join MED-V virtual machines to a domain, you need to perform additional tasks for
preparing the virtual images. These preparation steps are similar to the steps you need to perform when
you prepare the desktop computers deployment. All deployment tools and documentation are available
on the Windows XP CD ROM, (or Windows 2000) in the Deploy.cab cabinet file, which can be found in the
Support\Tools folder. You can use Sysprep to generalize the image and reset machine security ID (SID).
After you run Sysprep, the virtual machine shuts down, and you can then upload the virtual image to
image repository. After the MED-V client downloads the image from the repository, the initial mini setup
of the virtual image is performed without user interaction; and all the answers must be provided in an
unattended answer file, sysprep.inf. You can create this answer file by using the Setup Manager tool,
which is also included in Deploy.cab cabinet. After the initial mini setup, the folder containing sysprep.exe
and the answer file are automatically deleted.
You can control the initial virtual machine setup by using a MED-V Policy. In the policy, you can add setup
actions such as Check Connectivity, Join Domain, Rename Computer, or Restart Windows. You can also
define a virtual machine computer name pattern and use variables such as username, host name, domain
name, and random characters. You can configure some of the settings such as computer name or if a
virtual machine is joined to a domain in unattended answer file (sysprep.inf), as well as in MED-V Policy. If
you plan to use the virtual machine in a MED-V environment, you should use a MED-V policy to configure
these settings.
Important: Be aware that the initial MED-V VM setup process when you join the computer to the
domain can be a lengthy process. The MED-V Diagnostic mode can provide additional information
about its progress.
Question: What is the main difference between preparing a MED-V image for the domain environment
and having the MED-V image in the workgroup?
Creating a Basic MED-V Policy for Testing
Key Points
After you create and prepare a virtual image for the MED-V environment, you should test the image to
verify how it behaves in the end-user environment. Testing is not mandatory, but we strongly recommend
testing because it is easier to remove possible issues before you deploy the image to the users.
To configure testing of the MED-V image, you need to use the MED-V Management console. In this tool,
you can import a prepared MED-V image into the test environment by creating a local test image. Next,
you need to apply policy settings to the test image and verify that the image behaves as expected.
There are many different policy settings that you can configure, but when testing the MED-V image, you
would typically configure the following settings:
Assigned Image. Use this option to specify the image that will be used for testing. The image must
be first created as a local test image and you can identify this image because it has (test) at the end
of its name.
Seamless Integration. Use this option to specify how published applications are integrated with the
host and if there is a frame around each window of the published application.
Deployment. Use this option to specify who can test the image.
Data Transfer. Use this option to specify whether the Clipboard can be shared and if file transfer
should be supported between the host and the virtual environment.
Device Control. Use this option to enable printing to the printers connected to the host and to
specify if the virtual environment can access the host CD/DVD drive.
Published Applications and Published Menus. Use this option to specify which applications and
menus from the virtual machine will be published to the host.
Web Browsing. Use this option to specify which URLs use the browser from the host and which
applications use the browser from the virtual environment.
After you configure the policy, you must save it to the MED-V server.
Note: The following characters cannot be included in the image name: space " < > | \ / : * ?
Question: What do you configure in a MED-V policy for testing and what is the main difference between
testing policy and the policy that is used in production?
Demonstration: Testing the MED-V Image
Key Points
You perform the actual testing of the MED-V image on the MED-V client. When you log on to the MED-V
client, you can choose to use the local (test) or the deployed image. If you opt to use the local image, the
MED-V workspace starts faster and you can perform the testing. Based on the policy settings, you should
verify if the image behaves as expected. For example, you can test if all published programs are available
on the Start menu and you can successfully run them.
When the testing is finished, you can stop the MED-V workspace by right-clicking the MED-V client icon
on the notification bar.
1. Open MED-V Management on the NYC-CL1 and go to the Images module.
2. Add a new Local Test Image by selecting XP.vmc in E:\LabFiles\VPC folder. Enter XP in the Image
name field, and then click OK.
3. In the Policy module, create a new workspace, and assign the XP (test) image to the workspace.
Enable the workspace for Everyone, publish Notepad application, and then save the Policy.
4. Run the MED-V client on NYC-CL1, log on as contoso\medv-user, and then select the created
workspace.
5. Verify that the published programs from the MED-V virtual image are listed. Start XP Notepad. Verify
that there is a red line around the Untitled Notepad window.
6. Open Help in Notepad, verify that Notepad is running in Windows XP and that the virtual machine
has 256 megabytes (Mb) physical memory available.
7. Copy some text and paste it to the Notepad window that is running on
NYC-CL1
Note: When testing an image, no changes are saved to the image between sessions; instead, they are
saved in a separate, temporary file. This is to ensure that when the image is packed and run on the
production environment, it is the original,
clean image.
Question: What happens to the changes that are performed in the virtual environment when you test the
MED-V image?
Lesson 2
Deploying MED-V Images
After you create and test the MED-V image, you should deploy it to the clients. Before clients can
download the virtual image from the image repository, you must first pack the image and then upload it
to the repository. Packing compresses the image and you can use the Hypertext Transfer Protocol (HTTP)
or HTTP Secure (HTTPS) protocol with Background Intelligent Transfer Service (BITS) to use the remaining
bandwidth for the upload. This lesson describes the procedures for updating and deploying the virtual
image to the clients.
Packing the MED-V Image
Key Points
If you want to upload the image to the image repository and deploy it to MED-V clients, you must pack
the image. You must pack the image on the administrative workstation and then upload the packed
image to the image repository on the MED-V server. Only after the image is uploaded to the server, can
you assign it by using a MED-V Policy.
Packing the image is the process of compressing the MED-V image to reduce its size. Image packing can
take a considerable amount of time, however, a compressed image takes less space and transfers faster.
The content of the packed image is the same as it was before packing. The MED-V image packing process
can often reduce the image size down to 50% of its initial size. For example, you can compress an 8
gigabytes (GB) image to 4 GB by simply packing the image.
Although you should first test a MED-V image before packing, you can still pack an image without prior
testing. If image testing was performed, changes made during testing are not included in the packed
image. You can use the MED-V Management console for image packing and by default packed images
are stored in the local MED-V Images\PackedImages folder. A packed image consists of two files: .index,
which has the list of files in the image, and .ckm (Kidaro Compressed Machine), which stores the actual
compressed image.
When you pack an image, you can either create a new packed image or create a new version of the
existing packed image. If you create a new packed image,
MED-V clients can download the whole image. If you create a new version of the existing image and the
MED-V clients have a previous version of the image, the clients download just the changes in the image.
This makes the download much smaller and faster when you modify the existing image such as when you
install an application update.
You can further reduce the image size by implementing pre-packing and pre-compaction steps in the
image build procedure. Typical steps to reduce the image size during a build procedure include:
Removing unnecessary files and folders, including unneeded drivers.
Uninstalling unnecessary applications.

Defragmenting the volume.
Running the precompaction utility on the VHD.
Removing offline file.
Editing or compacting the virtual disk.
Question: Why is it important to pack the image before uploading it to the MED-V server?
Uploading MED-V Images
Key Points
Local test images and local packed images are available only locally on the MED-V administrative
workstation, where the MED-V Management console is installed. But before you can deploy virtual images
to MED-V clients, you must first upload them to the image repository on the MED-V server. Depending on
the configuration, you can use either the HTTP or the HTTPS protocol for image uploading. You also need
BITS on the image repository Web server. If BITS is not configured on the server, you cannot upload the
MED-V image.
Note: Before uploading an image, verify that a Web proxy is not defined in your browser settings and
that Windows Update is not currently running.
After you pack a MED-V image, you can upload it to image repository by using the MED-V Management
console. If multiple versions of the same packed image are available, only the latest version is uploaded.
Upload can take a considerable amount of time because an image can be several GBs in size and BITS
uses only the unused bandwidth to transfer the image. After you upload the image, you can assign it to
the MED-V workspace and distribute it to the MED-V clients. Local test images can be deleted after the
upload.
During an image upload, the .index and .ckm files are transferred to the MED-V server and by default,
they are stored in the MED-V Server Images folder.
Question: How can you specify the users who can upload images to MED-V server?
Updating MED-V Images
Key Points
As part of the management tasks, you should update MED-V virtual images from time to time just like
you update normal computers. There are various reasons for updating the image, which include installing
the update to the operating system or applications in the image (update management), installing new
applications in the image, or changing the configuration and modifying the content inside a virtual
image.
There are two different ways of updating a MED-V image. If a virtual machine in the image is joined to the
domain, you can use the same updating mechanism that is in place for updating other domain
computers. In such a case, you can manage the MED-V virtual machines in the same way as any other
computer on the network.
You can use the second option when a virtual machine is not joined to the domain. In this case, you can
open the image inside Virtual PC, update the image, for example by installing the Windows update, and
then rerun the VM Prerequisite tool. After the update is complete, shut down the virtual machine, pack
the updated image as a new MED-V image version, and then upload it to the image repository. For some
updates, such as installing new applications in the virtual image, you need to also modify or create new
MED-V policy to benefit from the update.
When MED-V clients download a new version of an existing image, the clients download only the parts
that have changed, and not the entire virtual machine image. This significantly reduces the download size
and delivery time.
Note: When a new version is deployed on the client, it overwrites the existing image. When updating
an image, ensure that no data on the client needs to be saved.
Note: If you name the image a different name than the existing version, a new image will be created
rather than a new version of the existing image.
Question: Why would you want to update the image?

Options for Deploying MED-V Images
Key Points
A MED-V image must be available locally before it can be used. After creating and testing a virtual image,
you can deliver it to MED-V clients by using different delivery options.
Using Web Download Over a Network

This is the preferred option for deploying a MED-V image. When a virtual image is stored on the image
repository, you can deliver it over the network by using the standard HTTP or HTTPS protocols. MED-V
uses BITS for bandwidth throttling and Trim Transfer technology to accelerate the download speed and to
reduce required bandwidth. Over the network delivery from an IIS Web server is the only supported way
of delivering image updates and it is the only delivery mechanism that can benefit from Trim Transfer.
Using a Deployment Package

The MED-V Management console provides Packaging Wizard. Packaging Wizard provides functionality
that is different from packing the image. Packing the image compresses the image and reduces its size,
while Packaging Wizard creates a
MED-V deployment package for deploying the MED-V client. The deployment package can include MED-
V prerequisites, MED-V client, and also a virtual image. If you include a virtual image in the MED-V
deployment package, the virtual image is copied to the client workstation local drive as part of the
installation. This delivery method is only suitable for initial virtual image delivery and does not support
image updates. You can deploy future image updates over the network.
Using a Corporate Deployment System

If a company has an existing corporate deployment system such as System Center Configuration Manager
2007 R2, you can choose to deliver the packed virtual images by using the existing software distribution
solution, rather than downloading it from the MED-V server. The MED-V client looks for the package in a
predefined path, and then imports the image from there.
Note: Image pre-staging is useful only for the initial image download. It is not supported for image
update.
To configure image pre-staging, you must perform the following tasks:

1. On the client computer, under the image store directory, create a folder for the pre-staging image.
2. The registry key, PrestagedImagesPath, located in the HKLM\SOFTWARE\Kidaro directory, points to
the default image location. If the image is in a different location, change the path.
When the MED-V client starts, it looks in the specified directory for an image (ckm file and index file). If it
finds an image, it imports it. If the image is not located in this path, it downloads it from the server.
Question: What is the main benefit of using the Web download method for deploying virtual images?
Demonstration: Packing and Uploading an Image
Key Points
In this demonstration, you will see how to pack and upload the image to a MED-V server. You use the
MED-V Management console for both operations and you should first test and then pack the image.
Packing compresses the image and decreases the time, needed for transferring the image. Image is
packed on the administrative workstation and stored in the MED-V Images\PackedImages folder.
1. Open MED-V Management on NYC-CL1 and go to Images module.
2. Add a new Packed Image by selecting XP.vmc in E:\LabFiles\VPC folder. Enter XP in the Image name
and click OK.
3. While image is packing, click Browse Local Images and show content of PackedImages folder.
4. On NYC-DC1, view the content of C:\MED-V Server Images folder and confirm that no .ckm or
.index files are available.
5. After Image Packing is complete on the NYC-CL1 computer, verify the image size in Local Packed
Images section, verify that compressed file size.
6. Select the XP packed image and click Upload.
7. Switch to NYC-DC1 and verify that .ckm and .index files are available in C:\MED-V Server Images
folder.
Question: What tool can you use for packing and uploading the image to MED-V server?
Lab: Configuring and Deploying MED-V Images
Lab Setup
Exercise 1: Creating MED-V Images

Scenario
As part of implementing a MED-V virtualization solution, you need to first create a virtual image. To do
this, you need to install and run the VM Prerequisites Wizard. Then, verify the changes performed by the
VM Prerequisites Wizard.
The main tasks for this exercise are as follows:
1. Start the virtual machine on NYC-CL1 and review its initial configuration.
2. Install and run VM Prerequisites Wizard.
3. Verify the changes performed by VM Prerequisites Wizard.
Task 1: Start the virtual machine on NYC-CL1 and review its initial configuration
1. On NYC-CL1, start Microsoft Virtual PC and then start the XP virtual machine. Log on as User1 with
the password of Pa$$w0rd.
2. Create a new text file with your name in the C:\Documents and Settings\User1\Local
Settings\Temp folder.
3. From the Services console, verify service startup type for Security Center, Task Scheduler and
System Restore Service.
4. From the Sounds and Audio devices applet in the Control Panel, verify that Windows Logon and
Windows Logoff have sounds assigned. You have now reviewed some of the initial configuration
settings of the Windows XP virtual machine.
Task 2: Install and run the VM Prerequisites Wizard

1. From NYC-CL1, copy the E:\LabFiles\Mod04
\MED-V_Workspace_1.0.105.msi file to the XP virtual machine and run it in the virtual machine.
During the installation, when prompted for Files Needed, browse to C:\WinXP and then click Open.
Click OK. Also when prompted to Insert Disk, click OK and then browse to C:\WinXP.
2. On the NYC-CL1 computer, in the XP virtual machine, launch the VM Prerequisites Tool.
3. On the Windows Auto Logon page, select Enable Windows Auto Logon, enter User1 as User
name, Pa$$w0rd as Password, and then click Apply.
4. In the MED-V dialog box, click Yes. On the second MED-V dialog box, click OK. For this lab, a
Volume License Key is not required. By running VM Prerequisites Wizard, you prepared the image for
the MED-V environment.
Task 3: Verify the changes performed by VM Prerequisites Wizard

1. In the XP virtual machine, verify the content of the C:\Documents and Settings\User1\Local
Settings\Temp folder.
2. Verify that Windows Logon and Windows Logoff have no sounds assigned.
3. Verify that Security Center, Task Scheduler, and System Restore Service services startup type is set
to Manual.
4. Open the registry editor and navigate to HKLM\SOFTWARE\Microsoft
\Windows NT\CurrentVersion\Winlogon and verify values of the DefaultUserName and
DefaultPassword keys. By performing these steps, you verified some of the changes that were
performed by the VM Prerequisites Wizard.
5. Shut down the XP virtual machine, and then close the Virtual PC Console. All of your changes are
saved into the XP virtual machine.
Results: After this exercise, you installed and ran the VM Prerequisites Tool in the XP virtual machine.
You also verified some of the modifications, performed by the tool.
Exercise 2: Testing MED-V Images

Scenario
After the MED-V image is created, you need to test it. You can use the MED-V Management console and
the MED-V client for configuring and testing the image. To test the image, import a basic testing MED-V
policy and verify the MED-V image works as expected.
1. Add a local test image.

2. Import and assign a basic MED-V testing policy.
3. Test local MED-V image.
Task 1: Add a local test image

1. On NYC-CL1, log on to MED-V Management as contoso\medv-admin, with Pa$$w0rd password.
2. Create a Test Image called XP from E:\Labfiles\VPC\XP.vmc.
Task 2: Import and assign a basic MED-V testing policy

1. On the NYC-CL1 computer, import the MED-V policy from the file
E:\LabFiles\Mod04\TestPolicy.xml.
2. On the Virtual Machine tab, select XP (test) as the Assigned Image and save the policy.
Task 3: Test the local MED-V image

1. On the NYC-CL1 computer, log on to MED-V as contoso\medv-user with Pa$$w0rd as password
and select to use the test image. In the Windows Security Alert window, click Allow Access for all of
the networks to allow Virtual PC 2007 SP1 to communicate.
2. On the NYC-CL1 computer, verify that published programs are listed. Run XP Notepad.
3. Run XP Remote Desktop and copy text from XP Remote Desktop Help to Notepad that is running
locally on NYC-CL1 computer.
4. On the NYC-CL1 computer, start XP Command Prompt and compare content of C:\ with local C:\
drive.
5. On the NYC-CL1 computer, in the notification area, right-click the MED-V icon and then select Stop
Workspace.
Results: After this exercise, you have created a local test image, imported and assigned a basic MED-V
testing policy, and tested the local MED-V image.
Exercise 3: Updating, Packing, and Uploading the Image

Scenario
During testing you discover that a security update was not applied to the virtual machine and one of the
applications is not available. You need to update the image by installing the missing application and a
security update. After you test the virtual machine and update the virtual machine with the security
update and missing application, you need to pack the image and upload it to a MED-V server.

1. Update the image.
2. Pack the MED-V image.
3. Upload the image to image repository.
4. Start the MED-V image download.
Task 1: Update the image

1. On the NYC-CL1 computer, open the Virtual PC Console and start the XP virtual machine.
2. On the NYC-CL1 computer, from the E:\LabFiles\Mod04 folder, copy files XmlNotepad.msi and
WindowsXP-KB956802-x86-ENU.exe to C:\ on the XP virtual machine.
3. On the NYC-CL1 computer, in XP virtual machine, double-click XmlNotepad.msi, install it with
default options, and then verify that the shortcut has been added to the Start menu.
4. On the NYC-CL1 computer, in XP virtual machine, run WindowsXP-KB956802-x86-ENU.exe. Select
Do not restart now at the end of the installation.
5. Open Add or Remove Programs and verify that Security Update for Windows XP (KB956802) is listed
under Windows XP Software Updates. Shut Down the XP virtual machine and close Virtual PC
Console.
Task 2: Pack the MED-V image

1. On NYC-CL1 computer, create a packed image named XP-Updated from E:\Labfiles\VPC\XP.vmc.
2. Review content of the folder C:\MED-V Images\PackedImages.
3. Switch to NYC-DC1, open Windows Explorer and verify that .ckm and .index files for the XP-updated
virtual machine are not available in the
C:\MED-V Server Images folder.
Task 3: Upload the image to image repository

On the NYC-CL1 computer, in MED-V Management console, select XP-Updated and click Upload.
Results: After this exercise, you have updated the XP image with a Windows update and custom
application. You have also packed the local image and uploaded it to the MED-V server.
Exercise 4 (Optional): Preparing the MED-V Image for Domain

Environment
Scenario
Some of the legacy applications in the virtual image require access to domain resources. You decide to
join the MED-V virtual machine to the domain and in this exercise you will prepare the image for domain
environment by creating an answer file and running Sysprep to generalize the image.
Note: Because it takes a long time to pack, upload, and deploy the image, you will not perform these
steps in this lab exercise, but will only perform the tasks related to generalizing the image.
1. Create the Sysprep answer file.

2. Run Sysprep.exe to generalize the image.
Task 1: Create the Sysprep answer file

1. On NYC-CL1, open Microsoft Virtual PC and then start the XP virtual machine.
2. Copy the E:\LabFiles\Mod04\Sysprep folder from NYC-CL1 to C:\ on the XP virtual machine.
3. In the XP virtual machine, in the Sysprep folder, run Setup Manager. Create a new Sysprep answer
file for Windows XP Professional.
4. Save the answer file as C:\Sysprep\sysprep.inf and review it.
Task 2: Run Sysprep.exe to generalize the image

1. In the XP virtual computer, in C:\Sysprep folder, double-click sysprep.exe.
2. Select the Dont reset grace period for the activation and Use Mini-Setup options, and then click
Reseal. Wait until the XP virtual machine shuts down. Close the Virtual PC Console.
Results: After this exercise, you have created Sysprep answer file and run Sysprep.exe to prepare
virtual machine for domain environment.

Review Questions
1. Why would you use the VM Prerequisite Tool? Is this tool mandatory?
2. Do you need to upload a MED-V image to the image repository if you want to test it?
3. What are the typical steps in virtual image life cycle?
4. Which protocol is used for MED-V virtual image download?
5. How can MED-V virtual image be deployed? What is the benefit of using the Web download option?
Common Issues Related to Microsoft Enterprise Desktop Virtualization

Identify the causes for the following common issues related to Microsoft Enterprise Desktop Virtualization
You created Windows XP virtual

image, but when you deploy it to
MED-V clients, it requires activation
at each client.
You are not able to install VM

Prerequisite Tool (MED-V
Workspace) on Windows Server
2008 R2 virtual machine.
You are preparing Windows XP

virtual image for domain
environment, but you are not able
to find Sysprep.exe to generalize
the image.
You generalized the Windows XP

image, but when you deploy it to

MED-V clients, initial setup does
not perform and virtual machine is
not joined to the domain.
You created the MED-V image, but

you are not able to test it.
You want to deploy MED-V image

to the new workstation, but you
have slow network connectivity to
the client.
Managing a MED-V Deployment 5-1
Module 5
Managing a MED-V Deployment
Contents:
Lesson 1: Implementing the MED-V Workspace Policy 5-3
Lesson 2: Working with a MED-V Workspace 5-17
Lesson 3: Reporting and Troubleshooting MED-V 5-26
Lab: Managing a MED-V Deployment 5-34
Module Overview
Managing the Microsoft Enterprise Desktop Virtualization (MED-V) environment typically is one of the
most time-consuming activities for MED-V administrators. After you deploy the MED-V infrastructure, you
must define MED-V Workspaces by configuring MED-V policies, and then enable the workspaces for users
and set options to configure the workspaces that will be available to users.
MED-V users work in two separate environments: the host operating system and the MED-V Workspace. If
you integrate published applications seamlessly with the host, users typically cannot tell that they are
different from applications that are installed locally on their computers.
Besides a configurable virtual environment and a seamless integration with the host, MED-V also provides
reporting and diagnostics capability. The reporting feature requires Microsoft SQL Server, and it logs
MED-V events, and provides three basic report types. The MED-V client provides a diagnostics mode,
policy updates, and diagnostic log gathering that you can use to troubleshoot MED-V issues.
Lesson 1
Implementing the MED-V Workspace Policy
A MED-V Workspace policy is an essential part of a MED-V implementation. It defines how to configure
the virtual environment of MED-V clients, which virtual image to use, and which applications to publish to
the host, among other things. You create and manage a MED-V Workspace policy in the MED-V
Management Console, and users must have the Changes Allowed permission on the MED-V server to save
a policy that they create or modify.
A MED-V policy has many settings, which are saved in an XML file on the server. MED-V applies the policy
to the MED-V client when it starts, and then reapplies it every 15 minutes. You also can update it
manually.
What Is a MED-V Workspace?
Key Points
A MED-V Workspace is the desktop environment that MED-V provides for you to interact with the virtual
machine. As a MED-V administrator, you create and customize the MED-V Workspace, which consists of
an image and a policy that defines its rules and functionality. You can create multiple MED-V Workspaces,
and you can customize each with its own configuration, settings, and rules. You then can apply the
workspace to the same image or to multiple images. You can associate a MED-V Workspace with a user or
group, or multiple users or groups, making the MED-V Workspace available only to the associated users
or group members. You can configure a MED-V Workspace centrally, and then apply it to clients that you
assign to this workspace. You can define a MED-V Workspace in the MED-V Management Console by
using the policy module, and then store it on the MED-V server. The MED-V policy applies to users when
they log on and during periodic refreshes, which is every 15 minutes by default. You also can update the
policy manually, by using the Diagnostics option in the MED-V client.
The MED-V Workspace is separated from the users local desktop, and is a virtual image that runs inside
Virtual PC and which you can configure by using MED-V. For example, if you launch a locally installed
copy of Microsoft Office Word, create a document, and then save the document, MED-V saves it, by
default, in your Documents folder on the local host. But if you launch a copy of Office Word from within
the MED-V Workspace, create a second document, and save the document, then by default, MED-V saves
this document in the My Documents folder in your workspace, meaning in the virtual machine that is
running on the local host. This means that you will have two Documents folders on the same MED-V
client computer: one on the local host, and then one in your MED-V Workspace in the virtual machine.
There are different options to work around this, such as using the MED-V file transfer tool or configuring
folder redirection.
Note: Each MED-V Workspace image can be used only by one Windows user.
Note: You can control the MED-V Workspace from a command prompt by using
KidaroCommands.exe, which is located in Management subfolder of the MED-V installation folder.
Question: Can you create a MED-V Workspace without assigning it a virtual image?
What Is a MED-V Workspace Policy?
Key Points
A MED-V Workspace policy is a group of configurable settings that define how the virtualized
environment and applications that you install in that environment perform on the host. By using a MED-V
Workspace policy, you can specify how a MED-V virtualized environment is configured on the client and
how it interacts with the host. You can define several workspace settings, which include:
The image that is assigned to the workspace.
Settings for integration and data transfer between the workspace and the host.
The user for whom the MED-V Workspace policy is enabled.
Settings for device control.
The published applications and the virtual machine configuration.
You can create and manage MED-V Workspace policies by using the MED-V Management Console, which
stores them in a single file, ClientPolicy.xml, on the MED-V server. You also can import or export a
workspace policy as an XML file on the MED-V client, by using the Import or Export options in the Policy
menu in the MED-V Management Console.
Note: When you configure a policy, a warning symbol appears next to the mandatory fields for which
you did not enter values. If a mandatory field is empty, the warning symbol also appears on the
settings tab.
It is important to decide the MED-V Workspace type that you want to use before you deploy the MED-V
Workspace policy. We do not recommend that you change the MED-V Workspace type after you deploy a
policy to users.
There are two types of MED-V Workspaces available:

Persistent. In a persistent MED-V Workspace, all changes and additions that you make to the MED-V
Workspace are saved in the MED-V Workspace between sessions. You typically use a persistent MED-
V Workspace in a domain environment.
Revertible. In a revertible MED-V Workspace, at the completion of each session, when the MED-V
Workspace stops, the MED-V Workspace reverts to its original state during deployment. Changes or
additions that you made are not saved on the MED-V Workspace between sessions. You cannot use a
revertible MED-V Workspace in a domain environment.
Question: What is the difference between a MED-V Workspace and a MED-V Workspace policy?
General, Virtual Machine, and Deployment Settings
Key Points
You can use the General tab in the MED-V policy to configure the workspace name, description, support
contact information, and basic user-experience settings when working with a MED-V Workspace. You can
define whether the MED-V Workspace appears in seamless integration or full desktop mode. Seamless
integration publishes legacy applications on the host Start menu, and they appear as if they were installed
locally on the host. You also can configure the frame color for the legacy applications, which distinguishes
them from the local applications on the host. The full desktop presents the desktop of the MED-V
Workspace operating system in a separate window. You also can define the command that must be run
successfully on the host before the workspace will start.
You must assign a Microsoft Virtual PC image to every MED-V Workspace, and you can configure this
from the Virtual Machine tab in the MED-V policy. An assigned image can be one of three types:
Local test images. These are unpacked images on the local computer. The word test follows these
image names in parentheses, and you can use these images for testing purposes only.
Local packed images. These are packed images on the local computer, and the word local follows the
image name in parentheses. Clients cannot download these images until the administrator uploads
them to the server. Clients can select a local image if you create a package that is distributed to the
client via removable media, such as a USB drive or DVD.
Packed images on a server. These are images that are on the server and that are available for
download by clients. The word server follows the image name in parentheses.
On the Virtual Machine tab, you also can configure the workspace type to be persistent or revertible. If
you choose a persistent workspace, you can specify if a user should use a Windows logon for the virtual
machine. You also can configure workspace lock settings and image update settings, such as the number
of previous image versions to retain and if you want to use Trim Transfer when downloading images.
Note: You should use Trim Transfer when it would take you less time to index the hard drive than to
download the new image version. For example, it would be more efficient to use Trim Transfer when
you download a new image version that is similar to an existing image on the client.
On the Deployment tab in the MED-V policy, you can assign a MED-V Workspace to domain users and
groups. You can specify the time until which the workspace is available, and whether the user can use it in
the offline mode without first connecting to the MED-V server. You also can define the conditions under
which the workspace is deleted automatically and the data-transfer options between the host and
workspace. Additionally, you can configure device-control options, such as whether printers from the host
are available for printing in the workspace or if the workspace can access the hosts CD or DVD drive.
Note: To support file transfer in Windows XP Service Pack 3 (SP3), you must disable offline file
synchronization in the virtual image.
Question: How can you control to whom the MED-V policy applies?
Published Applications Settings
Key Points
You can run applications within the MED-V Workspace that are incompatible with the host operating
system, and start them from within the workspace as you would with a locally installed application on
thefrom either the Start menu or from a shortcut on the host. Workspace applications, which are
available from the host, are called published applications. The MED-V policy defines them.
You can publish an application in two ways:

As an application. You can publish a specific application by defining the command-line command
that runs the application in the virtual machine. Only the applications that you specify and enable in
the MED-V policy are published and listed on the hosts Start menu. It is possible to run additional
applications from the published application, even if this additional workspace application remains
unpublished. For example, you can run any workspace applications from the published workspace
command prompt.
As a menu. You can publish a menu folder that contains multiple applications and subfolders. The
host Start menu publishes and displays all of the folders applications and subfolders.
If you publish individual applications, you can define the display name that appears on the host Start
menu. You also can define the description of the published application, which appears as a tooltip when
the mouse hovers over the shortcut. In the Command line field of the MED-V Management Console, you
specify the command that you can use to run the application from the MED-V Workspace. In this
command, you need to specify the full path, and you can pass the parameters to the application as you
would to any other Windows command.
Note: If the application command line includes spaces, enclose the entire path in quotation marks.
If you publish the whole menu, you can define the menus display name, under which MED-V lists all of
the workspace menus content on the host Start menu. The published menu location is a relative path
from the Programs folder in the workspace, and if you leave it blank, all programs from the workspace
Start menu will publish to the host.
Note: If you want to rename the published application, you can right-click on it, and then select
Rename. When you reapply the MED-V policy, the application name will not revert. But when you
restart the workspace, the individually published applications will be listed multiple times, with their
published and modified names, while applications on published menus will revert to their original
workspace names.
All published applications and menus appear as shortcuts on the hosts Start menu under All Programs in
MED-V Applications. You can change this folders name in the Start-menu shortcuts folder field on the
Applications tab in MED-V policy.
Web, Network, and Performance Settings
Key Points
Some Web sites and Web applications are not compatible with the hosts Microsoft Internet Explorer
version, and do not work correctly even when you use the compatibility view in Internet Explorer. If you
need to access such Web sites, you can use older Internet Explorer versions. You do not need to open a
browser manually in the MED-V Workspace to view specific Web sites. MED-V automatically redirects you
to the browser in MED-V Workspace from the browser in the host, and vice-versa.
On the Web tab in the MED-V policy, you can define a list of Web browsing rules for a MED-V
Workspace. Users can browse all sites that the rules include, either in the MED-V Workspace browser or in
the hosts browser. Users can browse all sites that the rules do not define, from the environment in which
the sites were requested. However, you also can configure these sites as a group, which users can browse
in the MED-V Workspace or in the host.
Note: MED-V applies Web settings only to Internet Explorer. It does not apply Web settings to other
browsers.
You can configure network settings for MED-V Workspace on the Network tab in the MED-V policy. On
this tab, you can define if a workspace uses Network Address Translation (NAT) to share the hosts IP
address for outgoing traffic, or if it has its own network address, which it typically obtains from the
Dynamic Host Configuration Protocol (DHCP) server. You also can configure Domain Name System (DNS)
options, such as whether the workspace uses the hosts DNS server or if you want to use a specific DNS
server, and you can define DNS suffixes that MED-V uses for name resolution. You should configure these
settings appropriately if you plan to have network connectivity for your MED-V Workspace in scenarios
where the workspace is joined to the domain or it includes software that the organization will update over
the network.
On the Performance tab in the MED-V policy, you can adjust the virtual machine memory, based on how
much physical memory the host has. By using this configuration, you can allocate more memory to the
virtual machine when the host has more memory available. For example, if a host has 1 gigabyte (GB) of
random access memory (RAM), you can allocate the virtual machine 128 megabytes (MB) of memory, and
if a host has 2 GB RAM, you can allocate 512 MB of memory to the same virtual machine.
Question: Do you need to publish Internet Explorer from the virtual image to use it for browsing certain
Web sites that are incompatible with the hosts version of Internet Explorer?
VM Setup Settings
Key Points
You can configure the virtual machines setup settings on the VM Setup tab in the MED-V policy. By
using this tab, you can configure setup options, which MED-V performs when you deploy the virtual
machine and run it for the first time on the MED-V client. For example, you use these settings for joining
the MED-V virtual machine to the domain environment. You need to configure the virtual machine setup
differently for persistent and revertible MED-V Workspaces.
Note: You must use a persistent workspace for domain-joined virtual machines.
For the persistent workspace, you can configure options to run VM Setup, and then use a script editor to
configure actions such as checking connectivity, renaming a computer, joining a domain, or running
custom commands from the command line. For most of the actions, you can specify additional
parameters, such as the IP address for which you want to test connectivity or user credentials, and the
domain name to which you want to join the MED-V virtual machine. If you enable VM setup, you also can
define the message that displays on the MED-V client while the script is running.
Note: VM Setup only runs the first time that you start a workspace, after the Windows log on is
complete. After you complete the VM Setup steps, the Windows operating system inside the virtual
machine shuts down.
For a revertible workspace, you can configure options only to rename the virtual machine.
For both persistent and revertible workspaces, you can define a virtual computer-name pattern. In this
pattern, you can include the user name of the logged-on user, the domain name, host name, workspace
name, virtual machine name, and the selectable number of random characters.
Note: When you join a virtual machine to the domain, only root-level organizational units (OUs) are
supported for creating a computer account.
Question: What are the scenarios in which you would configure and use MED-V VM Setup?
Demonstration: Configuring a MED-V Workspace Policy
Key Points
In this demonstration, you will see how to use the MED-V Management Console to configure a MED-V
policy on an administrative workstation.
Demonstration Steps
1. Run MED-V Management. Log on to the MED-V server by using the administrator credentials.
2. Add a new workspace, which will create a new MED-V policy.
3. Switch through configuration tabs, and set various options.
4. Save the policy to the server.
5. Switch to the MED-V server, and notice that all changes are saved in c:\program files\microsoft
enterprise desktop virtualization
\servers\ClientSettings.xml file.
Lesson 2
Working with a MED-V Workspace
After you create and enable the MED-V Workspace for the users or groups, you can deploy the MED-V
Workspace. The first time that you deploy a workspace to the MED-V client, the process can be lengthy
because you need to download the virtual image first, and then configure it according to the MED-V
policy.
You can integrate the MED-V Workspace seamlessly with the host, or you can run it in a separate window.
Most customers use seamless integration. But you should be aware that MED-V users work in two
separate environments: the host operating system and the workspace. Users can share the Clipboard
between the two environments, and MED-V provides a transfer tool so that users can transfer files and
folders between both environments. If you join a workspace to a domain, you can provide better
integration by using additional options, such as sharing the folders between the host and the workspace,
or using a Group Policy object (GPO) to configure folder redirection.
Deploying a MED-V Workspace
Key Points
You can deploy a MED-V Workspace only to the workstations on which you install the MED-V client. The
MED-V client runs on top of Virtual PC, applies MED-V policy to the virtualized environment, and
integrates the MED-V Workspace with the host. Before you can access the MED-V Workspace and run
published applications, you first must log on to MED-V. You can log on to MED-V by using the account of
the currently logged-on Windows user or by providing an alternate user account. You can enter the user
name in two different ways: domain\username or username@domain. The AD DS domain controller
performs user authentication, and the MED-V server performs authorization. If you want to use MED-V,
you must have an AD DS user account, and you must enable the
MED-V Workspace for your account or the group to which your account belongs. You can log on to the
MED-V Workspace automatically by using your Windows user account, or manually by starting the MED-V
client, and then providing user credentials. You can configure how the MED-V client starts at logon by
right-clicking on the MED-V icon in the notification area, and selecting the Settings option. By using the
Settings option, you also can configure MED-V server settings.
If user authentication is successful and you have enabled multiple workspaces, MED-V prompts you for
the workspace that you want to use. You can select one of the workspaces from the list, and make it the
default choice. The MED-V server then provides an encryption key to the client, which you can use to
decrypt the virtual machine image on the client. If the image is not available on the client, MED-V
transfers it from the image repository on the MED-V server. After you decrypt the virtual machine, the
MED-V client uses Virtual PC to launch the virtual machine, which initializes the MED-V Workspace. After
the MED-V Workspace starts, you can interact with it.
Note: You can deploy multiple virtual images to the client, but you can run only one Virtual PC image
at a time. If you enable more than one workspace for a user, then when the user starts the MED-V
client, MED-V prompts the user to select the workspace to run.
You can control the MED-V Workspace by right-clicking the MED-V icon on the notification area. If the
workspace is running, the MED-V icon has a green check mark. By using the MED-V options in the
notification area, you can perform the following tasks:
Start, stop, or restart the workspace.
Lock the running workspace to prevent access to published applications while the workspace is
locked.
Modify the workspace settings.
Access tools or help, including workspace support information, which the MED-V policy defines.
Question: How can users log on to MED-V? What happens if they have enabled multiple MED-V policies?
Question: What is the difference between the first logon and successive logons to a workspace?
Running Published Applications from the Host
Key Points
You can access published applications from the MED-V Workspace by using the hosts Start menu in the
same way as you access locally installed applications. In the MED-V policy, you can control which
applications you want to publish and at what spot on the Start menu that they publish. Because published
applications integrate with the Start menu on the host, you can use the Search function to find them, and
then you can run them in the same way as you would run locally installed applications.
Note: If you want to publish applications in the submenu, you can use the \ character when defining
the shortcut folder for the Start menu in the MED-V policy.
In the MED-V policy, you can specify how applications are published. You can configure applications to
have a frame around the application window, which helps distinguish them from locally installed
applications. You can start another application from a published application, and then you can run
multiple published applications at any time. Be aware that only a single workspace is used at any time,
and that all published applications must be from the same virtual image.
If you want to protect access to published applications, you can lock the workspace. A MED-V policy can
define the idle time after which a workspace locks automatically. Alternatively, you can lock a workspace
manually, by right-clicking the MED-V icon, and then selecting the Lock Workspace option. This hides all
opened published applications, and you can run a new published application or access running published
applications only after you unlock the workspace by providing the MED-V user password.
Apart from the Start menu, you also can run published applications from the command prompt on the
host. The MED-V Workspace in which you define the published application must be running, and you can
run the published application by using the following syntax:
"<Install path>\Manager\KidaroCommands.exe" /run "<published application name>" "<MED-V

Workspace name>"
Note: Be aware that the published application name and the MED-V Workspace name are both case-
sensitive.
Question: What methods can you use to run published applications from the MED-V Workspace?
Question: How can you distinguish between local and published applications?
Integration of Published Programs with the Host
Key Points
Published applications integrate with the host, and provide a look and feel that is similar to locally
installed applications. For example, if an application has an icon in the notification area, this icon is
available from the notification area on the host and its context menu. You can press ALT+TAB to switch
between running applications on the host, and the list of running applications includes the published
applications. However, these applications run in the virtual environment, so in an older operating system,
Flip3D, live thumbnail preview, and transparency do not work for published applications. Based on the
MED-V policy configuration, you can use Copy and Paste to transfer content between published
applications and applications running on the host.
Published applications run in the virtual environment, and they access the folder structure on the virtual
hard disk. If you want to save data from the published application to the host, you can save it first to the
virtual environment, and then use the MED-V File Transfer tool to transfer it from the virtual environment
to the host. In the MED-V File Transfer tool, you can choose to transfer an individual file or a folder.
In the MED-V policy, you can define the following:
The direction in which files can be transferred: host to workspace, workspace to host, or both.
The file extensions that can be transferred.
Whether you want to enable the running of commands on the received files once you transfer them
to the host.
Because transferring files from the workspace to the host can be time consuming, you can use different
options, such as sharing folders between the host and the workspace, or using Group Policy to configure
folder redirection, if the workspace is joined to a domain.
Note: The File Transfer Tool is enabled only when the MED-V Workspace is running.
Published applications are displayed on the host in the same way as RemoteApp programs are displayed
when you use Remote Desktop Services (RDS).
Question: How can you access a data file that you saved in the MED-V Workspace?
Question: What are the alternatives to using the File Transfer tool to access data files that are saved from
published applications?
Browsing the Web and Printing from Published Programs
Key Points
One of the workspace settings that you can control through MED-V policy is the URL addresses that users
can browse by using Internet Explorer. You can use this option if Web sites or Web applications are
incompatible with Internet Explorer on the host, but they work correctly with the workspaces older
version of the Internet Explorer browser. You do not need to publish Internet Explorer from the host to
use this feature. You can specify the list of URLs by adding domain suffixes and IP prefixes. You also can
select all local addresses, and then define whether a browser from the workspace or from the host will be
used for browsing them. Then you can specify how you will browse all other URLs, either by using the
browser in the workspace or in the host. When you browse URLs, transitions between the hosts Internet
Explorer and Internet Explorer in the workspace is automatic. If you define a URL in the MED-V Policy as a
workspace URL, and then type it in the host Internet Explorer window, an Internet Explorer window from
the workspace opens and accesses the URL. This browser transition works in reverse, as well, from the
workspace browser to a browser on the host.
Note: Web settings are applied only to Internet Explorer. Web settings are not applied to other
browsers.
Another option that you control through a MED-V policy is the ability to print from published
applications. You can print either to locally installed printers in the workspace or to printers that are
connected to the host. The Enable printing to printers connected to the host option in the MED-V
policy controls access to printers that are connected to the host. When you prepare a virtual image, and
then install the VM Prerequisites Tool, it adds a printer driver that is represented as the Local Printer. This
printer enables you to use any printer that is connected to the host, without installing any additional
device drivers inside the virtual image. When you run a published application, you can select to print to
the Local Printer, which is the workspaces default printer. You get an additional dialog box, where you
select which host printer to use and what print job is sent to that printer.
Question: Do you need to install additional printer drivers in the workspace to print to host printers?
Question: You are not able to find the Windows XP driver for a printer that is connected to your
Windows 7 host. Can you still print from the published application that is running in Windows XP SP3
workspace on this printer, if you configure the printer in the Windows 7 host?
Lesson 3
Reporting and Troubleshooting MED-V
Reporting and troubleshooting are an integral part of MED-V. You use Microsoft SQL Server for storing
the MED-V log events, and then you can view them in the MED-V Management Console. MED-V provides
three report types, and enables you to use features such as filtering, grouping, sorting, and exporting
MED-V events to a Microsoft Office Excel file.
A MED-V client provides troubleshooting capabilities, which includes gathering the diagnostics logs,
updating the MED-V policy on the client, enabling the diagnostic mode, and browsing the image store.
Features such as the diagnostic mode can be beneficial when you run the workspace for the first time, as
it displays a Virtual PC window that shows what is occurring in the virtual environment.
Features of MED-V Reporting
Key Points
The reporting feature in MED-V gathers, stores, and presents information about client status, user activity,
and errors to MED-V administrators in the form of reports. If you want to use MED-V reporting, you must
have SQL Server 2005 Service Pack 2 (SP2) or SQL Server 2008 installed locally on the MED-V server or
available on a remote server. You can use any SQL Server edition--Express, Standard, or Enterprise--and if
you want to use SQL Server on the remote server, you must install Microsoft SQL Server Management
Objects on the MED-V server. By default, MED-V adds an additional database, medv, to the SQL Server.
This database has six tables, and SQL Server uses it only for logging events, errors, and status messages.
You can create and configure a MED-V database through the MED-V Server Configuration Manager on
MED-V server. From this tools Reports tab, you can perform the following tasks:
Configure a connection string for connecting to the SQL database.
Create a MED-V database.
Test connectivity.
Configure database maintenance, such as how long data will be stored in the medv database before
MED-V deletes it automatically.
You can select the report type, provide additional parameters, and view reports in the MED-V
Management Console, which is available on the MED-V administrative workstation. Before you can view a
report, you first must select the report type, and then provide additional parameters, which can include:
Number of days. This is the number of days for which MED-V should include events in the report.
User name contains. This is the portion of the user name that MED-V should include in the report. If
you specify this, MED-V displays only events that any user performs who meets these criteria. If you
do not specify this parameter, the report includes events by all users.
Host name contains. This is the part of the host name that you are looking for and that you want the
reports to include. If you specify this parameter, MED-V displays only events that comply with this
parameter. If you do not specify this parameter, the report includes events that happen on any host.
After you specify the parameters, MED-V generates a report, and adds a new tab to the detailed view. You
can:
Sort the reports entries by clicking on the column heading.
Filter events by clicking the filter icon in the column heading.
Group events by dragging the column heading to the top of the report or right-clicking on the
column heading.
You also can export reports to Office Excel.
Question: Where is the MED-V log data stored?
Question: Can you always use MED-V reporting?

Types of MED-V Reports
Key Points
The MED-V client generates the MED-V events, and then stores them in SQL Server when the client is
online. The medv database, which contains six tables, stores events. You can use tools such as Excel or
Microsoft Office Access to access the log data in the database and create your own reports. Alternately,
you can use the MED-V reporting capability that MED-V provides by default. You can use the MED-V
Management Console for generating and viewing MED-V reports. The MED-V Management Console
provides three report types:
Status. You can view the current status of all active users and all MED-V Workspaces for each user,
based on the period of time that this report defines. You can view information such as:
Computers that are connected to the server currently, and the date and time that they were last
connected to the server.
The status of each computer.
Relevant information, such as the workspace used, policy version that was applied, and the MED-
V client version on the host.
Activity Log. You can view events that originated from a specific host or user in a defined date range.
In this report, you can find events such as:
When a virtual image download has started or completed.
When a MED-V Workspace has started.
Whether a user was authenticated before using the workspace.
This report has the most detailed information on user activity. In larger MED-V implementations, it
contains many events.
Note: When you work with reports, you can use a filter or the group by command to categorize your
results.
Error Log. You can view errors that originated from a specific host or user in a defined date range. In
this report, you can view:
At which host the error originated.
When the error occurred.
The identity of the user.
In which workspace the error occurred.
The errors description.
Note: If the client is working offline, the server receives the reports when the client reconnects to the
network.
Demonstration: Generating and Working with MED-V Reports
Key Points
In the MED-V Management Console, you can monitor clients by generating a report that contains
detailed information about client events. In this demonstration, you will see how to generate and work
with MED-V reports.
1. Log on to MED-V Management Console as medv-user, and go to the Reports module.
2. Select Generate Report with default parameters.
3. Review the data on the Status tab.
4. Generate the Activity Log by accepting the default parameters.
5. Review data on the Activity Log tab.
6. Sort data by the Event Id heading. Use Filtering to display a specific Event Id.
7. Group rows by Event Id. Reorder columns of the Export data report on the Status tab to Excel.
Question: How can you drill down into MED-V reports and view specific information in the log data?
Using MED-V Diagnostics to Troubleshoot
Key Points
If you experience problems with starting, downloading, or running a MED-V Workspace, there are several
troubleshooting options available. One of them is MED-V reporting. By using MED-V reporting, you can
find errors that the MED-V clients report. But you can get more help to troubleshoot specific MED-V client
issues by using MED-V Diagnostics, which you can access by right-clicking the MED-V icon in the
notification area, and then selecting Help/MED-V Diagnostics.
When you start MED-V Diagnostics, the following four sections are available:
System. This section provides information about the amount of RAM on the host, as well as the host
name, operating system, and Windows user that currently is logged on. You can select the Gather
diagnostic logs option, which creates a compressed file with many diagnostic files that are necessary
for troubleshooting the MED-V client. The compressed file is saved on the desktop, and includes
information such as client configuration files, the virtual machine that the workspace is using, the
local host configuration, and its events. You also can gather the diagnostic log from the MED-V
Diagnostics Tool that is installed with MED-V client.
Policy. This section provides information on the MED-V policy version and the time at which it was
updated last. The MED-V client updates the policy automatically every 15 minutes, by default, but
you also can update it manually by clicking Update policy. You get a notification when the policy is
refreshed, and MED-V applies the policy changes immediately.
Note: You can update a policy from a command prompt by running, on the host, the
KidaroCommands.exe with the /Refresh parameter.
Workspace. This section provides information on the active workspace, such as its status, expiration
date, and the image used, as well as its location, version, and size. In this section, you also will find
information regarding whether the MED-V client is connected to the MED-V server or if it works
offline. You can use the Enable diagnostics mode option, which shows the Virtual PC desktop, and
which is useful in troubleshooting issues in the initial setup of the virtual environment. If you enable
the Diagnostics mode, published applications open in the Virtual PC window, not on your host. After
you disable the Diagnostics mode, the Virtual PC window hides, and published applications again are
visible on the host.
Note: You can enable MED-V diagnostic mode from the command prompt by running, on the host,
KidaroCommands.exe with the /TroubleShootingMode parameter.
Image Store. This section provides information on where the image store is located, its size, and the
available free disk space on the host. You can click Browse image store, and the local image store
opens in Windows Explorer. You also can start browsing local images from the MED-V Management
Console.
Lab: Managing a MED-V Deployment
Lab Setup
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
Exercise 1: Creating and Configuring a Workspace Policy

Scenario
You want to create a MED-V policy to use an existing image on the MED-V server. Users must be able to
distinguish applications that run on the host from those that run in the workspace. They must be able to
use Clipboard to copy data between the applications and to transfer files from the host to the workspace.
1. Create MED-V Workspace policy, and configure it to use an existing image.

2. Configure additional MED-V Workspace policy options.
Task 1: Create a MED-V Workspace policy, and configure it to use an existing image
1. On NYC-CL1, start MED-V Management, and log on as contoso\medv-admin with Pa$$w0rd as
the password.
2. Create a new workspace with the name Legacy Workspace. Provide a workspace description and
support information.
3. Verify that the policy defines Seamless Integration for published applications, and then select the
pink (255,0,255) frame color.
4. Select XP-Updated (server) as the assigned image. If the image is not available, click Refresh.
5. Select Synchronize Workspace time zone with host.
Task 2: Configure additional MED-V Workspace policy options

1. Configure the Legacy Workspace to allow only the Contoso\MED-V Users group.
2. In Workspace deletion options, select The Workspace has been disabled.
3. Select the following three options: Support clipboard between host and Workspace, Support file
transfer between host and the Workspace, and Enable printing to printers connected to the
host.
4. In the Data Transfer section, select Host to Workspace.
5. In the Published Applications section, add the following four applications:
Display name Command line
XP Comp Mgmt c:\windows\system32\compmgmt.msc
XP Cmd prompt c:\windows\system32\cmd.exe

XP Notepad c:\windows\system32\notepad.exe
XP XML Notepad c:\program files\XML notepad 2007\XMLnotepad.exe

6. In the Published Menus section, click Add, enter Published as the Display Name, and Games as
Folder in Workspace.
7. In the Start menu shortcut folder field, type MED-V Published Apps.
8. On the Web tab, select Browse the list of URLs defined in the following table and Browse all
other URLs. Enter contoso.com as the URL that is browsed in the workspace.
9. On the Performance tab, assign 160 MB memory to the virtual machine if the host has above 550
MB memory; 200 MB if host has above 1,100 MB; and 256 MB virtual-machine memory if the host
has above 1,400 MB.
10. Save the policy, and minimize the MED-V Management Console.
Results: After this exercise, you should have created a new policy, defined a new MED-V Workspace,
and configured various policy options, including which applications the workspace will publish.
Exercise 2: Using the MED-V Client

Scenario
After you create and save the MED-V policy, you must test the workspace, and then verify some of the
settings that are in the policy. Some users in your organization might not use the workspace for extended
periods of time. You need to test how you can lock workspace applications when the workspace is not in
use. Additionally, you need to enable users to print from the workspace to the hosts printers.
1. Deploy a MED-V Workspace.

2. Explore the published programs, and manually update the MED-V policy.
3. Lock the MED-V Workspace.
4. Test printing from the published applications.
5. Review the MED-V virtual machine configuration.
Task 1: Deploy a MED-V Workspace

1. On NYC-CL1, run the MED-V client, and log on as contoso\medv-user, with Pa$$w0rd as password.
2. Select Legacy Workspace, and wait until the workspace is deployed and started. At the Windows
Firewall prompt, select all of the networks, and then click Allow access.
Task 2: Explore the published programs, and manually update the MED-V policy
1. On NYC-CL1, verify that published applications are listed in the Start menu and that there is a
Published subfolder.
2. Use search on the Start menu to start the XP XML Notepad application. Verify that the application has
a pink frame around the window. Drag the XML Notepad window around, like the window of the
locally installed application. Close the XML Notepad application.
3. In the MED-V Management Console, remove the Published menu, and save the policy.
4. On NYC-CL1, update the policy, and then verify that four published applications are still listed on the
Start menu, even though the Published subfolder is no longer present.
Task 3: Lock the MED-V Workspace

1. On NYC-CL1, run the XP Notepad published application.
2. From the notification area, right-click the MED-V icon, and select Lock Workspace. Attempt to
access XP Notepad or run other published applications.
3. Unlock the workspace, and then verify that you can access XP Notepad and other published
applications.
Task 4: Test printing from the published applications

1. Add a local printer on the NYC-CL1 computer.
2. On NYC-CL1, open XP Notepad, enter some text, and from the File menu, select Print.
3. After you select Local Printer, verify that the printer is available for printing. Select the printer, and
confirm that the print job was sent to the host.
4. Restore the MED-V Management Console, and disable the ability to print to printers connected to the
host, save the policy, and then update the policy on the NYC-CL1 client.
5. Verify that you cannot print to the host printers from published applications.
Task 5: Review the MED-V virtual machine configuration

1. On the NYC-CL1 computer, run the XP Comp Mgmt published application.
2. In the published Device Manager, verify that Virtual HD, VM Additions S3 Trio32/64 video adapter,
and generic Intel 21140 network adapter are available in the workspace.
3. Verify that workspace has 256 MB (261,616 KB) memory available, as policy defines.
4. Try to transfer a file from the host to the workspace, and from the workspace to the host. Confirm
that this behavior is consistent with the setting that you defined in the MED-V policy.
Results: After this exercise, you should have deployed a MED-V Workspace, worked with published
applications, learned how to lock and unlock the workspace, and verified that the workspace is
configured as defined in the MED-V policy.
Exercise 3: Implementing MED-V Reporting and Troubleshooting

Scenario
After the users in your company start using MED-V, you need to explore the information available in
MED-V reports. You are interested in monitoring the workspaces that users started, and you also want to
test MED-V diagnostics options.

1. Create and explore MED-V reports.
2. Open MED-V Diagnostics, and explore diagnostic options.
Task 1: Create and explore MED-V reports

1. On NYC-CL1, generate all three Report Types with default parameters.
2. Explore information that each report type provides.
3. In Activity Log, sort the report entries, and use filtering and the Group By feature. Use Group By to
see all events for the workspace under one entry. Reorder columns in the report and select the
Severity on the start of each row in the report.
4. Export entries in the Status report to an Excel .xls format.
Task 2: Open MED-V Diagnostics, and explore diagnostic options

1. On NYC-CL1, in the notification area, right-click the MED-V icon, and then review the MED-V contact
support information.
2. Use the MED-V Diagnostics tool to gather diagnostic logs, and then view the content included in the
compressed file that contains the MED-V diagnostics logs.
3. Start the XML Notepad application. Enable MED-V Diagnostics mode, and then confirm that the
published application was moved to the diagnostics window and cannot move out.
4. Disable the MED-V Diagnostics mode.
Results: After this exercise, you should have reviewed information provided in MED-V reports, worked
with MED-V report formatting, gathered MED-V diagnostics logs, and viewed how to use the MED-V
diagnostics mode.

following steps:
Review Questions
1. What is the MED-V Workspace?
2. How can you configure a MED-V virtual environment?
3. What defines a MED-V Workspace?
4. What must you do to configure a MED-V policy?
5. What is the difference between a persistent and revertible workspace?
6. How can you specify the virtual image to which the MED-V policy should apply? What image types
can you assign in MED-V?
7. Can you print to the host printers from the published application in the workspace?
8. What is the easiest way to gather MED-V diagnostic logs on the MED-V client?
9. How can you find out what is going on inside the MED-V virtual environment during initial setup,
when you join a virtual machine to the domain?
Common Issues Related to Microsoft Enterprise Desktop Virtualization

Identify the causes for the following common issues related to Microsoft Enterprise Desktop Virtualization,
The options for save changes or commit MED-V policy are

grayed out in the MED-V Management Console.
You modified the MED-V policy, but the changes are not
reflected in the client workspace.
After you modified the MED-V policy and waited for 15

minutes, the changes still are not reflected in the client
workspace.
You do not see any MED-V published applications on the host.
You have multiple printers available on the host, but none of

them is listed when you want to print from the published
application.
The MED-V virtual machine is using too much memory.

Implementing Microsoft Application Virtualization 6-1
Module 6
Implementing Microsoft Application Virtualization
Contents:
Lesson 1: Introduction to Application Virtualization 6-3
Lesson 2: Planning for Application Virtualization 6-15
Lesson 3: Deploying Application Virtualization Servers 6-27
Lab: Implementing Application Virtualization 6-36
Module Overview
The Microsoft Application Virtualization 4.5 Service Pack 1 (App-V 4.5 SP1) and the App-V 4.6 client and
sequencer software provide the latest updates to application virtualization technology. This release
includes new capabilities that make it easy for enterprise information technology (IT) organizations to
support large-scale, global application virtualization implementations. This module provides an overview
of application virtualization and App-V components. The module also covers the App-V infrastructure, the
deployment scenarios, and the procedures for installing and configuring App-V servers and App-V clients.
Lesson 1
Introduction to Application Virtualization
Application virtualization is a sophisticated technology that allows organizations to reduce costs and
simplify software deployment. Application virtualization allows you to run applications on client
computers without having to install them locally.
Other virtualization technologies such as Windows XP Mode or Microsoft Enterprise Desktop
Virtualization (MED-V) deliver an entire virtual machine to the client computer, whereas App-V delivers a
virtual application hosted in a virtual environment based on the host operating system. App-V does not
provide a virtual machine. App-V is not an application compatibility product, but instead it is an
application management product.
This lesson provides an introduction to the concepts behind application virtualization, and the tasks that
you can use to manage it.
What Is Application Virtualization?
Key Points
Application virtualization allows you to run applications on client computers as if they were installed
locally. You never install a virtualized application, in the traditional sense, locally on an end users
computer. However, a virtualized application behaves as a locally installed application, from the end users
perspective. The virtualization client software that you install on the client computer provides an
environment that simulates the local operating system. Blocks of the applications code are loaded into
this virtual environment on demand. The virtual server initially downloads only the code necessary to start
the program, which typically is 20 to 40 percent of the total code. No further code is sent to the client
until the user requests it by using features of the application. These blocks of code may be streamed from
a network location or reside in a cache on the local hard disk.
Streaming is the process of obtaining content from an application package. The application runs as if it is
interacting with the physical operating system, when in fact it is interacting with virtualized operating-
system components, such as registry, .ini files, and dynamic-link library (DLL) files. However, the
application never interacts directly with the actual operating system.
When the session terminates, the virtual server saves application settings and profiles in a nonvolatile
cache, which provides instant access for subsequent use. The cached code enables applications to run
locally with full functionality, even without a network connection.
Benefits of Application Virtualization

Management of applications is one of the most time-consuming and costly aspects of an enterprise IT
infrastructure. Virtualizing applications provides many benefits when compared to traditional installations,
which can reduce management and support costs. Those benefits include:
Centralized management. A single management console can connect to all virtual application
deployment servers. You can install the management console on multiple hosts for situations where
you require distributed administration.
Running multiple versions of the same application without conflicts. Users sometimes need to run
older versions of an application to support their customers, but they might also need access to the
latest version. App-V enables users to run multiple versions of the same application by providing
virtual environment isolation.
Reduced application conflicts. Sometimes applications are unable to coexist on the same operating
system due to DLL or API conflicts. Virtual environment isolation means that applications are unaware
of each other and therefore, do not have these types of conflicts.
Scalable infrastructure. You can deploy multiple virtualization servers to stream virtual applications to
clients across the enterprise, and you can manage these servers from a single console, and load
balance them for redundancy. Stand-alone client installers can extend virtual applications to users
who do not connect to the local area network (LAN).
Accessible applications. Because you can target applications at particular users or groups, they are
available at any workstation to which a user logs on, as long as that workstation has the App-V client
installed. If users have roaming profiles, any personal configuration application settings will be
available.
Remote Desktop server support. App-V allows an application to run simultaneously with any other
application on a Remote Desktop server, eliminating the need for application silos and increasing
utilization. This results in the need for fewer servers, and it enables applications that were not
designed to run in multiuser mode to run on a single terminal server. There is separate virtual client
software for Remote Desktop servers.
Note: For the Windows Server 2008 R2, operating system, Terminal Services has been renamed to
Remote Desktop Services.
Reduced license compliance risks. App-V helps to manage license compliance by controlling the
number of users permitted to access an application. You can associate applications with license
groups to enforce compliance.
Usage reporting. You can generate several different reports to track application usage, audit software,
and track system utilization and errors.
Components of an Application Virtualization Solution
Key Points
A virtualization solution consists of a number of components that work together to provide virtualization.
Depending on the deployment model that you implement, you might require some or all of the following
components:
Microsoft Application Virtualization Management Web Service. This service acts as an intermediary
between the Application Virtualization Management Console and the Application Virtualization Data
Store. The Web service accepts data from the management console and sends it to the database. For
example, when a new application is imported, the Web service makes the data store aware of the new
application and its configuration. You must install Microsoft Internet Information Server (IIS) 6.0 or
newer on the server.
Microsoft Application Virtualization Management Console. This component interacts with the Web
service to provide policies. Virtual application deployments, updates, and terminations are managed
by using policies, and administered through the App-V management console. You can install this
console on the Windows XP operating system or newer versions, the Windows Server 2003
operating system or newer versions that have the Microsoft Management Console (MMC) 3.0 and the
.Net Framework 2.0 or newer versions installed.
Microsoft Application Virtualization Management Server. This component stores the application
packages in a shared folder for distribution to the clients. During startup, it requests policy
information from the data store on a Microsoft SQL Server. The App-V Management Server
authorizes and authenticates requests against Active Directory Domain Services (AD DS), and then
provides the application streaming, security, metering, monitoring, and data gathering services.
Microsoft Application Virtualization Streaming Server. This component provides a lightweight solution
for application virtualization. This server only provides streaming services using Real-Time Streaming
Protocols (RTSP) and RTSP Secure (RTSPS). It does not provide the full set of management capabilities
that the management server delivers. Therefore, it does not require the same infrastructure as the full
management server.
Microsoft Application Virtualization Client. This component is a small software program that resides
on the computers running the virtual applications. These clients communicate and authenticate with
the application virtualization server to receive application code, and then locally execute the
application.
Microsoft Application Virtualization Sequencer. This is a wizard-based tool, which sequencing
engineers use to create virtual application packages. Sequenced applications perform as if they are
installed on the local machine when users launch them. You perform sequencing on a computer that
represents the operating system on which the virtual application will be run.
SQL Server. This is required to act as the data store for a full installation of an App-V environment.
SQL Server 2005 Express Edition SP2 or newer is required. This data store stores all application
records, licensing, logging information, permissions, virtualization server configurations, and
reporting.
Communications Between Management Servers and Clients
Key Points
App-V streaming servers natively use RTSP or Transport Layer Security (TLS) and RTSPS to stream
applications to clients. A new feature in App-V 4.5 is the ability to stream over HTTP protocol.
Streaming Over RTSP

RTP is a suite of protocols that an App-V Server uses for the streaming delivery of virtual applications. By
default, RTSP listens on port 554 for Microsoft Application Virtualization Client requests, and then
dynamically connects to the client on two high ports. One is for Real- Time Control Protocol (RTCP) and
one is for RTP. These ports are in the range between 49,152 and 65,535. The App-V Server then uses the
port for RTCP for control messages and the RTP port for the actual data transfer of Icon (ICO), Open
Software Description (OSD), and file type association FTA files.
You can use RTSPS if you need only a single port and an encrypted application stream. The default port is
322 in RTSPS. This is a change from previous Microsoft SoftGrid versions that used port 332 to comply
with industry standards. However, you can redirect the port to 443.
RTSPS uses a single port for both RTCP and RTP traffic, and for all connections to the Application
Virtualization Management Server. This can have an effect on performance. RTSPS requires a valid
certificate installed on the management server. The streaming server can be set up to support RTSP,
RTSPS, or both.
Streaming Over HTTP

The ability to stream over HTTP alleviates the need to have a dedicated App-V streaming server and
allows you to just use an IIS computer. The benefits of this include:
Administration is easier because IIS is well known and commonly implemented.
Streaming over TCP port 80 typically is easier to implement when there is a firewall between the
server and the client.
Streaming over HTTP is accomplished by creating a virtual directory that maps to the content folder that
holds the sequenced applications. Also, you must add the following Multipurpose Internet Mail Extensions
(MIME) types:
OSD with the type of App-V Application
Virtualized-enabled application file (SFT) with the type of App-V Application
Then, the hypertext reference (HREF) value in the OSD file must reflect that you are using the HTTP
protocol and port 80. For secure HTTP, the HREF value must reflect HTTPS protocol and port 443.
HTTP streaming is optimized for Internet or intranet delivery over wide area networks (WANs). Therefore,
we recommend it for Internet-facing scenarios and businesses that require streaming capabilities across
large, disperse networks. Active Upgrade is not available when you are using HTTP streaming.
Packaging of Virtual Applications
Key Points
Application packaging is the process of preparing virtual applications for deployment on client computers.
You can create an application package, also called a sequenced application, by using the App-V
Sequencer. Sequencing is typically the first step of implementing a virtualized application. You can use the
App-V Sequencer to monitor and record the application installation and capture the files that the
application uses to run. The App-V Sequencer then packages all required files into a virtualized, self-
contained environment for deployment to
App-V clients. Each package created by the sequencer defines its own virtual environment.
Packaging is a separate operation from deployment, and you perform it on a separate computer from the
deployment or management servers. After you sequence the application, you copy the resulting package
to the deployment server for distribution.
Each virtual application package has several files:

ICO. The .ico file specifies the icon that appears on the Microsoft App-V client desktop.
OSD. The .osd file provides the information necessary to locate the applications virtualization-
enabled application (.sft) file, and then set up and launch the application.
SFT. The virtualized-enabled application file (.sft) file contains the asset files that include one or more
applications that are based on Windows.
SPRJ. The App-V Sequencer project (.sprj) file is generated when a project is saved. The .sprj file
contains a list of files, directories, and registry entries that the sequencer excludes. You can load this
file in the sequencer to add, change, delete, or upgrade any of the applications in the suite. A
common example of when you might use the .sprj file is when you add service packs to an
application.
Manifest.xml file. Electronic software distribution (ESD) can use the manifest.xml file to deploy
applications.
Deploying Virtual Applications
Key Points
After packaging the application, you can deploy it. Deployment typically involves streaming the package
to the App-V client, which you must install on the client computer prior to application deployment. You
can place the virtual application package on App-V streaming servers so that you can stream the package
to the clients on demand and also have it cached locally. You also can use file servers and Web servers as
streaming servers.
You can deploy multiple streaming servers to support large distributed environments. There is no built-in
method in App-V to replicate application packages between multiple streaming servers delivering the
same applications. Package replication must be achieved through other means such as Distributed File
System (DFS), scripting, or manually.
Application streaming is the exchange of data between the desktop virtualization client and an
application streaming component on the server. Its purpose is to move the entire application package or
parts of the applications code, known as feature blocks, from the virtualization server to a users hard
disk, and then import it into the desktop virtualization framework. Most software packages are cached on
the user's hard disk after the initial download. This reduces the network impact for subsequent launches of
the application.
By default, an App-V client goes through the process of desktop configuration refresh (DC Refresh) at
logon to get the list of applications that it is allowed to run. The client also populates the host operating
system with those applications icons so that the user can access them.
Application licensing and user validation also is performed against the virtualization management server.
As an example, when a user launches an application package that previously was downloaded, the
virtualization client software first calls the management server to verify that the current user remains
authorized to run the application. You also can create policies that enable mobile workers to run the
application in an offline mode, during which the policy determines how long an application can run
without contacting the servers streaming component. For example, the streaming server administrator
may set the policy to allow offline applications to continue to run for seven days without contact. The
desktop virtualization client enforces the policy, and then can disable or remove the application after the
specified period of stand-alone use.
Features of Virtual Applications
Key Points
When you virtualize an application, it runs inside its own virtual environment. This provides the following
advantages:
No installs. You can stream Microsoft App-V packages to client systems without having to install the
applications on each client. Stand-alone scenarios are possible. In this situation, the application is not
streamed to the client computer. Rather, you package the virtual environment and install it for use by
the virtual client software component on the client computer.
No client footprint. Because you do not install the application, you can remove the package easily
without leaving a footprint. This means that there are no orphaned files or registry settings, which
typically are left behind in a traditional application uninstall.
No wasted resources. Virtualized applications can use local and network drives, CPU, random access
memory (RAM), printers, and other local resources on the App-V client.
Pre-configuration of applications. Virtual applications are self-contained, and include all .ini files and
registry settings. During the sequencing operation, the sequencing engineer can configure the
application settings, which enables you to deploy the application in the way you want to present it to
end users. However, users can make personal configuration changes to the application just as if the
application was installed normally, and those settings are stored permanently in a user-specific file
named UsrVol_sftfs_v1.pkg in the users profile in the %AppData% directory.
Maintaining Virtual Applications
Key Points
Updating applications with updates and new revisions can be time consuming and costly for an
organization. App-V enables an organization to centralize these tasks, which simplifies how you can
update and support applications.
Application Updates
An applications life cycle typically involves updates, which typically are in the form of service packs or hot
fixes. When you use virtual applications, however, you need to apply updates only to the package source
files. The updated package then replaces the original package on the App-V server, and the App-V client
seamlessly receives the updated files the next time it launches the application. There is no interruption in
service, and the end user is unaware that an update has been applied.
Application Support
The Microsoft App-V platform can solve other support-related issues, by reducing conflicts between
applications because each virtual application runs in its own virtual environment.
Virtual applications are almost immune to users inadvertently or intentionally deleting critical files that are
needed to run that application. This effectively reduces the number of help-desk calls that an organization
receives.
App-V enables organizations to control the number of users who can gain access concurrently to App-V-
enabled applications through enforcement of license compliance.
Lesson 2
Planning for Application Virtualization
Before deploying a virtual solution, you must have an understanding of the supporting infrastructure
components and the considerations for planning the deployment. The process for implementing
application virtualization is very flexible and scalable. Large deployments require more planning and
different components. This lesson will discuss the different considerations and models for application
virtualization deployment.
Considerations for Deploying Application Virtualization
Key Points
All deployment models require the presence of the App-V client software on the client computer. You can
achieve the delivery of virtual applications to the App-V client through four main delivery models:
App-V full infrastructure (Enterprise) model
App-V lightweight infrastructure model
Stand-alone deployment model
System Center Configuration Manager 2007 R2 integrated model
App-V Full Infrastructure (Enterprise) Model

This model provides all of the management servers capabilities, including application streaming,
authentication, security, licensing, and metering. This model requires AD DS and SQL Server, and is the
typical deployment model. In this configuration, you should place the management server close to the
SQL Server, on the same LAN segment. Adding streaming servers can push a deployment to a distributed
environments remote locations by providing streaming capabilities close to the clients that are using the
applications. This model is this courses main focus.
App-V Lightweight Infrastructure Model

The lightweight infrastructure model addresses the needs of organizations that want to use App-V with
streaming capabilities, but which might not have or want the infrastructure to support management
servers. The lightweight infrastructure consists of the Application Virtualization Streaming Server and the
App-V client only. This server provides streaming capabilities, including active package upgrades without
the AD DS or SQL Server requirements. However, it does not have the configuration, licensing, or
metering capabilities of a full management server. This configuration has no management console or
graphical user interface (GUI) method to point the App-V client to the streaming server. You must
configure the client manually through a registry hack or command line during installation. This service
relies on the manual or scripted addition of a manifest file for virtual application configuration.
Stand-alone Deployment Model

The App-V Stand-alone Model consists of the App-V Sequencer and the App-V Client, and requires no
additional App-V infrastructure. The sequencer now has an option to create a Windows Installer file (MSI)
during the sequencing process. The MSI file installs the metadata to the machines, and then runs two
custom actions using the SFTMIME command-line utility to add and load the application to the App-V
client cache.
The App-V Sequencer packages the publication information, shortcuts, and the install routines into the
MSI, and the virtualized application into an SFT file. When executed, the installer adds the virtual
application package to the App-V client, and configures the publication information to load applications
from a local location rather than stream them across a WAN.
Stand-alone deployments require the client to go into stand-alone mode, which only allows MSI-based
updates of the virtual applications. You do not configure the App-V client to connect to any App-V server,
and applications are delivered to the client through an MSI package. The MSI holds all metadata of the
sequenced application, except for the binary SFT file that holds the actual application.
Streaming is not allowed in the stand-alone model, which is for those users who connect to the corporate
network rarely and do not have access to a server, but who require the power of virtualized applications.
The stand-alone delivery scenario enables an organization to deploy virtual applications in situations
where no servers are available to support other deployment methods for virtual applications. Use stand-
alone deployment when:
Remote users cannot connect to the App-V infrastructure.
Software management systems, such as System Center Configuration Manager or a third-party ESD
system, are in place already.
Network bandwidth limitations prevent ESD. In this case, you can use virtual application delivery on
physical media.
Because the stand-alone model employs an MSI file, you can distribute it by using an existing software
distribution infrastructure, such as Group Policy objects, shared folders, CD or universal serial bus (USB)
flash drives, and others.
By default, stand-alone applications are available to all users that log on to the computer. This may not be
desirable in some environments. To change this behavior, you can use the SFTMIME command-line utility
with the /NOGLOBAL option during the MSI install.
System Center Configuration Manager 2007 R2 Integrated Model

You can use Microsoft System Center Configuration Manager 2007 SP1 R2 to distribute virtual
applications in the same way as it distributes traditional application packages. You can add virtual
applications to the Configuration Manager environment by using a wizard that is very similar to that
which you use for traditional applications. Many of the advanced capabilities available for managing
traditional packages also are available for virtual application packages, such as using task sequences and
building queries in collections to define which devices are targeted. Unlike the App-V full infrastructure,
which can target users only, you can target both users and machines.
This model requires both the App-V client and the Configuration Manager client on each managed
system. It does not use any of the server components of application virtualization, but instead uses the
existing Configuration Manager distribution points to deliver the virtual application to the client.
Application delivery to the client works differently from the App-V Full Infrastructure scenario. In the Full
Infrastructure scenario, the App-V client manages its own content, and it can refresh instantly against the
Management Server. In the Configuration Manager integrated scenario, it is the Configuration

Management client that manages the App-V client.
Configuration Manager supports two types of delivery methods for virtual applications:
You can enable streaming delivery on Configuration Manager distribution points. This option streams
the virtual application to the client through HTTP or HTTPS.
Local delivery uses the Configuration Manager 2007 client to first download all the files needed for
the application through Background Intelligent Transfer Service (BITS). After downloading the files,
the package is loaded (fully) into the App-V client cache.
This model requires in-depth knowledge of System Center Configuration Manager, and is not the focus of
this course.
Considerations for Planning the Supporting Infrastructure for Application

Virtualization
Key Points
Before deploying App-V to your enterprise, you must ensure the supporting infrastructure is in place and
configured to support the App-V environment.
Active Directory Considerations

App-V uses Active Directory groups to control access to applications and administrative functions. You will
use these groups during the server installation process and when publishing applications. Before you
install the App-V management server, you must create the following objects in AD DS:
App-V administrative group. During the installation of the App-V management server, you must
select an Active Directory group to use as the App-V Administrators group that will control
administrative access to the management console. You should add to this group all users who require
administrative access to the management console. This group must preexist before you install the
management server.
App-V users group. App-V requires that every user who accesses App-V functions must be a member
of a provider policy associated with a group. You can use an existing group, such as Domain Users, if
all users must have access to App-V, or you can create a new group with selected users.
Microsoft SQL Server Requirements

The App-V Server requires a SQL Server to host the data store, and supports the following versions of SQL
Server:
SQL Server 2005 (SP1, SP2 or SP3)
SQL Server 2008 (no SP or SP1) 32-bit or 64-bit
Requirements for the App-V Management Console

The App-V management console has the following requirements and interactions:
Windows XP SP2 or newer and Windows Server 2003 or newer

.NET Framework 2.0 or newer
MMC 3.0
Connects to the Web Service through HTTP or HTTPS
Requirements for the App-V Management Web Service

The App-V management Web service has the following requirements and interactions:
Windows Server 2003 or newer
IIS Server
IIS 6.0 with ASP.net or IIS 7.0 with ASP.net, Windows Authentication, IIS Management Scripts and
Tools, IIS 6 Metabase Compatibility, and IIS 6 WMI Compatibility
.NET Framework 2.0 or newer
Requires that the data store was previously installed
Connects to the data store on port 1433
Communicates with AD DS through Active Directory Service Interfaces (ADSI)
Firewall Considerations
After you install the App-V management server or streaming server, and configure it to use the RTSP or
secure RTSPS protocols, you must create firewall exceptions for the App-V programs. Create a firewall
exception for sghwdsptr.exe and sghwsvr.exe. These programs are in the C:\Program Files\Microsoft
System Center App Virt Management Server\App Virt Management Server\bin folder on a 32-bit
operating system. If you are using a 64-bit operating system version, the folder is located in the
corresponding location under C:\Program Files (x86).
Load-Balancing Considerations
You can use load balancing to allow a farm of App-V Servers to continually grow to meet company
requirements and provide a level of fault tolerance. After you configure load balancing, you need to
change the HREF tag in the OSD file to point to the load-balanced IP address or DNS name. For example:
HREF="rtsp://{virtual IP or virtual host name}:554/DefaultApp.sft"
Note: App-V does not support clustering solutions.

Considerations for Implementing an Application Virtualization

Management Server
Key Points
The App-V Management Server performs the publishing and streaming functions for virtual applications.
App-V Management Servers have direct connectivity to the client workstations, and they deliver virtual
applications on-demand to App-V Clients, using RTSP or RTSPS protocols. App-V Management Servers
also provide the following services:
Authorize and authenticate requests for applications through AD DS.
Secure connections to the client through certificates.
License enforcement for applications.
Application monitoring and gathering of data about application usage.
You can control the management server through the App-V Management Console.
The management server stores all application packages in its Content share. The Content folder is a
standard shared folder. During installation, the user is prompted to provide a location for the content
shared folder. You can use any local directory, existing network share, or network accessed storage (NAS),
but the default location is in the installation directory.
During installation, you will provide the location of a SQL Server and database. The management server
must be deployed in the same location and, if possible, on the same LAN as the SQL Server. This ensures
good connectivity between the management server and the App-V configuration information that is
stored in the SQL Server database. One or more App-V management servers can share a single
Application Virtualization SQL data store.
The App-V management server has the following requirements and interactions:
Windows Server 2003 or newer.
A shared folder in which to store the application packages content. This could be a physical file share
on the server itself, or it could be a network-accessible location, such as a DFS or storage area
network (SAN) device.
Requires that the data store is previously installed.
Uses open database connectivity (ODBC) to communicate with the data store.
Important: When you install SQL Server and the App-V Management server on the same computer,
the Application Virtualization Management Server service fails to start after a server restart if the SQL
Server service is not started fully. Because both services try to start at the same time, the Application
Virtualization Management Server service detects that the SQL Server service is not running, and
therefore, will not start. Setting the Application Virtualization Management Server service to
Automatic (Delayed Start) will remedy this. Otherwise, you must start the service manually.
Note: You can install App-V management components on a single server or spread them across
multiple computers. For example, a common scenario would be to install the Management Console
on a Windows 7 computer and the App-V server and Management Web service on a Windows server,
while you place your SQL Server on a separate Windows server or cluster.
Considerations for Implementing an Application Virtualization Streaming

Server
Key Points
You can use the Application Virtualization Streaming Server for those organizations that want to take
advantage of the virtualization and the streaming capability of Microsoft Application Virtualization, yet do
not want a full App-V management server. There are no AD DS or SQL Server requirements, and there is
no user interface for the streaming server. You manage it through registry keys. You must configure
clients through the App-V client software during client installation or configure the local registry to point
to the streaming server if the client software is installed already.
The Application Virtualization Streaming Server is a streaming server only. It does not perform any
application publishing or management functions. It does not have any application licensing or metering
capabilities. It streams the virtual application files (.sft files) from its shared Content directory to the App-V
Clients that request them, using the RTSP suite. The Application Virtualization Streaming Server
automatically polls its Content directory for applications and packages, and then places this information in
RAM to service application requests. It does not authenticate requests to AD DS, but uses NTFS file system
permissions on the Content folder for authorization.
Because the streaming server does not support desktop configuration refresh, the client is not aware
automatically of the applications that are available for streaming. You must add applications to the client
in an alternative way, such as using the SFTMIME.exe command-line utility or by using a desktop
configuration policy on an App-V management server in a remote location.
Scenarios for Deploying an App-V Streaming Server
Key Points
Although you can use the streaming server by itself as a lightweight deployment solution, you typically
use a streaming server in conjunction with a full infrastructure scenario, or use it with System Center
Configuration Manager to deploy to branch offices or areas with poor WAN connectivity to the SQL
Server. In this way, you can use a streaming server to increase scalability.
Full Infrastructure Scenario

You should place App-V management servers close to the database for efficient SQL transaction traffic,
but the management servers also must be close to their streaming clients. This requires that you replicate
multiple instances of SQL to an enterprises remote locations. The streaming server allows you to place a
streaming device close to streaming clients in remote locations while maintaining a single management
server in a central location. The App-V clients can receive configuration information from the
management server and stream the application from the local streaming server. If you load balance
multiple streaming servers in a large deployment, all servers in a server group should stream the same
applications.
Consider a typical deployment scenario that utilizes the full infrastructure. In this scenario, you place
sequenced applications in the Content shared folder on the App-V management server in the head office
for streaming to local App-V clients. You place the same sequenced applications in the Content shared
folder on the streaming server in the branch office for streaming to those local App-V clients. The App-V
clients perform DC refreshes from the management server in the head office to identify the virtual
applications that are available, but the clients stream those applications locally from the streaming server
rather than across the WAN. This alleviates the need for management and SQL servers in multiple
locations.
Integration of System Center Configuration Manager

Applications that you publish with System Center Configuration Manager 2007 are sequenced in the
traditional manner using the App-V Virtualization Sequencer. An organization can deliver applications by
leveraging their existing System Center Configuration Manager 2007 solution in conjunction with the
App-V client, while removing the need for the entire backend infrastructure of the management server,
SQL data store, management Web service, and management console. Taking advantage of a System
Center Configuration Manager 2007 solution means that organizations can provision application
virtualization packages to hardware devices, rather than just basing them on user accounts. Additionally,
organizations can deploy Application Virtualization packages and precache them to devices based on the
System Center Configuration Manager 2007 policies.
One of this scenarios key prerequisites is that you must install the new App-V streaming server on an
existing distribution point for the System Center Configuration Manager 2007 solution.
You can use the SFTMIME command to set up and maintain the applications, file type associations, and
Desktop Configuration Servers that the App-V client manages.
Benefits of Deploying the App-V Client for Remote Desktop Services
Key Points
In Remote Desktop Services deployments, application conflicts can lead to silos of Remote Desktop (RD)
Session Host servers. To avoid application conflicts, you typically must test applications extensively to
determine which have conflicts. You must separate these, and run them on different session host silos.
Separating multiple RD Session Host servers to accommodate specific applications typically results in the
underutilization of servers, because each one is locked into a specific configuration, and is capable of
serving only a limited set of nonconflicting applications.
The Microsoft Application Virtualization for Remote Desktop Services client allows administrators to
deliver any application to any Remote Desktop Services server. Installing the App-V client for Remote
Desktop Services on the remote desktop server has the following advantages:
Enables applications that cannot run in multiuser mode to be run on remote desktop servers.
Consolidates remote desktop servers and increases hardware efficiency while decreasing both
hardware and administrative costs.
Enables you to prevent users from modifying operating system settings, yet allow applications that
require full rights to run properly.
Enhances Remote Desktop Server license compliance and usage tracking.
Supports roaming profiles and policies.
Lesson 3
Deploying Application Virtualization Servers
It is important to understand the hardware and software requirements of an App-V solution before you
implement it. If you are running a previous version of SoftGrid, you will need to know the implications of
upgrading to the latest release. This lesson covers the installation of the server components and what you
should consider before you upgrade.
Process for Installing the App-V Management Server
Key Points
Before installing the App-V management server, ensure that the App-V server computer meets all
prerequisites for infrastructure, and hardware and software. You can use the App-V Management Server
Installation Wizard to install the management server and to configure the basic settings of the
components.
Hardware and Software Requirements

The minimum hardware requirements include:
Processor: Intel Pentium III, 1 gigahertz (GHz)
RAM: 512 megabytes (MB)
Free disk space: 200 MB, not including the content directory
The minimum software requirements include:
Any edition of Windows Server 2003 SP1 or newer
Pre-installation and Post-installation Tasks

You must perform certain pre-installation and post-installation tasks.
The pre-installation tasks are:
1. Configure appropriate user and administrative groups in AD DS.

2. If the server will run the Management Web service, you must install and configure IIS.
3. If you use a distributed architecture, and install the Management Web service, the management
console and the data store on separate servers then the IIS Server must be trusted for delegation. This
is necessary because the Management Web Service will attempt to connect to the App-V data store
by using the credentials of the App-V administrator who is using the console. The data store will not
accept the administrators credentials from the IIS server unless you configure it to be trusted for
delegation. Therefore, the Management Web Service will not be able to connect to the App-V data
store.
4. If you choose to use the Secure Connection Mode for communications between the Management
Console and the Management Web service, then the server has to have a server certificate
provisioned to it from a public key infrastructure (PKI). If a server certificate is not installed on the
server, this option is unavailable, and the user cannot select it. You must grant the Network Service
account Read permission to the certificate being used.
The post-installation tasks are:
1. Sharing the Content folder. Ensure the App-V users group have Read permission and the users who
will be uploading sequenced applications to the share has Full Control. Ensure that the corresponding
NTFS permissions have been granted.
Note: You may perform this task before installation, but you must create a folder that will act as the
content folder.
2. If SQL Server is running on the same computer, set the Application Virtualization Management Server
service to Automatic (Delayed Start) as the Startup Type, and ensure the service is started.
3. Create firewall exceptions.
4. After you deploy the App-V client software, use the App-V Default Application to test whether App-V
is functioning correctly.
Installing the App-V Management Server

Access the App-V installation source files and run Setup.exe to start the App-V Management Server
Installation Wizard. Selecting a custom installation allows the administrator to install each server role
individually; and choose a typical installation of all components on the same server. You are prompted for
the SQL Servers location, and after you enter it, the data store is created. During creation of the data
store, you need to designate the Administrative Group, the default User Group, and the location of the
Content shared folder.
Demonstration: Installing the App-V Management Server
Key Points
In this demonstration, you will see how to install all of the App-V management components on a single
computer that is a domain member server and on which SQL Server is preinstalled.
Create and populate Active Directory groups.
a. Start Active Directory Users and Computers.
b. Create global security groups named ContosoAppVAdmins and ContosoAppVUsers.
c. Add the Domain Admins group to the ContosoAppVAdmins group.
d. Add the Domain Users group to the ContosoAppVUsers group.
Prepare the App-V Management Server.
Add the Web Server (IIS) role with the default settings and the following role services:
ASP.NET
Windows Authentication
IIS Management Scripts and Tools
IIS 6 Management Compatibility, with all subcomponents
Install App-V Management Components.
a. Run the installation wizard as a custom setup, and accept all the defaults to install the
management server.
b. Restart the server.
Configure the Startup type for the Application Virtualization Management Server service to be
Automatic (Delayed Start) and start the service.
Create a firewall exception for sghwdsptr.exe and sghwsvr.exe.
Share the Content Folder to Everyone for Read permission, and grant Domain Administrators full
control.
Demonstration: Installing and Configuring an App-V Streaming Server
Key Points
Before installing the App-V Streaming Server, ensure that the App-V server computer meets all hardware
and software prerequisites. The server hardware requirements are the same as the App-V Management
server, except that the supporting infrastructure is much smaller. There is no requirement for a data store
or AD DS. The App-V client is directed to stream applications from the local streaming server by how you
configure its registry or from a desktop configuration policy on a remote App-V management server.
Note: Make sure that the App-V Management Server is not installed on this computer. You cannot
install the App-V Management Server and the App-V Streaming Server on the same computer.
1. Run the installation wizard, and accept all defaults to install the streaming server. Restart the server.
2. Open the Start menu, point to Administrative Tools and verify that there is no App-V management
console for this server.
3. Share the Content Folder to Everyone for Read access and grant Domain Admins Full Control.
4. Copy an application package to the Content folder.
5. Configure firewall exceptions.
6. Restart the Application Virtualization Streaming Server service.
7. On the client computer, edit the HKEY_LOCAL_MACHINE\SOFTWARE
\Microsoft\SoftGrid\4.5\Client\Configuration\ApplicationSourceRoot key with the following
value: RTSP://<servername>:554.
8. Use the SFTMIME command line utility to add the package to the client cache.
9. Test the application.
Question: Is a Microsoft Application Virtualization Management Server and management infrastructure

required to install the Microsoft Application Virtualization Streaming Server?
Question: During installation, several options are available for configuration. How can you change them
after installation?
Considerations for Upgrading from Previous Versions of SoftGrid
Key Points
To realize the benefits of the App-V 4.5 SP1 and App-V 4.6 client release, you need to upgrade your
existing App-V infrastructure. Before upgrading to App-V 4.6 or newer versions, you must upgrade
versions earlier than App-V 4.1to App-V 4.1. You must upgrade the App-V clients first, and then upgrade
the server components.
Upgrading the Client

App-V clients that you do not upgrade to App-V 4.6 will continue to work with App-V servers that you
have not upgraded. Earlier versions of the client are not supported on servers that you upgrade to App-V
4.6. You can upgrade the SoftGrid 4.1 and newer client software directly to the App-V 4.6 client. You can
upgrade clients by installing the new version over the old version, which maintains the client cache and
configuration settings during the upgrade. After the client upgrade completes, you must reboot the client
operating system.
Upgrading App-V Servers

Similar to the client, you can upgrade to App-V 4.6 only from App-V 4.1 or newer by running the installer.
The installation wizard recognizes the currently installed version, and performs the upgrade automatically.
You should conduct server upgrades during nonpeak times, because you must stop the App-V service
during the upgrade. You can upgrade servers by installing the new version over the old version. If you
have multiple App-V servers, you should upgrade all servers simultaneously. However, clients should not
exchange data with different versions of App-V servers simultaneously.
Upgrading the App-V Management Web Service

In cases where the Web service is running on the same server as the App-V server service, the upgrade will
happen automatically. If the Web service runs on a separate server, you must run the installer again on
that server to perform the upgrade.
Upgrading the Sequencer

Upgrading from previous versions of the Sequencer is not supported. You must uninstall any previous
versions of the Sequencer, and then install the App-V Sequencer 4.6. Virtual applications that you
sequence by using an earlier version of the Sequencer can be opened and edited using Sequencer 4.6.
Note: For more information, see the TechNet article App-V Upgrade Checklist at
http://technet.microsoft.com/en-us/library/ff361462.aspx.
Lab: Implementing Application Virtualization
Lab Setup
2. Ensure that the 10324A-NYC-DC1 and the 10324A-NYC-SVR3 virtual machines are running.
3. If required, connect to the virtual machines. Log on to the computers as Contoso/Administrator
using the password Pa$$w0rd.
Exercise 1: Planning the App-V Implementation

Scenario
Contoso, Ltd. has a distributed computing environment. There is a head office with 150 desktops, and a
branch office with 50 desktops. System Center Configuration Manager has not been deployed. There also
are several field engineers who use laptops and who rarely connect to the LAN. The head office and
branch office are connected via a fast WAN link. All users need access to virtual applications. The head
office has multiple file and print servers, application servers, and a domain controller. The branch office
has a local file server. You need to develop a high-level plan that ensures that virtual applications are
available to all users. Your plan must allow for application metering and license checking, where possible.
The main task for this exercise is:

1. Answer questions related to the App-V implementation.
Task 1: Answer questions related to the App-V implementation
Question: How would you recommend deploying virtual applications?
Question: How would you deploy the App-V client?
Question: How would you implement App-V in the head office?
Question: How would you distribute virtual applications to the branch office?
Question: How would you distribute virtual applications to the field engineers?
Results: After this exercise, you should have an understanding of how to plan for an App-V
deployment.
Exercise 2: Installing an App-V Management Server

As the first step in implementing an application virtualization solution, you need to perform a default
installation of the App-V management server for the head office. SQL Server is installed already on the
member server. Next, you will perform the preinstallation tasks of installing IIS 7.0 and creating groups in
AD DS for App-V. Then, you will install the App-V management server, and configure the services startup
parameters to account for SQL Server on the same computer.
Scenario
1. Install IIS 7.0.

2. Create groups for App-V users and administrators.
3. Install the App-V management server.
4. Configure Windows Firewall exceptions
5. Configure the App-V management server service.
Task 1: Install IIS 7.0

On NYC-SVR3, open Server Manager and add the Web Server (IIS) role with the following role
services:
ASP.NET
Windows Authentication
IIS Management Scripts and Tools
IIS 6 Management Compatibility, with all subcomponents
Task 2: Create groups for App-V users and administrators

1. On NYC-DC1, launch Active Directory Users and Computers.
2. Create two global security groups: one named ContosoAppVAdmins, and one named
ContosoAppVUsers.
Task 3: Install the App-V management server

1. On NYC-SVR3, open Windows Explorer and navigate to
\\NYC-DC1\E$\Labfiles\Mod06\Server\Management, and launch Setup.exe.
2. Complete the wizard using the following values and then click Install.
Microsoft Update: I dont want to use Microsoft Update
User Name: Student; Organization: Contoso
Setup Type: Custom
Configuration Database: NYC-SVR3\SQLEXPRESS
Create a new database: APPVIRT
Connection Security Mode: Use enhanced security: disabled
TCP Port Configuration: 554
Administrator Group: ContosoAppVAdmins
Default Provider Group: ContosoAppVUsers
Content folder: default location
3. Restart the system after the wizard completes.
4. Log on to NYC-SVR3 as Contoso\Administrator with the password of Pa$$w0rd.
Task 4: Configure Windows Firewall exceptions

Create an exception for sghwdsptr.exe and sghwsvr.exe in Windows Firewall. These files are located in
the C:\Program Files (x86)\Microsoft System Center App Virt Management Server\Bin folder
Task 5: Configure the App-V Management Server Service

1. On NYC-SVR3, launch the Services console, and locate the Application Virtualization Management
Server service. Start the service if it is not running.
2. Set the service Startup type to be Automatic (Delayed Start).
3. In Hyper-V Manager revert the 10324A-NYC-SVR3 virtual machine. Leave 10324A-NYC-DC1
running for the next exercise.
Results: After this exercise, you should have installed the prerequisites for the App-V management
server, and installed the default installation of the management server.
Exercise 3: Installing an App-V Streaming Server

Scenario
After installing the App-V Management server, you next need to install a streaming-only server for use in
a branch-office scenario. The client will refresh application information from the management server at
the head office, but will stream the application from the local streaming server. You need to ensure that
you have shared the content folder for the necessary users. The sequencing team has given you a
sequenced application, which you will place in the content folder, and then you will configure the App-V
client at the branch office to stream from this server.
1. Install a streaming server.

2. Share the Content folder.
3. Copy a package to the Content folder.
4. Configure Windows Firewall exceptions.
5. Restart the Application Virtualization Streaming Server service.
Task 1: Install a streaming server

1. Start and connect to 10324A-NYC-SVR3. Log on to NYC-SVR3 as Contoso\Administrator with the
password of Pa$$w0rd.
2. Open Windows Explorer and navigate to \\NYC-DC1\E$\Labfiles
\Mod06\Server\Streaming, and double-click Setup.exe.
3. Complete the wizard by providing the following values, and then click Install:
Microsoft Update: I dont want to use Microsoft Update
User Name: Student; Organization: Contoso
Installation Path: default
Connection Security Mode: Use enhanced security: disabled
TCP Port Configuration: 554
Content Root: default location
Advanced Settings: default
4. Restart the server when prompted.
Task 2: Share the Content folder

1. Log on to NYC-SVR3 as Administrator with a password of Pa$$w0rd.
2. Open Windows Explorer and navigate to C:\Program Files (x86)
\Microsoft System Center App Virt Streaming Server, and share the content folder.
3. Ensure that the Everyone group has Read permission to this folder.
4. Grant Full Control to the Domain Admins group
Task 3: Copy a package to the Content folder

In Windows Explorer, navigate to \\NYC-DC1\E$\Labfiles\Mod06\, and copy the Word03 folder to
C:\Program Files (x86)
\Microsoft System Center App Virt Streaming Server\content.

Create an exception for sglwdsptr.exe and sglwsvr.exe in the Windows Firewall. These files are located
in the C:\Program Files (x86)\Microsoft System Center App Virt Streaming Server\Bin folder.
Task 5: Restart the Application Virtualization Streaming Server service

Restart the Application Virtualization Streaming Server service.
Results: After this exercise, you should have installed an App-V streaming server, shared the Content
folder, and copied a package to the Content folder.
Exercise 4: Configuring a Client to Use the Streaming Server

Scenario
To stream from an alternate server, you need to configure a client manually. In this exercise, you will
configure the client to stream from the streaming-only server.

1. Edit the client registry key.
2. Use the Sftmime utility to load the package into the client cache.
Task 1: Edit the client registry key

1. Start 10324A-NYC-CL1 and log on as Contoso\Administrator with the password of Pa$$w0rd.
2. Open the Registry Editor and edit the App-V client registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client
\Configuration key value for Application Source Root to use the RTSP protocol for NYC-SVR3 at port
554.
Task 2: Use the Sftmime utility to load the package into the client cache
Execute the following command on NYC-CL1:
sftmime add package:Word03 /manifest \\\NYC-
SVR3\Content\Word03\Wordviewer03_manifest.xml
Note: The UNC path in the command requires three backslashes at the beginning of the path
Task 3: Test the application

Launch the Word Viewer application.
Results: After this exercise, you should have edited the client registry key to configure the client to use
the streaming server.

following steps:
Review Questions
1. What is the primary function of the OSD file?
2. How can you replicate application packages between multiple streaming servers?
3. How are App-V administrators determined?
Common Issues Related to Implementing Application Virtualization

Identify the causes for the following common issues related to implementing application virtualization,
Client is unable to connect to the

streaming server.
Client is able to connect, but

cannot stream the application.

1. Your organization is geographically distributed. How can you ensure that your application
virtualization solution does not affect the network bandwidth and increase costs?
2. Application licensing can be difficult to track and enforce. Using App-V can simplify license
compliance and even reduce ownership costs. Your renewal time is coming up for a particular
application that you run in the App-V environment. You want to track the actual number of users
who run the application concurrently, so that you can purchase the appropriate number of licenses.
What solution could you implement?
Best Practices Related to Implementing Application Virtualization

Secure communications between server components with Internet Protocol Security (IPsec) in high
security environments.
Use HTTP streaming for Internet facing clients.
Use Network Load Balancing (NLB) to provide redundancy.
Planning and Deploying App-V Clients 7-1
Module 7
Planning and Deploying App-V Clients
Contents:
Lesson 1: Overview of the App-V Client 7-3
Lesson 2: Installing and Configuring the App-V Client 7-14
Lab A: Deploying the App-V Client in Stand-Alone Mode 7-24
Lesson 3: Managing Client Configuration Features 7-28
Lab B: Managing Client Configuration Features 7-41
Module Overview
The Microsoft Application Virtualization (App-V) Client software is the one component that you always
require to implement App-V solutions. Therefore, before you deploy the App-V Client, you must consider
various factors very carefully. You should consider the best client to deploy, the deployment method that
you will use, and the configurations that your intended deployment will require. You also should be aware
of the prerequisites for installing the client.
This module provides an overview of the desktop and remote desktop client, including the several
installation methods. The module also describes the recommendations for deploying and managing the
App-V Client.
Lesson 1
Overview of the App-V Client
There are two different types of App-V Client software: the App-V Client for Remote Desktop Services
(RDS), which you use on Remote Desktop Session Host (RD Session Host) server systems, and the App-V
Desktop Client, which you use for all other computers. RDS formerly was known as Terminal Services. As
the network administrator, you must deploy the client software to all host computers on which you want
to run virtualized applications.
This lesson describes the characteristics of the App-V Clients and the features of the desktop and remote
desktop clients. The lesson also describes the configuration options that are available to the client
software and the considerations for configuring these options.
What Is the App-V Desktop Client?
Key Points
The Microsoft App-V Desktop Client is a small program that runs on startup on desktops and laptops.
Users might never know that the App-V Client is installed because it runs in the background. Although it
is possible for users to access the client software, in most cases users do not interact directly with the App-
V Client. The App-V Management Console is stored in the Administrative Tools folder, and most users do
not have access to that folder. Applications that run in the App-V Client look and feel like normally
installed applications. In a typical deployment, the App-V desktop clients communicate and authenticate
with the App-V Management Server so that it can stream the application to the client. The client sets up
the runtime environment, and then executes the application code locally.
The App-V Client software controls all aspects of the virtual application, including communicating with
the streaming server and verifying the .osd file. The Client executes any scripts that the .osd file specifies.
The App-V Client also is responsible for setting up the client cache, publishing program shortcuts and
icons, dealing with file-type associations, and saving any client-side configurations to the users profile.
Finally, the App-V Client is responsible for disconnecting from the management server.
The App-V Desktop Client makes virtual applications available over networks such as local area networks
(LANs); wide area networks (WANs); virtual private networks (VPNs); wireless networks; and the Internet.
You can use this accessibility feature without rewriting any application source code.
The App-V Desktop Client provides the following features:

Eliminates significant deployment issues, such as application and system conflicts.
Enables different versions of the same application to run on the same desktop.
Enables the same application, with different configurations, to run on the same desktop.
Enables you to prevent any modifications to the operating system, yet still allow applications that
require full rights to run properly.
Centralizes application provisioning, licensing, and updates.
Scales to thousands of users from a single server.

Includes fail-over protection: In the event of a network outage, users that connect via a LAN can
continue working, since code resides on the local computer.
How the App-V Client Accesses an Application
Key Points
A number of steps occur in the background when the App-V Client starts and attempts to stream an
application to the users computer. The events are transparent to the user, but it is useful to know how
this process works in case you have to troubleshoot it.
In a typical scenario, the following sequence of steps occurs when a user launches a virtual application:
1. When users log on to their workstations, the App-V Client service starts, captures the users token,
and then passes it to the App-V Management Server that you configure the App-V Client to use.
2. The App-V Management Server gets each applications group information from the application
records in the data store.
3. The App-V Management Server compares the information in the users access token to the groups to
which you assign permissions in the application records.
4. For any applications that App-V determines need to be provisioned to the user, the App-V
Management Server sends the location of the icon (.ico) and Open Software Description (OSD) files.
5. The App-V Client retrieves the designated ICO and OSD files from the configured location, and then
copies them to the local system.
6. When a user launches an application, the App-V Management Server uses an Open Database
Connectivity (ODBC) connection to return to the data store and verify if that user still has permissions
to the application record.
7. If you implement licensing on that application, the App-V Management Server also queries the data
store to see if there is an available license for that user. If the location is an App-V streaming-only
server, the streaming server checks the NTFS permissions of the content folder that contains the
package. If users have the correct permissions, they will see the application shortcuts to which they
have access, and they then can launch an application by double-clicking the shortcut. When the user
launches an application, the streaming server will access the \Content share, and then mount the
virtualized-enabled application file (SFT) file into the servers random access memory (RAM) to stream
it to the client. Note that the streaming server does not mount the entire SFT file into its RAM at one
time.
8. The App-V Management Server caches application code on the client computer so that the streaming
server does not have to stream subsequent launches. After the initial launch, the App-V Management
Server caches the code, which is known as Feature Block 1, at the client workstation, and then the
application launches, and the user can use it as if it were installed locally.
9. On subsequent launches, the client checks with the management server to ensure that access to the
application is still valid, but uses the code in the local cache to launch and run the application when
possible. If the user attempts to use new application features, the App-V streaming server streams the
requisite code, known as Feature Block 2.
What Is the App-V Client for Remote Desktops?
Key Points
The App-V Client for Remote Desktop Services is installed only on the Remote Desktop Session Host
(RDSession Host) servers. The Client for Remote Desktop Services performs the same function and
behaves in the same way as the App-V Desktop Client, only on a RD Session Host server. When users
connect to the RD Session Host server and launch an application, the application runs in a virtual
environment on the RD Session Host server. Application code executes on the RD Session Host server, and
users access their Remote Desktop applications in the normal fashion. Users are unaware that they are
using a virtual application.
This can alleviate situations where you have application conflicts and have to deploy multiple RD Session
Host servers because of these conflicts. Virtualization allows multiple instances of an application to run
concurrently on RDS servers, you can deploy applications that typically are designed for a single user in a
Remote Desktop environment on a single server. This eliminates the need for application silos, where
multiple RD Session Host servers are required to support multiple applications because those applications
cannot coexist on the same computer.
You can use Windows Server 2008 or Windows Server 2003 Remote Desktop Services to take advantage
of App-V virtual applications. After you load an application on a RD Session Host server in the App-V
cache, any user who has permissions for that application can use it on the RD Session Host server.
The App-V Client for Remote Desktops is a separate installation executable. Installing the App-V Remote
Desktop Services Client is no different than installing other applications on a RD Session Host server.
Installing applications on a RD Session Host server requires using the install mode for the RD Session Host
server.
Storage Locations for App-V Client Data
Key Points
The App-V Client component stores data in multiple locations on the local computer. This data includes
the client cache, the OSD and Icon cache directories, and the Shortcut_ex.dat file. The App-V Client
assembles that data at application runtime, and presents it to the user as a locally running application.
Client Cache
One of the functions of the App-V Client is to create the App-V cache on the client hard disk. The cache is
instantiated as a single file, known as sftfs.fsd. When a user launches the application, the contents of the
file are mounted to the virtual drive that the App-V Client creates. Normally, this is drive Q. Users see
drive Q in Windows Explorer as a normal volume in the graphical user interface (GUI), but users cannot
access it. This virtual drive provides access to the file system and the files in the application package. After
the initial streaming of Feature Block 1, the App-V Client stores packages in the cache file persistently for
subsequent launches.
The sftfs.fsd file is in the Public profile on Windows Vista and newer operating systems, and in the All
Users profile on Windows XP. Both operating systems share the same path in their respective profile,
which is Documents
\SoftGrid Client, though you can choose a location as the caches path during installation. If you change
the path post-installation, you must restart the client computer.
Note: The size of the cache is set during client installation, and you cannot change it without
destroying the contents of the cache.
Note: Microsoft has released the Application Virtualization Cache Configuration Tool. The App-V
Client cache resizing tool (AppVCacheSize) allows administrators to increase the App-V Client cache
size through a scriptable command-line interface. AppVCacheSize uses the parameters you specify to
configure the desired cache size, and to toggle between using a threshold for free disk space or the
maximum cache size. This is a free download from the Microsoft Download Center. However, Microsoft
does not support this application.
OSD Cache and Icon Cache Directories

Icons that you use in shortcuts and file type associations are part of the application package that streams
to the client, and they are cached in a location that is available to all users of the computer. The OSD
cache stores information, such as the location of the streaming server, in the osd file. This information is
required to launch the virtual application. The OSD cache directories are located in the
Documents\SoftGrid Client path in the Public profile on Windows Vista and newer operating systems, and
in the same path in All Users Profile on Windows XP.
An icon cache directory also is created for each individual user, which stores per user icons. By default, this
icon cache directory is stored under the users profile at \AppData\Roaming\SoftGrid Client\ on Windows
Vista and newer operating systems, and it is stored under the users profile at \Application Data\SoftGrid
Client on Windows XP.
The Shortcut_ex.dat File

The shortcut_ex.dat file contains the list of application shortcuts. During a publishing refresh, any
discovered application shortcuts that are available to the client are listed in this file. Both the user and the
machine have their own shortcut files. When the user logs off the machine, this updates the per-user file
with data from publishing refresh operations. Additionally, the machine-based file is updated when you
add a package by using SFTMIME ADD PACKAGE with the /Global switch or when you add a package that
you base on Microsoft Windows Installer (MSI). These files are located in the following profiles:
Per User: \UserProfile\AppData\Roaming\SoftGrid Client on Windows Vista and
\UserProfile\Application Data\SoftGrid Client on Windows XP.
Per Computer: \Public\Documents\SoftGrid Client on Windows Vista and \All
Users\Documents\SoftGrid Client on Windows XP
Considerations for Configuring Client Options
Key Points
Before installing the desktop or remote desktop App-V Clients, you need to plan the client configuration.
The considerations for either client are similar, but some of the settings require additional consideration
for deployment on a RD Session Host server.
App-V Client Considerations

You should consider the following settings carefully when planning an App-V Client installation:
Global data location. This location is the default store of the sftfs.fsd file or client cache, along with
other App-V files. You can move the App-V file system cache independently of the global data
location. Because the cache file can be quite large, consider placing it in an alternate location from
the default, which is in the All Users profile. For RD Session Host servers, you should preload the
entire contents of the SFT file into the cache. You can do this by using the SFTMIME command-line
utility.
Preferred drive letter. This setting determines the drive letter that the App-V Client will use to mount
the virtual file system. If you change the drive letter from the default drive Q, you should set it
consistently on all App-V Clients, and then match the drive letter that is assigned to the second disk
partition on a sequencing workstation.
User-specific data locations. This setting determines where the App-V Client stores user-specific
changes to virtual application packages, such as usrvol_sftfs_v1.pkg. By default, the App-V Client for
Remote Desktop Services places the user-specific data in the AppData folder of the users profile. If
you have roaming users or you use mandatory Remote Desktop profiles, you should redirect the
AppData folder of user profiles to a network location, such as a subdirectory within the users Remote
Desktop home directory or any network location to which the user always has access.
Cache size settings. The App-V Client (desktop or Remote Desktop Services) allows you to configure
the cache (sftfs.fsd file) by using one of the following two methods:
Use maximum cache size: This method sets the cache to an absolute maximum size, with an
upper limit of 1 terabyte. For most client systems, this means that you can use all the available
free disk space for the cache. The default value is 6 gigabytes (GB). For most users who run a few
virtual applications, this space is sufficient. If you know that you will be running large virtual
applications, you should set the cache accordingly. Consider what future applications you might
deploy virtually and leave room for expansion.
Use free disk space threshold: This method sets the cache to increase as long as there is a
predetermined amount of available disk space on the server. When you use this option, the cache
uses all the free disk space available except for a predetermined amount. The default size is 5 GB.
You can use this method when you want to ensure that you leave enough free disk space for
other purposes, but you also want as much disk space as possible available for the cache.
Note: You should give special consideration to the cache size for RD Session Host servers that host
multiple applications to ensure the cache is large enough.
Methods for Deploying the App-V Client
Key Points
The App-V Client supports four standard deployment methods. Because the App-V Client is an application
itself, you can use any method of installation that your organization uses to deploy the client software.
There are several standard installation methods, including:
Manual: Use a portable media, such as a CD or a USB flash drive, a network share, or the Setup file.
This requires that the user log on as a local administrator.
Group Policy object (GPO) Deployment: Deploy the Setup.msi file to the machine or user. This
method does not require that the user is logged on as a local administrator, but it does require that
you install the prerequisite software. Because this method uses the MSI installer file, the prerequisite
software is not installed automatically. You must ensure that the prerequisites software is installed on
the client computer in order for this method to succeed.
Systems Center Configuration Manager 2007 or Systems Management Server (SMS) 2003: Deploy the
Setup.msi file to the user or a machine. This method does not require the user to be an administrator,
but does require the prerequisite software to be installed.
Imaging: Install the App-V Client to the reference computer, and then image it using your
organizations standard imaging methods. You must have local administrative rights.
If you use Active Directory Domain Services (AD DS), Group Policy software deployment is a good
choice. You can use a GPO to deploy the client software to selected computers or users. Large
organizations may prefer to use System Center Configuration Manager. You can schedule the installation
of the software to occur at a particular time using this method. If you have a current imaging solution,
and want all users to have the App-V Client you can choose to embed the client in the standard desktop
image. This also allows you to embed the prerequisite software. Many organizations have a role based
approach to imaging. For example, you might deploy images with the client installed and configured
differently based on location or type, such as desktop or laptop.
Lesson 2
Installing and Configuring the App-V Client
You can use several ways to deploy virtual applications that require using different back-end components.
However, no matter what virtualization scenario you use, you would require the App-V Client. This lesson
describes the ways to install and configure the App-V Client for different scenarios.
Prerequisites for Installing the App-V Desktop Client
Key Points
Before installing the App-V Client, you should be aware of the recommended hardware and software
prerequisites for the App-V Desktop Client and the App-V Client for RDS.
In general, the requirements are similar for each. Both clients have two installer files. To install the App-V
Desktop Client, you need an executable named Setup.exe, and to install the App-V Client for Remote
Desktop Services, you need an MSI file named Setup.msi. The behavior of these installers differs in certain
aspects.
Setup.exe checks for the following prerequisite software:
Microsoft Visual C++ 2008 Service Pack 1 (SP1) Redistributable Package [x86] (4.6 client only)
Microsoft Visual C++ 2005 SP1 Redistributable Package [x86]
Microsoft Application Error Reporting
Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)
If these components are not present, the Setup.exe client installer installs them.
The MSI.exe also checks for the prerequisite software, but does not install it. You must install the
prerequisite software using some other method. If the Setup.msi does not detect the prerequisite
software, the installation returns an error and fails.
Requirements for the App-V Desktop Client

The following operating systems support the App-V 4.5 SP1 or 4.6 client:
Windows XP Professional with SP2 or SP3
Windows Vista Business, Enterprise, or Ultimate editions with no service pack, SP1, or SP2
Windows 7 Professional, Enterprise, or Ultimate
The App-V Client does not require processor or random access memory (RAM) capacity beyond what is
needed for the operating system being used.
The App-V Client requires a minimum disk space of 30 megabytes (MB) for installation and 6 GB for
cache.
Note: App-V 4.5 SP1 supports only 32-bit architecture. The App-V Client 4.6 release is the first version
of App-V to support both x64 and x86 Windows platforms. The primary focus of this release is to
enable App-V to take advantage of 64-bit Windows platforms, including Windows 7 and Windows
Server 2008 R2.
Requirements for the App-V Client for Remote Desktop Services

The following operating systems support the App-V 4.5 SP1 or 4.6 client:
Windows Server 2003 Standard, Enterprise, or Datacenter editions with SP1 or SP2
Windows Server 2003 R2 Standard, Enterprise, or Datacenter editions with no service pack or SP2
Windows Server 2008 Standard, Enterprise, or Datacenter with SP1 or SP2
Windows Server R2 2008 Standard, Enterprise, or Datacenter
Demonstration: Installing the App-V Desktop Client
Key Points
In this demonstration, you will see how to install the App-V Desktop Client by using the Setup.exe file
1. Launch Setup.exe.
2. Perform a custom installation. Notice the software requirements and install them.
3. Accept the defaults, except using Microsoft Updates, to complete the installation wizard.
What Is the Application Source Root Value?
Key Points
The Application Source Root (ASR) value configures the App-V Client to stream Application Virtualization
package files from an alternate location other than the application's specified OSD file.
In a typical scenario, the OSD file has a line of XML code known as a hypertext reference (HREF) tag, which
indicates a protocol, server name, and path from where you can find and stream the SFT file. If you wish
to have the client stream the SFT file from a location other than the Management Server, such as a branch
streaming server, or use a different protocol, such as HTTP, you can set the ASR on the client. Setting this
value on the client overrides the HREF tag value.
You can set the ASR value during the client installation process. After installation, you must configure the
ASR value for the application virtualization client by using a Group Policy object or by manually modifying
the registry in the HKLM\software\Microsoft\SoftGrid\4.5\Configuration key. The two available options
are:
A URL: <protocol>://<server>:<port>
A UNC: \\computername\sharefolder\subfolder1
Configuring the ASR value replaces sections of the OSD file on the App-V Client with the values from the
ASR.
For example:
If the OSD file has the following HREF tag:
Rtsp://sgserver:554/Microsoft_Office_2007/Microsoft_Office_2007.sft
And you configure the ASR as:

\\BOS-1\AppV
The App-V Client will use the ASR value to override the OSD file and look for the
Microsoft_Office_2007.sft in the following Universal Naming Convention (UNC):
\\BOS-1\SoftGrid\Microsoft_Office_2007
Managing the App-V Client by Using the Desktop Notification Area
Key Points
The Microsoft App-V Client uses sfttray.exe for displaying pop-up status messages in the notification area.
These messages report the applications current load percentage and successful launch.
In the event of an error, the sfttray.exe reports in the notification area, Launch Failed. If the user clicks on
that message once, an error code displays. This error code, along with any message, is written to the
clients log file, sftlog.txt, for future reference.
Sfttray.exe places an icon in the notification area that enables users to perform a limited set of actions for
virtual applications. From the Notification tray icon or sfttray.exe, you can:
Refresh the list of available applications, shortcuts, and file-type associations from a defined
publishing server.
Fully load applications in the cache for use while in disconnected mode. If you are not connected to
the streaming server, an error generates. Applications load one at a time, and you can skip individual
applications during the load process.
Cancel loading of applications into the cache.
Toggle between working online and offline.
Exit from the client.
By default, the Notification tray is shown in the notification area only when the client is in use. You can
configure this behavior in the properties of the App-V Client on the Interface tab. You also can run
sfttray.exe from the command prompt to force the icon to display in the notification area.
Configuring the Disconnected Operation Mode
Key Points
The disconnected operation mode lets the App-V Client run applications that are in the local file system
cache if the client cannot connect to the App-V Management Server.
Clients automatically go into the disconnected mode when the user chooses to work offline or when there
is a server failure, network outage, or network disconnection.
To work in the disconnected mode, right-click the App-V notification area icon, and then click Work
Offline. You also can configure the disconnected mode by setting the
\Network\AllowDisconnectedOperation registry key value to 1.
Mobile users may want to load the applications fully into the cache to use them during the disconnected
operation. If an application is not 100 percent cached, and the user tries to perform an operation that
requires additional code from the server, the system warns the user, and then shuts down the application
in two minutes. By default, the disconnected operation mode is enabled, and the time-out is 90 days. The
maximum time-out optional setting is 999 days.
You also can configure time limits on the disconnected mode by setting the
\Network\LimitDisconnectedOperation registry key value to 1 and setting the
\Network\DOTimeoutMinutes registry key to a value, in minutes, between 1 and 999999. To allow
unlimited use of disconnected operation mode, set this value to zero.
To load the application(s) fully, right-click the App-V Client notification area icon, and then click Load
Applications.
Note: For Remote Desktop Clients, you should allow unlimited use of disconnected operation mode.
Configuring a Client for Stand-Alone Operation
Key Points
The Stand-Alone mode is meant for those users who connect rarely, and who need virtualized
applications, but who do not have access to a streaming server. For the Stand-Alone mode, you require an
MSI file that the App-V sequencer and the App-V Client software create. This MSI file contains the ICO,
OSD, and Manifest.xml files that are necessary for publishing the application on the machine from which it
is run from and information on how to import the SFT file into the App-V Client cache. You do not need
any additional App-V infrastructure. The SFT file is not part of the MSI that generates during sequencing,
and it needs to be in the same directory as the MSI to complete successfully by default. If the SFT file is in
an alternate location, such as a network share, then you can use the SFTPATH parameter to specify the
location. For example:
Msiexec.exe /i \\PathToMsi\packagename.msi SFTPATH=\\server\share
\package.sft /q
Note: Applications installed in Stand-Alone mode are available to all users who log onto the
computer.
You can configure the Stand-Alone mode during installation, through the registry after installation, or by
using GPOs with the App-V ADM Template. To configure the Stand-Alone mode during installation,
configure settings on the Runtime Policy Package Configuration page by performing the following
steps:
1. Clear the Require User authorization even when cached check box.
2. Select the Allow streaming from file check box.
3. Clear the On Launch check box.
4. Clear the On Logon check box.
You also can use GPOs to configure these settings, though by definition, the client computers may not be
able to receive the policy because they are disconnected from the network. These settings are in the
Group Policy App-V ADM Template in the Communications folder.
Note: You cannot set up the client to be in Stand-Alone mode and streaming mode simultaneously.
Lab A: Deploying the App-V Client in

Stand-Alone Mode
Lab Setup
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
Ensure that the 10324A- NYC-DC1 and 10324A- NYC-CL2 virtual machines are running.
If required, connect to the virtual machines. Log on to the virtual machines as
Important: Start the NYC-DC1 virtual machine first, and ensure that it starts fully before you start the
other virtual machines.
Exercise 1: Installing and Configuring the App-V Client

Some users in Contoso, Ltd. do not connect to the LAN. You want to provide access to virtual applications
for those users, and you want to install the App-V Client software, and then configure it for Stand-Alone
mode. This enables those users to run their line-of-business (LOB) applications without having to install
them on their laptops.
1. Install the App-V Client in Stand-Alone mode.
Task 1: Install the App-V Client in Stand-Alone mode

1. On NYC-CL2, open Windows Explorer, browse to \\NYC-DC1
\E$\Labfiles\Mod07\Client\x86, and then launch Setup.exe.
2. Perform a custom installation of the App-V Client, accepting the defaults, with the following
exceptions:
Select I dont want to use Microsoft Update to using Microsoft Updates.
On the Runtime Package Policy Configuration page, clear the Require User authorization
even when cached check box.
In the Application Authorization section, select the Allow streaming from file check box.
In the Automatically Load Application section, under When to Auto Load, clear the On
Launch and On Login check boxes.
Exercise 2: Installing a Stand-Alone Package

The sequencing team has created a stand-alone MSI file. You need to deploy and test the functionality of
the stand-alone package that you will distribute to the field engineers who do not connect to the LAN.

1. Install a stand-alone package.
2. Examine the properties of the package file and the data locations.
Task 1: Install a stand-alone package

1. On NYC-CL2, open Windows Explorer, and then browse to
\\NYC-DC1\E$\Labfiles\Mod07\.
2. Copy the Word03 folder to C:\.
3. In C:\Word03, double-click Wordviewer03.msi.
Task 2: Examine the properties of the package file and the data locations
1. Launch the Application Virtualization Client from the Administrative Tools in Control Panel.
2. In the Applications node, access the properties of the Microsoft Office Word Viewer 2003
application.
3. Click the Package tab, and then observe the Current Statistics:
Question: What is the Package Size?
Question: What is the Size in Cache?
Question: What is the Launch Data Size?
4. Click Cancel, and then close the Application Virtualization Client and Control Panel.
5. Show hidden files and folders.
6. Open Windows Explorer, browse to the global data location at
C:\ProgramData\Microsoft\Application Virtualization Client
\SoftGrid Client, and then examine the contents.
Question: What is the size of the sftfs.fsd file?
7. Navigate to the user-specific data location at
C:\Users\Administrator.CONTOSO\AppData\Roaming\SoftGrid Client, and notice the
shortcut_ex.dat and the userinfo.dat files. These files maintain per-user shortcut and identity
information.
8. Close all open windows on NYC-CL2.

1. On NYC-CL2, launch Microsoft Office Word Viewer 2003 from the All Programs menu. A message
will appear above the notification area indicating that Word Viewer is launching.
2. Click the Microsoft Application Virtualization Desktop Client Notification icon in the notification
area, and then click Exit. Click OK to close the application.

When you finish the lab, revert the virtual machines to their initial state by completing the following steps:
Lesson 3
Managing Client Configuration Features
The App-V Client Management Console enables you to configure some aspects of the client, such as
logging and permissions, and some settings of the virtual applications, such as file type associations and
publishing servers. Though you can configure most of these settings from the server or through GPOs, the
client settings allow you to have configurations for individual clients that might need special settings.
This lesson describes how to configure App-V Client nodes.
Managing App-V Client Properties
Key Points
Although configuration of the client is done during the installation process, there may be times when you
need to modify those settings. The property pages of the client software allow you to modify many of the
client settings. You can access the properties from the root nodes shortcut menu in the App-V Client
Management Console.
Six tabs in the Properties dialog box control the following settings:
The General tab contains the following options:
Logging. This option controls logging levels and location of log files.
Global Data Directory. This option controls the location of the App-V data that all users share.
User Data Directory. This option controls the location user-specific App-V data.
The Interface tab:
Run Settings. This option controls when to show the App-V Client icon in the notification area.
Popup Messages. This option controls how or if to display error and information messages.
The File System tab:
Client Cache Configuration Settings. This option controls the size of the client cache.
Drive Letter. This option controls the virtual drive letter used (Q by default).
The Import Search Path tab. This option controls the SFT search path when you are importing
applications.
The Connectivity tab. This option controls disconnected operation values to limit the number of days
allowed and if the user can work offline. If you allow offline mode, the App-V Client does not attempt
to connect to streaming or publishing servers.
The Permissions tab. This option controls the permissions that users have over virtual applications on
this computer. These permissions are for all users, and you cannot assign them on a per-user basis.
Administrators always can perform all tasks.
Managing Virtual Applications
Key Points
You can use the App-V Client Management Console to manage virtual applications in the client cache.
The Applications node allows an administrator to view and manipulate the applications on the App-V
Client. By right-clicking the Applications node, a context-sensitive menu displays, which enables you to
add a new application and export a list of applications to a text file.
By right-clicking an application in the details pane, you can display a menu from which you can:
Create new shortcuts to be associated with the application.
Create a new file type association.
Unload an application, which removes it from the client cache.
Clear an application. Clearing an application removes the settings, shortcuts, and file type associations
that correspond to the application and removes the application from the users list of applications.
Repair an application. Repairing an application will remove any custom user settings and restore
default settings.
Lock the application from being removed from the client cache.
Managing File Type Associations
Key Points
The File Type Association node allows you to view, add, and manipulate the file types on the App-V Client.
When you select the File Types Association node, a list of available file types is displayed in the App-V
Client Management Console Results pane. By right-clicking the node, you display a menu that allows you
to add new file type associations and link them to applications.
By right-clicking an existing file extension, you can delete an extension or modify the properties
associated with that extension, including:
Changing the icon
Changing the associated application
Creating or modifying launch parameters
Modifying the Content Type
Managing Server Connections
Key Points
You can use the Desktop Configuration Servers node to create, delete, edit, and manually refresh the
clients designated management server, known as a publishing server. By right-clicking the Desktop
Configuration Servers node, you display a menu that allows you to add a new publishing server. A client
can receive applications from multiple publishing servers simultaneously.
The New Publishing Server Wizard allows the administrator to provide a display name and type of
publishing server. You can select the following types of publishing servers:
Application Virtual Server. This selection uses port 554, by default.
Enhanced Security Application Virtual Server. This is the default selection, and uses port 322.
Standard HTTP Server. Uses port 80, by default.
Enhanced Security HTTP Server. Uses port 443, by default.
Note: When selecting HTTP or HTTPS protocol, you must provide a folder path.
After you configure a server, you can modify the properties. You can modify all the properties that were
configured during installation, and you can configure the server refresh setting. The desktop client queries
the Management Server at intervals to receive information from the server about new applications or
changes to existing applications, such as package upgrades. This process is known as DC Refresh. The
client also uses this time to populate the host operating systems with the icons for those applications so
that users can access them. You can configure the client to:
Refresh at logon (default setting).
Refresh every number of days.
Manually refresh immediately.
Demonstration: Configuring a Publishing Server
Key Points
In this demonstration, you will see how to configure the App-V Client with a publishing server.
1. Launch the App-V Client.
2. Add a new publishing server of the Application Virtualization Server type with the host name NYC-
SVR2.contoso.com.
Configuring the App-V Client by Using a Command Line
Key Points
Sftmime.exe is a command-line interface that you can use to manage many client configuration settings.
Sftmime operations are either commands or queries. Commands are actions that have some effect on the
computers state, such as a command that loads an application into the cache. Queries are requests for
information that generate output. These commands are most useful in scenarios where you need to
configure App-V Clients by using scripts.
Sftmime Commands
All commands have a similar structure. The sftmime command is followed by a verb, an object, and
additional parameters.
The following examples illustrate the more common uses for SFTMIME:
Remove all applications from cache, their file type associations, and shortcuts for all users:
sftmime remove obj:app /global /complete
Add applications:
sftmime add app:"MSProject" /osd http://server/Microsoft SoftGrid Application
Virtualization/MSProject.osd
Load applications:
sftmime load app: MSProject
Sftmime Queries
All queries start by using the /query verb and are followed by an object type that identifies whether the
query applies to applications, servers, or file type associations. You can use the available queries to list all
applications, all Multipurpose Internet Mail Extensions (MIME) servers, and all file type associations. For
example:
To find the package that you want to configure, run the following command:
sftmime query obj:package
This command returns each discovered package name as a globally unique identifier (GUID) in the first
column of output. For example, the return might be {AF78ABE1-57D4-4297-89DE-C308684AEDD6}.
To list all the publishing servers the client is configured to use, run the following command:
sftmime query obj:server
To have the output of the command redirected to a file, use the /log parameter. For example, to have
the query output of the previous command redirected to a text file in the C:\logs directory, run the
following command:
sftmime query obj:server /log:C:\logs\serverquery.txt
Note: The command does not create the destination directory. You must create it prior to running the
command.
What Is the App-V ADM Template for Group Policy?
Key Points
You can use the Microsoft App-V ADM template to configure client settings for the App-V Desktop Client
and for the App-V Client for Remote Desktop Services. The ADM template manages common client
configurations centrally by using the existing Group Policy infrastructure.
The template allows you to configure 37 different registry settings that affect the App-V Client. These
settings fall into three categories, and common settings are grouped together under the following
categories in the templates Group Policy Editor:
Communication
Permissions
Client Interface
Although the settings appear in the Policies container in the Group Policy Management Editor, you
implement the ADM template for App-V as Group Policy preference settings. Preferences behave
differently than policies in Group Policy objects. Preferences do not make permanent registry changes,
which means that users can change the settings either by editing the registry or by using the application.
Also, even if you remove the GPO, the settings are not removed.
Setup Considerations
After you apply the ADM template, it updates the preference settings of client computers that already
have the App-V Client installed. However, if you install the App-V Client after you apply the ADM
template settings to a computer, the installer overwrites the preference settings from the ADM template
with the installers default settings. This causes inconsistencies between clients.
You can implement an optional switch during the client setup to ensure that the template preferences do
not overwrite the registry settings:
setup.exe KEEPCURRENTSETTINGS=1
msiexec.exe /i setup.msi "KEEPCURRENTSETTINGS=1"
Note: Parameters are case-sensitive and must be entered all in uppercase letters, as the above
example shows. Additionally, you must enclose all parameter values in double quotes.
Implementing the App-V ADM Template

You must install the App-V ADM template from the Microsoft download site, and then install it separately.
To deploy settings using the App-V Client ADM template, you need to complete the following steps:
1. Download the ADM Template MSI file from http://go.microsoft.com/fwlink/?LinkId=121835.
2. Install the ADM Template by choosing a location to extract the ADM files.
3. Add the extracted ADM Template into a GPO by right-clicking on Administrative Templates,
clicking Add/Remove Templates, and specifying the location of the ADM files.
What Is Autoload?
Key Points
Autoload governs how the primary (Feature Block 1) and secondary (Feature
Block 2) sections of an application are delivered to the client. Normally, the primary feature block streams
and provides the code to launch an application initially. This usually represents only 10 to 30 percent of
the applications code. Feature Block 2, which is the rest of the applications code, downloads only in parts
on demand. You can configure the client to ensure that after Feature Block 1 downloads, the client
continues to stream Feature Block 2 in the background until the application is 100 percent in cache. The
autoload feature is especially useful for mobile clients and other clients that might not have constant
communications with the management or streaming server.
Use of autoload triggers can increase the initial network traffic of SFT streaming following an installation.
Autoloading occurs over Real-Time Streaming Protocol (RTSP), and is set as a lower priority process so
that it does not affect or degrade performance for the user. Feature Block 1 is loaded as quickly as
possible. Feature Block 2 is loaded in the background to enable foreground operations to take priority
and to provide optimal performance.
You can implement autoload for the App-V Client in any of the following ways:
By using the client installation wizard during the installation.
By using parameters while you run the installer manually.
By editing the registry after you install the client.
By using the Sftmime command-line utility.
By using a Group Policy object that utilizes the App-V template.
Autoload Options
You can configure autoload to load the application on the following triggers:
On Launch. Background streaming begins when the application launches for anything outside of the
primary feature block.
On Login. User-authorized applications start background streaming when the user logs on.
On Publishing Refresh. A new application that is granted to the user begins streaming in the
background following the periodic publishing refresh.
You can control the applications that will be affected by autoload by using the following options:
Do not automatically load applications. No applications will be loaded.
Automatically load previously used applications. Applications previously assigned to the user, and
which a user launched previously, will autoload into the cache via background streaming.
Automatically Load all applications. All applications assigned to the user will be loaded into the cache
via background streaming.
Lab B: Managing Client Configuration Features
Lab Setup
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-SVR2, and 10324A-NYC-CL1 virtual machines are
running.
Exercise 1: Configuring the App-V Client Properties

You have installed the App-V Client software as a default installation. You are now required to use the
App-V Client Management Console to configure the properties of the client to meet your organizations
needs. You need to configure the log files to record errors and store them in the Windows\Logs directory.
You also want to configure the App-V Client icon to displays continuously in the notification area, and
then limit the disconnected mode to 120 days. Additionally, you need to configure the client cache to use
all but 5 GB of the available hard disk space and set permissions so that any user can manage the
publishing server.
1. Access the App-V Client properties.

2. Configure logging levels and locations.
3. Configure the App-V Client properties.
Task 1: Access the App-V Client properties

On NYC-CL1, open the Application Virtualization Client, and then access the Properties dialog box of
the root node.
Task 2: Configure logging levels and locations

1. On the General tab click the drop-down arrow under Log Level, and select Error.
2. Beside the Location field, click Browse, and then browse to C:\Windows\Logs. Click Save, and then
click Apply.
Task 3: Configure the App-V Client properties

1. On the Interface tab, configure the App-V Client icon to show continuously in the notification area.
2. On the File System tab, set the minimum free space to be 5,000 MB.
3. On the Connectivity tab, set the disconnected limit to be 120 days.
4. On the Permissions tab, allow all users to manage publishing servers.
Exercise 2: Configuring a Publishing Server for the App-V Client

After configuring client properties, you need to configure the App-V Client to connect to the App-V
Management Server over RTSP. You want to make sure that the client is refreshing from the management
server correctly. During your testing period, you want the DC Refresh policy to take effect on login and
refresh every two hours. You also must refresh the client manually. This enables the client to remain
current on the policy changes that you want to test.

1. Add a new publishing server for the App-V Client.
2. Configure the DC Refresh settings, and then refresh the client manually.
Task 1: Add a new publishing server for the App-V Client

Right-click the Publishing Server node, and then add a new server with the following parameters:
Display Name: Contoso App-V Management
Type: Application Virtualization Server
Host Name: NYC-SVR2
Task 2: Configure the DC Refresh settings, and then refresh the client manually
1. On NYC-CL1, in the Publishing Servers node, access the Contoso App-V Management properties,
and then click the Refresh tab.
2. Set the refresh interval to be every 2 Hours.
3. Click Refresh to perform an immediate refresh.
Exercise 3: Configuring Applications by Using the Desktop Client

You are required to observe how the application behaves in the client cache. You also need to configure a
custom file extension for a LOB application. In this exercise, you will inspect the properties of the
application package, load the application into the client cache, and then see the effect on the cache. You
also will create a new file type association, and then test it by creating a test file with an extension.

1. Inspect the properties, and then load the application into the cache.
2. Create a custom file extension.
3. Test the file extension.
Task 1: Inspect the properties, and then load the application into the cache
1. On NYC-CL1, in the Application Virtualization Client, click the Applications node. Notice the current
Package Status is Idle.
Note: You may have to refresh the view to see the application listed.
2. Open the Properties of the Microsoft Word Viewer application, and answer the following questions
Question: What is the Launch Data in Cache?
3. Load the package into the client cache
4. Access the Properties of the application again.
Task 2: Create a custom file extension

1. Create a new file type association named ABC.
2. Associate the extension with the Microsoft Word Viewer application.
3. Click the File Type Associations node, and notice that the ABC file extension is now listed and
associated with the Microsoft Office Word Viewer application.
Task 3: Test the file extension

1. On NYC-CL1, start a command prompt.
2. Type fsutil file createnew test.abc 1000 to create a new file.
3. Start Windows Explorer, and then navigate to C:\Users\Administrator.Contoso. Notice that the file
has been created and shows the icon of Microsoft Office Word Viewer.
4. Open the Test.abc file. The file opens in Microsoft Word Viewer application.
Exercise 4: Installing and Configuring Settings by Using the Group Policy

App-V Template
You want to be able to control all App-V Client configuration in a centralized fashion. To do this, you have
downloaded the App-V Group Policy template from the Microsoft download site. You now plan to install
it, and then add it to the GPO to test the configuration of App-V Clients. As a test, you will grant users
permission to add applications.

1. Install the App-V Group Policy template.
2. Add the template to the Group Policy Object Editor of the Default Domain Policy.
3. Grant permission to add applications to all users.
Task 1: Install the App-V Group Policy template

On NYC-DC1, open Windows Explorer, browse to E:\Labfiles\Mod07, and install
AppVADMTemplate.msi.
Task 2: Add the template to the Group Policy Object Editor of the Default Domain Policy
1. On NYC-DC1, start the Group Policy Management Console.
2. Edit the Default Domain Policy.
3. Add C:\AppVADMTemplate\AppVirt.adm to the Administrative Templates.
Task 3: Grant permission to add applications to all users

1. In the Group Policy Management Editor navigate to Administrative Templates> Classic Administrative
Templates (ADM)> Microsoft Application Virtualization Client> Permissions.
2. Enable the Add Application permission.
3. Switch back to NYC-CL1.
4. On NYC-CL1, use GPupdate to refresh Group Policy.
5. Start the Application Virtualization Client.
6. In the Application Virtualization Client, access the root node properties.
7. Click the Permissions tab, and then note that the Add applications check box is now checked,
which grants users this permission.

following steps:

Review Questions
1. Where should the user-specific data location be for roaming users?
2. What is the major difference between the two client installer files: Setup.exe and Setup.msi?
3. What command-line utility allows you to query the client?
4. What is the ASR value used for?
Common Issues Related to Implementing Application Virtualization

Mobile users are unable to run

virtual applications when they are
not connected to the LAN.
The App-V Client cannot stream

the application.
The App-V Client receives a

Failure on Desktop Configuration
Server request to URL error. Event
ID 3131.

Your organization has multiple applications that typically are incompatible on the same computer. Your
field engineers need to run these applications, but they seldom connect to the corporate LAN. Your
company deploys App-V applications to users on the LAN. What possible solutions are available for the
field engineers?
Best Practices Related to Implementing Application Virtualization

Use the App-V Client for Remote Desktop Services to alleviate application compatibility issues on RD
Session Host servers.
Use the App-V Client for Remote Desktop Services to ensure that all packages preload into the cache
to improve performance.
The App-V Client for Remote Desktop Services should allow unlimited use of disconnected operation
mode.
Ensure that the client cache is large enough to handle the applications being assigned to the user. If
you do not scale the cache properly, then the users can experience application failures when they
disconnect.
If you do not use the default virtual drive letter, ensure the drive letter you choose is consistent across
clients.
Deploy the App-V ADM Template settings after installing the App-V Clients.
Managing and Administering Application Virtualization 8-1
Module 8
Managing and Administering Application Virtualization
Contents:
Lesson 1: Using the Application Virtualization Management Console 8-3
Lesson 2: Publishing Applications into the App-V Environment 8-12
Lab A: Publishing Applications in the App-V Environment 8-27
Lesson 3: Performing Advanced Administration Tasks for
Application Virtualization 8-32
Lab B: Implementing License Enforcement 8-43
Module Overview
After you deploy the Microsoft Application Virtualization (App-V) infrastructure, you should be able to
manage and administer the App-V solution by using the Application Virtualization Management Console.
This console enables you to control the entire App-V environment from a single workstation. You deploy
the Application Virtualization Management Console on the administrative workstation, and then use it to
perform administrative tasks, such as modifying and publishing virtualized applications, and configuring
version upgrades.
This module provides an overview of the Application Virtualization Management Console and the
permissions that users must have to administer the App-V Management Server. The module also covers
the steps you must take to perform these administrative tasks, and how to enforce license compliance and
manage server groups and server objects.
Lesson 1
Using the Application Virtualization Management
Console
You can perform all tasks related to Application Virtualization management and administration in the
Microsoft Management Console (MMC) snap-in called the Application Virtualization Management
Console. As an administrator, you would need to manage applications, packages, servers, users, and
administrators, and you may have to create policies to configure connection settings and application
access for users. The Application Virtualization Management Console provides several features and
functionalities that you can use for performing these administrative tasks.
This lesson provides an overview of the console and explains how to control administrative access, and
describes the functionality and administrative functions that the console provides.
Connecting the Management Console to the App-V Web Service
Key Points
The Application Virtualization Management Console is the main configuration tool for the App-V
environment. The Management Console does not connect directly to the App-V Management Server.
Rather, it connects to the Web service, which in turn connects to the computer that is running the
Microsoft SQL Server database and the Management Server. To perform any administrative tasks, you
first must connect to the Web service with the proper credentials. You can configure how users must
connect to the local App-V Web service in several ways:
On initial startup of the App-V Management Console.
By configuring the connection in the root node of the Management Console.
By using the Configure Connection link on the Management Server object.
When you first start the Application Virtualization Management Console, it prompts you to connect to a
specific App-V Web service. You can host this Web service on a specific server, or configure it on multiple
servers for load balancing and redundancy. The Web service in turn connects to the configuration
database.
Users can connect to the Web service by using a standard HTTP port such as 80, or by using Secure HTTP
(HTTPS) on 443 for a secure connection. We recommend that you use secure connections between these
components. To connect to the Web service using HTTPS, you need to obtain a Secure Sockets Layer (SSL)
certificate, and bind it to the Web service.
Users making this connection must be members of the App-V Administrators Group, or provide the login
credentials of one of the groups users.
The following table summarizes the connection options:

Option Value
Web Service Host Specifies the IP address or host name of the App-V Web service to which the
Name snap-in connects.
Use Secure Connection Specifies that the Management Consoles connection to the Web service be
over a secure connection. Port 443 is the default port.
Port This field specifies the port number to which the Web service listens for
requests from the Management Console. Port 80 is the default port.
Use Current Microsoft Specifies that the credentials of the currently logged-on user will be used to
Windows Account connect to the Web service.
Specify Windows Specifies that account credentials entered in the Name and Password fields
Account will be used when opening the Management Console session.
Name Specifies the account name that is authorized to access the Web service. The
format is Domain\username.
Password Specifies the password that authorizes the account identified in the Name
field, which provides access to the Web service.
Exploring the Application Virtualization Management Console
Key Points
The Console pane in the Application Virtualization Management Console consists of several default
containers that display existing objects, and that provide access to object properties and wizards that
assist in creating additional objects.
The Application Virtualization Management Console contains the following nodes:
Applications. This node displays a list of applications that are available within the Application
Virtualization system. You can use this node to create application groups; create or import new
applications; and move, copy, or duplicate applications to other virtualization management systems.
File Type Associations. This node displays a list of file type associations. You can use this node to add
new file type associations that applications require.
Packages. This node displays a list of packages configured on the App-V system. You primarily will use
this node when you need to introduce a new version (.sft file) for a specific package or application.
Application Licenses. You can use this node to configure application access based either on a specific
number of concurrent users or by specific user names.
Server Groups. You can use this node to create a logical container and grouping of any App-V servers
that should share a common provider policy Logging configuration, and a set of virtualized
applications.
Provider Policies. You can use this node to configure general rules for any user connecting to the
Application Virtualization system. The Application Virtualization system initially configures a default
provider to provide default connection settings for clients.
Administrators. You can use this node to add or remove security groups responsible for App-V system
administration.
Reports. You can use this node to create and view various types of reports related to system
utilization and application activity.
Managing App-V Administrators
Key Points
You can use the App-V Administrators container to view the group that is responsible for App-V system
administration. You specify this group during installation. You also can add or remove security groups
from this container.
If the Active Directory Domain Services (AD DS) domain functional level is Windows Server 2003 or
newer, you can use any security group. If the domain functional level is earlier than Windows Server 2003,
you can use Global Groups only.
You might have situations where you need to reset the security groups that you want to allow to manage
the App-V system. For example, if you delete the security group that the App-V Administrators container
specifies from within AD DS, no one would be able to log onto the Management Console. In this situation,
you must reset the App-V Administrators group.
To reset the App-V Administrators group, you can launch the Management Console, right-click
Application Virtualization Systems, and then click Reset Administrators to launch the Reset
Administrators Wizard. You must provide database connection information to the configuration database.
You then can add or remove security groups to provide the necessary administration permissions for the
App-V system.
Question: Can you assign an individual to be an App-V administrator through the App-V Management
Console?
Configuring System Options
Key Points
You can control certain system-wide options by right-clicking the Server container in the Application
Virtualization Management Console. These options include the Default Content Path, Database sizing
controls, and Usage History.
Default Content Path: This option allows you to set the default Universal Naming Convention (UNC)
share or URL location for .sod and .icon files, which specify application records and file-type
associations. For example, a default content path can be \\SERVERNAME\ContentSharePath or
HTTP://SERVERNAME/content.
App-V uses the Default Content Path when you import or copy applications from another system.
Note: If you use the actual physical path to the content share, such as C:\Content, or if you specify
nothing at all, your published applications will not work.
Database Size: The App-V system has the ability to limit the size to which the database can grow. The
default maximum size is 1024 megabytes (MB), but you can set this value to be between 1 MB and
2,147,483,647 MB.
The database contains configuration information and stores usage information for the App-V
infrastructure. The following is a list of App-V Infrastructure operations that use the database:
Publishing refreshes
Application load
Application launch authorization
Server management console
Application usage data collection and metering
Most of these operations place a small load on the SQL server. The growth rate of the database is
dependent on the number of application launches and the amount of reporting information that
you are collecting. You will have to monitor the database over time to determine the correct
values when limiting database size.
The system automatically cleans up obsolete data and orphaned transactions to ensure that your
database does not reach this size limit. The default high watermark is 95 percent of the defined size,
and the default low watermark is 85 percent. When your database reaches the 95-percent mark, the
system deletes 10 percent of the usage data, and leaves 85 percent of the data. The system deletes
both package and application usage data.
Usage History: You can specify how many months worth of data you wish to keep. On a monthly
basis, the database ensures that the database retains data only from the number of months that you
specify. It deletes the rest. The default specification is set to six months, but you can configure it to be
anywhere between one to 120 months.
Note: You must set the SQL Server Agent to start automatically if you want to enable management of
the databases size. By default, App-V begins the database sizing action on the first of every month at
02:00.
Planning an App-V Management Strategy
Key Points
When planning your App-V management strategy, there are several factors regarding credentials and
connections that you should consider, including:
Credentials. Determine the credentials that a user must provide to connect to the Web service. You
must use an account that has App-V management rights, but you should avoid using a domain
administrator account.
Connection. Determine whether you need to use a secure connection to the Management Console. If
so, you must consider the strategy for deploying SSL certificates. Typically, you should use secure
connections.
Security groups. Determine the security groups that require App-V administrative rights. Ensure that
the proper users are in the security groups that have the administrative rights. Only use accounts that
have enough rights to perform the required tasks.
Content path and protocol. Ensure that the content path is correct and uses the proper protocol.
Ensure you use a UNC or URL, and not a local path. Consider using a storage area network (SAN) that
has room for expansion to hold the content folder, which can become very large as you deploy
hundreds or thousands of applications.
Demonstration: Connecting and Configuring the App-V Console
In this demonstration, you will see how to connect the Application Virtualization Management Console to
the App-V Web service. You then will see how to use the Management Console to configure system
options and to add Domain Admins as App-V administrators.
1. Launch the Application Virtualization Management Console.
2. Configure the Connection Login Credentials.
3. Configure the System Options settings.
4. Add the Domain Admins group as an App-V Administrator group.
Lesson 2
Publishing Applications into the App-V Environment
One of the primary App-V administrative tasks is to publish virtualized applications so that you can make
them available to authorized clients. When you publish virtualized applications, the client software can
discover the virtual application, and then download it to the client computer. To publish an application,
you first need to import it into the App-V system, and then you must configure various options, including
general properties, shortcut options, file type associations, and access permissions.
This lesson explains how to manage application groups, and how to publish applications into the
virtualized environment.
What Is the Applications Container?
Key Points
The first container in the Application Virtualization Management Console is the Applications container.
For an administrator, this is one of the most important and most utilized containers. You use the
Applications container to either manually add or import applications into the virtualization system, so that
authorized users can access them.
To add a new application manually, you need to provide detailed publishing information about the
application to the New Application wizard. The import function uses the Sequencer Project (SPRJ) file or
the Open Software Descriptor (OSD) file to provide that information about the application.
You also can use the Applications container to view, add, remove, or change properties for any
application within the system.
By default, an application record for the default application populates the Applications container. You use
this free application only to test connectivity between the App-V Client and the App-V Server.
As organizations begin to use the Application Virtualization system, the number of applications easily can
number in the triple digits. When organizations approach these numbers, you would require a way to
organize those applications logically within the Application Virtualization Management Console. You can
use the New Application Group Wizard to create containers that can store common application types.
These containers act similar to folders in the file system and simply allow you to organize applications into
a more manageable format.
When you import or move applications into a specific application group, you can modify the following
entire groups properties, which affects all of the groups applications:
Description
Enabled
Application License Group
Server Group
Shortcuts
Access Permissions
If you delete an application group, this deletes all applications within that group. If you do not want to
delete a specific application, you can right-click the application, and then move or copy it to another
application group or to a different Application Virtualization system.
When you delete an application, App-V does not remove the package that references the application.
Therefore, you have to delete the package specifically to remove all traces of the previous application.
Note: Even when you use application groups, you must provide unique names to all applications
imported into the Application Virtualization system. For example, if you have one application group
called Office 2003, and another application group called Office 2007, only one of these groups can
contain an application called Microsoft Word. However, each group could have its own Microsoft
Word application if the applications were each given a unique name, such as Microsoft Word 2003 and
Microsoft Word 2007.
Considerations for Importing Applications
Key Points
When you import an application, you must verify that the .osd path matches the server\content directory.
If the path in the .osd file is incorrect, the App-V client software cannot locate the applications sft file.
If you specify a system variable for the server name, you need to configure each client to resolve the
variable. A system variable is useful for configuring the placement of a single package on multiple servers.
In this case, you do not have to modify the .osd file to specify a specific server name. By using the system
variable, you easily can change the name of the streaming server on the client computers if that becomes
necessary.
Note: You can set the %SFT_SOFTGRIDSERVER% variable in the system properties of the client or
through Group Policy preferences.
You can publish shortcuts on the users desktop, Quick Launch toolbar, Start menu, Send To menu, or a
specific location. Users typically are familiar with these shortcuts. The location for shortcuts is something
that you should discuss and determine with your stakeholders.
During the Application Sequencing task, App-V detects file associations automatically. You can, however,
add or remove specific file associations when you are importing the application. You first need to
determine the file type associations that you want to use with the application, including any custom
associations for extensions that you do not specify in the sequenced application.
Access permissions are applied based upon the Active Directory security group membership. You should
determine who needs access to the application, and then create a specific application-based security
group. For example, if you import Microsoft Word 2007 as an application, you may want to create a
global security group called Microsoft Word 2007 Users. You may need to create new groups in AD DS to
accommodate this. Consider using role-based groups to define who should have access to specific
applications. Remember that there are no levels of permission. Either users have the ability to use the
application, and all of its features, or they do not. You cannot place restrictions on application usage
through App-V permissions.
Process for Importing Applications
Key Points
When you publish applications, you first must import them from the Content shared folder into the
Application Virtualization Management Console. This populates the database with the applications
configuration information. The New Application Wizard walks you through the steps to provide the
information required for publishing the application.
After you sequence an application, you must complete the following tasks to import the application into
the App-V system:
Copy the package to the content location: You must copy the entire sequenced package to the
shared content location, which you configured in the System Options of the Application Virtualization
Management Console. Make sure that all of the packages files are in the same location as the .sprj
file
Import the .sprj or .osd file using the New Application Wizard: When you import an application, you
can select the .sprj file or the .osd file. The .sprj file contains the information required to import a
single sequenced application or a suite of sequenced applications. The .osd file, which you can import
directly, contains only information about a single application.
Note: When you import a suite of applications by importing the .sprj file, the suite is not enabled by
default. However, when you import a single application (by .sprj or .osd), it is enabled by default.
Options for Configuring Published Applications
Key Points
During the import process, App-V imports a number of configurations settings automatically, such as the
Open Software Description (OSD) path and file associations. You can modify these options during or after
the import process. You also can configure other options, such as the server or license group. You can
modify the configuration settings of individual applications after you import them. Do this by accessing
their properties through the Management Console.
The Properties dialog box has four tabs with the following options:
The General tab allows you to specify the following:
Version identifier
Enabled checkbox
Description field
OSD Path
Icon Path
Application License Group (no group is specified by default)
Server Group (no group is specified by default)
The Shortcuts tab allows you to publish shortcuts to any or all of the following:
Publish to Users Desktop
Publish to Users Quick Launch Toolbar
Publish to Users Send To Menu
Publish to Users Start Menu (Default selection)
Advanced: other specific locations
The File Associations tab allows you to add, edit, or remove file associations. This tab is not available
for application groups properties.
The Access Permissions tab allows you to add or remove user groups that have access to the
application. You cannot grant permissions directly to individual users. You must assign them to AD DS
security groups. There are no different levels of permissions to an application. Either you allow users
to use the application or you do not.
Demonstration: Importing and Configuring an Application
Key Points
In this demonstration, you will see how to import a sequenced application into the App-V system. You
then will see how to create an application group, and move the application into the new group. Finally,
you will examine the properties of the published application.
Import a sequenced application
1. Copy the sequenced application to the content folder.
2. Launch the Application Virtualization Management Console. Notice that the Default Application is
preinstalled. You can use it for testing connections between client and server. Additionally, the
Microsoft Word Viewer 2007 application currently is published.
3. Import the Word03 sequenced application from the C:\Content directory. Review the settings in the
General Information tab.
4. Publish a shortcut to the users desktop.
5. Keep the default file associations.
6. Grant permission to Domain Users.
Create an application group and move the viewer applications into the new group
1. Create an application group named Office Viewers.
2. Move both of the Microsoft Office Word Viewer applications into the Office Viewers group.
Examine the properties
1. Open the properties of the Office Viewers group, and review the configurable properties.
2. Modify permissions so that only the AppVUsers group has access.
Question: Which property page is unavailable for the Application Group properties?
What Is a Package?
Key Points
A package is the output of the sequencing process. A package in the Packages node is a representation of
the virtual application, and it contains information about the relative path in the content folder and the
version of the .sft file. You can use packages to control virtualized application versions, which you use for
client computer Active Upgrades.
When you import an application into the Applications container by referencing a .sprj or .osd file, App-V
creates a new package automatically in the Packages node of the Management Console, with a version
number of 1. The packages name follows the name of the .sft file. However, App-V replaces the .sft
extension with the word Package. For example, if an applications .sft file is named Excel.sft, than the
package that App-V generates is named Excel_Package.
If you create a new application record without using the Import Applications feature, you need to create a
package manually for the application by referencing the .sft file in the New Package Wizard.
Upgrading and Retiring Virtual Applications
Key Points
Over time, you might need to upgrade most applications. Distributing the upgrades to multiple users
typically is a time-consuming and expensive process. App-V simplifies that process by allowing the
sequencing engineer to upgrade the application, and then seamlessly distribute an updated .sft file to the
users as a new version of the package.
Active Upgrade
Active Upgrade refers to the functionality that allows you to upgrade a package seamlessly without
requiring users to disconnect or Virtual Application servers to restart.
When you upgrade a package by using the Add Version process, App-V adds a version identifier
automatically to the resulting .sft file. For example, if the packages .sft file were named
Microsoft_Office_2003.sft before the upgrade, the packages .sft file would be called
Microsoft_Office_2003 _2.sft after you complete the package upgrade.
You must perform the following steps to add a new package version and make it available for Active
Upgrade:
1. Apply the upgrade, and then resequence the application.
2. Copy the new .sft file to the same Content share as the existing packages .sft file
3. In the Application Virtualization Management Console, right-click the package name, and then select
Add Version.
4. Enter the full path to the .sft file.
5. Enter the relative path from the Content share to the .sft file.
6. Verify that the information is correct to finish the upgrade.
Any user who has an active connection to the previous .sft file continues to receive data from that file
until the user disconnects. Any user who makes a new connection to the application in the package
receives the updated data from the new .sft file version.
Note: Users do not lose any specific applications when an upgrade occurs.
Retiring Virtual Applications

You can use the Application Virtualization Management Console to retire packages that you are not
using. After you are certain that a package version no longer is being used, you can remove the package
by going into the Application Virtualization Management Console, deleting the package version record,
and then removing the .sft file from the content folder on each system.
Question: How would standalone App-V clients receive upgraded applications?

Publishing Applications by Using HTTP
Key Points
Publishing virtual applications does not always require an App-V full infrastructure. You can use an
Internet Information Server (IIS) to publish applications over HTTP. This solution only provides publishing
features, such as DC Refresh. Because there is no SQL database collecting the information, it does not
provide the full set of features that the App-V management server provides, such as usage history,
reporting, licensing and metering.
Note: It is possible to create customized HTTP solutions that collect and use information stored in
corporate databases or AD DS to deploy applications to users intelligently.
Preparing the IIS Server

You must install IIS with the following role services:
Common HTTP Features: Select all except HTTP redirection
Application Development
Health and Diagnostics: HTTP logging and Request Monitor only
IIS 6 Management Compatibility
Security: All authentication options
Management Tools
You must create a virtual directory under the Default Web site that points to the Content shared folder,
and then enable Directory Browsing and Read permissions.
You also must configure the following MIME types:

.OSD: application/softricity-osd
.SFT: application/softricity-sft
.SPRJ: application/softricity-sprj
Note: If you are using SSL, than the appropriate certificates must be generated and installed on the
server.
What Is the Publishing Document?

The Publishing Document is an .aspx page that the App-V client connects to in order to send its request
for applications. This document is a single XML file that contains the publishing information associated
with each application, including its shortcuts, file type associations, and Dynamic Data Exchange (DDE)
entries.
The document consists of a single parent section that contains two child sections--the Policy section and
the Applist section.
The Policy section allows you to specify the Publishing Refresh frequency, in minutes and a boolean that
determines if publishing refresh occurs when the user first logs in. All of the application-specific
publishing information is placed in the Applist section. App-V takes this information directly from the
manifest files that were generated by the Sequencer. The Applist section should contain all the
information from all of the applications that you wish to publish using this method. When complete, App-
V places the publishing document in the root of the Content shared folder and serves it to requesting
App-V clients.
Configuring the App-V Client

You can configure the App-V client in the same way as an App-V management or streaming server. The
publishing server in the client software is configured as a Standard (or Secure) HTTP Server where the
hostname is the name of the Web server and the path is /name-of-publishing-document.aspx. For
example /Publishing.aspx.
Lab A: Publishing Applications in the App-V

Environment
Lab Setup
running.
3. If required, connect to the virtual machines. Log on to the 10324A-NYC-DC1 and 10324A-NYC-
SVR2 virtual machines as Contoso\Administrator using the password Pa$$w0rd
4. Do not log on to 10324A-NYC-CL1 until directed to do so.
Exercise 1: Configuring System Options

Scenario
As the first step in publishing applications by using the Application Virtualization Management Console,
you need to connect to the App-V Web Service, and then configure the system options. To do this, you
are required to use the domain administrator credentials. You then can configure the default content path
and the options for database usage.
1. Connect to the App-V Web service.

2. Configure the default content path and the duration for database usage.
Task 1: Connect to the App-V Web service

1. On NYC-SVR2, start the Application Virtualization Management Console.
2. Configure the Web service connection to use Contoso\Administrator with a password of Pa$$w0rd
for the Login Credentials.
Task 2: Configure the default content path and the duration for database usage
1. Open System Options, and ensure that the UNC path \\NYC-SVR2\Content is specified.
2. Set the duration for database usage for 12 months.
Results: After this exercise, you should have changed the login credentials for the App-V Web service,
and then confirmed the default content path and set the database to retain its history for 12 months.
Exercise 2: Managing App-V Administrators

Scenario
You need to grant administrative access to the Domain Admins group so that they can publish and test
applications in the App-V environment. To grant administrative rights to the security group, you need to
use the Application Virtualization Management Console.

1. Grant administrative access to the Domain Admins group.
Task 1: Grant administrative access to the Domain Admins group

Use the Application Virtualization Management Console to add the Domain Admins group as App-V
administrators.
Results: After this exercise, you should have granted administrative access to the Domain Admins
security group.
Exercise 3: Publishing and Configuring an Application

Scenario
You have users who need to support certain clients by running the old Word Viewer version from the
Microsoft Office 2003 suite. The sequencing group has sequenced the application. To publish this legacy
application, you need to copy the sequenced application to the Content shared folder, and then import
the application into the management console. You should configure the application to be available to all
domain users. You then must create and populate an application group, and then modify and test the
permissions for the applications.

1. Copy the sequenced application to the Content Shared folder.
2. Import the sequenced application to the Management Console.
3. Create an Application Group.
4. Move the Microsoft Office Viewer applications into the group.
5. Modify permissions for the Application Group.
Task 1: Copy the sequenced application to the Content Shared folder

On NYC-SVR2, open Windows Explorer, navigate to \\NYC-DC1\E$
\Labfiles\Mod08, and then copy the Word03 folder to the C:\Content folder.
Task 2: Import the sequenced application to the Management Console

Import the C:\Content\Word03 application into the Application Virtualization Management
Console, and accept the default settings, except for the following:
Publish the shortcut to the users desktop.
Grant access to the Domain Users and the AppVUsers groups.
Task 3: Create an Application Group

Create a new application group named Microsoft Office Viewers.
Task 4: Move the Microsoft Office Viewer applications into the Application Group
Move the Microsoft Office Word Viewer 2003 and the Microsoft Word Viewer from the
Applications node into the Microsoft Office Viewers group.
Task 5: Modify permissions for the Application Group

1. Open the properties of the Microsoft Office Viewers group, and then remove permission from the
Domain Users group.
2. Verify that the AppVUsers group has permission.
Results: After this exercise, you should have added a sequenced application to the content folder and
imported the application. You also should have created an application group, and populated it. Lastly,
you should have modified the permissions of the application group.
Exercise 4: Verifying Application Permissions

Scenario
After publishing the virtualized application, you need to test its functionality in the App-V system. You
have installed the App-V client software on a Windows 7 computer and you will use to test the App-V
environment and permissions on the applications. You will log on to NYC-CL1 as a user in the AppVUsers
group, and then ensure that the published applications are present. You then will log on as a test user that
does not have permission to the viewer applications, and ensure they are not available.

1. Test permissions for users.
Task 1: Test permissions for users

1. Log on to NYC-CL1 as Contoso\AppVUser1 with a password of Pa$$w0rd. Ensure the icons for
both Microsoft Office Viewers appear on the desktop.
2. Log off NYC-CL1.
3. Log on as Contoso\ruser with a password of Pa$$w0rd. Ensure the icons for the Microsoft Office
Viewers do not appear on the desktop.
4. Log off NYC-CL1.
Results: After this exercise, you should have verified the functionality of the virtual applications by
testing user permissions.
Important: Keep the virtual machines running for the next lab.
Lesson 3
Performing Advanced Administration Tasks for Application
Virtualization
In some organizations, you may need to track application usage or enforce licensing. This helps the
organization to comply with license regulations for applications, and can reduce costs if an organization
does not have to license applications that users are not using. You can use provider policies to configure
user connection settings and to apply license enforcement. The App-V Server provides a number of
advanced administration settings that you can configure to manage server connections and application
licenses.
This lesson describes how you can manage server connections by using Provider Policies and Server
Groups. This lesson also explains what an Application License is, and how you can use it to monitor or
control the use of applications that are streamed within the virtualized environment.
What Are Provider Policies?
Key Points
Provider policies specify a set of rules that you apply to users that are connecting to virtualized
applications. As connections come into the Server Group (Provider), the server appends several rules
(Provider Policy) to the connection. If the users connection does not specify a custom provider policy, the
system applies the rules of the default provider policy.
To create a new provider policy, use the New Provider Policy Wizard. The following table describes the
wizards options, which also are available when you modify an existing provider policy.
Note: After creating a new provider policy, you must restart the Application Virtualization
Management Server service.
Provider Policy Properties

Field Description
Policy Name A descriptive name for the policy.
Manage Client Specifies that App-V will apply the Application Virtualization Management
Desktop Using the Console settings defined for application shortcuts and file-type associations to
Management Console all clients. If there are conflicting settings at the client, then the servers
settings will take precedence. This is selected by default.
Refresh Desktop Specifies that an App-V Client will contact the App-V Server for updated
Configuration when a desktop-configuration information whenever the user logs on.
user logs on
Refresh Configuration Specifies that an Application Virtualization Client will refresh desktop
every n days configuration information at the defined interval. Intervals can be set for a
specified number of days, hours, or minutes.
Field Description
Group Assignment Designates the AD DS groups that will be assigned to the policy.
Authentication Allows you to configure an authentication method. Windows Authentication is

the only available method by default. The current use that is logged on will
pass his credentials to the App-V server. If the credentials fail, the Alternate
Credentials dialog box will display.
Enforce Access Specifies, when selected (the default), that access to all applications will be
Permission Settings resolved against Access Permissions configured under the application record.
Log Usage Specifies, when selected, that a metering module is enabled in the Provider
Information Policy to measure user sessions from start to normal end (application ended
by client), or abnormal end (application ended by server). The logged
information also contains which server and applications were used.
Licensing Specifies, when selected, that a licensing module is enabled in the Provider
Policy to track or grant licenses (default is not selected). The following license
types are available:
Audit License Usage Only: Will not prevent a user from launching an
application if the specified maximum license quantity is reached.
Enforce License Policies: Will require every user who makes a connection
by using the Provider Policy to have an available and valid license for the
application in order to launch it.
Important: You must configure applications to use custom provider policies by modifying the
hypertext reference (HREF) tag in the applications osd files. For example, if your custom provider
policy is named Sales, you would modify the HREF tag in the osd file of the application as illustrated
here:
HREF="rtsp://sgserver:554/Excel.sft?Customer=Sales"
Question: You have created a new provider policy and associated it with an application. Now certain
users cannot access the application. What area might you troubleshoot to resolve this issue?
Demonstration: Creating a New Provider Policy
Key Points
In this demonstration, you will see how to create a new provider policy.
1. In the Application Virtualization Management Console, use the New Provider Policy Wizard to create
a new policy named Office_Viewers.
2. Add the AppVUsers group as the Group Assignment.
3. Set licensing to be Enforce License Policies.
4. Restart the Application Virtualization Management Server service.
Question: Can you describe scenarios where you would want to use a custom Provider Policy with which
users can connect?
What Are Server Groups?
Key Points
A Server Group is a logical collection of App-V servers. You can use Server Groups to provide a common
Provider policy, and configure logging properties of all servers that are members of the group.
Most organizations only have one server group--the Default Server Group. However, an organization that
consists of multiple physical sites can create a server group that represents each site.
For example, your organization may have multiple physical locations that contain App-V servers. To
ensure that each server does not log information over the wide area network (WAN) connection, you can
create a Server Group for each location, and then configure each Server Group to log only information to
a local computer that is running SQL Server.
You can manipulate the characteristics of all servers in a Server Group by using three property pages. The
configuration settings are available in the following tabs:
General. Use to set the default Provider policy for the Server Group, and to enable or disable the
Server Group.
Logging. Use to control how App-V Servers record their information within the virtualization system.
There are two ways to store usage information: logging to a file or logging to a SQL Server database.
The recommended method is to allow the default behavior, which is to log to the data stores SQL
Server database.
Applications. Use to view which applications belong to this Server Group. You also use it to verify the
Enabled or Disabled status of applications. This tab is for informational purposes only.
What Are Server Objects?
Key Points
For every App-V Server that you install, App-V creates a matching server object in the Server Group that
you specified during installation. This is the Default Server Group. The App-V Server object provides
several property pages to configure the characteristics of the specified App-V Server, including:
General. Use to provide the Domain Name System (DNS) host name of the App-V Server
Ports. If you need to change any of the default port values for application virtualization, you need to
make this change on the Ports tab. Changing any of the values on this page requires a restart of the
App-V service. If you also require that any .sft files streamed over a network connection must be
encrypted with a Transport Layer Security (TLS) header, you need to add the Real-Time Streaming
Protocol Secure (RTSPS) protocol, and associate an available SSL/TLS certificate to the Server object.
The default RTSPS port is 322.
Advanced. From the Advanced tab, you can change how the selected Virtual Application Server
utilizes system resources, including random access memory (RAM) and CPU. You would use this tab
only for advanced configuration of the App-V system.
What Is License Enforcement?
Key Points
License enforcement provides you the ability to create an application license that is stored in the
Application Virtualization data store. Every time a user attempts to launch an application, the system
queries the data store for an available license. If a license is available, the user can launch the application.
However, if there is no available license, the application reports Launch Failed, and an error message
displays that indicates that there is no available license.
The Application Licenses node in the Application Virtualization Management Console provides the ability
to create Application License Groups. Application License Groups contain generic application licenses, and
are not application-specific. Therefore, you might apply one Application License Group to multiple
applications, although typically, you create most with specific application requirements in mind.
Licensing control in App-V refers to licenses that you create within the App-V system. These license
options have no impact on license agreements, such as Microsoft Software License Terms, but typically are
tied logically to the number of end user licenses that the company has purchased.
You can create and assign the following types of licenses to virtualized applications:
Unlimited License. This enables any number of users to have simultaneous access to the applications
that have been associated with the license. Unlimited License Groups can be effective in evaluating
the number of licenses that the organization would need for an application. When used in
conjunction with reporting, Unlimited Licensing can assist in purchasing decisions.
Concurrent License. This permits a limited number of users to have simultaneous access to
applications that have been associated with the concurrent license. Concurrent License Groups are the
most common type of licensing implemented on virtualized applications. For example, even in an
enterprise-size organization, only a select number of users need to run a specialized drafting
program. Between the different shifts that the employees work, a maximum of 10 employees will run
that application at any one time. For this situation, you could create a Concurrent License Group to
limit the maximum number of simultaneous launches of that application to 10. The system refuses
any additional people who attempt to launch the application, and an error appears indicating that
there are no more licenses available.
Named License. This permits only explicitly named users to have access to an application associated
with the license. For example, an organization has a sales group within AD DS that assigns
permissions to several general-use applications, including a management database program.
However, only certain individuals within that sales group should actually be able to run this
management application. You could create a Named License Group, and specify only those
individuals who should run it. If a user is not in the license, and then attempts to launch the
application, the system refuses the user.
Question: What type of license would be appropriate when distributing an application to all employees
with a volume license agreement in place?
Demonstration: Creating and Enforcing Licenses
In this demonstration, you will see how to create a concurrent license, and then associate it with an
application. You also will see how to enforce it through the default provider policy.
1. Open the Application Virtualization Management Console, and then use the New Concurrent License
Wizard to create a new Application License Group named Word_Viewer_2003.
Provide the following description: Allows 25 concurrent users.
Set the Concurrent License Quantity to 25.
2. In the Applications node, access the properties of Microsoft Office Word Viewer 2003, and set the
Application License Group to be the Word_Viewer_2003 group.
3. Modify the .osd file to use the Office_Viewers provider policy.
Features of App-V Reporting
Key Points
The Reports node in the App-V management console allows you to generate a variety of different reports
about usage and system error tracking. You can generate report information by querying the App-V SQL
database. Reports do not run automatically. You must run each report explicitly.
You can create the following types of reports by running the New Report wizard:
System Utilization Report. Graphs the total daily usage, to help you determine the load on your
application virtualization system. Usage is reported by day of the week and hour of the day.
Software Audit Report.Lists the usage information during the reporting period for all applications
defined in the database to help you determine which applications are the most heavily used. The
report provides information about the number of sessions and the number of times an application
was used.
Application Utilization Report. Tracks usage information for a specified application to help you
determine how heavily a specific application is used.
System Error Report.Tracks the number of errors and warnings logged over time during the specified
reporting period for the specified server or server group.
Note: The amount of usage reporting data available is dependant on how long you elect to retain
usage history in the database. You can configure that in the App-V System Options. For example, if
you want to track one year of usage data then the database must keep at least one year of usage
history.
After you create a report, the management console displays the output. You can export the report to
either PDF format or to a Microsoft Office Excel spreadsheet.
Creating a Report
Run the New Reports wizard from the Reports node of the management console. You must provide the
following information to the wizard:
Report Name
Report Type (The remaining information required by the wizard will depend on the selection.)
Report period
Server nameApplication
Lab B: Implementing License Enforcement
Lab Setup
For this lab, you will use the available virtual machine environment that should be running from Lab A.
Before you begin the lab, you must:
running.
2. If required, connect to the virtual machines. Log on to the 10324A-NYC-DC1 and 10324A-NYC-
SVR2 virtual machines as Contoso\Administrator using the password Pa$$w0rd.
Exercise 1: Publishing an Application

Scenario
Contoso, Ltd., wants you to use license enforcement to control the number of users who can access virtual
applications. Before you can implement license enforcement, you need to import and publish an
application for testing purposes. You decide to publish the Microsoft Excel viewer application.
The main tasks in this exercise are:

1. Copy a sequenced application to the Content folder.
2. Publish Microsoft Excel Viewer.
Task1: Copy a sequenced application to the Content folder

On NYC-SVR2, open Windows Explorer, and then copy the \\NYC-DC1
\E$\Labfiles\Mod08\Excel folder to C:\Content.
Task 2: Publish Microsoft Excel Viewer

1. Open the Application Virtualization Management Console, and then import the Excel project file into
the applications node.
2. Publish a shortcut to the users desktop and to a Start menu folder called Excel.
3. Grant permission to AppVUsers.
Exercise 2: Creating a License Group

Scenario
The first step in license enforcement is to create a license group. To test license enforcement, you decide
to create a new named license for a specific test user, and then assign that license to the Excel Viewer
application.

1. Create a new named license.
2. Assign the license group to an application.
Task 1: Create a new named license

On NYC-SVR2, create a new named license with the following parameters:
Name: Excel Users
License Description: Excel Named License
Enable: Selected
Named License User: Contoso\AppVUser1
Task 2: Assign the license group to an application

In the Properties dialog box for the Microsoft Office Excel Viewer, assign Excel Users as the
Application License Group.
Exercise 3: Creating a New Provider Policy

Scenario
The management team at Contoso, Ltd., wants you to associate license policies with certain applications.
You must create a new provider policy that will enforce the license restrictions. Additionally, you must
restart the App-V Management Server whenever you create a new provider policy, and you must modify
the .osd file of the application to indicate to the application that it is subject to the new policy.

1. Create a new provider policy.
2. Restart the service.
3. Modify the Excel osd file to use the new provider policy.
Task1: Create a new provider policy

Create a new provider policy with the following parameters:
Policy Name: Licensed
Manage client desktop using the Management Console: Enabled
Refresh desktop configuration when a user logs in: Enabled
Group Assignment: AppVUsers
Authentication: Windows Authentication
Enforce Access Permission Settings: Enabled
Log Usage Information: Enabled
Licensing: Enforce License Policies
Task2: Restart the service

Restart the Application Virtualization Management Server service.
Task 3: Modify the Excel .osd file to use the new provider policy
1. On NYC-SVR2, open Windows Explorer, and then browse to C:\Content\Excel.
2. Use Notepad to modify the Microsoft Office Excel Viewer 12.0.6219.1000.osd file as follows:
HREF= RTSP://NYC-SVR2:554/Excel/Excel.sft?Customer=Licensed"
3. Save and close the file.

Exercise 4: Testing License Enforcement

Scenario
As part of the proof-of-concept testing, you will test the application against two test users in the
AppVUsers group to ensure that App-V is enforcing your license restriction properly.
The main task in this exercise is:

1. Test license enforcement.
Task 1: Test license enforcement

1. Log on to NYC-CL1 as AppVUser2 using the password Pa$$w0rd, and then attempt to start the
published copy of Microsoft Office Excel Viewer. Notice that you are not able to start the application.
Click OK, and then log off.
2. Log on to NYC-CL1 as AppVUser1 using the password Pa$$w0rd, and attempt to start the
published copy of Microsoft Office Excel Viewer. Notice that the application starts as expected.

following steps:

Review Questions
1. An administrator has accidentally deleted the AD DS security group that is managing the Application
Virtualization servers. What can you do to address this issue?
2. You would like to import an application that your Sequencing Engineer has provided. What are the
standard configuration settings that you need to consider?
3. Describe scenarios where you would want to use a custom Provider Policy with which users can
connect.
Common Issues Related to Managing Virtual Applications

Identify the causes for the following common issues related to managing virtual applications, and then fill
in the troubleshooting tips. For answers, refer to relevant lessons in the module.
Management console on the App-V server is

unable to connect to itself by computer name, but
succeeds by 'localhost' or IP Address
Best Practices Related to Publishing Applications

Consider setting the %SFT_SOFTGRIDSERVER% system variable on clients. Even if you only have a
single streaming server today, in the future, you may scale out the implementation to include other
streaming servers.
Use application groups to simplify administration. Application groups allow the configuration of
settings to easily be applied to all the applications in a group.
Use license groups to track application usage or enforce policies.
Sequencing Applications for Virtualization 9-1
Module 9
Sequencing Applications for Virtualization
Contents:
Lesson 1: Overview of Application Sequencing 9-3
Lesson 2: Planning and Configuring the Sequencer Environment 9-11
Lesson 3: Performing Application Sequencing 9-19
Lesson 4: Advanced Sequencing Scenarios 9-27
Lab: Sequencing Applications for Virtualization 9-37
Module Overview
To use applications in a Microsoft Application Virtualization (App-V) solution, you must first package
them into a form that can run in a virtualized environment. You can create these application packages by
using the App-V Sequencer.
You can sequence applications that you plan to deploy by using the App-V infrastructure or stand-alone
installation. By using App-V sequencing, you create a set of files that contain all the information that the
application requires to run in a virtual environment. The App-V Sequencer provides several packaging
options that you can choose based on your specific requirements.
This module describes how to install and configure the App-V Sequencer to create application packages.
The module also describes how to upgrade existing packages and create stand-alone packages.
Lesson 1
Overview of Application Sequencing
The App-V Sequencer collects information from the Microsoft Windows installation procedures, and
converts the files, registry information, and .ini files into a cohesive package. In many environments,
application developers who are familiar with the applications carry out the sequencing process. As an
App-V administrator, you likely will have to troubleshoot App-V deployments, so you need to understand
the sequencing process. It can help you determine if the problem is with the configuration of the
implantation or if the problem occurred during the sequencing process.
This lesson describes the functionality of App-V Sequencer, the features of a virtual environment, and it
explains how virtual environments communicate.
What Is the App-V Sequencer?
Key Points
The App-V Sequencer is a wizard-based software application that you can use to create Microsoft App-V
application packages. You can then deploy these packages to App-V-enabled desktops and Remote
Desktop servers. The Sequencer captures an applications installation, and then organizes the applications
unique data so that it can operate in the App-V environment. This process also determines the files and
data that are applicable to all users and the information that users can customize. The software allows the
sequencing engineer to determine what makes up Feature Block 1 and provides the ability to add files,
registry settings, associate file types, and many other tasks to the application package.
The sequencer also creates logical divisions in the applications program data, so that an App-V Streaming
Server can stream the application in chunks to an App-V Client. Optionally, the sequencer can package
applications as a self-contained Microsoft Installer package, a .msi file, which you can then deploy via an
electronic software distribution (ESD) system such as Systems Management Server (SMS) or System Center
Configuration Manager. To use the App-V Sequencer effectively, you must understand how to configure
and deploy your applications
Note: App-V Sequencer Release 4.6 is now available. This release supports 64-bit platforms, and it can
sequence both 32-bit and 64-bit applications. You can sequence applications on 32-bit systems, and
then run the applications on 64-bit systems, and vice versa.
Overview of the Sequencing Process
Key Points
Sequencing is the process of creating a version of an application that can run in a virtual environment on
a client computer. You can use special sequencing software to record the installation steps and the files
that the application uses. You can use that information to create a package that you can stream down to
software on the client computer.
You run sequenced applications (packages) in virtual environments that software creates on the client
computer. The virtual environment controls all the communication between the application and the
operating system. You can run multiple virtual environments with each environment hosting its own
virtual application.
The sequencing process is broken down into five steps:
1. The Sequencer monitors an applications standard installation process. The standard setup routine
installs files and registry settings, configures environment variables, register dynamic-link libraries
(DLLs), as well as other steps. Additionally, it records any changes to the system.
2. The Sequencer then creates a virtual environment, and loads the application into it, along with all
information that was recorded during the installation phase.
3. If the application is large, you can stream it in multiple chunks of code that the App-V Streaming
Server delivers to the client on demand. To do this, you must start the application and perform the
most common tasks to determine what the minimal startup requirements are for the application.
After the Sequencer determines which bits are required to start the application, it packages these
application bits into a Feature Block 1, which is the minimum amount of data necessary to start an
application and perform the most common tasks. Therefore, you only need to transfer Feature Block
1 from the App-V Server to the App-V Client when you initially run the application. As users access
additional application features, App-V streams the bits required to execute those features in the
background as additional Feature Blocks.
Note: If you do not launch application at all during this phase, the entire application becomes Feature
Block 1. This means App-V streams the entire application down to the client and caches it. This usually
is not desirable for large applications.
4. You can now package the virtual application, and create the supporting files. These include the .sft file
that holds the application data, and the .ico file that is a capture of the applications default icon.
Additionally, the .sprj, .osd, and .xml files provide information about the application.
5. You then move all of these files to the App-V server, which imports the application for distribution.
Question: What does Feature Block 1 include?

Components of a Sequenced Application
Key Points
A sequenced application is a collection of files that the sequencing process generates, which includes five
major files:
The .sft file contains the sequenced Windows application. The file must be located on each server that
will stream applications. The .sft files can contain multiple applications, for example, a suite of
applications such as Microsoft Office.
The .sprj file is an .xml-based text file that contains parse items and exclusions for application suites,
and which manages multiple .osd files. For example, Office 2007 contains multiple applications, each
with its own .osd file, and each with possible additional requirements. You can specify these
requirements as exclusions and parse items in the .sprj file. If this file does not import with the
application, it may cause issues such as file conflicts or missing information.
Note: A parse item is the Virtual File System equivalent of an actual directory. For example, an
application may install a DLL file to the System32 directory. During sequencing, the Sequencer
intercepts the DLL file and places it in the packages virtual drive folder. When the application later
makes a call for that DLL file to the System32 directory, it parses the call, and then redirects it to the
Virtual File System.
The .ico files are icon files that are used for application shortcuts to provide a consistent end-user
experience. When a user double-clicks an icon as they normally would, the .ico file initiates the .osd
file, which in turn causes the application to load on the App-V Client.
The .osd file provides information necessary to launch the application, such as the protocol to use and
the streaming server that holds the sft file. Each application requires an .osd file.
The Manifest.xml file stores information required for the App-V Streaming Server to stream
applications. You would use Streaming Servers in branch-office deployment scenarios where it is not
feasible to deploy a complete App-V infrastructure. The Manifest.xml file informs the App-V Client
where to find the sequenced application.
Question: Which file provides information about the .sft files location?
Overview of the Dynamic Suite Composition
Key Points
Dynamic Suite Composition (DSC) allows virtual environments to communicate with each other. This
eliminates the need to sequence dependent applications with every primary application that requires
them. For example, in previous versions of App-V, (formerly known as Microsoft SoftGrid Application
Virtualization,) if an application has a dependency such as the Java Runtime Environment, you would have
to sequence that dependent application with every primary application that required it.
DSC is an App-V feature that enables you to sequence applications separately from the plug-ins and the
middleware applications they rely on, while you can still utilize the virtual resources such as file system
and registry settings, in the virtual environment. The packages run and interact with one another as if they
were all installed locally on a computer. The primary package also assumes the entire virtual environment
of the secondary package, including the virtual file system.
The following steps provide an overview of the DSC process:

Sequence the primary application on a clean sequencer, which is a sequencer on which unnecessary
applications are not installed. After you package the primary application, you reset the sequencer to a
clean state.
Install the primary application on the sequencer in the normal fashion. This is important because the
secondary application might use APIs or registry entries from the primary application.
Sequence the secondary application.
Modify the primary applications osd file to define the dependency. Create the DEPENDENCIES tag
under the VirtualEnv\Policies tag of the osd file, copy and insert the CODEBASE tag from each
secondary package you need to define for the primary package. You will need the HREF, globally
unique identifier (GUID), and SYSGUARDFILE elements. The MANDATORY element determines
whether the primary application requires the secondary application.
The DSC process forms a CODEBASE tag for each secondary package at sequencing time with the
information required to define the dependency. You will have to remove the unnecessary properties
in the tag. The following sample code shows an example of the resulting section of primary
applications osd file with a dependency on a secondary application named Midware.
<VIRTUALENV TERMINATECHILDREN=FALSE>
<POLICIES>
</POLICIES>
<DEPENDENCIES>
<CODEBASE HREF=RTSP://%SFT_SOFTGRIDSERVER%:554/midware/midware.sft
GUID=06DCD3EF-1D70-4282-A117-2241BE970C27
SYSGUARDFILE=midware\osguard.CP MANDATORY=TRUE/>
</DEPENDENCIES>
<ENVLIST/>
</VIRTUALENV>
Publish both applications

Lesson 2
Planning and Configuring the Sequencer Environment
The Application Sequencer is capable of detecting the smallest change in the Windows environment.
Therefore, it is very important that you follow proper steps when planning the Sequencers environment. If
extraneous elements such as anti-virus scans, which do not belong in the sequenced environment, get
included in the sequencing process, the application might not function correctly when you deploy it.
This lesson provides details about the Sequencer hardware and software requirements, and describes the
best practices for configuring the sequencer environment. The lesson also describes the most common
ways of configuring the Sequencer.
Requirements for Installing the Sequencer
Key Points
The sequencer should reflect the computing environment of the computers to which you plan to deploy
the applications. If the majority of computers run the Windows XP Service Pack 3 (SP3) operating system,
you should configure the sequencer to run the same operating system.
Hardware Requirements
The hardware requirements for the App-V sequencer are very basic and generally reflect the hardware on
the computers to which you will deploy the virtual applications.
The minimum requirements are:
A Pentium III 1 gigahertz (GHz) or higher CPU, and either a 32-bit or a 64-bit processor. The
sequencing process is a single-threaded process, and it does not take advantage of dual processors.
1 gigabyte (GB) or more of random access memory (RAM).
A physical drive designated to represent the virtual drive. This can also be a partition on a single
drive. The drive letter assigned on the workstations where you install the Application Virtualization
Sequencer should match the drive letter assigned to the Application Virtualization Client. This is
usually drive Q.
You also have the option of hosting the sequencer on a virtual machine. This can affect the sequencer
performance, but you can revert the virtual machine to a base state very quickly.
Software Requirements
Windows XP SP2 or newer
Windows Vista Business, Enterprise, or Ultimate
Windows 7 Professional, Enterprise, or Ultimate
Best Practices for Installing the Sequencer
Key Points
When you configure the sequencing computer, there are a number of considerations:
Always use a clean operating system install. The sequencer should match the computers to which you
will deploy the application. For example, if the typical client in the enterprise is running Windows XP
with SP3 and Office 2007, the sequencer should match that configuration.
Sequence to the lowest operating system version used in the target environment. If your client
computers run multiple operating systems at various service pack levels, and it is not practical to
sequence the applications multiple times, sequence to the lowest common denominator. However,
there is no guarantee that an application sequenced on one operating system functions as expected
on a different operating system. For example, if you know that an application does not function on
Windows 7, then it will not work to sequence it on Windows XP and deploy it to Windows 7.
Do not install monitoring agents, antivirus software, or any other software that runs background
tasks. These types of program interact with the operating system core components and can alter the
results of the sequencing operation thus affecting the package.
Reset the environment after you create each package. Create the sequencer image again, or if you
use a virtual machine, reset the virtual machine.
Typical Configuration for the Sequencer
Key Points
You should sequence applications on the lowest operating system version in the environment. For
example, if the environment is currently running Windows XP and Windows Vista, you should base the
sequencers configuration on Windows XP. There is no guarantee that an application that you sequence
on an older operating system will function correctly on a newer one. However, applications that function
correctly on both operating systems should function correctly when you virtualize them on the older
system.
You can mount the application package on a drive other than drive Q, when the client is using it.
However, you should maintain consistency throughout the environment. If an application hard-codes a
path into its configuration during setup, this can cause problems if you have defined a letter other than
the one used during sequencing for the client.
To avoid problems with long file name references in applications, you must use the 8.3 naming
convention for the package root directory. For example, when you install Microsoft Office, this creates a
short-path shortcut called Micros~1. Some applications still refer to these short paths. This can cause
problems because the sequencer sequences each application in an isolated, clean environment. In this
example, every application that starts with Microsoft is abbreviated to Micros~1. By using the 8.3 format,
you can be sure that applications will always refer to the correct folder. The 8.3 format consists of a
maximum of eight characters with a three-character extension. For example, a folder named
Word2003Vwr could be renamed to Word2003.Vwr to comply with the 8.3 format.
Question: If you have a computing environment consisting of the Windows XP, Windows Vista, and
Windows 7 operating systems, on which operating system should you perform sequencing?
Demonstration: Installing the App-V Sequencer
Key Points
The installation of the App-V Sequencer software is a very simple process. First, you should perform a
fresh install of a supported operating system. Ensure you create at least two partitions. Ideally, you would
have two separate hard disks: one to hold the operating system and one that would become drive Q. As a
best practice, if you choose to use a virtual machine, you should create a second virtual hard disk (VHD).
Note: Do not install the App-V sequencer on a computer that hosts the App-V Server or the App-V
Client.
Locate and launch one of the installer files for the App-V Sequencer. Similar to the App-V Client, there is a
Setup.msi and a Setup.exe. Also just like the client, you first need to install prerequisite software such as
Microsoft Visual C++ 2005 SP1. The Setup.exe file installs the software, while the Setup.msi file only
detects the presence or absence of the software. The Setup.msi installation fails if it cannot detect the
prerequisite software.
The InstallShield Wizard performs the installation. After you launch the wizard, you must allow it to install
the prerequisite software. Then you simply accept the license and allow the wizard to install the sequencer
software. Other than declaring the installation folder, you do not need to perform any configuration
during setup.
In this demonstration, you will see how to install the App-V Sequencer on a Windows 7 computer, and
then create drive Q.
1. Run Setup.exe.
2. Perform a default installation of the App-V sequencer.
3. Use Computer Management to create a new simple volume using the unallocated space.
4. Assign the drive letter Q, and then format the volume.
Question: What is the benefit of installing the sequencer by using the Setup.exe file versus the Setup.msi
file?
Configuring the App-V Sequencer Options
Key Points
After you install the sequencer, you can configure a number of settings by using the Options menu item
in the Tools menu. This opens the Options dialog box, which has three tabs that provide access to several
configuration settings. The following sections detail these tabs.
The Paths tab

The Paths tab allows you to define the settings that the following table describes:
Setting Description
Scratch directory Specifies the path to the location where the sequencer will temporarily save files
that it generates during sequencing. Scratch, the default folder, resides in the
installation folder.
Log directory Specifies the path to where the log files will be saved. Logs, the default folder,
resides in the installation folder.
Allow use of MSI Allows interaction between the sequencer and the application installer.
installer
Allow virtualization Allows you to virtualize low-level, operating-system activities of the application
of events when you run a sequenced application package on App-V desktop clients.
Allow virtualization Allows virtualization of services that the application requires when the application
of services runs on App-V desktop clients.
Append package Automatically appends the sequenced version number for the application package
version to filename to the file name.
We recommend that you do not make any changes to these options, and instead accept the default
settings.
The Parse Items Tab

This tab displays the mapping rules that the sequencer uses to accommodate differences that exist
between configurations on the sequencing computer and the App-V desktop client. The columns display
the variable that the sequencer reads and the variable that the sequencer substitutes during the
sequencing process. For example, the value of C:\ProgramData is parsed to
%CSIDL_COMMON_APPDATA%
The Exclusion Items Tab

The Exclusions Items tab allows you to designate data that you do not want the App-V Sequencer to
monitor while it is running.
An example of data that you should not capture is Internet cookies. If you configure the Sequencer to
capture the cookies in the virtual environment, it links the application installation permanently to the user
who initially set up the virtual environment.
Typically, you should exclude any data that is unique to a specific user or a specific session from the
Sequencer.
Lesson 3
Performing Application Sequencing
Sequencing applications is often the most labor-intensive aspect of deploying virtualized applications. It
requires a thorough knowledge of the application that you are sequencing, and you need to pay close
attention to the details that the sequencer captures.
This lesson describes the sequencing process, and explains the functionality of the Sequencing Wizard.
The lesson also provides details about the best practices that you should implement when you sequence
applications.
Best Practices for Sequencing
Key Points
Sequencing applications correctly is the most important part in deploying virtual applications. There are
several things that you should keep in mind and follow some best practices to help ensure a successful
deployment.
Perform a local install. Familiarize yourself with the application installation procedure before
sequencing it. This is very important. You should understand all of the application dependencies, as
well as all of the steps required to make the application usable for the end-user.
Document the install process. This is also a very important step. Knowing how you installed an
application prepares you better for creating the sequenced package, or upgrading the application
should it become necessary. Following a step-by- step procedure while you are sequencing
applications leads to more successful sequencing sessions.
Set compression to Off, and use the optimal 64-kilobyte (KB) block size. This allows your client
workstations to have the best performance during usage, because they will not have to decompress
the sequenced software.
Use an 8.3 naming convention for the Install path. As previously mentioned, this helps avoid
application short name path conflicts. Make sure each path is unique to all sequenced applications.
Sequence all dependent applications under the same paths.
Always choose the Run from My Computer or Not Available options when you select the method
of installing application components in the Application Setup Wizards. Do not select the Install on
First Use option because this causes the application to search for its install source files. This will not
work because even if the application can find the install source files, the application cannot update
the install on the client.
Disable the applications Automatic Updates option while sequencing occurs. The virtual
environment does not allow you to update the application once it is running on a client. If an update
is unnecessary, you should update it on the Application Virtualization Sequencer by upgrading the
package.
The post installation process completes the application configuration while the Sequencer is still
monitoring the installation process. This provides you the opportunity to open the application and set
the initial startup environment. You can configure default options that you always want end users to
see when they start the application. This may cause the application to access DLLs and other system
items that it did not previously use during the Setup Wizard. This may include application activation.
You also can capture and virtualize this information.
Always reply Yes to reboot requests. The Sequencer detects the reboot task and notifies the
sequencing specialist that it has processed a reboot request. It then continues the installation as if the
reboot had occurred.
Creating a Package by Using the Sequencing Wizard
Key Points
The 4.6 version of the App-V Sequencer displays a splash screen at launch that allows the sequencing
engineer to perform three tasks:
Create a package
Edit a package
Upgrade a package
When you click Create a Package, the Sequencing Wizard launches, and then simplifies the sequencing
process into six major steps, which the following sections detail.
Package Information
As the first step, fill in the package name with any display name that you wish. You also can input
comments, such as the platform on which the application was sequenced and the name of the sequencing
engineer. You also can select to see the Advanced Options page.
Advanced Options
On the Advanced Options page, you can select to allow Microsoft Update to run during monitoring or to
rebase DLLs. Allowing Microsoft Update simply allows the application to update from the Internet if
required. Rebasing DLLs remaps DLL libraries to a contiguous space in RAM, and may save memory and
improve performance. These selections are unselected by default.
Monitor Installation
This page allows you to start the monitoring process. Before you can start the actual application
installation, you need to specify where the application is installed. This is a folder on drive Q. The name of
this folder must adhere to the 8.3 naming convention, but subfolders under it do not. Each application
you sequence must have a separate directory.
After selecting the install folder, you must wait while the virtual environment loads and monitoring can
commence. Then install the application as you would normally install it on the client, and select the folder
that you specified on drive Q as the install destination. During monitoring, the App-V Sequencer adds all
new and changed application components to the application package.
When you finalize the applications installation, you need to return to the App-V wizard, and use the Stop
Monitoring button.
Configure Applications
This page displays the available shortcuts and file type associations for an application. You can edit, add,
or remove the shortcut and file types. For example, if the application is a video player, you may want to
associate many different video file types with the application.
Launch Applications
This phase serves two purposes. For some applications, you might need to perform some configuration at
first launch, such as accepting license agreements. Additionally, the sequencer adds any steps that you
perform during this launch to Feature Block 1. Therefore, the sequencing engineer should perform the
most common actions, such as opening files, creating files, and whatever other actions a normal end user
would most often perform.
Sequence Package
This step completes the sequencing of the application and finishes the wizard. There is no configuration
during this step.
Manually Modifying the Sequencer Package
Key Points
After you create the sequencer package, you can adjust the settings that the wizard creates. You would
typically do this when a package needs special modifications to make it operational in the virtual
environment.
You can view the properties, such as the applications GUID, and edit the package name.
The Deployment tab is one of the most important post-configuration considerations. You must configure
deployment properties such as the protocol, the hostname of the streaming server, the port number, and
the relative path inside the content folder. You can also determine which operating systems are allowed
to receive this virtual application and generate a Windows installer file for the virtual application.
You can view the history of any changes to the package in addition to many other pieces of information
about the package such as Windows version. This information is read-only.
You can edit the Virtual Registry to remove registry data that may not pertain to the application. The
Installation Wizard is preconfigured to ignore changes to certain registry keys. Sometimes, you might
need to configure those changed registry keys, and sometimes other registry keys for the sequencers
other software might change during sequencing.
You can add or remove files from the Virtual File System. This is useful to correct any errors made when
files that are erroneously detected by the installation wizard, are removed to keep the sequenced
application as small as possible.
During sequencing, App-V identifies and sequences a list of embedded services. These embedded services
assist the operation system. You can edit the properties of individual services, such as the startup type,
required by the application.
You can edit the .osd file before App-V incorporate it into the sequenced package. This can be useful if
you need to customize an element of the .osd file, such as defining a dependency for DSC. Refer to
product documentation for details about the different elements with which you can configure the .osd
file.
Post Sequencing Steps

After you finish configuring the package, you must save it to a folder. The folder name you save it to must
have the same name as what you specified in the Path text box in the Package Configuration Wizard. The
.osd file specifies this location in the content folders relative path.
After you save the application, transfer the folder to the content folder on the App-V Server. If you create
an MSI package, you can provide the MSI package to enterprise deployment systems as needed.
Question: What name must you use for the folder into which you save the package?
Demonstration: Sequencing an Application
Key Points
In this demonstration, you will see how to use the sequencing wizard to sequence an application and
configure the applications protocol, port, and path.
1. Launch the App-V sequencer, and create a package.
2. Create a folder on drive Q as the installation folder, and begin monitoring.
3. Install the application drive Q.
4. Stop monitoring, and then click Next.
5. Launch and close the application, and then complete the wizard.
6. In the dialog box, click the Deployment tab, and then configure the protocol as RTSP.
7. Configure the Hostname to match the server name that will host the application.
8. Configure the relative path.
9. Save the package.
10. Open the folder, and then examine the contents.
11. Use Notepad to open the osd file, and then examine the HREF tag.
Lesson 4
Advanced Sequencing Scenarios
When you perform sequencing tasks, some application types require special considerations. For example,
you may have applications that are hard-coded to install on drive C. Additionally, you may need to
upgrade existing sequencer packages, or create a package branch that allows you to upgrade an existing
package, and then run it side-by-side with the original package. You can use several advanced sequencing
techniques in such scenarios, and this lesson describes how to perform them.
Upgrading Existing Packages by Using Active Upgrade
Key Points
Over time, you would need to upgrade applications to newer versions. This is a costly process for most
organizations. Active upgrade provides a method that allows you to apply updates on an existing package
and to redistribute it seamlessly to the client computer. This method does not require a server restart or a
client disconnect from the server. Users continue to use the currently streamed application until they
disconnect. When they reconnect, the updated version streams automatically.
You can accomplish this functionality within the sequencing process by tagging the changed blocks of
code with the new version number. When the client launches the application, App-V compares the version
information within the .sft file to the version on the streaming server, and then downloads only the
required blocks of code to the client.
Important: Active upgrade is not supported for Hypertext Transfer Protocol (HTTP) or Server Message
Block (SMB) streaming. You must change the HREF tag explicitly in the .osd file to point to the location
of the applications new version.
The following steps provide an overview of the active upgrade process:

1. If required, copy the package folder of the application that you are upgrading from the streaming
servers content folder to the sequencer.
2. Launch the sequencer, and the Upgrade a Package Wizard appears.
3. Open the project file of the package that you want to upgrade.
4. Specify the package name for the updated package.
5. If you want to download and install Microsoft Updates for the application, use the Advanced
Monitoring Options page to allow Microsoft Update to update the application as it sequences.
6. Begin monitoring.
7. Install and apply the updates to the application.

8. Stop monitoring.
9. Complete the wizard by configuring shortcuts, adding or removing file type associations as required,
and launching the application.
10. To save the updated package, use the File menu, and save the package. If you need to create an
installer file (.msi), use the Create MSI option in the Tools menu. .
11. Copy the updated package back to the content folder on the streaming server. This overwrites the
original.
12. In the App-V Management Console, right-click the original package, and add a version. Browse to the
new .sft file, which will have the numeral 2 in its file name.
After the Sequencing administrator performs the steps necessary for the package upgrade, App-V saves a
new .sft file, and automatically appends a version identifier to it. You can use this automatic version
controller to ensure that the active upgrade process works seamlessly with users connecting to the
application, and they receive the updated package. This method of upgrade preserves any user
customizations.
Question: How would you upgrade packages that are streaming over HTTP?
Demonstration: Upgrading an Application
Key Points
In this demonstration, you will see how to upgrade an existing application
1. Launch the sequencer, and click Upgrade a Package.
2. Open the sprj file that you want to upgrade.
3. Begin monitoring.
4. Run the upgrade installation file.
5. After installation completes, stop monitoring.
6. Save the package.
7. Open the package folder, and examine the contents. Note that the .sft file now has a 2 at the end of
its name. The entire folder now is copied into the content folder, and has replaced the original folder
on the App-V Server. You have upgraded the original package to a new version, which users will
receive the next time they launch the application.
Editing Existing Packages
Key Points
Occasionally you may wish to make changes to an application package without having to resequence the
entire application. For example, you may need to generate an .msi file for stand-alone clients, or create a
new file type association for an application. The Edit a Package feature allows you to open a package and
make certain types of changes, including:
Editing registry settings.
Adding or removing allowed operating systems.
Generating a .msi file.
Modifying the .osd file.
Adding file type associations.
Viewing package properties.
Renaming shortcuts.
Editing mappings for virtual file systems.
Limitations of Editing
You can perform only limited actions by using this method. Most importantly, you cannot apply updates
to an application, and additionally, you cannot:
Review all associated operating system file properties for a package.
Add additional services.
Add additional files.
Collect and configure associated security descriptors.
Apply security updates or upgrade to a new version.
Add an additional application.

Apply updates that require the application to open.
Apply updates that require the computer to restart.
What Is Package Branching?
Key Points
Package branching allows you to modify an existing package in some way, and then save it as a new
package. The primary advantage of this method is that you can run the upgrade process simultaneously
with the existing version. This allows users to run both versions. Users can test the updated application,
while still having access to the old version. Package branching is useful in the following circumstances:
You can stream upgraded applications versions while still providing access to the previous versions.
You can use complex packages as a baseline for creating new or updated packages.
You can create specialized packages for specific users.
The process for branching is very similar to active upgrade. The difference is at the end of the process.
In active upgrade, you save the new package to overwrite the old one. In package branching, you
perform a Save As at the end of the process. The result of the Save As is essentially a completely new
SFT file. This is a new version of the application and you can import it to the App-V Management
Console.
When you want to branch an existing package, perform the following steps:
Copy the original application package that you want to modify, to a clean Sequencer workstation.
In the Sequencer application, select the File menu, and then click Open. You can then select the
name of the .sprj file to be branched.
Use the Package Configuration Wizard to provide new values for the package name, and path.
Update the HREF tag information on the Deployment tab. You will need to modify the Path
parameter to reflect the name of the new folder you will save the package to). Modify any other
required wizard options.
In the Sequencer application, select the File menu, and then click Save As. Choose a new file name
and Save In location. Be sure to select the check box next to Save As New Package. Provide a
unique Package root directory name and a new Package name.
You will then be prompted with two options:

Open Package. This option opens the package for minor edits, but does not decode the files to
the new Package root directory.
Open for Package Upgrade. This option decodes the files to a new application folder, allowing
you to add updates as needed.
Rename all the .osd files to a new, unique name.
Move the new files to the App-V Management Server, and then import the new package.
Sequencing Hard-Coded Applications
Key Points
You may be able to install certain applications only on the local drive C, while other applications may
provide you with a choice of destination paths during installation. The latter are hard-coded applications.
You can still sequence hard-coded applications, and then stream them to run from the clients virtual
drive (typically drive Q). You can accomplish this by performing a Virtual File System of the install. Note
that during the sequencing of a hard-coded application, the entire application runs from the Virtual File
System.
A high-level view of sequencing a hard-coded application includes the following steps:
1. During the Sequencer installation phase, you create a directory on drive Q for the application to use.
2. During the Monitoring task, you will receive a prompt in which you can select the primary directory
to which you want to install the application. Select both drive Q and the directory that you created
for the application. This causes the App-V Streaming Server to copy the entire applications assets to
the Virtual File System located on drive Q.
3. Let the application install, as required, to drive C.
4. The next sequencing task is the execution phase. During this phase, execute the application from the
virtual drive and root directory that you created during the installation phase. This will order the
blocks of code into units that the App-V Streaming Server will stream to the client in Feature Block 1
or Feature Block 2.
Creating an MSI Package for Stand-Alone Clients
Key Points
For clients that are unable to connect to the streaming server, you can use the stand-alone deployment
model. In this model, you do not configure the App-V Client to connect to any App-V Management
Server delivery system. To deliver the virtual application to the client, you can create an .msi file that you
can deliver by using ESD technologies such as Microsoft System Center Configuration Manager.
The .msi file holds all .osd files, icons, and other information of the packaged application except for the .sft
file that makes up the actual application. The .sft file is not inside the .msi file because of size limitations of
Windows Installer.
The .msi file loads the metadata to the client, and it then uses the SFTMIME.exe utility to add and load the
application from the installation directory to the App-V Client cache. Additionally, you configure the .msi
file to load, by default, the .sft file from the same directory as the .msi file.
Note: For more information on deploying the .msi file, see Configuring a Client for Stand-Alone
Operation in Module 7 of this course.
To create the .msi file, you simply select the Generate Microsoft Windows Installer (MSI) Package
check box on the Deployment tab after the sequencing wizard completes. Then, when you save the
application, the App-V Management Server creates and saves the msi file in the same directory as the rest
of the package files.
You can also generate an .msi file for applications for which sequencing occurred when you opened the
package for editing.
Question: From what location will the msi file attempt to load the application code by default.
Lab: Sequencing Applications for Virtualization
Lab Setup
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-CL1, 10324A-NYC-SRV2, and 10324A-NYC-CL2
virtual machines are running.
3. If required, connect to the virtual machines. Log on to 10324A-NYC-DC1, 10324A-NYC-CL2, and
10324A-NYC-SRV2 as Contoso\Administrator using the password Pa$$w0rd.
Exercise 1: Installing the App-V Sequencer

Scenario
Your organization deploys Windows 7 as a standard desktop operation system. You need to sequence
applications on the same operating system. You have created a clean installation of Windows 7 on a test
computer. Now you will install the sequencing software, and then prepare the second disk to be drive Q.

1. Install the App-V Sequencer.
2. Create drive Q.
Task 1: Install the App-V Sequencer

1. On NYC-CL2, open Windows Explorer, browse to \\NYC-DC1
\E$\Labfiles\Mod09\Sequencer\x86, and then double-click Setup.exe.
2. Perform a default installation of the Microsoft Application Virtualization Sequencer.
Task 2: Create drive Q

1. Open Computer Management.
2. Use Disk Management to create drive Q with the unallocated space.
Results: After this exercise, you should have installed the App-V sequencer and created drive Q.
Exercise 2: Sequencing an Application

Scenario
All your users need to view Microsoft Office Word documents, but you do not want to install a full version
of Office on all computers. You will sequence and deploy a virtual version of Word Viewer 2003.

1. Sequence Microsoft Office Word Viewer 2003.
Task 1: Sequence Microsoft Office Word Viewer 2003

1. On NYC-CL2, open Windows Explorer, and then browse to \\NYC-DC1\E$
\Labfiles\Mod09. Copy the Word Viewer 2003 folder to C:\. Close Windows Explorer.
2. Launch Microsoft Application Virtualization Sequencer. Use the New Package Wizard to create a
package for Wordviewer03 with the following information:
Package Name: WordViewer03
Comments: Sequenced on Windows 7
Click Begin Monitoring
Primary directory: Q:\Word03
3. Navigate to C:\Word Viewer 2003, and then install Wdviewer.exe to Q:\Word03.
4. Click Stop Monitoring.
5. On the Configure Applications page, remove the Microsoft Office 2003 component.
6. Launch the application, and then complete the wizard
7. On the Deployment tab, configure the Protocol to be RTSP.
8. Configure the Hostname to be NYC-SVR2.
9. Configure the Path to be Word03.
10. Save the package to a new folder named Word03 in the Documents folder.
Results: After this exercise, you should have sequenced the Microsoft Office Word Viewer 2003.
Exercise 3: Deploying and Testing the Application

Scenario
To ensure that the application functions correctly, you plan to deploy the Word Viewer application to a
test client and view the results.

1. Copy the application to the Content folder.
2. Import the application.
Task 1: Copy the application to the Content folder

On NYC-CL2, copy the Word03 folder from the Documents folder to
\\NYC-SVR2\Content.
Task 2: Import the application

On NYC-SVR2, launch the Application Virtualization Management Console.
Import the Wordviewer03.sprj file from C:\Content\Word03.
Publish a shortcut to the users desktop.
Grant permission to the AppVUsers group.

Log on to NYC-CL1 as AppVUser1 with a password of Pa$$w0rd.
Launch the Microsoft Office Word Viewer 2003 application.
Use the Help menu to verify the applications version number.
Log off NYC-CL1.
Results: After this exercise, you should have copied the application to the content folder, and then
imported and tested the application.
Exercise 4: Upgrading and Redeploying the Application

Scenario
You know that a security update is available for the Microsoft Office Word Viewer 2003. You already have
deployed the viewer. You must upgrade the package to the new version and deploy the upgrade without
interrupting the current users of the existing version
1. Upgrade the application.

2. Copy the application to the Content folder.
3. Upgrade the package version.
4. Test the deployment.
Task 1: Upgrade the application

On NYC-CL2, launch the Microsoft Application Virtualization Sequencer:
Upgrade a package.
Navigate to the Documents\Word03 folder, open the Wordviewer03.sprj file, and overwrite
the existing destination.
Begin monitoring.
Navigate to C:\Word Viewer 2003, and run the office2003-KB923276-FullFile-ENU.exe
update.
Stop monitoring.
Launch the application, and finish the wizard.
Save the package.
Close the sequencer.

On NYC-CL2, copy the Word03 folder from the Documents folder to
\\NYC-SVR2\Content, thereby overwriting the original folder.
Task 3: Upgrade the package version

Return to NYC-SVR2.
Launch the Application Virtualization Management Console.
Click the Packages node, Use the Add Package Version Wizard to add a version and update the
relative path to the new Wordviewer03_Package.
In the Packages node, click the Wordviewer03 package. Notice that there now are two versions
Task 4: Test the deployment

Log on to NYC-CL1 as AppVUser1.
Launch Microsoft Office Word Viewer 2003.
Use the Help menu to verify the applications version number.
Log off NYC-CL1.
Results: After this exercise, you should have upgraded a sequenced application, copied the application
to the Content folder, upgraded the package version, and tested the deployment.
Exercise 5: Sequencing a Hard-Coded Application

Scenario
You want to deploy the Microsoft Office PowerPoint viewer for those users that need to view or host
presentations, and you know that the PowerPoint viewer is hard coded to install on drive C. You need to
test whether you can sequence this application successfully.
1. Sequence the PowerPoint Viewer.
Task 1: Sequence the Microsoft Office PowerPoint Viewer

On NYC-CL2, launch the Microsoft Application Virtualization Sequencer.
Create a package named PPT with the comment Sequenced on Windows 7.
Click Begin Monitoring.
Create a folder named PPT on drive Q.
Open Windows Explorer, navigate to \\NYC-DC1\E$
\LabFiles\Mod09, and then install PowerPointViewer.exe.
Stop monitoring.
Launch the application, and then complete the wizard.
On the Deployment tab, configure the Protocol to use RTSP and the Hostname to be NYC-
SVR2.
Configure the Port to be 554 and the Path to be PPT.
Save the package to a folder named PPT in the Documents folder.
Results: After this exercise, you should have sequenced a hard-coded application.

following steps:
Review Questions
1. After you upgrade an application by using active upgrade, what task must users perform to receive
the updated application?
2. When performing package branching, what must you do at the end of the sequencing wizard to
create a new package.
3. What prerequisite software do you need to install the App-V sequencer?
Common Issues Related to Sequencing an Application

Identify the causes for the following common issues related to a particular technology area in the module
You used package branching to

create an upgraded version of an
application. Users are unable to see
any shortcuts for the upgraded
version the application.

1. Your environment is a mixture of Windows XP and Windows 7 clients. You want to sequence an
application that will run on both operating systems. Which operating system should you sequence
the application on so that it will have the best chance of functioning correctly?
2. You sequence an application on Windows XP. You deploy that application to users running Windows
7 and Windows XP. The users on Windows XP receive the application, but none of the Windows 7
computers has received it. What might be the issue?
3. You have deployed version 1 of an application, but version 2 now is available. You want to deploy it
to your users, and you must ensure that their personal settings from the applications current version
carry over to the new version. How do you accomplish this?
Best Practices Related to Sequencing Applications

When sequencing, if the client machine to which you are deploying an application has user account
control (UAC) enabled, then you must ensure that you enable it on the sequencing machine.
Use the Comments field in the sequencer (Abstract Tag) to add any details about the package you
may want to include. This will allow you to revisit the sequence later and have a record of this
information.
Use the Application Wizard to launch each executable in a suite of applications. This will ensure that
each application will have the required initial launch data on the App-V Client.
Ensure that you perform all the common tasks that will be part of Feature Block 1 during the launch
phase of sequencing the application.
Processes and scheduled tasks that normally run on your computer, such as antivirus software, can
slow down the sequencing process and cause the gathering of unnecessary data during sequencing.
You should shut down these programs before you begin sequencing.
Configuring Remote Desktop Services and RemoteApp 10-1
Module 10
Configuring Remote Desktop Services and RemoteApp
Contents:
Lesson 1: Overview of RDS 10-3
Lesson 2: Publishing RemoteApp Programs by Using RDS 10-13
Lesson 3: Accessing RemoteApp Programs from Clients 10-27
Lab: Configuring RDS and RemoteApp Programs 10-42
Module Overview
Remote Desktop Services (RDS) provide a form of virtualization known as presentation virtualization.
Although you connect to a remote desktop or to individual remote applications, your experience is similar
to running local applications on your computer. RDS features such as device redirection, single sign-on
(SSO), and Remote Desktop (RD) Easy Print mean that it is not easy to distinguish between whether you
are using remote or local applications.
This module provides an overview of RDS and related role services, and the procedures for connecting to
an RD Session host. The module also describes RemoteApp programs and the methods for accessing
them. The module also explains how to use RD Gateway to access RDS infrastructure securely from an
external network.
Lesson 1
Overview of RDS
RDS is the new version of Terminal Services and it is a Windows Server 2008 R2 server role. Users can
access session-based desktops, virtual machine based desktops and remote applications from anywhere.
Clients connect to an RDS server by using Remote Desktop Protocol (RDP). RDP 7.0 provides improved
and new features, such as Windows Media redirection, Windows Aero Glass support, and true
multimonitor support. To benefit from the new and improved RDP features, you must use the Remote
Desktop Connection (RDC) 7.0 client, which is in Windows 7 and Windows Server 2008 R2. You also can
download the RDC 7.0 client for Windows XP Service Pack 3 (SP3), Windows Vista Service Pack 1 (SP1),
and newer operating systems.
What Is RDS?
Key Points
RDS, formerly known as Terminal Services, provides technologies that enable you to access session-based
desktops, virtual machine-based desktops, and remote applications that are running on centralized
servers. You can establish secure connections from a local network or from Internet. RDS provides a rich
desktop and application experience and you can connect securely from managed or unmanaged devices.
RDS provides the following capabilities:

You can run an application or a full desktop in one location, and you can control the applications or
desktops from another remote location.
You can maintain the installation and management on centralized servers in the data center. An RDS
server delivers screen images to users, and then users client machines send keystrokes and mouse
movements back to the RDS server.
You can present users with a full desktop environment or with the individual applications window and
data that they require for their job.
Remote RDS applications integrate seamlessly with the user local desktop. They look, feel, and behave
as if they are local applications.
RDS enables secure remote access to an entire desktop, remote application, or virtual machine
without establishing a virtual private network (VPN) connection.
You can centrally control which users can access RDS servers, as well as which RDS servers that users
can access, and additional configuration, such as device redirection settings.
There are many benefits of using RDS instead of running an application on local computer. These benefits
include:
Application deployment. You can quickly deploy Windows-based programs to various devices across
an enterprise. RDS is especially useful when you have programs that are frequently updated,
infrequently used, or difficult to manage.
Application consolidation. You can run and install programs from an RD Session Host server, and
eliminate the need for updating programs on each client computer.
Remote access. Users can access remote programs from devices such as home computers, kiosks, low-
powered hardware, and operating systems other than Windows.
Branch office access. RDS provides better program performance for branch office users who need
access to centralized data stores. Data-intensive programs often are not optimized for low-speed
connections, and such programs often perform better over an RDS connection than a typical wide
area network (WAN).
Question: How is RDS different from Remote Desktop?

RDS Role Services
Key Points
The RDS role provides six role services, which have new names in Windows Server 2008 R2, and which
provide additional and improved features. RDS in Windows Server 2008 R2 introduces a new role service,
known as RD Virtualization Host. You use it in VDI scenarios to provide users with access to virtual
desktops.
The RDS role includes the role services that the following sections detail.
RD Session Host
You require the RD Session Host server role to enable RDS. The RD Session Host server runs Windows-
based programs and provides users with remote access to these programs or the full Windows desktop.
Users can connect to an RD Session Host server by using RDP, and then can run programs, save files, and
use network resources on that server.
RD Licensing
To use RDS, you must deploy an RD licensing server in your environment. When a client, either a user or a
device, connects to an RD Session Host server, the RD Session Host server determines if an RDS Client
Access License (CAL) is necessary. You can use RD Licensing to install, issue, and track the availability of
RDS CALs. For small deployments, you can install the RD Licensing and RD Session Host role service on the
same server.
Note: You must configure RD licensing mode within 120 days of adding the RD Session Host role
service, or RDS stops working.
RD Connection Broker
The RD Connection Broker role service provides load balancing and session reconnection services for RDS
sessions. When users connect to an RDS environment, and you deploy RD Connection Broker in the
environment, RD Connection Broker can balance the client connections across the available RD Session
hosts, and can reconnect clients to the same session host if the client is disconnected. RD Connection
Broker also connects users to the appropriate virtual machine in a VDI deployment.
RD Gateway
RD Gateway is an optional role service in an RDS deployment. RD Gateway enables remote users to access
applications running on session hosts by tunneling RDP traffic through Hypertext Transfer Protocol Secure
(HTTPS). This means users outside the company network can securely access the RDS environment without
first establishing a VPN.
RD Web Access
RD Web Access provides a user with an aggregated view of remote applications and desktop connections
via a Web browser or through the Start menu on Windows 7 computers. Using RD Web Access, a user can
view all remote applications and virtual desktops (personal virtual desktops and virtual desktop pools)
published to that user.
RD Virtualization Host
RD Virtualization Host integrates with the Microsoft Hyper-V role to host virtual machines and provide
them to users as virtual desktops. You can assign a unique virtual desktop to each user in your
organization or provide them shared access to a pool of virtual desktops.
Question: What is the new RDS role service that is included in RDS?
Client Experience Features with RDS
Key Points
Windows Server 2008 R2 enhances the Remote Desktop client experience for computers that are running
Windows 7, Windows Server 2008 R2 or RDC 7.0 clients. These enhancements improve the experience of
remote users by providing a look and feel similar to what users experience when they access resources
locally.
The following enhancements are available to Remote Desktop users when they connect to an RD Session
Host server:
Windows media redirection. This feature provides high-quality multimedia by redirecting Windows
media files and streams so that servers can send audio and video content in its original format to the
client, and render the content by using the clients local media playback capabilities.
True multimonitor support. This feature enables support for up to 16 monitors in any size, resolution,
or layout. The applications function just as they do when they run locally in multimonitor
configurations.
Audio input and recording. This feature supports any microphone connected to a users local
computer. It enables audio recording support and speech recognition for RemoteApp and Remote
Desktop. This may be useful for organizations that use voice chat or Windows Speech Recognition.
Aero Glass support. This feature provides users with the ability to use the Aero Glass for client
desktops, ensuring that the Remote Desktop sessions look and feel like local desktop sessions. You
must connect from Windows 7 or Windows Server 2008 R2 client to take advantage of the Aero Glass
support.
Enhanced bitmap redirection. This feature improves the remote display of three-dimensional (3D) and
other media-rich applications, such as Adobe Flash and Microsoft Silverlight on the server.
Improved audio and video synchronization. RDP improvements provide closer synchronization of
audio and video.
Language bar redirection. This feature provides users with the ability to control the language settings
easily and seamlessly in RemoteApp programs by using the language bar.
Task scheduler. This feature ensures that scheduled applications never appear to users connecting
with RemoteApp and reduces user confusion.
Windows Server 2008 R2 and Windows 7 include RDC 7.0, and it is available for Windows XP SP3,
Windows Vista SP1, Windows Embedded Standard 2009, Windows Embedded POSReady 2009, and
newer operating systems.
Question: Are enhanced features that RDP 7.0 provides available just on Windows 7 and Windows Server
2008 R2 clients?
Overview of the RDC Client
Key Points
Windows clients connect to RD Session Host by using RDC client. RDC is included with the Windows
operating system and uses RDP to transfer user actions, mouse movements, keyboard inputs, and
redirected devices to the RD Session Host and graphical display from RD Session Host to the RDC client.
The RDC client can display the entire remote desktop or just the window of the running remote
application (RemoteApp program).
RDC is available in the Accessories folder in the Start menu, and it has the following configuration tabs:
General. On this tab, you can specify the RD Session Host server to which a user can connect and
user credentials. You also can save RDC connection settings in a text file with an .rdp extension.
Display. On this tab, you can choose the size of the remote desktop window, including the option to
run the remote desktop in full screen mode. You can select to use all local monitors for the remote
session, select color depth, and enable connection bar when the remote desktop is running in full
screen mode.
Local Resources. On this tab, you can set remote audio settings, such as whether you want to enable
remote audio playback and recording. You also can specify the location where Windows shortcuts are
applied, and whether local devices and resources in remote session are available. For example, you
can enable the option to make clipboard, local drives and printers, and devices that you plug in later
available in the remote session.
Programs. On this tab, you can specify the program that will start when you connect to the remote
computer. When you close the program, your session will log off.
Experience. On this tab, you can select the connection speed to optimize performance. You can
enable different features such as:
Desktop background
Font smoothing or visual styles in RDC
Automatic reconnect if the connection is dropped

Advanced. On this tab, you can configure server authentication and connect from anywhere settings.
For example, you can specify if you want to use RD Gateway and then configure its settings.
Note: We do not support Aero Glass for connections for which you enable multiple monitor support.
In this scenario, Aero Glass support is turned off.
Demonstration: Establishing a Remote Desktop Connection
Key Points
To establish a remote desktop connection, you must add the RDS role to the remote server and you must
have RDC, which is already included in the Windows operating system. Your user account must also be a
member of Remote Desktop Users group on the remote server or has appropriate user rights. You can
establish a remote desktop connection by running the RDC client, and then configuring the desired
options or loading them from the saved .rdp file.
In this demonstration, you will see how to establish a remote desktop connection.
1. On the NYC-DC1 server, verify that Remote Desktop is enabled.
2. On the NYC-CL1 computer, start the RDC client and review its options.
3. On NYC-CL1, in the RDC client, configure the display resolution to 800 x 600 and NYC-DC1 as the
computer to which you want to connect, and then save the settings to a file.
4. Open the RDC configuration file, and then review the settings.
Lesson 2
Publishing RemoteApp Programs by Using RDS
When you install an RD Session Host server, users can access the entire remote desktop, including the
Start menu and all installed applications. However, on an RD Session Host server, you can publish
individual applications and make them available to remote users, without providing the user access to the
full remote desktop. Those published remote applications are called RemoteApp programs, and they
integrate seamlessly with local applications that run on the client. You can list remote applications on the
RD Web Access Web page and by using RemoteApp User Assignment, and you can make remote
applications visible only for selected users.
What Are RemoteApp Programs?
Key Points
In previous versions of Windows Server, when you connect to Terminal Server, you always access the full
remote desktop. Full remote desktop looks similar to the local desktop and you could easily be confused
between the local and remote environments. In Windows Server 2008 and newer versions, users have the
option to choose between a full remote desktop and an individual remote application window. The
individual application window integrates with the client desktop, runs in its own resizable window, and
has its own entry in the taskbar. If the remote application uses a notification area icon, this icon appears in
the client's notification area. RDS redirects the dialog boxes and other windows to the local desktop. You
also can redirect local drives and printers can be redirected and make them available in the remote
applications. The applications that run on the RD Session Host server and appear as if they were running
on the local computer are called RemoteApp programs. Users might not be aware that RemoteApp
programs are running remotely and such programs run side by side with locally installed applications. If
you run more than one remote application on the same RD Session Host server, RemoteApp programs
share the same RD session.
There are several scenarios where RemoteApp programs are especially useful:
Remote users: Users often need to access applications from remote locations, such as while working
from home or while traveling. RemoteApp programs allow these users to access these applications
over an Internet connection. Using RemoteApp programs with RD Gateway helps ensure secure
remote access to the applications. Additionally, you can choose to allow users to access remote
applications through a Web page or integrate the applications on the Start menu of Windows 7 users
with RD Web Access.
Line of Business applications deployment: Companies often need to run consistent Line of Business
(LOB) applications on computers that are running different Microsoft Windows versions and
configurations. Instead of deploying the LOB applications to all the computers in the company, you
can install applications on a RD Session Host server and make them available as RemoteApp
programs.
Roaming users: In some companies, a user may work on several different computers. If users are
working on a computer where the application is not installed, they can access the application
remotely through RDS.
Branch offices: In a branch office environment, there may be limited local IT support and limited
network bandwidth. By using RemoteApp programs, you can centralize management of applications
and improve the performance of remote applications in limited bandwidth scenarios.
To access RemoteApp programs, you must be using at least RDC 6.0 and to access RemoteApp programs
through RD Web Access, you must be using RDC 6.1 or newer.
Process for Publishing RemoteApp Programs
Key Points
Before you can access and run RemoteApp programs, you must first configure the server to host them,
make them available, and then allow RDP user connections to the server. Because you run RemoteApp
programs on the RD Session Host server, you must first add the RDS role to the server, and then add the
RD Session Host role service. After that, you need to install the applications that will be available as
RemoteApp programs, such as Microsoft Office suite.
Note: If you have programs that have dependencies on each other, you should install the programs on
the same RD Session Host server. For example, you should install Microsoft Office as a suite on the
same server instead of installing individual Office programs on separate RD Session Host servers.
When you add the RD Session Host role service, you enable remote desktop connections by default, even
if they were not enabled before. If users or groups need to connect to the RD Session Host server to
access Remote Desktop or run RemoteApp programs, then you must add them to the Remote Desktop
Users group or grant them privileges to Allow log on through Remote Desktop Services.
After you prepare the RD Session Host server, you can use RemoteApp Manager to manage RemoteApp
programs. To make a RemoteApp program available, you must add the program to the RemoteApp
Programs list.
Note: The Choose programs to add to the RemoteApp Programs list page displays the same
programs that the All Users Start menu on the RD Session Host server contains. If the program that
you want to add to the RemoteApp Programs list is not visible in Choose programs to add to the
RemoteApp Programs list, click Browse, and then specify the location of the program's .exe file.
Note: In Windows Server 2008 R2, you can install Windows Installer packages normally on the RD
Session Host server, and then propagate the per-user install settings correctly. This removes the need
to put the server in install mode.
You can configure global deployment settings that apply to all RemoteApp programs in the RemoteApp
Programs list. Windows uses these settings by default if you create .rdp files or Windows Installer
packages from any of the listed RemoteApp programs. These global deployment settings include:
RD Session Host server settings
RD Gateway settings
Common RDP settings
Custom RDP settings
Digital signature settings
Question: Which RDS role service do you require to publish a RemoteApp program?
Distribution Options for RemoteApp Program Links
Key Points
You can distribute links to RemoteApp programs in different ways. One of the options is to use RD Web
Access, where you can control visibility of the RemoteApp programs by using RemoteApp User
Assignment. You can also specify if a RemoteApp program is available through RD Web Access or not.
Other distribution options include creating and copying a .rdp file that connects and starts a remote
application or creating and deploying a Windows Installer package that installs a link to the RemoteApp
program. By using one of these two methods, you can specify additional settings, such as the RD Session
Host server or the RD farm to which a user should connect to run a RemoteApp program, as well as the
RD Gateway that is used when users run the RemoteApp program over a public network. When you create
a Windows Installer package, you also can specify if you want to associate file extensions with a
RemoteApp program.
You can use RemoteApp Manager on the RD Session Host server to create and configure an .rdp file or a
Windows Installer package for a RemoteApp program. This creates an .rdp or .msi file in the local
Packaged Programs folder, and you can deploy them to the clients by using one of the following
methods:
Copying the .rdp file or installing the .msi file
Using Group Policy
Configuring Group Policy preferences
Using a software distribution system, such as Microsoft System Center Configuration Manager
Depending on the deployment method that you use, you can run RemoteApp programs by:
Clicking a link to the program on RD Web Access Web site
Double-clicking a .rdp file (which could be available locally or on file share)
Double-clicking a program icon on the desktop or in the Start menu
Double-clicking a file with a file extension that is associated with the RemoteApp program
Question: Why would you distribute links to published RemoteApp programs to your users?
Functions of the RD Connection Broker
Key Points
RD Connection Broker enhances the user experience when connecting to RD Session Hosts that are part
of a load-balanced farm. RD Connection Broker supports load balancing and reconnection to existing
sessions on virtual desktops, Remote Desktop sessions, and RemoteApp programs. RD Connection Broker
also aggregates a list of available RemoteApp programs and virtual desktops from multiple servers.
RD Connection Broker keeps track of user sessions in a load-balanced RD Session Host server farm. The
RD Connection Broker database stores session information, including the name of the RD Session Host
server where each session resides, as well as the session state, session identifier (ID), and the user name
associated with the session. RD Connection Broker uses this information to redirect a user who has an
existing session to the RD Session Host server where the users session resides.
If a user disconnects from a session intentionally or because of a network failure, the applications that the
user is running will continue to run on the RD Session Host server. When the user reconnects, the Remote
Desktop client queries the RD Connection Broker to determine whether the user has an existing session,
and if so, on which RD Session Host server. If there is an existing session, RD Connection Broker redirects
the client to the RD Session Host server where the session exists.
The RD Connection Broker load balancing feature enables you to distribute the session load between
servers in a load-balanced RDS server farm. When a user without an existing session connects to an RD
Session Host server in the load-balanced RD Session Host server farm, RD Connection Broker load
balancing redirects the user to the RD Session Host server with the fewest sessions. If a user with an
existing session reconnects, RD Connection Broker load balancing redirects the user to the RD Session
Host server where the users existing session resides. To distribute the session load between more
powerful and less powerful servers in the farm, you can assign a relative server-weight value to a server.
To participate in an RD Connection Broker farm, the RD Session Host server must be a member of the
following:
An Active Directory Domain Services (AD DS) domain
The Session Broker Computers local group on the RD Connection Broker server
A load-balanced RD Session Host server farm
Note: To avoid a single point of failure, you can configure the RD Connection Broker role service in
the Windows Server 2008 R2 failover cluster.
Question: Is it necessary to use RD Connection Broker if you want to list RemoteApp programs from
multiple sources on the RD Web Access Web page?
What Is Remote Desktop Web Access?
Key Points
RD Web Access is the RDS role service that provides a single place to list available RemoteApp programs,
remote desktops, and virtual desktops. You can access RD Web Access from a Web browser. Then, on
Windows 7 clients, you can integrate the list of available resources with the Start menu by using
RemoteApp and Desktop Connections. When you install RD Web Access, Web Server, or Microsoft
Internet Information Services (IIS), also is installedas a required component.
Benefits of using RD Web Access include:
Authorized users can quickly access a list of available RemoteApp programs, remote desktops, and
virtual desktops from anywhere, on the Web page.
You can modify the list of available resources easily without the need to distribute, install. and
uninstall applications on the local computers.
RD Web Access provides a simple out-of-the box solution, while providing an infrastructure that can
be used for more complex scenarios.
Users can launch the RDC client from the RD Web Access Web site, which enables users to connect
remotely to the desktop of any computer where they have Remote Desktop access.
Note: RD Web Access does not require Windows 7 clients, but to establish a connection, the client
computers must be using RDC 6.1 or newer, and Internet Explorer 6 or newer.
When a user starts a RemoteApp program, an RDS session also starts on the RD Session Host server that
hosts the RemoteApp program. When a user connects to a virtual desktop, the RD Session Host Server
makes a RDC to a virtual machine that is running on a RD Virtualization Host server.
Note: RD Web Access only provides a link to launch RemoteApp programs or to connect to a Remote
Desktop session. RD Web Access does not proxy the client request. For the user to run the application,
or connect to the virtual machine or remote desktop, the client must be able to communicate with the
RD Session Host server, the RD Virtualization Host server, or with the computer on which you enable
the remote desktop.
Question: Why would you use RD Web Access?

What Is RemoteApp User Assignment?
Key Points
RDS introduces the RemoteApp User Assignment feature in Windows Server 2008 R2, and it provides you
with the ability to configure a personalized list of RemoteApp programs. Before this feature became
available, the same list of RemoteApp programs and Desktop Connections was available for all users. With
RemoteApp User Assignment, each user gets a personalized list, which displays the users available
RemoteApp programs, desktop connections, and virtual desktops.
You can implement the RemoteApp User Assignment feature by adding an access control list (ACL) to the
RemoteApp program link. When a user logs on to RD Web Access, it obtains from the RD Session Host
servers the list of available RemoteApp programs for the user or group of which the user is a member. If
you configure RD Web Access to obtain the list of available RemoteApp programs from one or more RD
Session Host servers, RD Web Access directly queries the servers. If you configure RD Web Access to
obtain the list of available RemoteApp programs from RD Connection Broker, the RD Connection Broker
server queries the RD Session Host servers, and then filters the list of RemoteApp programs. By default,
when you publish RemoteApp program, all users can see the published RemoteApp program. You can
change the User Assignment through RemoteApp program properties or by using Windows PowerShell.
Here are some factors to consider when you are establishing a RemoteApp User Assignment:
You can assign the RemoteApp programs only to domain users or domain groups, not local users or
local groups.
The computer that performs the check of a users credentials against the RemoteApp User
Assignment settings must be a member of the domains Windows Authorization Access Group or be
joined to a domain that is running in Windows 2000 compatibility mode.
Note: RemoteApp User Assignment is not a security feature. It is a discoverability mechanism. There
are other ways to secure access to an RD Session Host server, and the RemoteApp User Assignment
feature does nothing to change or improve upon these methods This feature only helps reduce the
number of unnecessary applications that display to users.
Question: Why would you use RemoteApp User Assignment?

Demonstration: How to Publish RemoteApp Programs
Key Points
In this demonstration, you will see how RD Web Access can retrieve and aggregate a list of available
RemoteApp programs from multiple RD Session Host servers. You also will see how to assign RemoteApp
program to a user or group.
1. On the NYC-SVR1 server, configure RD Web Access to retrieve the aggregated list of RemoteApp
programs from the NYC-SVR1 and NYC-DC1 servers.
2. Publish Calculator and Paint as RemoteApp programs on NYC-DC1.
3. Publish Notepad and WordPad as RemoteApp programs on NYC-SVR1.
4. On NYC-SVR1, on the RD Web Access page as administrator verify the available RemoteApp
programs.
5. On the NYC-SVR1, assign the WordPad RemoteApp program to contoso\ruser.
6. On NYC-SVR1, refresh Internet Explorer, and then verify that WordPad is not listed.
Lesson 3
Accessing RemoteApp Programs from Clients
If you configure RemoteApp programs properly, you can seamlessly integrate these programs and users
usually cannot distinguish between RemoteApp programs and local applications. You can access
RemoteApp programs in different ways: via the RD Web Access Web site, by using the .rdp file, by clicking
on the installed RemoteApp icon, by opening file with extension associated with RemoteApp program, or
by running it from Start menu. When you configure additional options, such as a trusted .rdp publisher,
SSO, and device redirection, user experience with RemoteApp programs is almost identical to locally
running applications. With the RD Easy Print feature, printing from remote applications is similar to
printing from local applications.
When you configure and use RD Gateway, you can access RemotaApp programs from anywhere. RDP
protocol provides security by encrypting the traffic, but RD Gateway provides additional level of security,
by encapsulating and encrypting RDP traffic inside HTTPS packets. RD Gateway enables secure access to
RDS servers from a public network, without first establishing a VPN connection.
Accessing RemoteApp Programs on RD Web Access
Key Points
When you log on to RD Web Access, RD Web Access displays the list of available RemoteApp programs.
You can start RemoteApp programs from the RD Web Access Web page, but you should be aware that
you use RDC to connect to the RDS server. RD Web Access provides links only to start the remote
applications. You can also start a full remote desktop session from RD Web Access or connect to a virtual
desktop, when the VDI infrastructure is in place. You use the HTTP protocol for connecting to RD Web
Access Web site and the RDP protocol to connect to remote applications or remote desktops.
When you start a RemoteApp program in the default configuration, you will see a warning that the
publisher of the RemoteApp program cannot be identified, and that you must decide if you want to
continue. This is because the .rdp files are unsigned. To avoid this warning, you must configure the digital
signature settings, and then specify a trusted digital certificate on the RD Session Host server. However,
even when you configure digital signing, users will continue to receive notifications when they run
RemoteApp programs. The only way to avoid notifications is to configure thumbprints of the trusted .rdp
publisher certificates in Group Policy.
You also receive a prompt to enter your user credentials. Even when you are logged on to the domain
account, you need to provide credentials for running a RemoteApp program. You can avoid this prompt
by configuring SSO. This lesson details SSO later.
After the RemoteApp program starts, its look and feel is similar to a locally installed application. You can
recognize a RemoteApp application by the (Remote) suffix in Task Manager and the slightly modified
icon on the taskbar.
Question: How is running a RemoteApp program in default configuration different from running a locally
installed application?
What Is RemoteApp and Desktop Connections?
Key Points
In Windows Server 2008 R2, RDS provides the ability to group and personalize RemoteApp programs, as
well as virtual desktops, and make them available on the Start menu of a computer that is running
Windows 7. This feature is known as RemoteApp and Desktop Connections.
RemoteApp and Desktop Connections works with a new feature of RD Web Access--the RemoteApp and
Desktop Connections feed. Instead of presenting RemoteApp programs in the form of a Web page, this
feed presents the programs in the form of an XML document, which it parses and displays on the Start
menu of the Windows 7 or Windows Server 2008 R2 client. With RemoteApp and Desktop Connections,
you subscribe to a feed of RemoteApp programs by providing the client with the feeds URL, typically in
the form of https://contoso.com/RDWeb/Feed/webfeed.aspx. Then, it updates and places a list of
published resources automatically in the users Start menu.
The RemoteApp and Desktop Connections feature offers several benefits, which include:
RemoteApp programs launch from the Start menu, just like a locally installed application.
Published RDCs and virtual desktops are included together with RemoteApp programs on the Start
menu.
Changes to the available resources, such as newly published RemoteApp programs, update
automatically.
Users can access and launch RemoteApp programs easily with Windows Search.
RemoteApp and Desktop Connections does not require domain membership for client computers.
RemoteApp and Desktop Connections is built on standard technologies, such as XML and HTTPS,
which makes it possible for developers to build solutions around it.
You can create a client configuration file (.wcx) in the Remote Desktop Connection Manager console and
distribute it to the users. You can also write and distribute a script to run the client configuration file
automatically, so that RemoteApp and Desktop Connections is set up automatically when the user logs on
to a Windows 7 computer.
Note: If users are not running Windows 7, they can access resources available through RemoteApp
and Desktop Connections from a Web browser, by signing on to the RD Web Access server.
Note: If you require Secure Sockets Layer (SSL) for clients to access the RD Web Access server and you
deploy RemoteApp and Desktop Connections, you must install a certificate that client computers trust
on the RD Web Access server. If the clients do not trust the certificate, the updates from the RD Web
Access server will fail.
Demonstration: Accessing RemoteApp Programs
Key Points
In this demonstration, you will see how to access a RemoteApp program by using RD Web Access Web
page and locally available RemoteApp program link. You will also see how to package and distribute links
for RemoteApp programs.
1. On NYC-CL1, navigate to the RD Web Access Web page as contoso\ruser.
2. Start the Notepad RemoteApp program, compare it with the local application, and then close it.
3. On the NYC-SVR1 server, create a Windows Installer package for the WordPad RemoteApp program.
Select to associate client extensions with this RemoteApp program, and share the folder to which the
Windows Installer package is saved.
4. On NYC-CL1, run the Windows Installer package from the share.
5. On NYC-CL1, create a file with a .docx extension. Double-click it, and verify that it opens in the
WordPad RemoteApp program.
Question: What is the benefit of using the Windows Installer package to distribute RemoteApp programs
instead of using an .rdp file?
What Is SSO?
Key Points
SSO is an authentication method that allows domain users to log on once, using a password or a smart
card, and then gain access to remote servers without having to enter their credentials again. If you use the
same user account on your local computer and RD Session Host server, enabling SSO will allow you to
connect to RD Session Host server seamlessly, without having to type your password again. You typically
use SSO when you deploy line-of -business (LOB) applications or centralized applications.
Due to lower maintenance costs, many companies prefer to install their LOB applications on an RD
Session Host server, and then make these applications available as RemoteApp programs or through
remote desktop. SSO makes it possible to give users a better experience by eliminating the need for them
to enter credentials every time they initiate a remote session.
To implement the SSO functionality in RDS, ensure that you meet the following requirements:
Users can use SSO for remote connections only from a Windows XP SP3 or newer operating system to
connect to a Windows Server 2008 Terminal Server or Windows Server 2008 R2 RDS Session Host.
If the server to which you are connecting cannot be authenticated via Kerberos or SSL certificate, SSO
will not work.
If you have saved credentials for the target machine, they take precedence over the current
credentials.
If the terminal server is configured to Always prompt or RDP file setting Always prompt, then SSO will
not work.
User accounts that are used for logging on have appropriate rights to log on to both the RD Session
Host and the Windows client.
The client computer and RD Session Host must be joined to a domain.
Note: You can enable SSO by using domain or local Group Policy. You should configure the Allow
Delegating Default Credentials setting in the Computer part of Group Policy.
Question: What is the advantage of using SSO when you start a RemoteApp program?
What Is Device Redirection?
Key Points
When you configure device redirection, you can use the redirected device in a remote desktop session.
You can redirect most devices, including printers, smart cards, serial ports, drives, Plug and Play devices,
media players based on the Media Transfer Protocol (MTP). You can redirect digital cameras based on the
Picture Transfer Protocol (PTP). When the user connects to the RD Session Host server, the Plug and Play
device that is redirected automatically installs on the remote RDS server and Plug and Play notifications
appear in the notification area on the remote computer. If you select the Devices that I plug in later
check box in the RDC client, the Plug and Play device is installed on the remote computer when you
connect the device in the local computer during the remote desktop session. After RD Session Host server
installs the redirected Plug and Play device on the remote computer, the Plug and Play device is available
for use in a session. For example, if the digital camera is redirected, you can access it from Scanner and
Camera Wizard on the remote computer in the Remote Desktop session.
Plug and Play device redirection is not supported over cascaded RDCs. This means that when you connect
remotely to one RD Session Host server, and from within that session you connect to another RDS server,
the second connection is cascaded. For example, you can redirect, and then use, a Plug and Play device
attached to your local computer when you connect to a remote computer. However, if you connect to a
second remote computer from the first one, you cannot redirect and use the Plug and Play device with
the second computer.
Note: Due to security restrictions, you cannot copy a file from a remote computer to the root folder of
a drive on the computer unless you are logged on using the default computer administrator account.
Note: You can control device redirection by using Group Policy settings.
Question: Can you redirect only the devices that are connected locally when you establish a remote
connection?
Demonstration: Using Device Redirection
Key Points
In this demonstration, you will see how to use the device redirection feature.
1. On NYC-CL1, establish an RDC as Administrator to the NYC-DC1 server, without redirecting the
printers to the session.
2. Verify that the local drives are redirected and available in the remote session. Assess the redirected C:
drive.
3. Verify that the files are on the local drive C, and then log off the RDC.
What Is RD Easy Print?
Key Points
The RD Easy Print feature enables you to print from a RemoteApp program or from a Remote Desktop
session to the local or network printers that you configure on the client computer, without having to
install printer drivers on the RD Session Host server. The RD Easy Print feature uses the print drivers
installed locally on the client to print from a RD session, which results in a consistent printing experience
between local and remote sessions.
When you print from the RD session to a local printer, you can see the full printer properties dialog box
from the client and you can access all of the printer functionality. RD Easy Print universal driver acts as a
proxy and redirects all printing-related work to the client, even if the drivers are not available on the RD
Session Host server. RD Easy Print renders the document to be printed in XPS format on the RD Session
Host server and then transfers it to the client, where the local print driver prints the document. Since you
can create and print XPS documents on x86 and x64 platforms and are platform-independent, there are
no cross-platform compatibility issues when using RD Easy Print.
You can use Group Policy to configure RD printer redirection options, such as limiting the number of
printers that are redirected to just the default printer or using the RD Easy Print printer driver first.
To use the RD Easy Print feature, clients must run the RDC 6.1 or newer and have at least Microsoft .NET
Framework 3.0 Service Pack 1 installed. Both of these components are included with the current Windows
operating systems and are available for download for Windows Vista and earlier client operating systems.
Accessing RemoteApp Programs from an External Network
Key Points
RD Gateway is a role service in the RDS role that allows authorized remote users to connect to RD Session
Host and remote desktop computers that you host behind firewalls on private networks and across
Network Address Translation (NAT) devices. More specifically, RD Gateway enables authorized remote
users to connect to terminal servers, RD Session Host servers, and remote desktops on the corporate
network from any Internet-connected device that is running RDC 6.0 or newer. RD Gateway tunnels all
RDP traffic over HTTPS to provide a secure, encrypted connection. All traffic between the users client
computer and RD Gateway is encrypted while in transit over the Internet.
When the perimeter network receives data through an external firewall, RD Gateway decrypts HTTPS and
contacts the domain controller to authenticate the connection. RD Gateway also contacts the network
policy server to verify if the user can cross the gateway and contact the RDS host. If the user receives
validation, and the connection is allowed, RD Gateway passes the RDP traffic to the destination host and
establishes a security-enhanced connection between the user who sends the data and the destination
host.
RD Gateway eliminates the need to configure VPN connections, enabling remote users to connect to the
corporate network through the Internet, while providing a comprehensive security configuration model
that enables you to control access to specific resources on the network. The RD Gateway Management
snap-in console provides a single, one-stop tool that enables you to configure policies to define
conditions that users must meet to connect to resources on the network.
RD Gateway:
Provides a comprehensive security configuration model that enables you to control access to specific
internal network resources.
Provides a secure and flexible RDP connection that allows users to access resources to which their
RDP host has access, and prevents remote users direct network connectivity to all internal network
resources. This helps protect the internal resources.
Enables remote users to connect to internal network resources that are hosted behind firewalls on
private networks and across NAT devices.
Enables you to configure authorization policies to define conditions for remote users to connect to
internal network resources by using RD Gateway Manager.
Enables you to configure RD Gateway servers and Remote Desktop clients to use Network Access
Protection (NAP) to enhance security.
Provides tools to help you monitor the RD Gateway connection status, health, and events. By using
RD Gateway Manager, you can specify events such as unsuccessful connection attempts to the RD
Gateway server that you want to monitor for auditing purposes.
Question: In which situations would you use RD Gateway?

Demonstration: Configuring RD Gateway
Key Points
To function correctly, RD Gateway requires that you install, and run, several other Windows Server 2008
R2 role services and features. When you install the RD Gateway role service, the required server roles and
services are installed and started automatically, if they are not already installed.
In this demonstration, you will see how to configure the RD Gateway by performing following steps:
Install the TS Gateway role service.
Obtain and configure a SSL certificate for the RD Gateway server.
Create a Remote Desktop connection authorization policy (RD CAP).
Create a Remote Desktop resource authorization policy (RD RAP).
Limit the maximum number of simultaneous connections though RD Gateway (optional).
1. On the NYC-SVR1 server, configure RD Gateway to use the external.contoso.msft digital certificate.
2. On the NYC-SVR1 server, create a new Connection Authorization Policy, and then name it
Authorized Remote Users.
3. Allow RD Users to connect through RD Gateway, and accept default options for other settings.
4. On the NYC-SVR1 server, create a new Resource Authorization Policy, and then name it
Authorized Target Computers.
5. Allow members of RD Users group to connect to computers in RD Web Computers group and
accept other default settings.
Question: What will be the consequences if you skip one of the steps in configuring RD Gateway such as
not configuring RD CAP?
Using Group Policy to Configure an RD Client
Key Points
Although you can set most RD connection properties by using the administrative tools or the RDC client,
you might want to set them by using Group Policy. Using Group Policy typically is a simpler method for
configuring RDS, especially in an environment with multiple RDS servers.
Group Policy provides many RDS related settings in Computer, as well as in User configuration. They are
available under Administrative Templates, in Windows Components part of the Group Policy settings. By
using Group Policy, you can configure the following properties:
RD Licensing and Security settings, such as client connection encryption level and prompt for
password.
Remote Session and Environment settings, such as display resolution, color depth, font smoothing, or
session time limits.
RDC Client settings, such as trusted .rdp publisher.
RD Client settings, such as redirection of devices, printers, and resources.
Do not forget that some Group Policy settings, such as Credentials Delegation, which is required for SSO,
also apply for remote desktop sessions!
Note: RDS settings that you configure by using Group Policy take precedence over the user account
properties that you configure in the Active Directory Users and Computers snap-in, and the per-
connection settings that you configure by using the Remote Desktop Session Host Configuration snap-
in.
Question: What is the result if you configure the same RDC Group Policy setting in the Computer
Configuration node, as well as in the User Configuration node?
Lab: Configuring RDS and RemoteApp Programs
Lab Setup
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-SVR1, and 10324A-NYC-CL1, virtual machines are
running.
3. If required, connect to the virtual machines. Log on to 10324A-NYC-DC1, and 10324A-NYC-SVR1
as Contoso\Administrator using the password Pa$$w0rd.
4. Log on to 10324A-NYC-CL1 as Contoso\ruser using the password Pa$$w0rd.
Exercise 1: Preparing the RDS Environment

Scenario
You have Windows Server 2008 R2 server infrastructure. Security regulations require that certain
applications are available just on central servers, so you need to provide RDS to your users.

1. Add the Remote Desktop Service role to the NYC-DC1 server.
2. Add the Remote Desktop Service role to the NYC-SVR1 server.
3. Configure Group Membership on the RD Session Host servers.
Task 1: Add the Remote Desktop Service role to the NYC-DC1 server
1. On NYC-DC1, add the Remote Desktop Session Host role service of the Remote Desktop Services
role. Specify Require Network Level Authentication for Authentication Method, and then accept
the default values for the other settings.
2. After the restart, log on to NYC-DC1 as Contoso\Administrator with Pa$$w0rd as password.
Task 2: Add the Remote Desktop Service role to the NYC-SVR1 server
1. On NYC-SVR1, add the Remote Desktop Session Host, Remote Desktop Connection Broker, and
Remote Desktop Web Access role services of the Remote Desktop Services role. Specify Require
Network Level Authentication for Authentication Method, and accept the default values for the
other settings.
2. After the restart, log on to NYC-SVR1 as Contoso\Administrator with Pa$$w0rd as password.
Task 3: Configure Group Membership on the RD Session Host servers

1. On NYC-DC1, add the RD Web Computers group as a member to TS Web Access Computers
group, and the RD Users group as a member to the Remote Desktop Users group.
2. On NYC-SVR1, add the RD Web Computers group as a member to the local TS Web Access
Computers group, and add the RD Users group as a member to the local Remote Desktop Users
group.
Results: After this exercise, you should have added the RDS role to the NYC-DC1 and NYC-SVR1
servers and configured group membership to allow access to the RD Web Access server.
Exercise 2: Publishing RemoteApp Programs

Scenario
After you prepare the RDS infrastructure, you want to provide users with access to available RemoteApp
programs. You want to provide a central place from where users can see and access only the applications
for which they have permissions.

1. Publish RemoteApp programs.
2. Configure Remote Desktop Connection Broker to aggregate a list of RemoteApp programs.
3. Configure Remote Desktop Web Access to use Remote Desktop Connection Broker.
4. Access Remote Desktop Web Access from the client.
5. Configure and test RemoteApp User Assignment.
Task 1: Publish RemoteApp programs

1. On NYC-DC1, use RemoteApp Manager to add Calculator and Paint to the RemoteApp Programs
list.
2. On NYC-SVR1, use RemoteApp Manager to add WordPad and Notepad to the RemoteApp
Programs list (Notepad is in the Windows\System32 folder).
Task 2: Configure Remote Desktop Connection Broker to aggregate a list of RemoteApp

programs
On NYC-SVR1, add NYC-DC1.contoso.com and NYC-SVR1.contoso.com as a RemoteApp source
name in Remote Desktop Connection Manager.
Task 3: Configure Remote Desktop Web Access to use Remote Desktop Connection
Broker
1. On NYC-SVR1, use Remote Desktop Web Access Configuration to configure to use NYC-
SVR1.contoso.com as the RD Connection Broker server.
2. Verify that the Enterprise Remote Access Web page displays four RemoteApp published
applications.
Task 4: Access Remote Desktop Web Access from the client

1. On NYC-CL1, connect to https://NYC-SVR1.contoso.com/RDWeb in Internet Explorer, and then log
on as Contoso\ruser with Pa$$w0rd as password
2. Start the Notepad RemoteApp program.
3. Verify that the RemoteApp program looks and behaves as if it was installed locally, and then close
Notepad.
Task 5: Configure and test RemoteApp User Assignment

1. On NYC-SVR1, use RemoteApp User Assignment to assign WordPad to contoso\Administrator.
2. On NYC-CL1, refresh the Web page in Internet Explorer and verify the number of listed RemoteApp
programs.
3. On NYC-DC1, select Hide in RD Web Access for the Paint RemoteApp program.
4. On NYC-CL1, refresh the Web page in Internet Explorer, and then verify the number of listed
RemoteApp programs.
Results: After this exercise, you have several published RemoteApp programs on two RD Session Host
servers. You also have configured RD Web Access to use RD Connection Broker, which aggregates a list
of available RemoteApp programs, and you tested access to the RD Web Access Web page and
RemoteApp User Assignment.
Exercise 3: Accessing Published RemoteApp Programs

Scenario
After you provide RD Web Access Web portal to users, you discover that users do not have a seamless
experience when running RemoteApp programs. You want to change that, so that users do not receive
multiple prompts when they start remote applications. Additionally, to reduce training costs, you want to
provide shortcuts to the remote application on the desktops of users, and you want to integrate the
available RemoteApp programs on the Start menu.

1. Configure digital signing of .rdp files on RD Session Host servers.
2. Configure SSO for accessing RD Session Host servers.
3. Configure a trusted .rdp publisher.
4. Package a RemoteApp program as a Windows Installer package.
5. Install and test the RemoteApp Windows Installer package.
6. Implement RemoteApp and Desktop Connections.
Task 1: Configure digital signing of .rdp files on RD Session Host servers

1. On NYC-SVR1, configure a Digital Signature for .rdp files by selecting the digital certificate for NYC-
SVR1.contoso.com.
2. On NYC-DC1, configure a Digital Signature for .rdp files by selecting the digital certificate for NYC-
DC1.contoso.com.
3. On NYC-CL1, refresh the Web page in Internet Explorer.
Task 2: Configure SSO for accessing RD Session Host servers

On NYC-CL1, enable Credentials Delegation in Local Group Policy. To find this setting in Local
Group Policy expand Computer Configuration, expand Administrative Templates, and then
expand System and then click Credentials Delegation. Enable the Allow Delegating Default
Credentials setting and enter TERMSRV/* as the Value. You need to click the Show... button first.
Task 3: Configure a trusted .rdp publisher

1. On NYC-CL1, enable the Specify SHA1 thumbprints of certificates representing trusted .rdp
publishers Local Group Policy setting. To find this configuration expand Computer Configuration,
expand Administrative Templates, expand Windows Components, expand Remote Desktop
Services, and then click Remote Desktop Connection Client.
2. On NYC-CL1, switch to Internet Explorer, and copy the value of the Thumbprint field for the NYC-
SVR1.contoso.com computer certificate that you want to use to sign .rdp files.
Note: Do not highlight the leading or ending space in the thumbprint box!
3. Paste Thumbprint field value to the Comma-separated list of SHA1 trusted certificate thumbprints
entry box of the Group Policy setting.
4. On NYC-CL1, in Internet Explorer, click Notepad, and then verify that it starts without any prompts.
Task 4: Package a RemoteApp program as a Windows Installer package

1. On NYC-SVR1, create a Windows Installer package for the WordPad RemoteApp program. Select to
create a shortcut on the Desktop, and then associate client extensions with the RemoteApp program.
2. Share C:\Program Files\Packaged Programs with default permissions.
Task 5: Install and test the RemoteApp Windows Installer package

1. On NYC-CL1, install \\nyc-svr1\Packaged Programs\wordpad.msi.
2. Start WordPad from the desktop, and then verify that it opens without any prompt. Close WordPad.
3. On the desktop, create a file called Report.docx, and then double-click it. Verify that file opens in the
Wordpad RemoteApp program, and then close Wordpad.
Task 6: Implement RemoteApp and Desktop Connections

1. On NYC-CL1, set up a new connection with RemoteApp and Desktop Connections, and specify
https://NYC-SVR1.contoso.com/RDweb
/Feed/webfeed.aspx as the Connection URL.
2. Verify that there is new program group, RemoteApp and Desktop Connections, available in All
Programs on the Start menu.
Results: After this exercise, you have configured digital signing for .rdp files, trusted .rdp publisher
and enabled SSO for NYC-CL1 computer. You also created Windows Installer package for RemoteApp
program, install it and test how RemoteApp and Desktop Connections works.

following steps:
Review Questions
1. Do you need to install the RDS role if you only want to provide Remote Desktop access for remote
administration?
2. Is the RD Web Access role service required if you want to provide RemoteApp program access for
your clients?
3. Can you connect from Windows Vista SP1 client to RD Session Host server on Windows Server 2008
R2?
4. How can you control who sees the RemoteApp program link on the RD Web Access Web page?
5. What benefits does SSO provide when you run RemoteApp programs and where can you configure
it?
6. Does RD Gateway provide full end-to-end protection of RDP traffic?
Common Issues and Troubleshooting Tips Related to RDS

Identify the causes for the following common issues related to RDS and fill in the troubleshooting tips. For
answers, refer to relevant lessons in the module.
Users can connect to the RD Session Host server

from Windows 7 and Windows Vista clients, but
they cannot connect from Windows XP clients.
When users establish a Remote Desktop session

with RD Session Host, they cannot use any of the
Windows 7 features, like desktop themes and
photo management.
When users establish an RD session from a

Windows 7 client, they can see the Aero Glass
effect in the session. However, when the same
users establish an RD session from a Windows
Vista client, the Aero Glass effect is not available.
Several users can see a published RemoteApp

program on the RD Web Access Web page,
while other users cannot.
When users start RemoteApp programs, they

always receive prompts for their credentials.
Users can open data files in a RemoteApp

program, but when they double-click on the
same file in Windows Explorer, the RemoteApp
program does not start.
Implementing User State Virtualization 11-1
Module 11
Implementing User State Virtualization
Contents:
Lesson 1: Overview of User State 11-3
Lesson 2: Configuring Roaming Profiles and Folder Redirection 11-15
Lab: Implementing User State Virtualization 11-30
Module Overview
User state virtualization is a concept that allows administrators to provide more flexible client
environments, and to provide users with ability to have documents and settings following them from
computer to computer. Also, this concept provides better ability to backup and centralize user data, as
well as to prevent data loss. By virtualizing user state, you provide ability to users to have their data always
with them, no matter on which machine they log on. This technology can be combined with other
virtualization technologies.
This module discusses technologies that provide user state virtualization and various ways to provide
virtualization. This module also discusses how to configure roaming profiles and users folder redirection
as part of user state.
Lesson 1
Overview of User State
User state consists of several operating system files from users documents, data and settings. The user
state presents whole environment that makes user unique to the system. Many users spend significant
time customizing and configuring their environment items such as desktop wallpaper, screen savers, and
other unique Windows operating system elements. They usually expect these settings to be available to
them, no matter which computer they use.
Files and settings that contain user states are usually stored locally on computer where the user is
working. They can also be placed on a network location, and they can follow user on all computers that
the user logs on to.
This lesson discusses user state and user profiles, their types and scenarios of usage.
What Is User State?
Key Points
User state is a general term to describe several categories that determine user environment, user data and
settings. User state cannot be identified in one specific file or setting, but it rather presents a set of various
files and settings. In operating systems such as Windows Vista and Windows 7, the user state separates the
user environment, files and settings from files and settings specific to the installed operating system as
well as those belonging to applications.
Also, user state is specific to each user of computer, which means that every user has its own user state
that is mostly independent of other users.
The user state includes users data as well as application or operating system configuration settings.
Traditionally, users PCs contain the authoritative copy of users data and settings.
Note: User state is often equivalent with a user profile, however, when it comes to virtualization, the
term user state is used to describe the process of how data from a user profile moves with user.
User state consists of four main categories of data:

User settings. This component of user state describes all settings that user has personalized to himself
after operating system is installed.
User Registry. This is part of machines registry that is specific to each user. Registry node
HKEY_CURRENT_USER (HKCU) stores settings that are specific to the currently logged-in user. The
HKCU key is a link to the subkey of the HKEY_USERS node that corresponds to the user. The same
information is accessible in both locations. On Windows Vista and Windows 7 based systems, each
user's settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own
Users folder on boot volume. Settings in this node follow users with a roaming profile from machine
to machine.
Application data. This is one of the folders that are part of user state. This folder contains mostly
application settings specific for a user. For example, if a user installs Microsoft Word, and personalizes
its settings to fit his needs (e.g. adjust toolbars, set language, etc.) these settings will be stored in the
Application Data folder. In Windows 7 this folder is called AppData and it is stored inside users profile
folder. Unlike previous version of Windows, such as Windows XP, where Application Data folder stores
application-related data with little or no separation of user-related or computer-related application
settings, in Windows 7, the AppData folder replaces Application Data, and provides a high degree of
separation for user-related and computer-related application settings.
User data. This component contains all user specific data, such as files in My Documents folder,
Favorites folder, Pictures folder, etc.
Question: What is the main difference in handling user state in Windows XP comparing to Windows Vista
and Windows 7?
Benefits and Challenges of User State Virtualization
Key Points
Before discussing virtualization of user state, let us discuss some main challenges to user state
management in general.
There are three main challenges with managing the user state.
The first challenge is how to back up user data and settings that are scattered from PC to PC and then
restore users productivity after a computer replacement or after a laptop is lost or stolen. Many users
make a lot of changes to their environment, and save a lot of data inside their user profiles. Since files are
stored locally, it might be hard to backup these data, as well as restore them on new PC if necessary.
The second challenge is how to migrate the user state during operating system migrations. Currently, this
challenge is mostly addressed by using Windows Easy Transfer and User State Migration Tool utilities.
While Windows Easy Transfer is mostly intended for single use, USMT can be used in enterprises during
operating system migrations. However, users might not be aware or familiar with these utilities, and also
usage of these utilities requires additional time and resources.
The final challenge is how to make the data available to the user regardless of the PC being used. In many
companies, users are using several computers, sometimes even in different office locations. It might be
pretty tricky to enable user to have access to his data and settings all the time and on every computer.
Also, if you want to provide users with same environment when they are using Remote Desktop Services
(RDS) with Terminal Services or with Virtual PC (like Windows XP Mode), it might be difficult to achieve
that if user profiles are located locally.
In any case, user state virtualization provides a solution.

With user state virtualization, organizations store users data and settings in a central location (and,
optionally, cache them locally for offline usage when users are mobile). That location is usually a network
share on file server or Storage Area Network (SAN).
The result is that users are free to roam, and their data and settings follow them from computer to
computer. The whole point of this concept is to separate data that are user-specific (and can roam) from
data that are computer-specific and must be stored locally.
User state virtualization can also mitigate productivity loss of PC replacement. The central copy of the
data is on the network, so it is easily restored in case of a lost or stolen PC and the users settings can be
re-applied automatically. When the IT department sets up the policy to allow offline access to the
redirected folder, Windows BitLocker Full Volume Encryption can be applied to the PC to help ensure data
safety. A typical example of this type of virtualization is using Windows with Windows 7 Folder Redirection
with Offline Files and a Roaming User Profile, which will be discussed later.
Core technologies that enable usage of user state virtualization are:

Roaming Profiles
Folder Redirection
Offline files
These technologies are enhanced in Windows Server 2008 R2 and Windows 7 and will be discussed in
later topics and lessons.
Question: How your companies address user state management challenges presented in this topic?
What Is a User Profile?
Key Points
A user profile consists of a folder hierarchy, or namespace, files, junctions and registry settings that store
the appropriate and often personalized settings for a users computer and application environment.
In Windows Vista and Windows 7, user profile is located in %SystemDrive%\Users folder, inside
NTUSER.DAT file, on partition where operating system is installed. User profile is always named after user
logon name, and it contains several folders inside. Some folders inside user profiles are hidden and can be
viewed only after option for showing hidden files and folders are enabled while others are accessible by
default.
The first time a user logs on to a computer, the Windows operating system creates the desktop
environment according to various defaults and administrator-configured settings. Any changes made to
that environment during the session are saved automatically when the user logs off, thereby ensuring that
the settings are available for future sessions. However, other users can also log on that very same machine
and create their own environment.
User environment settings defined in user profile include following:

The appearance and behavior of the users desktop
Settings for applications that have been configured by the user
Documents, pictures, music, and other data files belonging to the user
The users favorites in Microsoft Internet Explorer
Any other user-specific application settings and data
Beside folders that contain user documents, in Windows 7 and Windows Vista, user profile has a new
folder called AppData that separates local and roaming data, via appropriate subfolders. This is approach
is new to Windows Vista and Windows 7. These subfolders are:
Local. This folder contains application settings and data that are computer specific. These data should
not be roaming, or are too large to be used for roaming. Content of this folder is essentially the same
as content of folder Local Settings\Application Data that was used in Windows XP.
Roaming. This folder contains data and settings that are roaming when Roaming user profiles are
configured and used. Data inside this folder are not computer dependent, so they can roam with user
from computer to computer. Content of this folder is the same as content of Application Data folder
in root folder of user profile in Windows XP.
LocalLow. This folder has very specific intention of usage. It did not exist in Windows XP. Data stored
in this folder is written by processes that could potentially compromise operating system security or
functionality. For example, applications running within Internet Explorer Protected Mode are using
this location for their data and settings.
In general, there are two main types of user profiles: Local and Roaming. Local profiles are located on
users machine, and can not be automatically moved to another machine, without using specific utilities
such as Easy Transfer or User State Migration Tool (USMT). Roaming profiles are located on network
location, and they are used on each machine where user logs on. Both Local and Roaming profiles have
additional profile subtypes, which will be discussed later.
How Does a User Profile Work?
Key Points
When a user logs on for the first time, Windows creates their initial profile by using either the default local
profile or the default network profile which depends on how the system is configured. Windows connects
to the specified profile path (locally it is %SYSTEMDRIVE%\Users), and creates a subfolder beneath the
specified path that matches the users account name. Similarly, this will also happen on network profile
location, if one is specified. After subfolder is created, Windows assigns full-control NTFS file system
permissions to the user account on the subfolder, and marks the user account as the folder owner. This
process creates a structure of user profile folder. Initially, content of default profile (either local or
network) is copied inside users profile folder while folders that contain user data (such as Documents,
Pictures, etc.) are mostly empty. Now the user can begin to customize its settings and environment, as
well as to store data inside his profile.
Registry node HKEY_CURRENT_USER (HKCU) plays very important role in working with user profiles. All
settings related to user-specific environment are stored in registry while user is logged on. All changes to
the user environment are also reflected in registry.
Each time when user logs on, content of NTUSER.DAT file is loaded to registry node HKCU. During user
session, when user changes his environment, changes are performed in registry. When user logs off,
changes are saved back to NTUSER.DAT file, so they are retained for future use. Since each user has its
own NTUSER.DAT file, each user can have its own set of settings, loaded in registry node HKCU while user
is logged on.
However, there are some settings that are common to all users of one computer. For example, application
installed on a computer might be used by all users, so it creates its shortcut in common location in Start
Menu or Desktop.
For that purpose, a profile called Public is used in Windows Vista and Windows 7 (earlier, it was AllUsers
profile in Windows XP). The content of this profile is accessible to all users of the computer. Unlike regular
profiles, this profile does not have specific registry node, since this profile is never directly loaded. Settings
contained in this profile are written to HKEY_LOCAL_MACHINE (HKLM) and they are applied to each user
that logs on to that computer.
If, for any reason, user profiles cannot be loaded into registry, a temporary user profile is used. Temporary
profiles are deleted at the end of each session, and changes made by the user to their desktop settings
and files are lost when the user logs off. If user is logged on using temporary profile, warning message will
be issued at logon. Logging to temporary profile is not normal, and it requires troubleshooting.
It is also important to know that not all user data are stored in the registry. Inside the users profile there
are several folders that contain user documents such as, music, pictures, etc. These data can also be
virtualized by using folder redirection which will be discussed in Lesson 2.
Logging to Terminal Server

If user logs on to a computer using terminal session, procedure of loading user profile is slightly different.
Besides working with HKCU registry node, HKLM is also used in this scenario. Key
HKLM\Software\Microsoft\WindowsNT
\CurrentVersion\Profile List contains a list of all currently logged on users with profiles that they are using.
In this registry node, users are identified with their security identifiers (SID) but you can easily identify user
by browsing the node as you will find locations for users roaming profile.
Question: From the perspective of user profiles, what is the main difference between HKCU and HKLM?
Types of User Profiles
Key Points
There are several user profile types available in Windows Vista and Windows 7 used in various scenarios.
In general, Local and Roaming user profiles are the main types, but they both have its subtypes.
These types are:
Default profile. Windows stores a default profile in the C:\Users\Default folder. Windows uses this
default profile to build the users initial desktop environment. This default profile can also be stored
on a domain controller in the Netlogon shared folder.
Note: It is recommended to use Group Policy to configure Default Profile path. Also, some issues may
arise if you have different versions of client operating systems.
Local user profile. As descried earlier, when a user logs off, their desktop environment is saved in a
local user profile file (NTUSER.DAT). This profile is used the next time the user logs on to the same
computer. The Local User profile is not accessible if the user logs on to a different computer. Local
user profiles are stored in the C:\Users folder, in a subfolder related to the users account name.
All users/Public. Previous Windows versions provided the All Users desktop profile. Windows Vista and
Windows 7 replace all users with the public profile. Windows merges the Public profile folder
contents. For example, Desktop and Start menu, with the users own profile during logon.
Roaming profile. Domain user accounts with a roaming profile location can be configured. When the
user logs off, the desktop environment is saved to the designated folder so that it is available at next
logoneven if that logon is to a different computer. Roaming profiles will be discussed in more detail
in later topics.
Temporary user profile. A temporary user profile is issued each time an error condition prevents the
user's profile from loading. Temporary profiles are deleted at the end of each session, and changes
made by the user to desktop settings and files are lost when the user logs off.
Mandatory profile. A mandatory profile is a read-only version of roaming profile that is preconfigured
and secured by the network administrator to ensure a consistent look and behavior for all users. Users
cannot modify settings in mandatory profile. When user account is configured to use mandatory
profile, each time user logs on to machine, profile content will be downloaded from network share,
just like with roaming profiles. However, if a user makes changes during their session, these changes
will not be stored in their profile when user logs off. In the next logon session, the user will be
presented with original settings and environment specified in mandatory profile.
You can create mandatory profiles similar to creating roaming profiles. If Windows cannot
successfully load the mandatory profile, the user can still log on. Windows creates a transient profile
in this situation, but this condition usually needs troubleshooting.
Note: If you use mandatory profiles, you must configure folder redirection in order to allow users to
save files to their personal folders that are part of their profile, since no changes can be made to
mandatory profile.
Super mandatory profile. The super mandatory profile is a mandatory profile with extra security.
However, unlike mandatory profile, if the user is configured to use super mandatory profile, he will
not be able to log on if super mandatory profile is not available, or can not be loaded into registry for
any reason. Therefore, super-mandatory user profiles should be used only in environments in which
the network infrastructure is very reliable and the presence of the user profile is critical.
Special identitys profiles. In Windows Vista and Windows 7, special identities are used for service
accounts such as Local system, Local service, and Network service. These accounts also use profiles.
These profiles are located on following locations:
LocalSystem - %WinDir%\system32\confi g\systemprofile
LocalService - %WinDir%\serviceprofiles\Localservice
NetworkService - %WinDir%\serviceprofiles\Networkservice
Question: In which scenarios should you use super mandatory profiles?

Demonstration: Exploring User Profiles
In this demonstration, your instructor will show you how to access and browse user profile folders, and
how to use roaming and mandatory profiles.
1. Unhide protected/hidden files and folders using Control Panel Folder Options applet on NYC-DC1.
2. Browse to folder C:\Users\Administrator and see the folder structure.
3. Create a folder called Profiles on NYC-DC1 and share it as Profiles with Authenticated Users.
4. Create a folder called mandatory.v2 within the Profiles folder.
5. From NYC-CL1 computer, copy default profile to \\NYC-DC1\Profiles
\mandatory.v2 location. After files are copied, browse this folder on NYC-DC1 and rename file
NTUSER.dat to NTUSER.man.
6. In Active Directory Users and Computers console, configure Candy Spoon to have her profile located
at \\NYC-DC1\Profiles\%username%. Configure Terri Chudzik to have her profile located at
\\NYC-DC1\Profiles$
\mandatory.
7. Log on to NYC-CL1 as Candy Spoon, make some changes to desktop environment and log off.
8. Log on to NYC-CL2 as Candy Spoon, and verify that all changes that are made on NYC-CL1 are
retained.
9. Log on to NYC-CL1 as Terri, and make some changes to desktop environment.
10. Log off and log back on and verify that no changes are retained.
Lesson 2
Configuring Roaming Profiles and Folder Redirection
Roaming profiles and Folder Redirection are two technologies that provide companies with the ability for
users to roam between computers and access their personalized desktop environments with their personal
data and settings. Corporate roaming also provides enterprises with flexibility in seating arrangements.
Users need not be guaranteed the same computer each time they come to work, such as in a call center
where users have no assigned desk or seating and must therefore share computers with other users at
different times or on different days, but still want to retain their personal settings and data.
How Roaming Profiles Work
Key Points
Roaming User Profiles allow enterprises to store users profiles on a central network location instead
locally on client computers. Roaming profile structure is the same as with local profiles, however the
location of roaming folder is not.
The main benefit of storing user profiles on network location is that users can access their desktop,
application settings, and data from any computer they have access to. When a user logs on to his
machine, instead of loading local NTUSER.DAT file into registry the roaming profile from network is
loaded. During the users session, he might change his environment, and create and save data. All these
changes will be copied to roaming profile location after user logs off, so they are retained for next session.
Also, if a user changes his computer, all data and settings will be available to him, as roaming profile will
be used from network.
Creating and Using Default Network Profile

Just like local users profiles can be replaced with roaming profiles, you can also replace default local
profile with default network profile. As explained earlier, default profile is used to create new user profile.
It is used only once for each user, during first log on. Default location for this profile is C:\Users\Default.
However, you can also configure this profile to be on network location, so that each user uses the same
default profile for creation of their roaming or local profiles. If the computer is joined to a domain,
Windows first checks to see whether there is a default network user profile. In Windows Vista and
Windows 7, the default network user profile must be named Default User.v2 and stored in Netlogon
folder on domain controller.
Default network user profiles are optional. You do not need to create them if you do not want to. Also, it
is not mandatory to use default network profile if you are using roaming profiles and vise-versa.
Question: When should you use default network profile?

Configuring Roaming User Profiles
Key Points
Roaming profiles are not enabled by default. You must first prepare infrastructure before you enable user
accounts to use roaming profiles.
Before you create a roaming user profile, you need to create each user account. Then, log on to a server
as an administrator to create a network share to store the roaming user profiles, designate the groups of
users to receive the roaming user profiles, and grant all users Full Control permissions.
Let us discuss steps that need to be performed to configure roaming user profiles and enable users to use
them.
First we need to prepare storage location for roaming profiles. In order to achieve that, you must
complete following steps:
1. Create a shared folder. Create a shared folder on an appropriate file server. In a large organization,
you might use a departmental server to host this shared folder. In a smaller organization with a single
server, you might use the domain controller to host the shared folder. The folder should be
identifiable, and therefore use a recognizable share name such as Profiles. If you have many users,
you might need to create a shared folder for roaming profiles on multiple servers or use DFS to
achieve better availability.
2. Secure the shared folder. Users require at least Change permissions on the shared folder. Therefore,
remove the default shared folder permission, and enable the Allow Change permission for the
Authenticated Users group.
After location is prepared, you should configure user accounts to use roaming profiles. You should do
following:
1. On the domain controller, open Active Directory Users and Computers.

2. Locate the user account, and then modify the profile path for the user.
3. When configuring a user account to use a roaming profile, you typically designate a Universal
Naming Convention (UNC) path that includes the variable %username%. For example, you can
specify the path
\\sea-dc1\profiles \%username%, where the users name is substituted for the username variable
when the profile is created during the logoff process.
4. Windows then creates a folder named username.v2 in the parent shared folder.
Best Practices for Roaming Profiles

To optimize the logon process and to help ensure trouble-free user profile processing, consider the
following points when planning user profiles:
Exclude folders such as the Documents folder from the roaming profile. To ensure that roaming
profiles are loaded quickly and efficiently, consider excluding frequently used folders, such as
Documents from the users roaming profile. Availability of these folders can be achieved through
folder redirection feature.
Do not use the Encrypting File System (EFS) with roaming profiles. The EFS is not compatible with
roaming profiles. If you encrypt user profile folders with EFS, the users profile will not roam.
Do not use offline folders on roaming profile shares. You must disable offline folder caching for the
roaming user profile shared folders. Failure to do so may result in synchronization problems when
both the offline folders and roaming user profiles try to synchronize files in a users profile
Use folder redirection for data folders when logging on to both Windows XP and Windows 7. Because
of the significant differences in profile structure between Windows XP and Windows Vista, consider
using folder redirection.
Create only the root profile share, and let Windows create the folders for each user. This ensures that
the appropriate file permissions are assigned. Failure to observe this recommendation could result in
users having either excessive permissions in other users profile folders, or insufficient permissions in
their own profile folders.
Limitations of Roaming User Profiles
Key Points
Although Roaming User Profiles provides several benefits to both end users and administrators, there are
some limitations that you must be aware of when using this technology.
Some of important limitations of roaming user profiles are:

Potentially bad performance. Since the entire user profile folder is synchronized between client and
server, this can result in slow logon and logoff procedures. This can be especially slow, when user is
logging on a computer for the first time as the whole profile must be downloaded.
Synchronization of entire profile. Each time when a user log off from machine roaming profile on
server is updated with changes that user has performed locally. However, entire profile is
synchronized every time, even if only a single setting has changed.
No online synchronization on Windows Vista and older. By design, roaming profile is updated only
when user logs off from the computer. If user is not logging off but rather than that hibernates his
computer (which is very often with laptops) changes made will not be uploaded to roaming profile
for a long time.
Note: Beginning in Windows 7, users with roaming user profiles will have their current user settings in
HKCU (in other words, the entire NTuser.dat from their profile) periodically synchronized back to the
server while they are logged on to their computers. This is a change from Windows Vista and earlier
versions, in which roaming user profiles were synchronized back to the server only on logoff.
Simultaneous logons. There are potential sync issues that can arise if you use simultaneous logons on
several computers. For example, if a user logs on to one computer, edits and saves a document stored
in the Documents folder, leaves the computer logged on and then moves to a second computer, logs
on, edits and saves the same document, and then logs off from both computers, the computer from
which the user logs off of last will take precedence. That is, the edits made to the document on that
computer will be the only edits that will be preserved. The edits done on the other computer will be
lost. It is important to remember that when conflicts like this occur, roaming user profile (RUP)
resolves them on a last-writer-wins basis.
Application inconsistencies. If an application makes changes to a user profile that might not produce
expected result on all computers that user is using. For example, if user installs an application and it
creates a shortcut on desktop, that shortcut will be shown on all computers where that user logs on.
However, not all computers will be able to start that application if it is not installed.
Note: you can use the Exclude Directories On Roaming Profile Group Policy setting to prevent
roaming the Desktop folder, which will prevent this inconsistency from arising.
Enabling on individual basis. If you want to use roaming user profiles you must enable them on per-
user basis by configuring user account Properties or by using a script. You can also use template
accounts to enable roaming profile for each new user.
Coexistence with older platforms. If you have a user that roams between various operating system
platforms, you might not be able to use roaming profiles for that user. Each operating system
platform has its own folder structure, and they are not compatible.
What Is Folder Redirection?
Key Points
Before discussing Folder Redirection, let us focus on one limitation of using Roaming Profiles. If a user is
configured to use Roaming Profile, each time he logs on, whole profile is downloaded to its local machine.
Since profile contain users folders like My Documents, Music, Videos and Downloads, and these folders
usually contain large amount of data, process of downloading these data can take significant amount of
time. This can result in very slow logons. Similar, when user logs off, whole profile is synchronized back to
network location, and that cause very slow log offs. Based on this process, it is very convenient if we
separate user data content from users profile, but still be able to keep that on network location so data
can follow users but do not slow down logon and logoff procedures. Technology that enables this is
called Folder Redirection.
Folder redirection is a client-side technology that provides the ability to change the target location of user
specific folders, such as My Documents, found within the user profile. This redirection is transparent to the
user and gives the user a consistent way of saving their data, regardless of its storage location.
Folder redirection provides a way for administrators to divide user data from profile data. This division of
user data decreases user logon times because Windows downloads less data when user is logging on, and
that directly speed up logon process. Windows redirects the local folder to a central location, giving the
user immediate access to their data when they save it, regardless of the computer they are using. This
immediate access removes the need to update the user profile.
Folder Redirection can be used with or without Roaming profiles. If you need only data to follow users,
but not their settings of environment, Folder Redirection is enough. Also, if user is simultaneously using
computers with various operating systems (such as Windows 7 and Windows XP), usage of roaming
profiles can result in incompatibility issues. Folder Redirection is agnostic to this, so it can be safely used
on various operating system platforms.
Folder Redirection is configured by using Group Policy settings. Besides just setting up location for
redirected users folders, there are several other options that can be configured. This will be discussed in
next topic.
You must be aware that not all folders are redirected. This mostly depends on operating system used on
client side. Core user folders that can be redirected on all client platforms from Windows XP are:
Documents, Pictures, Desktop
Start Menu, Application Data
Additional folders can be redirected in Windows Vista and Windows 7:
Pictures
Music
Videos
Favorites
Contacts
Downloads
Links
Searches
Saved
Games
Demonstration: Configuring Folder Redirection
In this demonstration, your instructor will show and explain to you available options for Folder
Redirection.
1. Open Group Policy Management Console on the Domain Controller.
2. Create new Group Policy Object.
3. Start Group Policy Management Editor.
4. Browse through Folder Redirection options.
Guidelines for Folder Redirection
Key Points
Usage of Folder Redirection can provide many benefits to both end users and IT administrators. However,
in order to have full potential from Folder Redirection and avoid issues, you should follow these
guidelines:
Do not redirect folders to your home directory unless you have legacy home directories in your
organization. The Documents folder and its subfolders allow you to select the Redirect to the users
home directory redirection option. This redirects the Documents folder, and optionally, its subfolders,
to the home folder path configured in the user objects properties. Unless you are using legacy home
folders in this way, avoid configuring this option.
Let Windows create folders for each user. To ensure that the folders required for Folder Redirection
are created and secured properly, do not manually create the folders. Instead, let Windows create and
secure them when users log on. You must create the parent folder and share it with the previously
described permissions.
Use the Follow Documents folder setting. The Music, Pictures, and Videos folders support the Follow
Documents folder setting. This setting redirects these folders as Documents folder subfolders. This
option causes the selected subfolder to inherit Folder Redirection options from the parent Documents
folder, and it disables other Folder Redirection options for the selected folder. Consider using this
setting to store all user data folder structure elements in one place without the need to individually
configure Folder Redirection for each subfolder.
Consider the impact of removing a Folder Redirection Group Policy setting. The default behavior for
Folder Redirection removal settings is for the redirected folder to remain in its location even after you
remove the policy setting. In some scenarios, you might want to copy the files back to the original
locationthat is, to the users local profile. Bear in mind that changing a Folder Redirection policy
setting can have an impact on network performance. For example, if you select to redirect the folder
back to the local user profile location when the policy setting is removed.
When troubleshooting Folder Redirection, be aware that this technology relies on shared folders stored
on remote file servers. You should verify network connectivity to the target folders before you investigate
more complex reasons for Folder Redirection failure. Pay special attention to NTFS and shared folder
permissions. If you have implemented Advanced Redirection for specific Windows security groups, verify
that the user experiencing the problem belongs to the appropriate groups. Also, verify Group Policy
settings. Because you implement Folder Redirection with Group Policy settings, determine if the problem
is related to a Group Policy problem.
What Are Offline Files?
Key Points
Offline files allow mobile users to download and use shared files on their local computers when they are
not connected to the network. This benefit also applies to onsite workers who temporarily lose network
connectivity due to technical problems.
When you designate a shared file for offline use, the local computer downloads, or caches, a local copy of
the file. You can then continue to work using this file even if you are not connected to the network. When
the computer connects to the network again, the operating system automatically compares any changes
made to the offline file, with the copy stored on the server, and resolves any differences
In Windows Vista and Windows 7, you can encrypt your offline files to help secure private information.
When you encrypt offline files, only your user account can access the cached data.
Offline files can be used together with Folder Redirection. This enables you to provide access to redirected
folders even when user is not connected to network. Since Folder Redirection is used to redirect user
personal folders, if you make these folders available for offline access, users will always be able to have
their documents. These two technologies can also be combined with Roaming User profiles to achieve full
functionality.
Offline files are very convenient in scenarios where user is connected to a slow network. Since local copy is
cached on users computer, he can work on these files without being affected by slow network.
Offline Files Operating Modes

There are four operating modes for Offline files:
Online Mode. This is default mode for operating Offline Files. In this mode, user is connected to
network and every change that is made on files, is actually made on network copy, and after that on
local cached copy. When user reads the file, it is being read from local cache to improve performance.
Auto Offline Mode. If Offline Files detects a network error during a file operation with a shared folder,
Offline Files automatically transitions the network share to auto offline mode. When share is in this
mode, all changes are performed on local level, while Offline Files client is trying to access network
copy every two minutes. During Auto Offline Mode user cannot initiate manual synchronization, nor
can he access previous versions of file.
Manual Offline Mode. In this mode, user manually puts network resources in Offline Mode. This
means that all file operations are performed on local cached copy. Synchronization is preformed only
if user initiates it manually. Offline mode remains active until computer restarts or until user manually
switches back to Online Mode.
Slow-link Mode. This mode is dependent on Group Policy setting that specifies slow link detection. If
this setting is configured, it will be applied to Offline Files. When slow link is detected, Offline Files will
automatically switch to Offline Mode and also will switch back to Online mode if network conditions
are improved.
Offline files are configured on several locations. You must enable Offline caching on shares for which you
want to allow caching. Also, you should configure Offline caching behavior on user side. At the end,
Group Policy can be used to control Offline Files.
Offline Files Improvements in Windows 7

In Windows 7, Offline files are additionally improved comparing to Windows Vista and Window XP. Most
important improvements are:
Offline support with Background Sync. Usually Offline support provides remote and branch office
users with faster access to files that are located in a network folder across a slow network connection.
Windows 7 enhances this feature by including Background Sync, a feature that synchronizes Offline
Files in the background, ensuring that the server is frequently updated with the latest changes. When
a client computers network connection to a server is slow (as configured by the administrator),
Offline Files automatically transitions the client computer into an Offline (slow connection) mode.
The user then works from the local Offline Files cache. On Windows 7, Background Sync runs at
regular intervals as a background task to automatically synchronize and reconcile changes between
the client computer and the server. IT administrators can configure synchronization intervals and
block out times. With this feature, users no longer must worry about manually synchronizing their
data with the server when working offline.
Exclusion List. The Exclusion List feature reduces synchronization overhead and disk space usage on
the server, and speeds up backup and restore operations by excluding files of certain types from
replication across all Folder Redirection clients. Prior to Windows 7, all files in an Offline Files folder
were replicated to the server. This often meant that a users personal files or large files not relevant to
the enterprise were replicated to one or more servers, thereby consuming disk space and slowing
backup and restore times. On Windows 7, administrators can use the Offline Files Exclusion List
feature to prevent files of certain types (for example, MP3 files) from being synchronized. The list of
file types is configured by the IT administrator by using Group Policy.
Transparent caching. Transparent caching optimizes bandwidth consumption on wide area network
(WAN) links and provides near local read response times for mobile users and branch office workers
that are accessing network files and folders that are not explicitly made available offline. Prior to
Windows 7, to open a file across a slow network, client computers always retrieved the file from the
server, even if the client computer had recently read the file. With Windows 7 transparent caching,
the first time a user opens a file in a shared folder, Windows 7 reads the file from the server and then
stores it in the Offline Files cache on the local hard disk drive. The subsequent times that a user opens
the same file, Windows 7 retrieves the cached file from the hard disk drive instead of reading it from
the server. To provide data integrity, Windows 7 always contacts the server to ensure that the cached
copy is up to date. The cache is never accessed if the server is unavailable, and updates to the file are
always written directly to the server.
Transparent caching is not enabled by default. IT administrators can use a Group Policy setting to
enable transparent caching, improve the efficiency of the cache, and configure the amount of hard
disk drive space that the cache uses.
Demonstration: Configuring Offline Files
In this demonstration, your instructor will show you how to configure Offline Files.
1. Create a CorpData folder on (C:) drive on NYC-DC1, share it and configure permissions so that
Authenticated Users have Full control on share and NTFS permissions. Configure caching options on
this folder so that only the files and programs that users specify will be available offline.
2. Open Default Domain policy GPO, and navigate to Computer Configuration, Policies,
Administrative Templates, Network, and select Offline Files.
3. Enable option Administratively assigned offline files, and enter
\\NYC-DC1\CorpData as a location.
Lab: Implementing User State Virtualization
Lab Setup
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-CL1, and 10324A-NYC-CL2 virtual machines are
running.
3. If required, connect to the virtual machines. Log on to 10324A-NYC-DC1 as Contoso\Administrator
using the password Pa$$w0rd. Do not log on to the client machines until directed to do so.
Exercise 1: Configuring and Testing Roaming Profiles

Scenario
In order to provide users with the ability to move data and settings between computers, you want to
implement Roaming Profiles. In the testing phase, you will implement Roaming Profiles for a pilot group
of users, and you will test some basic functionality of this technology.
1. Configure a roaming profile and configure a pilot group of users to use roaming profiles.
2. Make changes to user environment.
3. Log on to a second computer, and verify roaming of the changes.
Task 1: Configure a roaming profile and configure a pilot group of users to use roaming
profiles
1. On NYC-DC1, configure C:\Profiles as follows:
Shared as Profiles
Share permissions: Authenticated Users: Change, Administrators: Full control
Caching: No files or programs should be available offline
2. Configure the User Accounts Candy Spoon and Terri Chudzik to use roaming profiles to the \\NYC-
DC1\Profiles\%username% location, by editing Properties of their user accounts in Active Directory
Users and Computers on NYC-DC1.
Task 2: Make changes to user environment

1. Log on to NYC-CL1 as Candy with the password of Pa$$w0rd.
2. Change the Desktop theme to Landscapes, change the Desktop Background picture location to
Windows Desktop Backgrounds and create a shortcut to C:\ on the Desktop.
3. Log off of NYC-CL1.
Task 3: Log on to a second computer and verify roaming of the changes

1. Log on to NYC-CL2 as Candy with the password of Pa$$w0rd.
Question: Do the Desktop personalization options appear as you configured them, including the
desktop shortcut?
Question: Is the shortcut to drive C retained on Desktop?
Results: After this exercise, you should have configured and tested Roaming User Profiles.
Exercise 2: Configuring and Testing Folder Redirection

Scenario
The IT department of Contoso requires that users data is centralized and available from every machine
that users are logging onto. However, in order to reduce logon time, they do not want to place this data
in roaming profiles. You propose folder redirection as a solution. Now you have to test this solution and
see how it performs on few pilot users.

1. Configure folder redirection.
2. Verify that folders are redirected and not stored in the profile.
Task 1: Configure folder redirection

1. On NYC-DC1, on the C:\ drive, create folder named Redirected Folders and two subfolders named
Marketing and Production.
2. Configure hidden shares for folders Marketing and Production and set permissions that only
members of groups Marketing and Production can access corresponding folders and have ability to
Create folders / append data.
3. Create a new GPO named Redirection and link it to domain.
4. Configure the Redirection GPO in a way that the Documents folder for the Marketing group is
redirected to \\NYC-DC1\marketing$ and the Documents folder for the Production group is
redirected to \\NYC-DC1
\Production$. Configure folders Music, Pictures and Videos to follow the Documents folder.
5. Configure the Redirection GPO so that redirected folders are back to users profile after policy is
removed.
6. Log on to NYC-CL1 as Contoso\Administrator with the password of Pa$$w0rd. Refresh Group
Policy on NYC-CL1.
Task 2: Verify that folders are redirected and not stored in the profile
1. Log on to NYC-CL1 as Contoso\Adam with the password of Pa$$w0rd.
2. Open the Documents folder and verify the path. Create a text document in the Documents folder.
4. Log on to NYC-CL1 as Contoso\Bart with the password of Pa$$w0rd.
5. Open the My Documents folder and identify the path.
Question: What path is revealed?
6. Browse to Barts profile located in C:\Users\Bart.

7. Ensure that the folders redirected in Task 1 are not present.
9. Switch to the NYC-DC1 computer, and browse to C:\Redirected Folders.
Question: Can you see the Bart folder?
10. Close all open windows on NYC-DC1.
Results: After this exercise, you should have configured and tested Folder Redirection.
Exercise 3: Configuring Offline Files

Scenario
Contoso has some important data that must be available even if the network is not available. You will
implement Offline Files to achieve this.

1. Create and share the company-wide data folder.
2. Configure the client-side offline settings using Group Policy.
3. Refresh Group Policy on the client workstations.
4. Create a text document and make it available offline.
5. Simulate a network problem and try to access offline file.
Task 1: Create and share the company-wide data folder

1. On NYC-DC1, create folder named C:\CorpData.
2. Share the folder and allow Authenticated Users to have Full Access to folder.
3. Enable Offline access on the CorpData folder.
Task 2: Configure the client-side offline settings using Group Policy

1. Open Group Policy Management and then edit the Default Domain Policy. Expand Computer
Configuration, expand Policies, expand Administrative Templates, expand Network, and then
click Offline Files.
2. Configure the GPO setting Administratively assigned offline files to be Enabled. Type CorpData
in Value name field and type
3. Enable the GPO setting Synchronize all offline files when logging on.
Task 3: Refresh Group Policy on the client workstations

Log on to both NYC-CL1 and NYC-CL2 as Contoso\Administrator with the password of Pa$$w0rd.
Refresh group policy. Log off when instructed to do so by the group policy refresh.
Task 4: Create a text document and make it available offline

1. Log on to NYC-CL1 as Contoso\Don with the password of Pa$$w0rd. Map network drive Z as
\\NYC-DC1\CorpData.
2. In CorpData folder, create a folder named Don, and create a rich text document file named Dons
Document in the folder. Open the document, type Saved by Don, and save the document. Close
Wordpad.
3. Make the document available offline and then close all open windows.
Task 5: Simulate a network problem and try to access offline file

1. Disable network interface on NYC-DC1.
2. From NYC-CL1, try to access CorpData folder and make sure that text document from Task 4 is
available.
Results: After this exercise, you should have configured and tested Offline Files.

following steps:

Review Questions
1. What is a User Profile? What types of User profiles exist?
2. What is the main benefit of User state virtualization?
3. List some limitations and drawbacks when using Roaming Profiles.
4. Which technology will enable users that are disconnected from network to access data on specific file
shares on network servers?
5. You want to configure permissions for the Administrator user account on all users roaming profile
folders, but you do not want to make this change folder-by-folder. How can you achieve this
objective quickly and easily?
Common Issues related to user state virtualization
User is logged on using temporary

profile
Redirected files and folders are not

present when user is offline
Folder redirection is not applied
Folders are not redirected back to

User local profile after GPO is
removed

Adatum is considering implementing user state virtualization to address some issues that they currently
have. After discussing with IT administrator, you defined following as their main requirements and issues:
A. Datum IT Admins team wishes to create a standard desktop that loads each time a user logs on for the
first time.
Occasionally, network outages prevent users from completing important project work. Where possible, it
must be ensured that users can continue working on important files.
It is important to incorporate users files into the backup regime by placing them on file servers. In
addition, it must be ensured that users can recover their own local files when the need arises.
Any shared folders used to implement profiles must be hidden.
Question: What kind of solution will you recommend?
Best Practices Related to User State Virtualization

Combine Roaming User Profiles with Folder Redirection instead of storing user data within profile.
Create default network profile if you want to have consistent and equal initial user environment for
each new user.
Use mandatory and super mandatory profiles on computers that are publicly accessed (such as kiosks,
info-portals, etc).
Do not enable Offline Files feature on all file shares, but only on those that should be accessible in
offline mode.
Do not use EFS with roaming profiles.
Tools
Tool Used for Where to find it
Control Panel System Management of local user Control Panel

Properties profiles
Group Policy Create and apply GPOs that Administrative Tools

Management Console handle folder redirection
Offline Files Setting client options for Control Panel Sync Center
Management Offline Files feature
Configuring Virtual Desktop Infrastructure 12-1
Module 12
Configuring Virtual Desktop Infrastructure
Contents:
Lesson 1: Overview of Windows Server 2008 R2 Hyper-V 12-3
Lesson 2: Introduction to VDI 12-17
Lesson 3: Configuring Personal and Pooled Virtual Desktops 12-31
Lab: Configuring Virtual Desktop Infrastructure 12-42
Module Overview
Using virtualization technologies for desktop virtualization can be very convenient. Microsoft provides
virtual desktop infrastructure (VDI) as a technology that relies on Windows Server 2008 R2 Hyper-V
and Remote Desktop Services (RDS) to enable administrators to configure virtual desktops as working
environments. To use VDI, you should be familiar with Hyper-V and RDS, as well as with VDI features and
configuration procedures.
Lesson 1
Overview of Windows Server 2008 R2 Hyper-V
Windows Server 2008 R2 Hyper-V is a latest Microsoft virtualization platform that enables you to run
multiple virtual machines on a single server in production environments. Hyper-V leverages the latest
hardware technologies to provide a reliable virtual environment that performs well. To implement Hyper-
V, you should be familiar with its key concepts and with the key components that you need to build a
virtual machine. This lesson provides a high-level overview of Hyper-V technology, and also provides
information about virtual hard drives and virtual networks, which are key components to building and
using virtual machines.
What Is Hyper-V?
Key Points
Hyper-V provides software infrastructure and basic management tools in Windows Server 2008 that you
can use to create and manage a virtualized server-computing environment. You can use this virtualized
environment to address a variety of business goals that improve efficiency and reduce costs.
Hyper-V provides the engine, or hypervisor, that supports the operation of multiple virtual machines on
top of standard server hardware. The hypervisor is a thin layer of software that resides between the
operating system and the hardware.
Because it integrates with the Windows Server operating system, Hyper-V benefits from the existing
Windows Server feature set. Additionally, Hyper-V relies on the Designed for Windows hardware
specification, which provides access to thousands of validated platform configurations.
Type 1 Hypervisor
Hyper-V is a Type 1 hypervisor, which is a bare-metal hypervisor that runs directly on top of hardware.
Another name for Type 1 hypervisors are hardware virtualization engines. Hyper-V uses a 64-bit
hypervisor, which allows multiple virtual machines to access physical memory and CPU resources without
conflicts. Also, it allows creation of 64-bit guest operating systems. In combination with virtualization-
aware hardware, including processors that use Intel VT and AMD V technology, the Hyper-V hypervisor
enables high performance and excellent scalability for guest operating systems.
Because the Hyper-V hypervisor takes advantage of Intel VT and AMD-V technology, the processing
hardware performs more of the work of virtualizing multiple operating systems, so the virtualization stack
and hypervisor have to do less work.
Type 2 Hypervisor
Microsofts previous hypervisor offerings, such as Virtual Server 2005 or Virtual PC 2007, were Type 2
hypervisors that operated as applications on top of existing operating systems, and provided software
virtualization. Virtualization platforms that rely on software emulation of hardware must frequently
interrupt guest operating systems by performing on-the-fly translation of hardware requests into a form
that is compatible with the virtualization environment.
The new Microsoft operating system, Windows 7, includes a similar software-based virtualization
solution, called Windows Virtual PC, which allows users to run virtual machines with supported operating
systems installed.
Scenarios of Usage for Hyper-V

You can use Hyper-V for:
Physical server consolidation. By using Hyper-V virtualization, you can consolidate servers on fewer
Hyper-V physical hosts, while maintaining isolation between them. This also provides better physical
hardware utilization. Implementing Hyper-V does not necessarily mean that you will reduce the
number of servers that you are using, but you will experience better utilization and use a fewer
number of physical hosts.
Business continuity and disaster recovery. Hyper-V enables you to reduce scheduled and unscheduled
downtime, with the ability to recover an entire computer, including data and operating-system state,
to a previous point in time, last known good configuration, or bare metal state.
Testing and development. Hyper-V enables you to establish a development or testing environment
that is identical to your production environment. You should be able to create new virtual machines
quickly and return them to their previous state.
Dynamic data center. Hyper-V enables you to migrate virtual machines to the most suitable physical
hosts, without any downtime.
Question: What is the main benefit of using a Type 1 hypervisor versus previous Microsoft virtualization
solutions that used Type 2 hypervisors?
Hyper-V Features
Key Points
Hyper-V provides you with a dynamic, reliable, and scalable virtualization platform that combines with a
set of integrated tools to manage both physical and virtual resources. Hyper-V enables the data centers of
business enterprises to be highly responsive and dynamic.
The key features of Hyper-V are:

New and improved architecture. Hyper-V is a 64-bit, hypervisor-based virtualization technology for
Windows Server. However, it also is available free as Microsoft Hyper-V Server.
Hyper-V supports isolation, in terms of partition, which is a logical unit of isolation that the hypervisor
supports and in which operating systems run. In Hyper-V terminology, the host operating system is
the parent partition, while guest operating systems running inside virtual machines are the child
partitions. Child partitions can be both 32-bit and 64-bit, but parent partitions must be 64-bit.
Broad operating system support. Hyper-V supports different operating systems that can run
simultaneously, including 32-bit and 64-bit systems across different server platforms. Hyper-V
supports the following operating systems:
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
Windows 2000 Server
Windows 7
Windows Vista
Windows XP
Novell SUSE Linux
Red Hat Linux

Symmetric multiprocessing (SMP) support. Hyper-V supports a maximum of 64 processors in
Windows Server 2008 R2, and a maximum of 16 processors in Windows Server 2008. Each virtual
machine can use a minimum of one and maximum of four virtual processors, depending on the
virtual machines operating system.
Network Load Balancing (NLB). Hyper-V includes virtual switch capabilities. You can configure virtual
machines to run with Windows NLB Service to balance the load across virtual machines on different
servers.
Hardware sharing architecture. Hyper-V provides improved access and utilization of core resources,
such as disk, networking, and video when you are running guest operating systems that have a
hypervisor-aware kernel and that are equipped with requisite virtual server client (VSC) code, which is
known as Hyper-V enlightened input/output (I/O). Enlightenments are operating-system
enhancements that help reduce the cost of certain operating-system functions, like memory
management. Presently, Windows Server 2008 R2, Windows 7, and Windows Vista support Hyper-V
enlightened I/O and a hypervisor-aware kernel via installation of Hyper-V integration services.
Integration components, which include VSC drivers, also are available for other client operating
systems. However, for these operating systems, you need to install the integration components
manually to benefit from Virtual Service Provider (VSP) and Virtual Service Client (VSC) architecture.
Quick Migration. Hyper-V enables rapid migration of running a virtual machine from one physical
host system to another with minimal downtime. It uses familiar high availability capabilities of
Windows Server and Microsoft System Center management tools. Windows Server 2008 R2 adds
support for Live Migration, which enables migration or running a virtual machine without downtime.
Virtual machine snapshots. Using Hyper-V, you can take snapshots of a virtual machine while it is
running. A snapshot consists of the virtual machines state, data, and hardware configuration. This will
help you revert to a previous point in time. Virtual machine snapshots typically are used in
development and test environments.
Scalability. With support for multiple processors at the host level, and improved memory access
within virtual machines, you can vertically scale your virtualization environment to support a large
number of virtual machines within a given host, and to continue to leverage Live Migration for
scalability across multiple hosts.
Extensible virtualization. Hyper-V provides standards-based Windows Management Instrumentation
(WMI) interfaces and an application programming interface (API), so third parties can build custom
tools, utilities, and enhancements for the virtualization platform.
Hyper-V in Windows Server 2008 R2
Hyper-V in Windows Server 2008 R2 includes features such as Live Migration, dynamic virtual machine
storage, improved virtual hard disk (VHD) performance, enhanced processor support, and enhanced
networking support.
Live Migration allows you to move virtual machines from one node of the failover cluster to another
node in the same cluster, without dropping the network connection or impacting end users with any
perceived downtime, because the virtual machines continue to run.
Failover clustering is a group of independent computers that work together to increase the
availability of applications and services across an environment. You connect the clustered servers,
called nodes, by physical cables and software. If one of the cluster nodes fails, another node provides
service. This process is known as failover clustering, and it means that end users experience minimum
disruption in services when a node fails.
Note: Live Migration requires that you add and configure the failover clustering role on the servers
that are running Hyper-V. Additionally, failover clustering requires shared storage for the cluster
nodes. On a server running Hyper-V, only one Live Migration, to or from the server, can be in
progress at any given time. You cannot use Live Migration to move multiple virtual machines
simultaneously. Also, you should be aware that you can achieve zero downtime when you use Live
Migration to move virtual machines between hosts only if both hosts are up and running. If a host
stops working because it fails, then Live Migration moves virtual machines to another host, but there
is a period of downtime.
Cluster Shared Volume (CSV) feature of failover clustering in Windows Server 2008 R2 with Live
Migration. CSV provides increased reliability when you use it with Live Migration and with virtual
machines that you configure in a failover cluster. It also provides a single, consistent file namespace,
so that all servers running Windows Server 2008 R2 view the same storage.
Processor Compatibility Mode, makes it possible for you to move virtual machines or perform Live
Migration between different processor versions within the same processor family, such as Intel or
AMD. You cannot perform Live Migration between different processor vendors.
Dynamic Virtual Machine Storage

Improvements to virtual machine storage in Windows Server 2008 R2 include:
Support for hot plug-in of the storage.
Support for hot removal of the storage.
If required, you can reconfigure virtual machine storage easily because the dynamic virtual storage
functionality supports adding and removing hard disks and physical disks while the virtual machine is
running.
Note: A hot plug-in and removal of storage requires that Integration Services be present in the
enlightened guest operating system.
Improved VHD Performance

Hyper-V on Windows Server 2008 R2 improves the performance of the dynamically expanding and fixed-
size VHDs, and makes the latter nearly identical to native throughput. You should use fixed-size disks for
production, because they preallocate disk usage.
Enhanced Processor Support

Hyper-V supports up to 64 logical processors and can run up to 384 virtual machines with up to 512
virtual processors.
Enhanced Networking Support

Improvements in networking support include:
Support for jumbo frames. Support for jumbo frames has been extended and is available to virtual
machines, if the underlying physical network supports it. Virtual machines can use jumbo frames up
to 9,014 bytes in size. Hyper-V includes jumbo frame support on that are 1 gigabyte (GB) or faster.
Support for Chimney (TCP Offloads). The TCP Chimney feature offloads the processing of network
traffic from the networking stack, which reduces processor usage and increases network performance.
Support for Virtual Machine Queue (VMQ). This reduces the overhead associated with network traffic.
These two technologies allow Hyper-V to take advantage of network offload technologies. Instead of a
core CPU that processes the network packets, you can move these packets to the offload engine on the
10 GB network adaptor. This reduces processor usage and improves performance.
Many of the new Hyper-V features, such as VNQ, Chimney, and CPU core parking, require compatible
hardware.
Demonstration: Hot Adding and Removing a VHD to a Running Virtual

Machine
In this demonstration, your instructor will show you how to add and remove a VHD from a running virtual
machine.
1. On the physical host computer, open Disk Management, create a VHD, and then copy some files to it.
2. Add a VHD, as an additional Small Computer System Interface (SCSI) disk, to the 10324A-NYC-CL1
virtual machine while it is running.
3. Initialize and format a new disk from Disk Management on the host machine. Access the disk from
the NYC-CL1 virtual machine, and then add additional content, such as by creating a few text files.
4. Remove a VHD from the virtual machine.
5. Mount the VHD on the physical host computer, and then list its content to verify that all of the files
that you created are there.
Virtual Network Settings for Hyper-V
Key Points
Virtual Network Manager gives you the ability to create a mechanism for binding virtual machines to a
physical network, and to create and manage virtual networks. You can use Virtual Network Manager to
add, remove, and modify the virtual networks. Virtual Network Manager is available from Hyper-V
Manager.
When you create a virtual network, Hyper-V creates a virtual switch that routes traffic based on either the
media access control (MAC) addresses or the virtual local area network (VLAN) Identifiers (ID). The virtual
switch modifies the MAC addresses of packets to route traffic with different MAC addresses than the
physical network cards MAC address. The advantage is that it can bind to any 802.3-complaint physical
Ethernet network adapter.
You cannot connect a virtual network to a wireless network adapter. The virtual switch changes the MAC
address of the source packet so that it does not match its own MAC address. As a result, you cannot
provide wireless networking capabilities to virtual machines, because the 802.11 standard does not
support the MAC address changes. You can attach only one virtual network to a specific physical network
adapter at a time. You cannot attach multiple virtual networks to the same physical network adapter.
When you create a virtual network:
Hyper-V creates a software-based switch.
You can associate only one Hyper-V virtual network with a single physical network adaptor.
Once a virtual network is bound to a physical network adapter, all other protocols are unbound
automatically.
You can use virtual networks to control and secure network traffic that enters and leaves a virtual
machine.
Windows Server 2008 R2 Hyper-V supports three types of virtual networks:
External. An external virtual network binds to a physical network adapter on the Hyper-V server so
that the virtual machine can have access to a physical network. When you create a new external
virtual network, Hyper-V creates a virtual network adapter on the parent partition unless you clear the
option to Allow management operating system to share this network adapter. If you clear this
option, then you dedicate the network adapter to the virtual machine. You would use an external
connection when your virtual machine needs to access or be accessed on the corporate network or
beyond the corporate environment.
Note: When you create an external virtual network, and clear the option to Allow management
operating system to share this network adapter, the physical network adapter will be available
only for virtual machines. It will not be accessible by the host computer. This is a best practice if you
want to isolate virtual-machine network traffic from host network traffic. In this scenario, you must
not clear this option on at least one network adapter, or you must not create a virtual network that
uses one of the physical network adapters, to ensure that the host computer can communicate on the
network.
Internal. When you create an internal virtual network, it allows the virtual machines to communicate
with each other and with the Hyper-V server, but they cannot communicate with the physical
network. You typically would use this scenario to simulate a networked environment with the base
system, and you might use an internal network in a training environment.
Private. The creation of a private virtual network enables the virtual machines to communicate with
each other, but there is no association with any physical network adapter in the parent partition. This
means that the virtual machines can communicate with each other, but not with the host computer or
with other computers on external networks. You can use private networks if you need to isolate
virtual machines for security reasons. You also may have virtual machines that you are using for
testing, and you do not want the virtual machines to access the corporate network inadvertently.
When you create a virtual network through either the Hyper-V Manager or WMI, you also create a new
software-based switch. There is no limit to the number of virtual networks or ports for virtual machine
connections that you can create.
Configuring VLANs
Hyper-V supports VLANs, and because a VLAN configuration is software-based, you can move computers
easily and maintain their network configurations. For each virtual network adapter that you connect to a
virtual machine, you can configure a VLAN ID for the virtual machine. You will need the following to
configure VLANs:
A physical network adapter that supports VLANs.
A physical network adapter that supports network packets with VLAN IDs that are applied already.
On the management operating system, you will need to configure the virtual network to allow network
traffic on the physical port. This is for the VLAN IDs that you want to use internally with virtual machines.
Next, you configure the virtual machine to specify the VLAN that the virtual machine will use for all
network communications.
There are two modes in which you can configure a VLAN: access mode and trunk mode.
When you configure your VLAN in access mode, this restricts the virtual networks external port to a single
VLAN ID in the user interface (UI). You can have multiple VLANs using WMI. Use access mode when your
physical network adapter connects to a port on the physical network switch that also is in access mode. To
give a virtual machine external access on the virtual network that is in access mode, you must configure
the virtual machine to use the same VLAN ID that is configured in the virtual networks access mode.
Trunk mode allows multiple VLAN IDs to share the connection between the physical network adapter and
the physical network. To give virtual machines external access on the virtual network in multiple VLANs,
you need to configure the port on the physical network to be in trunk mode. You also will need to know
the specific VLANs that you are using, and all of the VLAN IDs used by the virtual machines that the virtual
network supports. Your physical switch will need to support 802.1q
Question: Which type of network allows a virtual machine to access a physical network? In what scenarios
would you use this type of network?
What Are Hyper-V Virtual Machine Snapshots?
Key Points
Virtual machine snapshots capture the state, data, and hardware configuration of a virtual machine that is
running. Snapshots provide a fast and easy way to revert the virtual machine to a previous state. For this
reason, virtual machine snapshots mainly are for use in development and test environments. Having an
easy way to revert a virtual machine can be very useful if you need to recreate a specific state or condition
so that you can troubleshoot a problem.
There are certain circumstances in which it may make sense to use snapshots in a production
environment. For example, you can use snapshots to provide a way to revert a potentially risky operation
in a production environment, such as applying an update to the software running in the virtual machine.
Hyper-V snapshots are implemented in the virtualization layer, and can be taken at any time with guest
operating system (even during an operating system installation). Snapshots can be taken whether the
virtual machine is running or stopped. If the virtual machine is running when the snapshot is taken, there
is no downtime involved to create the snapshot.
Snapshot data files are stored as .avhd files, which is a snapshot-specific differencing disk that is used as
the running point of a virtual. After Hyper-V creates the snapshot, all system changes are written to the
AVHD disk going forward, and the base VHD no longer is modified. The AVHD is linked to its parent disk.
If you were to move one of these two files, the virtual machine would break. You can continue to create
additional snapshots, and each one links to its parent in a linear (timeline) arrangement. They cannot link
in a branched tree arrangement because that would create dead branches. When you go back to a
previous point in time (return to a snapshot), everything to the right of the timeline is destroyed
(rendered unusable) because you altered the virtual machine at a previous point.
Snapshot data files are located in the same folder as the virtual machine, by default, unless one of the
following conditions applies:
If you import the virtual machine with snapshots, the snapshots are stored in their own folder.
If the virtual machine has no snapshots, and you configure the snapshot setting for the virtual
machine, then the snapshots will be stored in the folder that you specify.
Note: Taking multiple snapshots can quickly consume storage space.
Considerations for Using Snapshots

Keep the following considerations in mind, particularly if you plan to use snapshots on a production
environments virtual machine:
The presence of a virtual machine snapshot reduces the virtual machines disk performance.
When you delete a snapshot, the .avhd files that store the snapshot data remain in the storage
location until you shut down or turn off the virtual machine, or you place it in a saved state. As a
result, when you delete a snapshot, you will need to put the production virtual machine into one of
those states at some point to be able to complete the snapshots safe removal.
We do not recommend that you use snapshots on virtual machines that provide time-sensitive
services or when performance or the availability of storage space is critical.
Note: We do not recommend, or support, the use of snapshots on virtual machines that are hosting
the Active Directory Domain Services (AD DS) role, which also is known as domain controllers, or on
virtual machines that are hosting the Active Directory Lightweight Directory Services (AD LDS) role.
For more information, see the Microsoft TechNet article Operational Considerations for Virtualized
Domain Controllers.
You can create snapshots by using Hyper-V Manager or by using the Virtual Machine Connection window.
To create a snapshot by using Hyper-V Manager, select a virtual machine, and then select Snapshot from
the Action menu or panel. To create a snapshot using the Virtual Machine Connection window, click on
the Snapshot button in the toolbar.
Question: Can you list additional scenarios where it would not be appropriate to use snapshots?
Demonstration: Using Snapshots in Hyper-V
In this demonstration, your instructor will show you how to use snapshots in Hyper-V.
1. Create snapshots of the NYC-CL1 virtual machine in Hyper-V Manager.
2. Modify the virtual machine.
3. Apply a previous snapshot, and then identify that modifications no longer are present.
Lesson 2
Introduction to VDI
VDI is an alternative desktop-delivery model that allows users to access desktops that are running in a
data center. In VDI, each user gets access to a personal virtual desktop from any authorized device, which
improves desktop flexibility. You can use VDI in two modes: personal and pooled desktops. The Remote
Desktop Connection Broker (RD Connection Broker) role service is one of key components in VDI that
manages a users connection to virtual desktops.
This lesson describes VDI, as well as the benefits of using it, and important components and procedures in
VDI.
What Is VDI?
Key Points
VDI is a centralized desktop-delivery architecture that allows you to centralize the storage, execution, and
management of Windows desktops in a data center. VDI enables you to run and manage Windows 7,
Windows Vista, and other desktop environments in virtual machines on a centralized server. A user can
connect to a virtual desktop with Remote Desktop Client (RDC) or by using Web access.
As a technology, VDI provides better flexibility, improved cost control, and has a smaller environmental
footprint, but it does increase the demand for security and compliance so that corporate data is more
secure. To meet these challenges, Windows Server 2008 R2 updates RD Connection Broker and flexible
presentation virtualization architecture beneath the VDI.
The VDI User Desktop

The two key deployment scenarios that VDI supports are personal virtual machines and pooled virtual
machines. When you use personal virtual machines, there is a one-to-one linking of virtual machines to
users. Each user is assigned a dedicated virtual machine, which the user can personalize and customize.
The one-to-one linking preserves any changes that the user makes. Therefore, by deploying personal
virtual desktops, you are providing great flexibility to end users.
In pooled virtual machines, a single image is replicated. The user state can be stored through profiles and
folder redirection, but it will not continue to stay on the virtual machine after the user logs off. This frees
up some system resources, and provides you with the ability to separate user data from the virtual
machine.
In both cases, the Windows Server 2008 R2 solution supports image storage on the Hyper-V host, and
clients connect to the virtual machine by using Remote Desktop Protocol (RDP). Additionally, in both
cases, administrators can store and maintain a user work area in a data center.
Each device accessing the VDI image requires the Windows Virtual Enterprise Centralized Desktop (VECD)
license.
VDI for Windows Server 2008 R2 operated in a previous versions of Windows but under a different name
and form. Hyper-V and RDS roles are key technologies to enable VDI.
Question: Is your organization using VDI? Which environments can benefit considerably by implementing
VDI?
Key Benefits of VDI
Key Points
Many organizations are considering implementing VDI to optimize resource usage and improve
management of desktop machines. VDI provides several benefits to various types of organizations.
Benefits
Some of the most important benefits are:
Access to data and applications from any device

When you are using VDI, users can access their virtual desktops from any device. Also, the location of the
device that is initiating a connection is not relevant. It can be both in internal or external network.
Improved data security and compliance

VDI helps you improve data security and compliance. Data is more secure because VDI means that no
data transfers to the physical machine on which the user is working.
Simplified application management and deployment

When you use VDI, you deploy applications to virtual machines, not to users workstations, which means
that you can control the operating system inside the virtual machine and make the whole desktop
environment more consistent and avoid problems with application compatibility. Also, application
deployment is much easier because you control all virtual desktops from one place.
Improved business continuity through data centralization

You deploy virtual machines in VDI on Hyper-V hosts, which you can make highly available by using
various technologies, such as failover clustering and live migration. With these technologies, desktop
virtual machines are also highly available.
Integrated management of physical, virtual, and session-based desktops

You can manage virtual desktops by using the same tools and technologies as you use for physical
computers, such as Windows Server Update Services (WSUS) or System Center Configuration Manager.
This means that you can fully centralize and integrate management of VDI and physical workstations. For
offline virtual machines, you can use the Offline Virtual Machine Servicing tool for management.
Quicker recovery from device malfunctions

Virtual machines are much easier to recover then physical machines. Also, virtual machines are much less
dependant on device drivers, so the number of malfunctions is much lower.
Centralized data storage and backup, which reduce losses from stolen devices
Backup and restore in VDI is much more centralized than backups in physical environments. Since you
deploy virtual machines on Hyper-V hosts, you can use a VSS-aware backup utility on enlightened guests.
We recommend that you use Data Protection Manager (DPM) 2010 as it fully supports Hyper-V 2.0 and
VDI backups and restores. Also, since machines are not moving with users, the risk of intellectual property
being stolen from devices is much lower, as is the risk of the devices themselves being stolen.
Types of VDI
Key Points
There are various ways to architect VDI, but in general, there are two types of VDI deployment: personal
virtual desktops and pooled virtual desktops.
Personal Virtual Desktops

When using a personal virtual desktop deployment, each virtual machine is like a traditional personal
computer, where user data, settings, applications, and operating systems are all stored together, and each
user has a unique virtual machine. If there are 100 users in an organization, there will be 100 virtual
machine images. This deployment model utilizes both the presentation virtualization and server
virtualization.
When deploying personal virtual desktops, you must be aware that you can assign only one personal
virtual desktop to a user, and that you can assign a virtual machine as a personal virtual desktop to only
one user at a time.
Pooled Virtual Desktops

When you use pooled virtual desktops, each virtual machine is created when a user logs on. Based on the
setup in the Active Directory Domain Services (AD DS), you select a copy of a virtual machine with an
operating system, and then create it and place it on the server. You then grant specific application access
to that virtual machine, deploy a users settings and attach data. When the user logs off, the virtual
machine copy is either destroyed or returned to a pristine state for future use. When you use this model,
you reduce the number of virtual machine images that you need, and additionally, this model uses user
state virtualization and application virtualization, as well as presentation and server virtualization.
Users should not save files on a virtual machine that is located in a virtual desktop pool. If a user logs off
from a virtual machine in a virtual desktop pool, and then later logs on to the virtual desktop pool, the
user might be connected to a different virtual machine in the virtual desktop pool. If you want to preserve
user data, you have to use some of user state virtualization technologies.
Question: What is the main difference between personal virtual desktops and pooled virtual desktops?
VDI Components in Windows Server 2008 R2
Key Points
VDI in Windows Server 2008 R2 consists of several components and technologies. These components
work together to provide users with a seamless and unified experience when they are using desktop
virtual machines. All components that VDI needs are present in Windows Server 2008 R2, so there is no
need to install any additional software. The following sections detail the components and technologies in
VDI in Windows Server 2008 R2.
Remote Desktop Web Access

Remote Desktop Web Access (RD Web Access) provides a user with an aggregated view of remote
applications and desktop connections via a Web browser interface. It enables the user to view all remote
applications and virtual desktops (personal virtual desktops and virtual desktop pools) published to that
user. Additionally, the user can choose and connect to remote applications or virtual machines.
AD DS
In Active Directory, administrator can assign virtual machines to users, which means that users always use
the same virtual machine. VDI components contact Active Directory to provide information about virtual
machine that a specific user should use.
RD Connection Broker
RD Connection Broker creates a unified experience for traditional session-based remote desktops and new
virtual machine-based remote desktops. RD Connection Broker, as part of the VDI solution, is an
extensible platform for partners; and it includes extensive APIs to add value with regards to the
manageability and scalability of the brokering solution. Extensibility points include the ability to create
policy plug-ins, such as those that determine the appropriate virtual machine or virtual machine pool;
filter plug-ins, such as those for preparing a virtual machine to accept RDP connections; and resource
plug-ins, such as those for placing a virtual machine on the proper host, which you determine based on
the hosts load.
The main purpose of this role service is to broker a user connection to an appropriate endpoint, which
involves:
Identifying the virtual machine to which you want the user to make a remote connection.
Preparing the virtual machine for remote connections by communicating with the Remote Desktop
Virtualization Host server (RD Virtualization Host). An example of this is when you wake the virtual
machine from a saved state.
Querying the IP address of the virtual machine by communicating with the RD Virtualization Host
server. This IP address is returned to the Remote Desktop Session Host server running in redirection
mode.
Monitoring user sessions in a virtual desktop-pool scenario. Users with existing sessions in pools are
redirected to the virtual machines that are hosting their sessions.
RD Virtualization Host
RD Virtualization Host is a Remote Desktop Services role service in Windows Server 2008 R2, and it
integrates with Hyper-V to provide virtual machines that you can use as personal virtual desktops or
virtual desktop pools.
An RD Virtualization Host server:
Monitors virtual machine guest sessions and reports these sessions to the RD Connection Broker
server.
Prepares the virtual machine for a remote desktop connection when the RD Connection Broker server
requests this.
In order for RD Virtualization Host to perform these functions, you must configure the guest operating
system to give permission to the RD Virtualization Host.
Remote Desktop Session Host

A Remote Desktop Session Host was known as Terminal Server (in application mode) in earlier Windows
Server versions.
To deliver virtual desktops to users in Windows Server 2008 R2, you must configure the RD Session Host
to provide virtual machine redirection, which securely redirects an RDP client connection to a virtual
machine. When you configure a RD Session Host server to provide virtual machine redirection, the
following changes are made to the RD Session Host server:
The user logon mode is changed to allow reconnections, but prevent new logons. If you need to
connect to this machine for administrative tasks, be sure to use the /admin parameter, or you will not
be able to connect.
All programs are removed from the RemoteApp Programs list in RemoteApp Manager.
The Authenticated Users group is added to the Remote Desktop Users group.
The RD Session Host server running in redirection mode does not allow interactive user sessions, unless
the user requests an administrative session by using the /admin parameter.
When a user requests a virtual machine, the RD Session Host server running in redirection mode queries
the RD Connection Broker server. The RD Connection Broker server then provisions a virtual machine for
the user and returns its IP address to the RD Session Host server that is running in redirection mode. The
RD Session Host server that is running in redirection mode then redirects the RDP client to connect to the
virtual machine by using the IP address.
We recommend that the RD Connection Broker role service resides on the same machine as the RD
Session Host server that is running in redirection mode. However, we also support the scenario in which
the RD Session Host server is running in redirection mode and the RD Connection Broker role service is
running, on separate machines.
Remote Desktop Gateway

This is an optional role service in a Microsoft VDI deployment, and its main purpose is to securely route
RDP connections over the Internet through a firewall. Remote Desktop Gateway (RD Gateway) enables
users to connect to virtual machines or remote application from Internet by using same settings as the
local network, without you having to configure a virtual private network (VPN) connection.
RD Connection Broker in VDI Deployments
Key Points
RD Connection Broker is one of the key roles in VDI deployment, and it communicates with other
components to provide users with access to the proper virtual machine or application. In earlier Windows
Server versions, it was known as TS Session Broker.
The most important tasks that RD Connection Broker performs include:

Providing users with access to virtual desktops that RD Virtualization Host servers host, and to
RemoteApp programs through RemoteApp and Desktop Connection.
Allowing users to reconnect to their existing sessions in a load-balanced RD Session Host server farm.
This prevents a user with a disconnected session from being connected to a different RD Session Host
server in the farm and having to start a new session.
Enabling you to distribute the session load evenly among RD Session Host servers in a load-balanced
RD Session Host server farm.
Providing Access to Virtual Desktops

In a VDI deployment, you use RD Connection Broker to broker connections from clients to virtual
machines.
RD Connections Broker maintains a list of available virtual desktops, and when a client makes a request, it
provides the client with the connection information for the most appropriate virtual desktop, or a
response which indicates that an appropriate virtual desktop is not available. In some scenarios, if more
than one appropriate virtual desktop exists, the connection broker will provide the client with a list of
possible candidates for connection.
If a virtual desktop is assigned to the user through AD DS, Remote Desktop Connection Broker will query
AD DS for the users personal virtual desktop.
Since one of main benefits of VDI is optimization of resource usage, you should turn off virtual desktop
systems when they are not in use. RD Connection Broker monitors virtual desktops after you assign them,
and it instructs the virtualization host to shut them off or suspend them when they are idle or logged off.
Similarly, RD Connection Broker also will instruct the virtualization host to start a virtual desktop when
necessary, and after the virtual machine starts, it redirects the client to the virtual machine.
Connection to Existing Sessions

RD Connection Broker keeps track of user sessions in a load-balanced RD Session Host server farm. The
RD Connection Broker database stores session information, including the name of the RD Session Host
server where each session resides; the session state for each session; the session ID for each session; and
the user name associated with each session. RD Connection Broker uses this information to redirect a user
who has an existing session to the RD Session Host server where the users session resides.
If a user disconnects from a session intentionally or because of a network failure, the applications that the
user is running will continue to run. When the user reconnects, the RD client queries the RD Connection
Broker to determine whether the user has an existing session, and if so, on which RD Session Host server
in the farm. If there is an existing session, RD Connection Broker redirects the client to the RD Session Host
server where the session exists.
Load Balancing with RD Connection Broker

The Load Balancing feature in RD Connection Broker enables you to distribute the session load between
servers in a load-balanced RDS server farm. When a user without an existing session connects to an RD
Session Host server in the load-balanced RD Session Host server farm, the Load Balancing feature redirects
the user to the RD Session Host server with the fewest sessions. If a user with an existing session
reconnects, it redirects the user to the RD Session Host server where the users existing session resides. To
distribute the session load between more powerful and less powerful servers in the farm, you can assign a
relative server weight value to a server.
How VDI Works
Key Points
The way users connect to a virtual machine is based on the VDI configuration. If you configure VDI for
personal virtual desktops, users connect to a virtual machine in the following way:
1. A user initiates the connection to the personal virtual desktop by using RD Web Access or
RemoteApp and Desktop Connection. The user sends the request to the RD Session Host server
running in redirection mode (RD Redirector) by using RD Web Access or RemoteApp and Desktop
Connection.
2. The RD Session Host server that is running in redirection mode (RD Redirector) forwards the request
to the RD Connection Broker server to get information about the target virtual machine.
3. The RD Connection Broker server queries AD DS, and retrieves the name of the virtual machine that is
assigned to the requesting user account.
4. The RD Connection Broker server sends a request to the RD Virtualization Host server to start the
virtual machine.
5. The RD Virtualization Host server returns the IP address of the fully qualified domain name (FQDN) to
the RD Connection Broker server. The RD Connection Broker server then sends this information to the
RD Session Host server that is running in redirection mode (RD Redirector)
6. The RD Session Host server redirects the request to the client computer that initiated the connection.
7. The client computer connects to the personal virtual desktop.
If you configure VDI for pooled virtual desktops, users are connected to a virtual machine in the following
way:
1. A user initiates the connection to the virtual desktop pool by using RD Web Access or by using
RemoteApp and Desktop Connection. The user sends the request to the RD Session Host server
running in redirection mode either by using RD Web Access or RemoteApp and Desktop Connection.
2. The RD Session Host server redirects the request to the RD Connection Broker server.
3. The RD Connection Broker server verifies whether an existing session exists for the requesting user
account. If a session exists, the RD Connection Broker server returns the virtual machine name to the
RD Session Host server that is running in redirection mode. If the session does not exist, the RD
Connection Broker server sends a request to the RD Virtualization Host server to locate and start the
virtual machine. The RD Connection Broker server returns the virtual machine name to the RD Session
Host server that is running in redirection mode.
4. The RD Session Host server redirects the request to the client computer that initiated the connection.
5. The client computer connects to the virtual desktop pool.
Lesson 3
Configuring Personal and Pooled Virtual Desktops
A very important part of VDI deployment is configuration of virtual desktops. In Windows Server 2008 R2
VDI, you can configure desktops as personal and pooled, and you can configure additional settings and
specify how users will connect to their virtual desktops. This lesson focuses on configuration of virtual
desktops.
Configuring Virtual Machines for Virtual Desktops
Key Points
Before you use virtual desktops in a VDI deployment, you must configure virtual machines for this
purpose. After you install Windows Server 2008 R2 and the Hyper-V platform, you should create virtual
machines that you can use as virtual desktops by performing the following steps:
1. Install the supported operating system.
Supported client operating systems include Windows XP, Windows Vista, or Windows 7. We
recommend that you use Windows 7, if possible. Also, you should configure the appropriate network
settings in the virtual machines so that they can access your physical network.
2. Join the virtual machines to a domain.
You should join each virtual machine that you will use as a virtual desktop to the AD DS domain. We
recommend that you place these virtual machines inside the appropriate organization unit in your AD
DS structure, so you can manage them easily by using Group Policy.
3. Configure the virtual machines for RDS.
On each machine, you should enable Remote Desktop functionality in System Properties. Also, you
should add all users that will be using these machines through VDI to the local Remote Desktop Users
group. By using registry editor, you also should allow RPC for RDS. In Windows firewall, you should
create a firewall exception for Remote Service Management and RDS. At the end, you also should add
the RD Virtualization Host server to the permissions list for the RDP-Tcp listener.
Note: You can perform all of these steps by using a Windows PowerShell script. Script examples are
located at Configure Guest OS for Microsoft VDI (Windows PowerShell Script) .
4. Creating virtual machine snapshots (optional)

If you will be using virtual machines in a pooled virtual desktop scenario, you should create Hyper-V
snapshots on each virtual machine, and you should name the snapshots RDV_Rollback. These
snapshots will be applied each time a user logs off from a machine.
What Are Personal Virtual Desktops?
Key Points
A personal virtual desktop is a virtual machine that a RD Virtualization Host server hosts and assigns to a
specific user account from AD DS. Unlike a virtual desktop pool, where you can configure a virtual
machine to roll back changes when a user logs off, a personal virtual desktop retains all changes made by
the user as well as the users data.
The RD Connection Broker Manager assigns an unassigned virtual machine to a user, and AD DS stores
this assignment as a user account property. The virtual machine name in Hyper-V Manager and user
account property must be the same as the FQDN of the virtual computer.
Personal virtual desktops can only use Windows client operating systems. You cannot install Windows
Server 2008 R2 on a virtual machine and assign it as a personal virtual desktop.
To deploy personal virtual desktops, your schema for the AD DS forest must be at least Windows Server
2008. To use the added functionality provided by the Personal Virtual Desktop tab in the User Account
Properties dialog box in Active Directory Users and Computers, you must run Active Directory Users and
Computers from a computer that is running Windows Server 2008 R2 or a computer that is running
Windows 7 that has Remote Server Administration Tools (RSAT) installed.
You must use a domain functional level of at least Windows 2000 Server native mode. We do not support
the functional levels of Windows 2000 Server mixed mode and Windows Server 2003 interim mode.
The assignment of a virtual machine stays intact even after users log off from their assigned personal
virtual desktops. An administrator can reassign a personal virtual desktop or make changes to the
assignment through RD Connection Broker Manager. You can assign only one machine per user.
Independent software vendors (ISVs) can extend the inbox solution and provide users access to more than
one personal virtual desktop
Note: It is incorrect to add a virtual machine designated as a personal virtual desktop to a virtual
desktop pool, if you want to allow only the assigned user to access that virtual machine. When the
designated user makes a connection to his personal virtual desktop, which now is part of a virtual
desktop pool, the connection will fail, and a mismatch event is logged.
What Are Virtual Desktop Pools?
Key Points
A virtual desktop pool temporarily assigns a virtual machine to the user. The RD Connection Broker
automatically makes this assignment without any prior assignment configuration. The user-to-virtual-
machine assignment is removed as soon as the user logs off. Since there is no permanent assignment of a
virtual machine in a virtual desktop pool to a user, as long as there is a virtual machine available in the
pool, one will be assigned to the user.
A virtual machine can be a member of only one virtual desktop pool. You configure all virtual machines in
a virtual desktop pool identically, so when users see the same virtual desktop regardless of which virtual
machine in the virtual desktop pool they connect to. Since users might connect to a different virtual
machine in the virtual desktop pool each time they log on, we recommend that you use user state
virtualization technologies to manage user settings and data centrally.
Note: You must configure all virtual machines in a virtual desktop pool identically, including the
installed programs. If you need various configurations of virtual machines, you should create
additional pools.
Virtual desktops can use only Windows client operating systems. You cannot install Windows Server 2008
R2 on a virtual machine and add it to a virtual desktop pool.
To assign a virtual machine from a virtual desktop pool, you choose a Hyper-V server that has the least
number of running virtual machines, and then select a virtual machine belonging to this virtual desktop
pool. A random selection is made if two or more Hyper-V servers have the same number of running
virtual machines. ISVs can enhance the inbox solution by implementing their own load-balancing
algorithm.
When users disconnect from a virtual machine in a virtual desktop pool, they are redirected to their
disconnected virtual machines the next time they log in. However, when a user logs off from the virtual
machine, the virtual machine can be configured to rollback to a state determined by an administrator.
You can do this by applying the RDV_Rollback snapshot.
You can make multiple virtual desktop pools available through RD Web Access. The user sees a different
icon for each virtual desktop pool.
Additional Virtual Desktop Settings
Key Points
After you configure the VDI infrastructure, you can set some additional options on a Personal Virtual
Desktop level, by using the Remote Desktop Connection Manager Console in the RD Virtualization host
server node. These improve the users experience when they are using virtual desktops.
General Settings
On the General settings tab, you can configure whether icons for personal desktops will appear in RD
Web Access, if you assign a user to a virtual machine. Also, on this tab, you can configure the behavior of
virtual machines when users log off or disconnect from a session. For example, you can configure that
virtual machine goes into saved state after five minutes when users log off. We recommend this option
because it enables you to save system resources when machines are not in use.
Common RDP Settings

On this tab, you can configure devices, resources, and display settings that will be applied when a user is
using a virtual desktop. For example, you can configure that the user can access a local disk drives or
printers from the virtual desktop session. It is possible to make smart cards and plug-and-play devices
from the physical host available to virtual desktops. Also, you can configure that all monitors on the client
side are used in virtual desktop sessions. For a better user experience, you can enable font smoothing and
color quality.
Custom RDP Settings

You can specify custom RDP settings for virtual desktops, such as audio redirection. These settings apply
when a user connects to a virtual desktop. To configure these settings, you should type, or copy and
paste, the settings in the Custom RDP settings box. The easiest way to configure custom RDP settings is
to create an .rdp file, and then use its settings:
To create an .rdp file from which to copy the settings, do the following:
1. Open the RDC, and then click Options.

2. Configure the settings that you want, such as audio redirection.

3. When you are finished, on the General tab, click Save As, and then save the .rdp file.
4. Open the .rdp file in Notepad, and then copy the desired settings into the Custom RDP settings box
on the Custom RDP Settings tab.
Options for Accessing Virtual Desktops
Key Points
When you create virtual desktop, users can connect to their virtual machines in several ways. Depending
on what type of VDI scenario you use, administrators can choose one or more ways to provide users with
connections to their virtual desktops.
Using Remote Desktop Web Access is very convenient way to connect to virtual desktop, since it is using
Web interface. Users should use the https://servername/RDWeb URL to get to RD Web Access page. From
that page, they can directly access their virtual desktops. Also, from this page, users can choose to connect
to some other computer (if they have the requisite permissions), or they can choose to run Remote
applications, if they are published.
If a user is accessing a virtual machine from Windows 7 client, you can configure remote desktop
connections in the Control Panel applet called RemoteApp and Desktop Connections. To use this feature,
you must configure the connecting URL in form https://servername/RDWeb/feed/Webfeed.aspx. Also, the
server must have an installed, valid certificate that the client trusts. After the connection to the server is
made, connections to the virtual desktop and remote applications (if any) will be published to the users
Start menu inside the RemoteApp and Desktop Connections folder. These connections periodically are
updated automatically or you can initiate the update process manually. This means that if the
administrator changes settings on the server side or publishes new resources, these changes will be
applied to a user during the next update cycle.
Another alternative is for the users to use their classic .rdp file to connect to their virtual desktops. Either
an administrator or the user can create this file in the Remote Desktop Client. This file contains connection
configuration settings. If you are using the Remote Desktop Client to connect to a virtual desktop, there
are additional settings that you can configure to provide a richer user experience.
Demonstration: Configuring and Accessing Virtual Desktops
In this demonstration, your instructor will show you how to configure the VDI infrastructure and prepare
virtual machines for VDI.
1. Add the Remote Desktop services role to NYC-SVR1, with the following services: Remote Desktop
Session Host, Remote Desktop Connection Broker and Remote Desktop Web Access.
2. Add the Remote Desktop services role with the Remote Desktop Virtualization Host service to the
physical host computer.
3. Prepare the NYC-VDP1 virtual machine to serve as a virtual desktop.
4. Assign a Personal Virtual Desktop.
5. Connect to RD Web Access, and access the new personal virtual desktop.
Lab: Configuring Virtual Desktop Infrastructure
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
perform the following steps:
2. Ensure that the 10324A-NYC-DC1 virtual machine is running.
3. If required, connect to the virtual machine. Log on to 10324A-NYC-DC1 as Contoso\Administrator
using the password Pa$$w0rd.
4. On the physical host machine, open Network and Sharing Center, and then click Change adapter
settings.
5. Open the Properties for the network connection that is labeled Internal Network.
6. Ensure that the IPv4 settings are configured as follows:
IP address: 192.168.10.100/24
DNS server: 192.168.10.1

7. On the physical host computer, click Start, right-click Computer, and then click Properties.
8. Under Computer name, domain, and workgroup settings, click Change settings.
9. On the System Properties box, on the Computer Name tab, click Change.
10. Under Computer name, change the name to Hostx (where x is a number that your instructor
provides).
11. Under Member of, click the Domain option, and then type Contoso. Click OK.
12. In the Windows Security box, provide Contoso\Administrator and Pa$$w0rd for the credentials,
and then click OK.
13. In the Computer Name/Domain Changes box, click OK. At the second prompt, click OK again.
14. In the System Properties box, click Close.
15. At the restart prompt click Restart Later. You will shut down NYC-DC1 before restarting the host
computer.
16. On NYC-DC1, click Start, and then next to Log off, point to the arrow, and click Shut down. Type
shut down in the comment field, and then click OK.
17. After NYC-DC1 shuts down, restart the physical host computer.
18. After the host computer restarts, log on as the local administrator.
20. Ensure that the 10324A-NYC-DC1, 10324A-NYC-SVR1, 10324A-NYC-CL1, 10324A-NYC-CL2, and
10324A-NYC-CL3 virtual machines are running. When prompted for user credentials, logon as the
local administrator.
21. If required, connect to the virtual machines. Log on to all virtual machines except 10324A-NYC-CL1 as
Contoso\Administrator using the password Pa$$w0rd. Do not log on to 10324A-NYC-CL1 until
instructed to do so.
22. In Hyper-V Manager, change the 10324A-NYC-CL2 display name to
NYC-CL2.contoso.com.
23. In Hyper-V Manager, change the 10324A-NYC-CL3 display name to
Exercise 1: Configuring RDS Infrastructure for VDI

Scenario
The first task of your pilot VDI deployment is to configure RDS services for VDI.
You will do it by adding the RDS role, configuring the RD virtualization host server, and then enabling
Remote Desktop Web Access.
1. Add the RDS role to the NYC-SVR1 server.

2. Configure the RD Virtualization Host Server.
3. Configure RD Web Access to use RD Connection Broker.
Task 1: Add the RDS role to the NYC-SVR1 server

1. On the NYC-SVR1 server, start the Add Roles Wizard in Server Manager.
2. Add the Remote Desktop Services role, and add the following role services: Remote Desktop
Session Host, Remote Desktop Connection Broker, and Remote Desktop Web Access.
3. In the wizard, configure the server to require Network Level Authentication.
4. Restart NYC-SVR1 when prompted, and then log on as Contoso\Administrator with the password
of Pa$$w0rd.
Task 2: Configure the RD Virtualization Host Server

1. On the physical host computer, start the Add Roles Wizard in Server Manager.
2. Add the Remote Desktop Services role, and add the Remote Desktop Virtualization Host role
service.
Task 3: Configure RD Web Access to use RD Connection Broker

1. On NYC-SVR1 open Remote Desktop Web Access Configuration from Administrative
Tools\Remote Desktop Services. Click Continue to this website (not recommended). This error
occurs because the shortcut points to localhost and not to NYC-SVR1.contoso.com, as it is defined in
the digital certificate that the Web site uses.
2. Log on as Contoso\Administrator with Pa$$w0rd as the password.
3. Click the An RD Connection Broker server radio button, enter
NYC-SVR1.contoso.com in Source name text box, and then click OK.
4. Close Internet Explorer.
Results: After this exercise, you should have configured the RDS infrastructure for VDI.
Exercise 2: Configuring a Virtual Machine for VDI

Scenario
After you configure the Remote Desktop Services infrastructure, you have to configure test virtual
machines that will be used as virtual desktops. Also, you have to create snapshot that you can use for a
virtual machine rollback in a pooled virtual desktop scenario.
1. Configure Windows 7 virtual machines for VDI.

2. Create a snapshot to enable virtual machines to roll back.
Task 1: Configure Windows 7 virtual machines for VDI

1. On NYC-CL2, open System Properties, enable Remote Desktop with the Allow connections only
from computers running Remote Desktop with Network Level Authentication option.
2. Add the Contoso\RD Users group to the Remote Desktop Users local group on NYC-CL2 by using
the Computer Management console.
3. Using Registry editor on NYC-CL2, navigate to: HKEY_LOCAL_MACHINE
\SYSTEM\CurrentControlSet\Control\Terminal Server, and then change the value for
AllowRemoteRPC key to 1.
4. Make an exception in Windows Firewall for Remote Service Management.
5. Grant the RD Virtualization Host computer account (physical host computer) permissions to
the RDP protocol on NYC-CL2. A script for this is in \\NYC-
DC1\E$\Labfiles\Mod12\RDSConfig\. Edit RDS-pool.bat to replace <physical host> with the
name of your physical host server, and then save the modified file. Run RDS-pool.bat. When
prompted, press Y to continue the operation, and stop the service.
6. Log off from NYC-CL2.
7. Repeat steps 1 to 6 on NYC-CL3.
Task 2: Create a snapshot to enable the virtual machines to roll back

1. Using the Hyper-V Manager console on the physical host, make a snapshot for NYC-CL2, and name it
RDV_Rollback.
2. Using the Hyper-V Manager console on the physical host, make a snapshot for NYC-CL3, and name it
RDV_Rollback.
3. Save both NYC-CL2 and NYC-CL3 virtual machines. By performing this task, you created snapshots for
both virtual machines, from which they will start after any user uses them. You also saved virtual
machines, as Remote Desktop (RD) Connector Broker will request from RD Virtualization Host to start
the virtual machine when the user tries to connect to it.
Results: After this exercise, you should have configured virtual machines for VDI.
Exercise 3: Configuring and Testing the Personal Virtual Desktop

Scenario
The first part of testing is to deploy a personal virtual desktop. You will configure a test user, and will also
set security options. After that, you will try to access the personal virtual desktop.

1. Configure the Personal Virtual Desktop.
2. Configure the digital signing of .rdp files, single sign-on, and the trusted .rdp publisher.
3. Test the Personal Virtual Desktop.
4. Remove the assignment of the personal virtual desktop from a user.
Task 1: Configure the Personal Virtual Desktop

1. On NYC-SVR1, start the Configure Virtual Desktops Wizard in the Remote Desktop Connection
Manager console.
2. For RD Virtualization host server, enter your physical host name.
3. On the Configure Redirection Settings and Specify RD Web Access server pages, enter NYC-
SVR1.contoso.com.
4. Assign a personal virtual desktop named NYC-CL2.contoso.com to the Contoso\ruser user account.
Task 2: Configure digital signing of .rdp files, single sign-on, and the trusted .rdp
publisher
When you want to connect to a virtual desktop, by default, you get a security prompt because the .rdp file
is not digitally signed. You then must provide user credentials for logging on to the virtual desktop. You
can avoid those prompts by configuring digital signing of .rdp files, adding a trusted .rdp publisher, and
configuring single sign-on. For this lab, we will use local Group Policy to configure those settings, but in
real life you would configure them by using domain Group Policy.
1. On NYC-SVR1, in Remote Desktop Connection Manager, configure the digital signature found in the
Properties dialog box of the RD Virtualization Host Servers to use the NYC-SVR1.contoso.com
certificate.
2. On NYC-CL1, log on as Contoso\ruser, and open the Local Group Policy Editor using Run As
Administrator.
3. Expand Computer Configuration, Administrative Templates, System, and click on Credentials
Delegation.
4. In the details pane, double-click Allow Delegating Default Credentials, select Enabled, click Show,
and then enter TERMSRV/* as the Value.
5. From NYC-CL1, browse to https://NYC-SVR1.contoso.com/RDWeb.
6. Run the Add-on, and then log on as contoso\ruser with the password of Pa$$w0rd. Select the This
is a private computer option.
7. Click the My Desktop icon. On Remote Desktop Connection dialog, click NYC-SVR1.contoso.com
Publisher name.
8. In the Certificate window, click the Details tab, and then select Thumbprint. Select the thumbprint
numbers in the details box, copy them by pressing CTRL+C.
Important: Do not select the leading space at the front of the thumbprint.
9. Switch to the Local Group Policy Editor, navigate to Computer Configuration,click Administrative
Templates, click Windows Components, click Remote Desktop Services, and then click Remote
Desktop Connection Client.
10. In the details pane, double-click Specify SHA1 thumbprints of certificates representing trusted
.rdp publishers, and then select Enabled.
11. Right-click in Coma-separated list of SHA1 trusted certificate thumbprint entry box, and then
select Paste.
Task 3: Test the Personal Virtual Desktop

1. From NYC-CL1, on the Enterprise Remote Access Web page, click My Desktop. Click Connect.
Verify that you are logged on to NYC-CL2.
2. After you are logged on, create a new folder on desktop of NYC-CL2, name the folder with your
name (such as Joe), and then log off.
3. Repeat step 1, and verify that folder that you have created in the previous session still exists as
snapshot is not applied since you assigned the virtual desktop to a user. Log off NYC-CL2.
4. After you verified the personal virtual desktops functionality, use Hyper-V Manager to revert NYC-
CL2 to the most recent snapshot.
Task 4: Remove the assignment of a personal virtual desktop from a user

1. On NYC-DC1, open Active Directory Users and Computers, and in the RDS Users organizational
unit, open the Properties dialog box for ruser.
2. Click the Personal Virtual Desktop tab, and remove the assignment of the NYC-CL2 virtual machine.
Results: After this exercise, you should have configured and tested personal virtual desktops.
Exercise 4: Configuring and Testing User State Virtualization and the

Virtual Desktop Pool
Scenario
The final part of the pilot VDI deployment is to test the virtual desktop pool. First, you will configure user
state virtualization technologies to prevent the loss of user data, and then you will configure and try to
use a Virtual Desktop Pool.

1. Configure a roaming profile and folder redirection Group Policy object (GPO).
2. Configure the Virtual Desktop Pool.
3. Verify the Virtual Desktop Pool functionality.
Task 1: Configure a roaming profile and folder redirection

1. On NYC-DC1, open Active Directory Users and Computers, and in the Properties dialog box for the
VDI user, on the Profile tab, enter
\\NYC-DC1.contoso.com\Profiles\%username% as the Profile path.
2. In the Group Policy Management console on NYC-DC1, create new GPO named Folder Redirection,
and link it to the RDS Users organization unit.
3. Open the Folder Redirection GPO for editing, and then browse to User Configuration, Policies,
Windows Settings and Folder Redirection. Right-click on the Desktop node, and select Properties.
In the Desktop Properties window, select Basic Redirect everyones folder to the same location
setting, enter \\NYC-SVR1.contoso.com\desktops as Root Path, and then click OK.
Task 2: Configure the Virtual Desktop Pool

1. On NYC-SVR1, in Remote Desktop Connection Manager, start the Create Virtual Desktop Pool
Wizard.
2. Add NYC-CL2.contoso.com and NYC-CL3.contoso.com to the Virtual Desktop Pool, and name
the pool as Contoso Virtual Desktop Pool. Enter CONTOSO_VDP as Pool ID.
Task 3: Verify the Virtual Desktop Pool functionality

1. On NYC-CL1, if necessary, log on as Contoso\ruser, open Remote Desktop Web Access by
navigating to https://NYC-SVR1.contoso.com/RDWeb, and verify that Contoso Virtual Desktop
Pool has appeared. Click on that item and verify that you are logged on to the NYC-CL2 virtual
machine.
2. On desktop of NYC-CL2, create a folder called Pooled VDI, and log off the machine.
3. Switch to NYC-DC1, open Remote Desktop Web Access by browsing to http://NYC-
SVR1.contoso.com/RDWeb, and log on as Contoso\vdi with password Pa$$w0rd. After you are
logged on, click Contoso Virtual Desktop Pool. More prompts may appear while logging. This is
normal as NYC-DC1 is not configured to delegate credentials.
4. Verify that you are connected to the NYC-CL2 virtual computer. Open Windows Explorer, and verify
that inside the C:\Users folder there is no ruser subfolder. It should have been discarded when the
user logged off and the RDV_Rollback snapshot was applied.
5. Switch to NYC-CL1, and access Contoso Virtual Desktop pool again.
6. Verify that you are connected to the NYC-CL3 virtual computer and that Pooled VDI folder is on the
desktop.
7. Log off NYC-CL3.
Results: After this exercise, you should have configured and tested the virtual desktop pool.
To complete the lab

following steps:

4. For the NYC-CL2 and NYC-CL3 virtual machines, you will need to delete the RDV_Rollback snapshots
first, and then revert to the first snapshot.
Review Questions
1. Which hypervisor type is used in Hyper-V? What is the main difference between hypervisor in Hyper-
V and in Virtual PC?
2. List some of the most important improvements to Hyper-V in Windows Server 2008 R2.
3. In which modes you can deploy Virtual Desktop Infrastructure?
4. Can you assign the same virtual machine to more than one user?
5. How do you preserve user data in the virtual desktop pool scenario?
Common Issues Related to Virtual Desktop Infrastructure
Users are prompted for credentials

when connecting to personal
virtual desktops.
Virtual machine cannot start from

saved state.
User data is not retained when

using pooled virtual desktops.

Contoso has 40 client computers that are running the Windows 2000 Professional operating system.
These computers are used by 60 users, 30 of which are resident, and 30 who are using computers
occasionally, when they are in the office. In these situations, they share computers with resident
employees. These computers have old hardware, and you cannot upgrade them to a newer version of
the operating system. Recently, Contoso has implemented virtual infrastructure based on Hyper-V 2.0,
in order to virtualize physical servers and optimize resource usage. This virtual infrastructure is
planned to support further growth and has enough spare resources. Now, managers at Contoso are
considering ways to upgrade client computers to Windows 7. One option is to buy new hardware for
all clients. You are hired as consultant, and you have to prepare proposition of solution to use VDI
instead of buying new client hardware. Contoso managers are interested in this solution but they
have some concerns about managing users data. Currently, all user data is located on local client
machines.
Best Practices Related to Virtual Desktop Infrastructure

Use high availability technologies, such as Live Migration for Hyper-V.
Use System Center Virtual Machine Manager 2008 R2 for management of your whole virtual
infrastructure and for deployment of new virtual machines.
Configure personal virtual desktops to go in saved state mode after the user logs off. This optimizes
usage of system resources.
Summary of Desktop Virtualization Technologies 13-1
Module 13
Summary of Desktop Virtualization Technologies
Contents:
Lesson 1: Review of Desktop Virtualization Technologies 13-3
Lesson 2: Real-World Usage Scenarios 13-17
Module Overview
This module summarizes all of the desktop-virtualization technologies that this course presents.
Additionally, it helps you identify typical usage scenarios for each technology, and it covers some real-
world scenarios.
Lesson 1
Review of Desktop Virtualization Technologies
Microsoft provides several desktop-virtualization technologies that include Windows Virtual PC,
Virtual PC 2007 Service Pack 1 (SP1), Microsoft Enterprise Desktop Virtualization (MED-V), Microsoft
Application Virtualization (App-V), Remote Desktop Services (RDS), User State Virtualization, and Virtual
Desktop Infrastructure (VDI).
This lesson summarizes all of these technologies, and it briefly reviews the features and benefits of each
one.
Review of Windows Virtual PC
Key Points
Windows Virtual PC is client virtualization software that you can use on a Windows 7 host operating
system to create and run multiple virtual machines. Each of these virtual machines can run a different or
the same one. You can obtain Windows Virtual PC as a free download from the Windows Virtual PC Web
site.
The primary purpose of Windows Virtual PC is to serve as the virtualization engine for Windows XP Mode,
which is a preconfigured virtual machine that is running Windows XP Service Pack that Microsoft provides.
You can deploy Windows XP Mode on Windows 7 Professional, Ultimate, and Enterprise editions.
For guest operating systems, Windows Virtual PC supports Windows XP Service Pack 3 (SP3), Windows
Vista Service Pack 2 (SP2), and Windows 7. To the guest operating system running in the virtual
machine, Windows Virtual PC provides virtual hardware, including a disk, CPU, memory, input/output
(I/O), and other devices.
Windows Virtual PC offers the following key features and benefits:

Seamless integration into the Windows desktop, which enables you to launch and use a full virtual
machine and virtual applications as if they are a native Windows 7 application. Additionally, you can
navigate freely between the host and guest environments, and applications.
A new user interface, which includes a full virtual machine console, settings interface, and a wizard-
based interface. You can use the console and interfaces to create new virtual machines, and perform
advanced management tasks for various types of virtual hard disks (VHDs).
The ability to run in two modes: a Virtual Applications mode to run legacy applications seamlessly,
and a Full Desktop mode, which provides the user with the full desktop experience of the guest
operating system.
The ability to use universal serial bus (USB) devices, such as printers, flash memory sticks, external
hard disks and backup disks, digital cameras, and smartcards. Windows Virtual PC enables easy use of
USB devices because of its hardware redirection technology.
Extensive networking capabilities, which enable you to configure network connections between a
virtual machine and the host, among multiple virtual machines, and between virtual machines and the
external network.
The use of the Hardware Assisted Virtualization (HAV) feature (Intel VT and AMD-V) that improves
the performance and robustness of virtual machines on HAV-capable hardware. You must have HAV
to use Windows Virtual PC on Windows 7.
To deploy Windows Virtual PC, you do not need any server infrastructure. However, you can integrate
Windows Virtual PC into a standard image that you can use for deploying workstations. Additionally, you
can deploy it, optionally, with Windows XP Mode.
The central vision of Windows Virtual PC is to encourage organizations to use Windows 7 by addressing
the legacy application-compatibility needs of enterprise and small-business users with a very simple,
readily accessible, and seamless presentation of applications and virtual desktops.
Typically, home users, who need to have older or other platforms present on their Windows 7 desktop
computers, use Windows Virtual PC, as do companies that must support older applications, on a smaller
number of computers that are running Windows 7. You also can deploy Windows Virtual PC in larger
enterprise environments, but since there is no native centralized management for this virtual platform,
you need to use other methods to manage virtual machines that are running inside Windows Virtual PC.
You can use Group Policy if you join the virtual machines to domain, or you can use technologies such as
Microsoft System Center Configuration Manager.
Review of Virtual PC 2007 SP1
Key Points
Virtual PC 2007 SP1 is desktop virtualization software developed for earlier Windows versions, such as
Windows Vista and Windows XP. You also can run Virtual PC 2007 SP1 on Windows 7. However, you
cannot run both Virtual PC 2007 SP1 and Windows Virtual PC on the same computer.
Virtual PC 2007 SP1 does not require hardware virtualization support on the host computer, although it
can partly utilize it if it is available. Therefore, you can install Virtual PC 2007 SP1 on older hardware to
provide a virtualization platform, even if there is no available support for hardware virtualization.
Free downloads of the 32-bit and 64-bit versions of Virtual PC 2007 SP1 are available at the Microsoft
Web site.
Virtual PC 2007 SP1 offers the following key features:
Support for dragging and dropping folders and files between the host and the guest operating
system.
A administration console that enables you to create and manage virtual machines.
It enables you to provide virtualization on older hardware platforms.
It does not require a server infrastructure, but it supports centralized management through MED-V.
Support for application publication, when you use it with MED-V.
You typically would use Virtual PC 2007 SP1 if you have older operating systems, but you need a
virtualization platform for testing or for legacy application support. You also can use it as a managed
client-virtualization platform in enterprise environments where you deploy MED-V.
Review of MED-V
Key Points
MED-V is a management and deployment platform for desktop virtualization. It provides virtual machines
and application integration in a Virtual PC 2007 SP1 environment that is running on a previous version of
the operating system, such as Windows XP. Applications appear and operate as if they were installed on
the desktop, and for information technology (IT) administrators, MED-V helps deploy, provision, control,
and support virtual environments.
While VDI and RDS provide remote virtual desktops and presentation virtualization, MED-V provides a
local virtual machine with a client operating system in which legacy applications can run.
Additionally, it offers a complete solution for centrally managing client virtual machines; storing, updating,
and distributing virtual images; and monitoring user activity. MED-V is part of the Microsoft Desktop
Optimization Pack (MDOP) for Software Assurance, and the most current version is MED-V 1.0 SP1.
MED-V offers the following key features and benefits:

Centralized deployment, management, and monitoring of deployed virtual images.
Application provisioning based on Active Directory Domain Services (AD DS) users and groups.
Seamless and transparent integration of published applications.
Clipboard sharing and printer redirection.
You need to deploy the server infrastructure for MED-V, and you need storage for storing virtual images.
Also, you must deploy MED-V client to all workstations that will be running MED-V virtual images.
Typically, you would use MED-V in larger environments where it is critical that you maintain compatibility
with older applications and operating systems. In these scenarios, MED-V is beneficial because it enables
you to centralize control, deployment, and monitoring of all virtual images that are running older
applications. The only drawback of MED-V is that users must download the virtual image on a client,
which can take time and consume valuable network resources.
Review of App-V
Key Points
Application virtualization is a sophisticated technology that allows organizations to reduce costs and
simplify software deployment. Other virtualization technologies, such as Windows XP Mode or MED-V,
deliver an entire virtual machine to the client computer. However, App-V delivers a virtual application
hosted in a virtual environment, which is based on the host operating system. App-V does not provide a
virtual machine. It provides only an application and the environment necessary to run the application
independently of the host operating system App-V is not an application-compatibility product, but rather,
is an application-management product.
From an end users perspective, a virtualized application behaves as a locally installed application. The
virtualization client software that you install on the client computer provides an environment that
simulates the local operating system.
The most current version is App-V 4.6. When you use it in conjunction with Windows 7, Windows Server
2008 R2, and Microsoft Office 2010, it provides a seamless user experience, streamlined application
deployment, and simplified application management.
Application management is one of the most time-consuming and costly aspects of an enterprise IT
infrastructure. However, there are many benefits to virtualizing applications, including a reduction of
management and support costs. App-V offers the following key features and benefits:
Centralized management.
The ability to run multiple versions of the same application without conflicts.
Reduced application conflicts.
A scalable infrastructure.
Support for Remote Desktop Servers.
Reduced license-compliance risks.
Usage reporting.
To deploy App-V, you must build a fairly complex server and client infrastructure that can include many
components, such as the Microsoft Application Virtualization Management Web Service, the App-V
Management Console, the App-V Management Server, the App-V Streaming Server, the App-V Client, the
App-V Sequencer, and Microsoft SQL Server. Depending on your usage scenario, you can deploy some
or all of the components of an App-V solution.
You typically would deploy App-V in your organization if you need to have full control over applications
that deploy to workstations and to address potential compatibility issues. App-V cannot address
incompatibility issues between an operating system and an application, but it enables you to run several
incompatible versions of the same application on a single computer. Also, you can run App-V on RDS
Session Host computers.
Review of RDS
Key Points
RDS provides a form of virtualization known as presentation virtualization.
RDS, formerly known as Terminal Services, provides technologies that enable you to access session-based
desktops, virtual machine-based desktops, and remote applications that are running on centralized
servers. You can establish a secure connection from a local network or from the Internet. Clients connect
to an RDS server by using Remote Desktop Protocol (RDP). RDP 7.0 provides improved and new features,
such as Windows Media redirection, Aero Glass support, and true multimonitor support. To benefit from
the new and improved RDP features, you must use Remote Desktop Connection 7.0 client, which both
Windows 7 and Windows Server 2008 R2 include.
RDS consists of several services, including Remote Desktop (RD) Session Host, RD Licensing, RD
Connection Broker, RD Gateway, RD Web Access, and the RD Virtualization Host. All these services work
together to provide end users with an experience that is similar to running local applications on their
computers. Features such as device redirection, single sign-on (SSO), and RD Easy Print make it difficult to
distinguish between remote and local applications.
RDS offers the following capabilities and features:

You can run an application or full desktop in one location, while accessing the applications or
desktops from a remote location.
You can maintain the installation and management of centralized servers in the data center.
You can present users with a full desktop environment or with the individual applications window and
data that they require for their job.
Remote RDS applications integrate seamlessly with the user local desktop. They look, feel, and behave
as if they are local applications.
It enables secure remote access to an entire desktop, remote application, or virtual machine, without
users having to establish a connection to a virtual private network (VPN).
You can maintain control centrally of which users can access RDS servers, which RDS servers users can
access, and of additional configuration information, such as device redirection settings.
RDS is part of a Windows Server 2008 R2 operating system, and can be relatively easy to deploy. The most
common usage scenario for RDS is application consolidation and optimization of resource usage. If you
want to centralize application deployment only to application servers, and not to clients, then you can use
RDS services such as RemoteApp and RD Web Access to publish applications to clients. Also, some RDS
services, such as RD Gateway, provide unified access to RDP hosts from any location inside or outside the
company.
Review of User State Virtualization
Key Points
User state is a general term that describes several categories that determine user environment, user data,
and settings. You do not identify a user state in one specific file or setting, but rather in a set of files and
settings known as User settings, User Registry, Application data, and User data.
If you virtualize the user state, you make available a users data and settings on any computer to which
that user logs on. User state virtualization, unlike other technologies that this course details, is more
conceptual virtualization then technical virtualization. To provide user state virtualization, you can use
technologies in Windows Server 2008, including folder redirection, roaming profiles, and offline files.
To implement any of these technologies as a support for user state virtualization, you must understand
the benefits and drawbacks of each. When you utilize user state virtualization with these technologies, you
receive the following benefits and features:
Access to data and settings from any computer that is a domain member.
A unified user environment on every computer.
A centralized location for users data and settings.
Access to files from network shares, even when a computer is offline.
You do not need additional software to deploy user state virtualization. You can configure most of these
features by using Group Policy in Windows Server. However, you must decide which technology you will
apply and where you want to store user data.
You typically would deploy user state virtualization in environments where user data centralization is
critical. You also would implement this virtualization in scenarios where users frequently change the
computer on which they work, or if a company has several users that work offsite, but who still need
access to company data.
Additionally, you typically would combine technologies that are part of user state virtualization with other
virtualization technologies, such as RDS and VDI.
Review of VDI
Key Points
VDI is an alternative model for desktop delivery that enables users to access desktops that are running in
a data center. When you use VDI, each user has access to a personal virtual desktop from any device that
you authorize, which improves desktop flexibility.
VDI provides an architecture for desktop delivery that enables you to centralize the storage, execution,
and management of a data centers Windows desktops, and it enables you to run Windows 7, Windows
Vista, and other desktop environments, and then manage them in virtual machines on a centralized
server. Users can connect to a virtual desktop with Remote Desktop Client (RDC), and can initiate a
connection from a preconfigured .rdp file or from their Start Menu or a Web page.
VDI supports two key deployment scenarios: personal virtual machines and pooled virtual machines.
Personal virtual machines have a one-to-one linking for virtual machines and users, which means that you
assign each user a dedicated virtual machine, which that user can personalize and customize. This
preserves any changes that the user makes. You provide the greatest flexibility to end users by deploying
personal virtual desktops.
Pooled virtual machines replicate a single image, and you can store user state information through
profiles and folder redirection. However, the virtual machine does not retain the user state after the user
logs off. This feature can free up system resources, and it enables you to separate user data from virtual
machines.
VDI offers the following benefits:

Access to data and applications from any device that is capable of running the RDC client.
Improved data security and compliance.
Simplified management and deployment of applications.
Improved business continuity through data centralization.
Integrated management of physical, virtual, and session-based desktops.

Quicker recovery from device malfunctions.
Centralized data storage and backup, which reduces losses from stolen devices.
To deploy VDI, you need to deploy the RDS role and services, and Hyper-V 2.0. Requirements on the
client side are minimal. The client must be able to run the RDC client software, and it should be a domain
member.
You typically would deploy VDI in organizations and environments where you want to unify and centralize
desktops. You can use VDI in an organization where a large number of users require a standard, simple
desktop. Additionally, some organizations might deploy VDI instead of buying new physical hardware for
their users, which optimizes resource usage. It is common to use user state virtualization with VDI,
especially if you deploy pooled desktops.
Comparing Desktop Virtualization Technologies
Key Points
The table provided on the slide compares the different desktop virtualization technologies that this course
covered.
While you can implement each technology and treat it separately, you also can combine many of them
together to achieve better results and increased functionality. However, to implement the technology that
is most suitable for your needs, you should identify the usage scenario and expected results before you
start the planning and deployment of these technologies.
Also, you should consider licensing requirements since they vary with each technology. Some of the
technologies are free, such as Windows Virtual PC, some of them are part of packages such as MDOP,
while certain technologies such as RDS require you to buy a license. You also should evaluate each
technology before making a final decision. Your hands-on experience can greatly help you in choosing a
proper technology. Additionally, Microsoft provides appropriate evaluation resources for each technology
on the Technet and MSDN Web sites.
Lesson 2
Real-World Usage Scenarios
Based on your organizations requirements and usage needs, you can deploy the virtualization technology
that provides the optimal solution. This lesson covers some of the predefined and real-world scenarios for
desktop virtualization.
Discussion: Scenario 1-----Contoso, Ltd
Key Points
Contoso, Ltd is a large multinational company that has several offices around the world. The company has
5,000 users with approximately 5,000 workstations in several offices in the United States and Europe, and
its core infrastructure is on Windows Server 2008 AD DS. All domain controllers run on Windows Server
2008, while some member servers run on Windows Server 2003. Client computers run various versions of
the Windows operating system. Approximately 50 percent are running Windows XP Professional, while 20
percent are running Windows Vista SP2 Enterprise, and 30 percent are running Windows 7 Enterprise.
Contoso, Ltd uses approximately 40 applications for business and testing, and approximately 10 percent
of those are core business applications that are installed on nearly all computers. The other applications
mostly are used for testing in the developmental department and for the support of the systems of
various vendors. Deployment of these applications is becoming more and more difficult. First, not all
applications are compatible with all of the operating systems deployed at Contoso, Ltd. During the next
12 months, Contoso, Ltd plans to upgrades most computers to Windows 7, which could cause an issue
because some core business applications are not compatible with Windows 7. Additionally, very few
application specialists are available, so end users sometime must wait too long for an application to
deploy to their computers. Lastly, providing support for these applications can be complex because there
is no unified method by which the organization can update applications. Applications that the
development department uses must run in an isolated environment, and therefore, these applications
should access the internal network only after testing is complete.
Some users at Contoso, Ltd work from home. Currently, they access the corporate network through a
VPN, but they have problems with some applications that do not work through a VPN connection.
You are a consultant for Contoso, Ltd, and you need to propose a solution that will address most, if not
all, of their problems with application deployment and support.
Your primary goals are:

To simplify application deployment to client computers, as much as possible.
To enable fast and secure deployment of core business applications. Additionally, you must deploy
up-to-date applications.
To provide remote access to core business applications in a secure, user-friendly way.
Question: What will you recommend to address issues with core business applications at Contoso, Ltd?
Question: What will you recommend for maintaining those applications that the organization uses for
testing and development?
Question: What are the options for users that are working from home?
Discussion: Scenario 2-----Northwind Traders
Key Points
Northwind Traders is a company in the United States that has five branch offices, with 1,000 users and
approximately 700 workstations. All users and computers are deployed in a single domain. Domain
controllers run Windows Server 2008 R2. Recently, the company bought several servers to use for
virtualization. These servers run Windows Server 2008 R2 with Hyper-V.
Workstations at Northwind Traders are heterogeneous, which means that they run various versions of the
Windows operating systems, from Windows 2000 to Windows 7. Not all users have their own workstation,
so some of them share the same workstation. Since some users do not have dedicated workstations, if
they save data on one workstation, it is sometime hard to access it from another workstation, and is also
can cause version conflicts on documents. Additionally, some users have older computers that are not
capable of running new applications. The organization uses various platforms, so administrators are
having a hard time unifying desktop environments.
Each year, the company employs temporary workers that work outside the company. They use computers
occasionally, when they are in the company office, and then mostly for checking e-mail and information
on the companys intranet portal or for writing work reports. These employees do not need dedicated
workstations, but must be able to use a computer when necessary and save their reports.
You are a consultant at Northwind Traders, which is considering desktop virtualization technologies as a
solution. However, the IT department is not sure which technology will address the companys needs.
Question: What solution would you recommend to unify desktop environments for existing users?
Discussion: Real-World Scenarios
Key Points
In this topic, you should discuss your environment with the rest of class. During preparation for this
discussion, you should answer the following questions:
1. Do you need any virtualization in your environment?
2. Do you have to support legacy applications?
3. Do you plan to upgrade to Windows 7 in the near future?
4. Do you often face application compatibility issues in your environment?
5. Do you have a need to unify user desktop platforms?
6. Do you have problems with backing up user data that is on desktops?
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential, and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.
Lab: Planning Desktop Virtualization Scenarios L1-1
Module 1: Overview of Desktop and Application Virtualization

Lab: Planning Desktop Virtualization Scenarios
Exercise 1: Identifying Virtualization Solutions
Task 1: Identify the user groups at Contoso, Ltd.
1. Review the scenario information.
2. Contoso, Ltd., has the following user groups with unique business requirements:
Regular users: Little information is provided for this group, so you can assume they have the regular
business desktop requirements. Some users likely will be affected by the application that is
incompatible with the Windows 7 operating system.
Branch office users: No information specific to these users is provided, so they can be grouped with
the regular users.
Sales support personnel:
Require access to a limited set of applications.
Share desktops with limited hardware resources.
Mobile users:
Require local access to applications.
Data on the laptops must be encrypted.
Require an application that is not compatible with Windows 7.
Contractors:
Require access to internal servers and applications.
Will not be able to connect through the virtual private network (VPN) in three months.
Will not be issued company laptops.
Task 2: Identify the virtualization solutions

1. On NYC-CL3, click Start, and then click Documents.
2. Double-click Windows Optimized Desktop Scenario SelectionTool v1.1.xls.
3. Use the following table to configure the requirements for two of the user groups. Select Yes for all
Solution Prerequisite criteria except where indicated below.
Note: You will need to fill in the information in the spreadsheet twice, once for each user group.
Regular and branch office users User Requirements:

1. Yes
2. No
3. Yes
4. No
5. No
L1-2 Lab: Planning Desktop Virtualization Scenarios
6. No
7. Unanswered
8. No
Business Requirements:
9. No
10. No
11. No
12. No
What is the suggested scenario?
Office Worker
Sales support personnel User Requirements:

1 No
2. Yes
3. No
4. No
5. Yes
6. No
7. Unanswered
8. No
9. No
10. No
11. No
12. No
Solution requirements:
17 No
Task Worker
Mobile workers User Requirements:

1 Yes
2. No
3. Yes
4. Yes
5. No
6. No
7. Unanswered
8. No
9. No
10. No
11. No
12. No

Mobile Worker
Contractors User Requirements:

1 No
2. No
3. No
4. No
5. No
6. Yes
7. Yes
8. No
9. No
10. Yes
11. No
12. No
Contract Worker
4. The recommended products and technologies for each type of user group is listed in the following table:
Regular and branch office users Required products and technologies

Microsoft System Center Configuration Manager
Microsoft Application Virtualization (App-V)
Windows 7 Enterprise clients
Profile virtualization technologies
AppLocker and BitLocker
As needed products and technologies
RemoteApp
App-V for Remote Desktop Services
Sales support personnel Required products and technologies

RemoteApp
System Center Configuration Manager
App-V
AppLocker and BitLocker To Go
Windows Fundamentals for Legacy PCs
Mobile Workers Required products and technologies


App-V
AppLocker and BitLocker
DirectAccess
RemoteApp
BranchCache
Contractors Required products and technologies

Windows Virtual Enterprise Centralized Desktops
Hyper-V technology
Virtual Machine Manager
App-V
BitLocker To Go
Windows Fundamentals for Legacy PCs
Task 3: Develop a prioritized list of projects to implement virtualization

To address all of the organizations virtualization requirements, Contoso should consider the
following prioritized list of projects:
a. Implement Remote Desktop Services and Remote Desktop Gateway for the contractors to
remove the need for them to connect using the VPN. This project has the highest priority
because the organization will block VPN access in three months.
b. Implement App-V for applications that are not compatible with Windows 7. The organization
should implement a full App-V solution using System Center Configuration Manager to stream
the virtual application to all mobile users and to internal users who require the application.
c. Implement a Virtual Desktop Infrastructure (VDI) solution for the sales support personnel. This
solution will enable them to continue to run the applications that they require without upgrading
the user desktops.
Results: At the end of this exercise, you will have identified the user groups that may require virtualization at
Contoso, identified virtualization solutions that the organization could implement to address its business
requirements, and developed a prioritized list of projects to implement application and desktop virtualization.

following steps:

Lab: Implementing Windows Virtual PC and Windows XP Mode L2-1
Module 2: Implementing Windows Virtual PC and Windows XP

Mode
Lab: Implementing Windows Virtual PC and
Windows XP Mode
Exercise 1: Installing Windows Virtual PC
Task 1: Install Windows Virtual PC, and the KB977206 update
1. On NYC-CL2, open Windows Explorer, browse to \\NYC-DC1\E$
\Labfiles\Mod02, and then double-click Windows6.1-KB958559-x86.msu.
2. When prompted whether you want to install Update for Windows (KB958559), click Yes.
3. On Download and Install Updates, click I Accept.
4. After the installation finishes, click Restart Now.
5. Wait until the computer restarts. Log on as Contoso\Administrator as username and Pa$$w0rd for
password.
6. Open Windows Explorer, and browse to \\NYC-DC1\E$\Labfiles\Mod02. Double-click
Windows6.1-KB977206-x86-second.msu. Repeat steps 2 and 3, and restart as prompted.
7. On NYC-CL2, click Start, click All Programs, and then click Windows Virtual PC. Two items will
appear under the resulting menu: Windows Virtual PC and Windows XP Mode. Notice that
Windows XP Mode actually is not installed yet, and click Windows Virtual PC.
8. The Virtual Machines folder opens.
Task 2: Create and configure a virtual machine

1. On NYC-CL2, in the Virtual Machines window, click Create virtual machine on the task bar. A wizard
for creating a new virtual machine will start.
2. Type VMWorkstation1 in the Name field, and then click Next.
3. On Specify memory and networking options, type 768. Make sure that the Use computer
network connections option is selected, and then click Next.
4. On the Add a virtual hard disk page, click Create dynamically expanding virtual hard disk. In
Location field, click Browse. Navigate to Local Disk (C:\), and then click Make New Folder. Type
VHDs, and then click OK.
5. Click the check box next to Enable Undo Disks, and then click Create.
6. Ensure that VMWorkstation1 appears in the Virtual Machines window.
7. Right-click VMWorkstation1, and then click Settings.
8. Click Close, click Automatically close with the following action, click Hibernate, and then click
OK.
9. Right-click VMWorkstation1, and then click Open. The virtual machine will start the boot process.
10. After the machine starts, click X in upper-right corner of the Windows Virtual PC window, and make
sure that machine goes into hibernation without asking you for options.
L2-2 Lab: Implementing Windows Virtual PC and Windows XP Mode
Exercise 2: Using Windows XP Mode

Task 1: Set up Windows XP Mode
1. On NYC-CL2, open Windows Explorer, navigate to \\NYC-DC1\E$
\Labfiles\Mod02\, and then double-click WindowsXPMode_en-us.exe.
2. On the Welcome to Setup for Windows XP Mode page, click Next.
3. For the install location accept the default value, and then click Next.
4. When Setup Completed page appears, click Finish. Leave the check mark next to Launch Windows
XP Mode.
5. On the Windows XP Mode Setup page, click I accept the license terms, and then click Next.
6. On the Installation folder and credentials page, accept the default value for the Installation folder,
and then enter Pa$$w0rd as the password for XPMUser. Make sure that the check box next to
Remember credentials (Recommended) is selected, and then click Next.
7. On the Help protect your computer page, click Help protect my computer by turning on
Automatic Updates now, and then click Next.
8. On the Setup will share the drives on this computer with Windows XP Mode page, click Start
Setup. Wait until the setup finishes.
9. After the setup finishes, the Windows XP Mode virtual machine will start and boot. After it boots, it
will log on using saved credentials.
10. In the upper-right corner of the Windows XP Mode- Windows Virtual PC window, click the icon in
the middle to go to full-screen mode.
11. Click the same icon again to revert to a window mode. Leave Windows XP Mode virtual machine in
a running state.
12. In the Virtual Machines window, right-click Windows XP Mode, and then click Settings.
13. Navigate to the Integration Features node, and review the available options. Close the Windows XP
Mode Windows Virtual PC Settings dialog box.
Task 2: Install a legacy application, and then publish it to the host

1. If necessary, open the Virtual Machines folder. Right-click Windows XP Mode, and click Settings.
2. Click the Auto Publish option. Ensure that automatically publish virtual applications is selected.
Click Cancel to close Settings.
Note: If Auto Publish is not enabled, you have to turn off the virtual machine, enable this option, and
then turn on the virtual machine.
3. Switch to Windows XP Mode. Open Windows Explorer, and then browse to the C drive on NYC-
CL2.
4. Open folder Labfiles\Office, and double-click the Setup file.
5. Click OK.
6. Type Admin for the Name and Contoso for the Organization, and then click OK eight times.
7. Click Complete/Custom on the Microsoft Office 4.3 Professional Setup page.
8. In the options list, remove all check marks except for the one next to Microsoft Access, and then
click Continue.
Lab: Implementing Windows Virtual PC and Windows XP Mode L2-3
9. On Microsoft Office 4.3 Professional Choose Program Group, click Continue.

10. Click OK after the wizard is finished. Close the Microsoft Office window.
11. In the Windows XP Mode virtual machine, click Start, click All Programs, click Microsoft Office,
and then click Microsoft Access.
Task 3: Use a published application from the Windows 7 host

1. Switch to NYC-CL2, click Start, and in the Search box, type Access. Confirm that Microsoft Access
(Windows XP Mode) has appeared in the search results.
2. Click Start, click All Programs, click Windows Virtual PC, click Windows XP Mode Applications,
and then expand Microsoft Office.
3. Click Microsoft Access (Windows XP Mode). If a prompt appears that the virtual machine must be
closed, click Continue.
4. After few seconds, Microsoft Access should appear on your Windows 7 desktop.
5. Close MS Access Cue Cards.
6. Click the first icon from the left to create a new database. Name the file DB1.MDB, and then save it
to C:\MSOffice.
7. Close Microsoft Access.
8. Click Start, All Programs, Windows Virtual PC and click Windows XP Mode.
9. In the Windows XP Mode virtual machine, open Windows Explorer, copy DB1.MDB from
C:\MSOffice to C on NYC-CL2 in the VHDs folder.
10. Close Windows XP Mode.
11. Navigate to C:\VHDs, and then double-click DB1.MDB.
12. The Microsoft Access virtual application opens.

following steps:
L2-4 Lab: Implementing Windows Virtual PC and Windows XP Mode
Lab: Implementing MED-V L3-1
Module 3: Implementing Microsoft Enterprise Desktop

Virtualization
Lab: Implementing MED-V
Exercise 1: Configuring the Existing Infrastructure
Task 1: Verify that a MED-V database does not exist on
Microsoft SQL Server
1. On NYC-DC1, open Windows Explorer and browse to E:\Labfiles\Mod03\SQL_Update.
2. Double-click SQLSysClrTypes.msi. On the Welcome page, click Next. Accept the license agreement,
and then click Next. On the Registration Information page, click Next and then click Install. Click
Finish.
3. Double-click SharedManagementObjects.msi. On the Welcome page, click Next. Accept the
license agreement, and then click Next. On the Registration Information page, click Next and then
click Install. Click Finish. Close the SQL_Update window.
4. Click Start, click All Programs, click Microsoft SQL Server 2008, and then click Import and Export
Data (32-bit). The SQL Server Import and Export Wizard opens.
5. Click Next, and then verify in the Server name box that you are connected to NYC-
DC1\SQLEXPRESS.
6. Expand the Database box, and then verify that the MED-V database, medv, is not available in the list.
Notice that the database is not available even when you click Refresh.
7. Click Cancel in the SQL Server Import and Export Wizard.
Task 2: Add the Windows Server 2008 R2 role and features

1. On NYC-DC1, start Server Manager, right-click Roles, click Add Roles. Click Next, select the check
box next to Web Server (IIS), and then click Next twice.
2. On the Select Role Services page, under the Security node, add Basic Authentication, Windows
Authentication, and Client Certificate Mapping Authentication, click Next, and then click Install.
3. Click Close when the installation finishes.
4. In Server Manager, right-click Features, click Add Features, and then select the check box next to
Background Intelligent Transfer Service (BITS). When the Add Features Wizard opens, click Add
Required Role Services, click Next three times, and then click Install.
5. Click Close when the installation finishes, and then minimize Server Manager.
Exercise 2: Deploying the MED-V Server

Task 1: Install the MED-V Management Server on NYC-DC1
1. On NYC-DC1, open Windows Explorer, browse to E:\Labfiles\Mod03, and then double-click the
MED-V_Server_x64_1.0.105.msi file.
2. On the Welcome page, click Next.
3. On the License Agreement page, select I accept the terms in the license agreement, and then
click Next.
4. On the Destination Folder page, click Next.
L3-2 Lab: Implementing MED-V
5. On Ready to Install the Program page, click Install.

6. After the MED-V Server is installed, clear the Launch MED-V Server Configuration Manager check
box, and then click Finish. Close the Mod03 folder.
Task 2: Configure an IIS Web server for the MED-V image repository
1. On NYC-DC1, click Start, expand Administrative Tools, and then click Internet Information
Services (IIS) Manager.
2. Expand NYC-DC1 (Contoso\Administrator), expand Sites, right-click Default Web Site, and then
select Add Virtual Directory.
3. In Alias type vimages, and in the Physical path, point to C:\MED-V Server Images, and then click
OK.
4. Verify that in the Navigation pane, the vimages virtual directory is selected, and in Features View,
double-click BITS Upload.
5. On the BITS Upload page, select the Allow clients to upload files check box. Verify Use default
settings from parent is selected, and then click Apply.
6. Click vimages in the Navigation pane, and in Features View, double-click MIME Types.
7. In the Actions pane, click Add, and in the File name extension box, enter .ckm, enter
application/octet-stream as MIME type, and then click OK.
8. In the Actions pane, click Add, enter .index in the File name extension box, enter
application/octet-stream as MIME type, and then click OK.
9. Close the IIS Manager.
Task 3: Use the MED-V Server Configuration Manager

1. On NYC-DC1, click Start, click All Programs, point to MED-V, and then click MED-V Server
Configuration Manager.
2. Verify that on the Connections tab, the Enable unencrypted connections (http) option is selected,
and that port 80 is set.
3. On the Images tab, verify that the VMs Directory is set to
C:\MED-V Server Images\, and then set the VMs URL to
http://nyc-dc1/vimages.
4. On the Permissions tab, remove the Everyone group, add the
Contoso\MED-V Administrators group, and then grant the Changes Allowed permission to this
group.
5. Add the Contoso\MED-V Users group, and ensure that this group does not have the permission to
make changes. Note that both groups were added for the purpose of this lab, and that they are not
created by default.
6. On the Reports tab, review the Connection string, and then click Create Database. In the Database
Creation window, click OK.
7. Click Test Connection, and in the Connection Test window, click OK.
8. Click Clear Options, review the settings, and in the Clear Database Options window, click Cancel.
9. In MED-V Server Configuration Manager, click OK, and then click Yes.
10. Open Windows Explorer, navigate to C:\Program Files
\Microsoft Enterprise Desktop Virtualization\Servers, and then open the ServerSettings.xml file
in Notepad.
Lab: Implementing MED-V L3-3
11. Review the configuration file, confirm that all settings from MED-V Server Configuration Manager are
stored there, and then close Notepad.
Task 4: Verify that the MED-V database exists on SQL Server

1. On NYC-DC1, click Start, click All Programs, point to Microsoft SQL Server 2008, and then click
Import and Export Data (32-bit). The SQL Server Import and Export Wizard opens.
2. Click Next, and then verify in the Server name box that you are connected to NYC-DC1\SQLEXPRESS
SQL Server.
3. Expand the Database box, and then verify that the MED-V database, medv, is available in the list.
4. Click Cancel in the SQL Server Import and Export Wizard.
Exercise 3: Deploying the MED-V Client

Task 1: Install the MED-V client on NYC-CL1
1. On NYC-CL1, open Windows Explorer, browse to E:\Labfiles\Mod03, and double-click MED-
V_1.0.105.msi.
click Next.
4. On the Destination Folder page, accept the default location, and then click Next.
5. On the MED-V Settings page, select Install the MED-V management application. In Server
address, enter nyc-dc1, accept the default server port of 80, and the virtual machines images folder
of C:\MED-V Images\, and then click Next.
6. On the Ready to Install the Program page, click Install.
7. After the installation finishes, clear the Launch Microsoft Enterprise Desktop Virtualization check
box, and then click Finish. Close the Mod03 window.
Task 2: Verify connectivity to the MED-V Management Server, and create a MED-V
deployment package
1. On the desktop of the NYC-CL1 computer, double-click MED-V Management.
2. Enter Contoso\medv-admin as User name, enter Pa$$w0rd as Password, and then click OK.
3. In the MED-V Management Console, on the Tools menu, select Packaging Wizard.
4. On the Deployment Package page, click Next.
5. On the Workspace Image page, click Next.
6. On the MED-V Installation Settings page, for MED-V installation file, point to
E:\Labfiles\Mod03\MED-V_1.0.105.msi.Verify that nyc-dc1 is entered as the Server address, and
then click Next.
7. On the Additional Installations page, select the Include installation of Virtual PC QFE check box,
and then clear the Include installation of Microsoft .NET Framework 2.0 check box. For
virtualization software, point to E:\Labfiles\Mod03\VPC 2007 SP1 x86.exe, and for installation of
Virtual PC QFE, point to E:\Labfiles\Mod03\KB974918 x86.msp and then click Next.
8. On the Finalize page, in the Package destination, enter E:\Labfiles
\MED-V Client, then and click Finish.
9. After the deployment package has been created, click No in the MED-V Management window.
L3-4 Lab: Implementing MED-V
10. Close the MED-V Management Console, and then explore the contents of the E:\Labfiles\MED-V
client folder in Windows Explorer.
Task 3: Install a MED-V client by using a deployment package

1. On NYC-CL2, click the Start menu, , in the Search field, enter \\nyc-cl1
\med-v client, and then press ENTER. Windows Explorer then opens.
2. In Windows Explorer, double-click MedvAutorun.exe.
3. In the MED-V window, click Yes to install the MED-V package.
4. In Images Folder Selection, accept the default value of C:\MED-V Images, and then click OK.
5. After the installation finishes, in the MED-V Installer window, click Close.
6. Close the med-v client window.
7. Verify that MED-V shortcut is added to the desktop on NYC-CL2.

Lab: Configuring and Deploying MED-V Images L4-1
Module 4: Configuring and Deploying MED-V Images

Lab: Configuring and Deploying MED-V Images
Exercise 1: Creating MED-V Images
Task 1: Start the virtual machine on NYC-CL1 and review its initial configuration
1. On the Start menu of the NYC-CL1 computer, click All Programs, and then click Microsoft Virtual
PC. The Virtual PC Console opens.
2. In the Virtual PC Console, select the XP virtual machine, and then click Start. Wait until the virtual
machine starts and then log on as User1 with the password of Pa$$w0rd.
3. In the XP virtual machine, create a new text file with your name in the C:\Documents and
Settings\User1\Local Settings\Temp folder. Close the Temp folder.
4. In the XP virtual machine, open the Services console from the Administrative Tools menu, and verify
service startup type for Security Center, Task Scheduler and System Restore Service. Startup type
of all services will be Automatic. Close the Services console.
5. In the XP virtual machine, in Control Panel, open Sounds and Audio Devices, and on the Sounds tab
verify that Windows Logon and Windows Logoff have Windows XP Logon Sound and Windows
XP Logoff Sound sounds assigned. Close the Sound dialog box and close the Control Panel.
Task 2: Install and run the VM Prerequisites Wizard

1. On the NYC-CL1 computer, open Windows Explorer, and then drag and drop MED-
V_Workspace_1.0.105.msi file from E:\LabFiles\Mod04 to the desktop of the XP virtual machine.
2. In the XP virtual machine, double-click MED-V_Workspace_1.0.105.msi on the desktop.
click Next.
6. When prompted for Files Needed, browse to C:\WinXP and then click Open. Click OK. Also when
prompted to Insert Disk, click OK and then browse to C:\WinXP.
7. Wait until the Microsoft Enterprise Desktop Virtualization 1.0 SP (Workspace) is installed. Verify that
the Launch VM Prerequisites Tool is selected and click Finish.
8. The MED-V VM Prerequisite Wizard opens. Click Next.
9. On the Windows Settings page, review the changes that will be performed, and then click Next.
10. On the Internet Explorer Settings page, review the changes that will be performed, and then click
Next.
11. On the Windows Services page, review the services whose startup mode will be set to manual, and
then click Next.
12. On the Windows Auto Logon page, select Enable Windows Auto Logon, enter User1 as User
name, Pa$$w0rd as Password, and then click Apply.
13. In the MED-V dialog box, click Yes. On the second MED-V dialog box, click OK. For this lab, a
Volume License Key is not required.
14. On the Summary window, click Finish.
Task 3: Verify the changes performed by VM Prerequisites Wizard

1. In the XP virtual machine, open Windows Explorer, and then verify content of the C:\Documents
and Settings\User1\Local Settings\Temp folder. The content of this folder, including the file with
your name, was deleted by the VM Prerequisites tool.
L4-2 Lab: Configuring and Deploying MED-V Images
2. In Control Panel, open Sounds and Audio Devices, and on the Sounds tab verify that Windows
Logon and Windows Logoff have no sounds assigned.
3. Open the Services console and verify that the Security Center, Task Scheduler, and System Restore
Service services startup type is set to Manual. Those are just some of the Windows XP services that
were set to Manual by the VM Prerequisites Tool.
4. Open the Registry Editor (Regedit.exe), navigate to HKLM\SOFTWARE

\Microsoft\Windows NT\CurrentVersion\Winlogon, and then verify values of the
DefaultUserName and DefaultPassword keys. They are the same as the values that you entered at
the Windows Auto Logon page in VM Prerequisites Tool.
5. Shut down the XP virtual machine and then close the Virtual PC Console. All of your changes are
saved into the XP virtual machine.
Exercise 2: Testing MED-V Images

Task 1: Add a local test image
1. On the desktop of NYC-CL1 computer, double-click the MED-V Management shortcut.
2. In the MED-V Management Login window, enter contoso\medv-admin as User name, Pa$$w0rd as
password, and then click OK. Wait until MED-V Management opens.
3. In the MED-V Management console, click the Images icon.
4. On the Images menu, click New, and then click Test Image.
5. On the Test Image Creation dialog box, click Browse, point to the E:\Labfiles\VPC folder, select
XP.vmc, and then click Open. Enter XP in the Image name box, and then click OK.
Task 2: Import and assign a basic MED-V testing policy

1. On the NYC-CL1 computer, in MED-V Management, click the Policy icon.
2. On the Policy menu, click Import. Select E:\LabFiles\Mod04
\TestPolicy.xml, and then click Open.
3. On the Virtual Machine tab, click Refresh, and then select XP (test) as the Assigned Image.
4. Click the Save changes icon.
5. Click Yes in the MED-V Management window.
6. Minimize MED-V Management.
Task 3: Test a local MED-V image

1. On the desktop of NYC-CL1, double-click the MED-V shortcut.
2. In the Start Workspace window, enter contoso\medv-user as User name, Pa$$w0rd as password,
and then click OK. The Medv-user has already been created as a member of the MED-V Users group.
3. Click Use Test Image in the Confirm Running Test window.
4. Wait while the Starting Workspace window shows progress. You can click the Details >> button to
review details of the progress.
5. In the Windows Security Alert window, click Allow Access for all of the networks to allow Virtual PC
2007 SP1 to communicate.
6. When Starting Workspace disappears, on the Start menu of the NYC-CL1 computer, click All
Programs, click MED-V Programs, and then verify that published programs from the MED-V virtual
image are listed. Click XP Notepad.
7. Verify that there is a red line around Untitled Notepad window.
8. In the Untitled Notepad window, select Help, and then click About Notepad. The About Notepad
window opens, with a red line around it. It shows that Notepad is running on Windows XP and that
the virtual machine has 256 megabytes (MB) of memory available. Click OK and close Notepad.
9. On the Start menu of the NYC-CL1 computer, click All Programs, click MED-V Programs, and then
click XP Remote Desktop.
10. On the Remote Desktop Connection menu, click Help. In Remote Desktop Connection Help, select
some text, right-click on it, and select Copy.
11. On the NYC-CL1 computer, open Notepad, right-click on the Notepad window, and then select
Paste. Verify that the copied text from the published application (Remote Desktop Connection help)
is pasted. This shows that you can copy and paste between published MED-V applications and locally
installed applications.
12. Close Notepad and dont save changes. Close Remote Desktop Connection and Remote Desktop
Connection Help closes automatically.
13. On the Start menu of the NYC-CL1 computer, in the Search field, enter xp. Verify that published
programs from the MED-V virtual image are listed. Click XP Command Prompt.
14. In the command prompt window, enter time, and press ENTER twice. Verify that time is synchronized
between NYC-CL1 and the MED-V virtual machine.
15. Use dir c:\ command to compare the content of the C:\ drive in MED-V virtual machine and c:\ drive
in NYC-CL1 computer.
16. Close the command prompt window.
17. On the notification area of the NYC-CL1 computer, click Show hidden icons, right-click on MED-V
icon, and then select Stop Workspace.
18. Click Yes in the MED-V dialog box and wait until the Workspace is stopped.
Exercise 3: Updating, Packing, and Uploading the Image

Task 1: Update the image
2. In the Virtual PC Console, select the XP virtual machine, and then click Start. Wait until virtual
machine starts and the user is automatically logged on.
Note: The XP_0 virtual machine is the saved image from the previous exercise. You should select the
XP virtual machine for this exercise.
3. Open Windows Explorer in the XP virtual machine, and point it to C:\ drive.
4. Open Windows Explorer on NYC-CL1 and drag and drop the XmlNotepad.msi and WindowsXP-
KB956802-x86-ENU.exe files from E:\LabFiles\Mod04 to the C:\ drive of the XP virtual machine.
5. In the XP virtual machine, in Windows Explorer, double-click c:\XmlNotepad.msi.
6. On the XML Notepad 2007 Setup page, click Next. Accept the terms in the license agreement, click
Next twice, click Install and after program is installed, click Finish.
7. In the XP virtual machine, close Internet Explorer with Welcome to XML Notepad 2007 page and on
the Start menu, click on All Programs and then verify that folder for XML Notepad 2007 is added.
8. In the XP virtual machine, in Windows Explorer, double-click c:\WindowsXP-KB956802-x86-
ENU.exe. Click Next.
9. On the License Agreement page, select I Agree, and then click Next.
10. On the Completing the Security Update page, select Do not restart now, and then click Finish.
11. On the Start menu, click Control Panel, and then double-click Add or Remove Programs.
12. Select Show updates and verify that Security Update for Windows XP (KB956802) is listed under
Windows XP Software Updates.
13. On the Start menu of the XP virtual machine, click Shut Down, click OK, and then wait until the XP
virtual machine shuts down. Close Virtual PC Console.
Task 2: Pack the MED-V image

1. On the NYC-CL1 computer, maximize MED-V Management.
2. In the MED-V Management console, click the Images icon.
3. On the Images menu, click New, and then click Packed Image.
4. On the Packed Image Creation dialog box, click the Browse button, point to the E:\Labfiles\VPC
folder, select XP.vmc, and then click Open. Enter XP-Updated in the Image name box, and then
click OK.
5. The Packing the image files dialog box opens and shows the progress of the packing.
6. On the Images menu, click Browse Local Images. Windows Explorer opens.
7. In Windows Explorer, double-click the PackedImages folder. Verify that it contains .ckm (Compressed
Machine) and .index files. You can press F5 to update the view and observe how the size of the
packaged image is increasing.
8. Wait until the image is packaged. In the Complete XP-Updated packed successfully window, click
OK.
9. In the Local Packed Images section, verify that compressed file size of the image is considerably
smaller than uncompressed size.
10. Switch to NYC-DC1, open Windows Explorer and verify that .ckm and .index files for the XP-
updated virtual machine are not available in the
C:\MED-V Server Images folder.
Task 3: Upload the image to image repository

1. On NYC-CL1, in the MED-V Management console, in the Local Packed Images section, select XP-
Updated and click Upload.
2. A progress window opens and shows how the XP-Updated upload is progressing. Wait until image is
uploaded to the MED-V server.
3. In the Complete XP-Updated uploaded successfully to the server window, click OK.
4. In the Packaged Images on the Server section in MED-V Management console, verify that XP-
Updated is listed.
5. Switch to the NYC-DC1 server and verify that .ckm and .index files are available in C:\MED-V Server
Images folder. They were uploaded by using Background Intelligent Transfer Service (BITS) in this
task.
Exercise 4 (Optional): Preparing the MED-V Image for Domain Environment

Task 1: Create the Sysprep answer file
2. In Microsoft Virtual PC select the XP virtual machine and click Start. Wait until the virtual machine
starts and the user is automatically logged on.
3. Open Windows Explorer in the XP virtual machine and browse to C:\ drive.
4. Open Windows Explorer on NYC-CL1 and Drag and Drop the Sysprep folder from
E:\LabFiles\Mod04 to the C:\ drive of the XP virtual machine. The Sysprep folder contains
deployment tools and documentation from the Deploy.cab cabinet file from Windows XP CD. The
whole folder is automatically deleted after Sysprep.exe tool is used.
5. In the Sysprep folder, double click setupmgr.exe. Setup Manager opens.
6. On the Welcome to Setup Manager page, click Next.
7. On the New or Existing Answer File page, verify that the Create new option is selected and click
Next.
8. On the Type of Setup page, select Sysprep setup option and click Next.
9. On the Product page, verify that Windows XP Professional is selected and click Next.
10. On the License Agreement page, select Yes, fully automate the installation and click Next.
11. On the Name and Organization page, enter MED-V user as Name, Contoso as Organization and
click Next.
12. On the Display Settings, accept default values and click Next.
13. On the Time Zone page, select your Time zone and click Next.
14. On the Product Key page, enter following product key: 11111-11111-11111-11111-11111 and
click Next. Dont forget that virtual image must be based on the volume licensing product and in real
environment you would enter valid volume licensing key. After you use the Sysprep tool, the entire
folder, including answer file, will be automatically deleted.
15. On the Computer Name page, select Automatically generate computer name and click Next. You
will use MED-V Policy for deploying the image and the computer name will be set there.
16. On the Administrator Password page, enter and confirm Pa$$word as Password. Enable the option
When a destination computer starts, automatically log on as Administrator and set it to value
10. This option will be defined by MED-V Policy when you deploy virtual image.
17. Accept default values for other questions. In Setup Manager, select File menu and click Save.
18. Accept default path and file name of C:\Sysprep\sysprep.inf and click OK.
19. In Setup Manager, select File menu and click Exit.
20. In Windows Explorer, verify that sysprep.inf file was created in the C:\Sysprep folder and that it
contains all the answers you provided through Setup Manager.
Task 2: Run Sysprep.exe to generalize the image

1. In the XP virtual computer, in C:\Sysprep folder, double-click sysprep.exe.
2. On the System Preparation Tool 2.0 dialog box, click OK.
3. On the System Preparation Tool 2.0 page, select options Dont reset grace period for the
activation and Use Mini-Setup, then click Reseal.
4. On the System Preparation Tool 2.0 dialog box, click OK to regenerate security identifiers (SIDs).
5. Wait until the XP virtual machine shuts down. Close the Virtual PC Console.

Lab: Managing a MED-V Deployment L5-1
Module 5: Managing a MED-V Deployment

Lab: Managing a MED-V Deployment
Exercise 1: Creating and Configuring a Workspace Policy
Task 1: Create a MED-V Workspace policy, and configure it to use an existing image
1. On the desktop of NYC-CL1, double-click MED-V Management.
2. In the MED-V Management Login window, enter contoso\medv-admin as the user name and
Pa$$w0rd as password, and then click OK. Wait until MED-V Management opens.
3. In the MED-V Management Console, on the Policy menu, click New Workspace.
4. Select workspace in the display pane, click the General tab, and then type Legacy Workspace as the
workspace name.
5. Enter Workspace for running legacy applications in the description and support@contoso.com in
the Support contact info text box.
6. In the Workspace user interface (UI) section, verify that Seamless Integration is selected, and then
select the pink (255,0,255) frame color.
7. Click the Virtual Machine tab, and in the Virtual Machine Settings section, select XP-Updated
(server) as the assigned image. If image is not available, click Refresh first.
8. Select Synchronize Workspace time zone with host. By selecting this option, the time zone
between the virtualized environment and the host will be synchronized.
Task 2: Configure additional MED-V Workspace policy options

1. On NYC-CL1, in the MED-V Management window, click the Deployment tab. Under Users/Groups,
select Everyone, and then click Remove.
2. Click Add, enter med-v users, click Check Names, and then click OK. The MED-V Users group
already has been created for this lab. Only members of this group will have access to the workspace.
3. Click Workspace deletion options, select The Workspace has been disabled, and then click OK.
4. Select the following three options: Support clipboard between host and Workspace, Support file
transfer between host and the Workspace, and Enable printing to printers connected to the
host.
5. In the Data Transfer section, select Host to Workspace in the drop-down list.
6. Click the Applications tab, and in the Published Applications section, click Add four times.
7. Modify the list of the published applications to include:
Display name Command line
XP Comp Mgmt c:\windows\system32\compmgmt.msc
XP Cmd prompt c:\windows\system32\cmd.exe
XP Notepad c:\windows\system32\notepad.exe
XP XML Notepad c:\program files\XML notepad 2007

\XMLnotepad.exe
L5-2 Lab: Managing a MED-V Deployment
8. In the Published Menus section, click Add, enter Published as the Display Name, and Games as
Folder in Workspace.
9. In the Start menu shortcut folder field, type MED-V Published Apps.
10. Click the Web tab, and then select Browse the list of URLs defined in the following table and
Browse all other URLs.
11. Click Add, leave Domain as the Type, and then enter contoso.com as the Value.
12. Review the settings on the VM Setup tab, but do not select any options. Most of these options are
available when you use a persistent workspace and you configure revertible workspaces.
13. Review the settings on the Network tab, but do not select any options.
14. Click the Performance tab, and assign 160 if host has Above 550 MB and assign 200 if host has
Above 1100 MB. Click Add, and then assign 256 MB VM Memory, if host has Above 1400 MB.
15. Verify the Policy Version in the title bar of MED-V Management Console.
16. In the Policy menu, select Commit or click Save Changes in the Toolbar.
17. Confirm that the Policy Version has increased, and then minimize the MED-V Management Console.
Exercise 2: Using the MED-V Client

Task 1: Deploy a MED-V Workspace
1. On the desktop of NYC-CL1, double-click MED-V.
2. In the Start Workspace window, enter contoso\medv-user as User name and Pa$$w0rd as
password, and then click OK.
3. The Workspace Selection window opens. Select Legacy Workspace, and then click OK.
4. Wait while the workspace downloads and the setup completes. At the Windows Firewall prompt,
select all of the networks, and then click Allow access.
Task 2: Explore the published programs, and manually update the MED-V policy
1. On NYC-CL1, click Start, click All Programs, click MED-V Published Apps, and then verify that the
four published applications and the Published subfolder are listed.
2. Click the Published subfolder, and verify that it includes XP games from the workspace.
3. Click Start, point to the Search field, and then enter xp. Verify that the published applications are
listed.
4. Click XP XML Notepad, and verify that the application has a pink frame around the window. Drag
the window around, like the window of the locally installed application. Confirm that the window
content is shown while you drag the window. Click Exit to close the application.
5. Restore the MED-V Management Console. Verify that Legacy Workspace is selected, that you are in
Policy module, and the Applications tab is selected. In the Published Menus section, uncheck
Published, and verify the policy version in the title bar of the tool.
6. Click Save changes, and confirm that policy version has increased. Minimize MED-V Management.
7. On NYC-CL1, in the notification area, right-click the MED-V icon, point to Help, and then click MED-
V Diagnostics. The Diagnostics window opens.
8. In the Policy section, determine the last time that the policy was updated, and then confirm that the
previous version of the policy was used. Click Update policy.
9. A notification window displays that indicates that the policy updated successfully. Verify that the
policy version and update time are updated, and then click Close.
10. On NYC-CL1, click Start, click All Programs, click MED-V Published Apps, and then verify that four
published applications are still listed, but the Published subfolder no longer is present.
Task 3: Lock the MED-V Workspace

1. On NYC-CL1, run XP Notepad.
2. In the notification area, right-click the MED-V icon, and then click Lock Workspace. The published
XP Notepad window no longer is visible, and the Unlock Workspace window opens.
3. Try to start the XP Cmd prompt published application. You will get a notification that the application
cannot be launched while the workspace is locked, and then the Unlock Workspace window opens.
4. In the Unlock Workspace window, type Pa$$w0rd as Password, and then click Unlock.
5. The published XP Notepad window becomes visible, and you can start the XP Cmd prompt
published application.
6. Close XP Notepad and XP Cmd prompt.
Task 4: Test printing from the published applications

1. On NYC-CL1, click Start, and then click Device and Printers.
2. Click Add a printer, click Add a local printer, and then click Next.
3. On the Install the printer driver page, select one of the listed printers, click Next three time to
accept the default values, and then click Finish.
4. Confirm that the local printer was added, and then close Device and Printers.
5. On NYC-CL1, open XP Notepad, enter some text, and then from the File menu, select Print.
6. In the Print window, verify that Local Printer is selected, and then click Print.
7. The Print window opens, and in the Name drop-down box, you can select host printers. Verify that
default host printer is selected, and then click OK.
8. Verify that the printer icon is added to the notification area and that the print job is listed. This
confirms that published applications can print on the printers that are connected to the host.
9. Maximize the MED-V Management Console on the NYC-CL1 computer. Verify that the Legacy
Workspace is selected, that you are in the Policy module, and that the Deployment tab is selected.
In the Data Transfer section, uncheck Enable printing to printers connected to the host.
10. Click Save changes, and confirm that the policy version has increased. Minimize MED-V
Management.
11. In the notification area, right-click the MED-V icon, point to Help, and then select MED-V
Diagnostics.
12. In the Policy section, click Update policy, and then click Close.
13. Switch to Untitled Notepad window, and from the File menu, select Print.
14. In the Print window, click Print.
15. The Printing is disallowed window displays, and it informs you that you are not permitted to print in
this workspace. Click OK, and then close Notepad without saving changes.
Task 5: Review the MED-V virtual machine configuration

1. On NYC-CL1, click Start, click All Programs, click XP Published Apps, click XP Comp Mgmt, and
verify that Computer Management opens, with a pink frame around the window.
2. Select the Device Manager node, and verify that Virtual HD, VM Additions S3 Trio32/64 video
adapter and generic Intel 21140 network adapter are available.
3. Minimize Computer Management, and run XP Notepad.
4. In the Untitled Notepad window, click the Help menu, and then click About Notepad.
5. In the About Notepad window, confirm that virtual environment has 256 Mb (261,616 kilobytes
[KB]) available. This complies with the MED-V policy that you configured and which specifies 256
megabytes (MB) memory for the MED-V virtual machine if the host has more than 1,400 MB memory.
Click OK.
6. In the notification area of NYC-CL1, right-click the MED-V icon, point to Tools, and then select File
Transfer.
7. In the File Transfer window, click Browse next to File to copy. Select C:\Windows\Win.ini, and then
click Open.
8. In the File Transfer window, click Browse next to Destination. Select Local Disk (C:) in the
workspace, and then click OK.
9. In the File Transfer window, click Start. The file Win.ini is transferred from the host to the workspace.
10. In the File Transfer window, select Copy from Legacy Workspace Workspace to My Computer,
select the file C:\Windows\Clock.avi in the workspace, and then select E:\ as the destination.
11. In the File Transfer window, click Start. In Authentication Required window, enter contoso\medv-
user as the User name and Pa$$w0rd as password, and then click OK.
12. The MED-V dialog box opens, and informs you that medv-user is not allowed to transfer files from
the workspace. You defined that setting in the MED-V policy. Click OK, and then click Cancel in the
Authentication Required window.
13. On NYC-CL1, click Start, click All Programs, click MED-V Published Apps, and then click XP Cmd
prompt. Run dir c:\ to confirm that Win.ini is present on the root of drive C in the workspace.
Exercise 3: Implementing MED-V Reporting and Troubleshooting

Task 1: Create and explore MED-V reports
1. On NYC-CL1, maximize MED-V Management, and then click Reports.
2. In the Reports menu, click Generate Report. The Report Parameters window opens.
3. In the Report Parameters window, click OK.
4. In the details view, review data on the Status tab.
5. In the Report Types, select Activity Log, and then click Generate.
6. In the Report Parameters window, click OK.
7. In the details view, review data on the Activity Log tab.
8. Click the Event Id header to sort the rows in the report. Use the filtering icon to show specific Event
Ids, and then click All to show all of the events.
9. Drag the Event ID header to the top of the report to group rows by Event ID. Expand Event ID: 4 to
see all events for the workspace under one entry. Expand several other event groups, and then drag
Event ID after the Category header. You can reorder the reports columns by dragging column
headers to different positions.
10. Click the Status tab. On the Reports menu, select Export to Excel, select Desktop as destination,
and then click Save. You can export MED-V reports to an Excel .xls format.
11. Minimize the MED-V Management Console.
Task 2: Open MED-V Diagnostics, and explore diagnostic options

1. On NYC-CL1, in the notification area, right-click the MED-V icon, point to Help, and then select
Contact Support.
2. The Support Contact Information window opens and displays the information that you provided in
the MED-V policy, in the Support contact info field. Click OK.
3. On NYC-CL1, in the notification area, right-click the MED-V icon, point to Help, and then select
MED-V Diagnostics. The Diagnostics window opens.
4. Review information about the host in the System section, and then click Gather diagnostic logs.
5. The MED-V Log Tool opens. Click Gather Logs.
6. Wait until the tool finishes, click OK, and then click Close.
7. Double-click the MED-V-Diagnostics compressed file on the desktop, and review the gathered log
files. Close Windows Explorer.
8. On NYC-CL1, start the XP XML Notepad program. Verify that you can move it around.
9. In the Diagnostics window, in the Workspace section, click Enable diagnostic mode.
10. The Legacy Workspace Workspace Microsoft Virtual PC 2007 window opens. This window displays
Virtual PC desktop, and you can use it for workspace diagnostics when virtual machine starts up.
11. In the Diagnostics window, click Disable diagnostics mode, click Close, and then click Exit to close
XML Notepad program.

following steps:
Lab: Implementing Application Virtualization L6-1
Module 6: Implementing Microsoft Application Virtualization

Lab: Implementing Application Virtualization
Exercise 1: Planning the App-V Implementation
Task 1: Answer questions related to the App-V implementation
Question: How would you recommend deploying virtual applications?
Answer: Possible solution:

Preliminary steps will include:
1. Create Application Virtualization (App-V) user and administrative groups in Active Directory
Domain Services (AD DS).
2. Create the appropriate firewall exceptions.
3. Install and configure Microsoft Internet Information Services (IIS) if required
Question: How would you deploy the App-V client?
Answer: You can use a Group Policy object (GPO) for the users who are connecting through a local area
network (LAN). For the field engineers, you can use manual deployment via DVD or USB flash drive. You
also can use other options, such as a third-party software distribution system.
Question: How would you implement App-V in the head office?
Answer: You can deploy an App-V management server with the management Web services. Deploy or
use an existing Microsoft SQL Server to host the data store. Configure licensing and usage metering
policies.
Question: How would you distribute virtual applications to the branch office?
Answer: Deploy the App-V streaming server to the local file server, and then configure the App-V client
to stream from the local server. Branch office clients will receive publishing information from the head
offices management server, but will stream applications from the local server.
Question: How would you distribute virtual applications to the field engineers?
Answer: Create an MSI file during the sequencing process. Deploy the App-V client in standalone mode,
and then distribute the Windows Installer (MSI) file by using DVD or USB flash drives that the field
engineers can install on their laptops.
Other options could involve HTTP streaming via the Internet.
Exercise 2: Installing an App-V Management Server

Task 1: Install IIS 7.0
1. On NYC-SVR3, click the Server Manager icon in the task bar.
2. Click Roles, and then in the details pane, click Add Roles.
3. In the Add Roles Wizard, click Next.
4. On the Select Server Roles page, select the Web Server (IIS) check box. Click Next.
5. On the Web Server (IIS) page, click Next.
6. On the Select Role Services page, select the ASP.NET check box.
L6-2 Lab: Implementing Application Virtualization
7. Click Add Required Role Services.

8. Select the Windows Authentication check box.
9. Select the IIS Management Scripts and Tools check box.
10. Select the IIS 6 Management Compatibility check box, and then click Next.
11. Click Install, and then click Close. Close the Server Manager.
Task 2: Create groups for App-V users and administrators

1. On NYC-DC1 log on as Administrator with a password of Pa$$w0rd. Click Start, point to
Administrative Tools, and then click Active Directory Users and Computers.
2. Expand Contoso.com.
3. Right-click the Users container, point to New and then click Group.
4. In the New Object - Group dialog box, enter ContosoAppVAdmins as the group name, and then
click OK.
5. Repeat steps 3 and 4 to create a second group named ContosoAppVUsers.
6. Close Active Directory Users and Computers.
Task 3: Install the App-V management server

1. On NYC-SVR3, click Start, and then click Run.
2. In the Open box, type \\NYC-DC1\E$\Labfiles\Mod06\Server
\Management and then press ENTER. Double-click Setup.exe.
3. On the System Center Application Virtualization Management Server welcome page, click Next.
4. Select the check box to accept the license agreement, and then click Next.
5. On the Microsoft Update page, click I don't want to use Microsoft Update, and then click Next.
6. On the Registering Information page, type Contoso in the Organization field, and then click Next.
7. On the Setup Type page, click Custom, and then click Next.
8. Observe the available options, and then click Next.
9. On the Configuration Database page, ensure that NYC-SVR3\SQLEXPRESS is the displayed in the
Server name field, and then click Next.
10. On the Configuration Database page, click Create a new database. Keep the default name of
APPVIRT, and then click Next.
11. On the Connection Security Mode page, remove the check mark next to Use enhanced security,
and then click Next.
12. On the TCP Port Configuration page, note the default port of 554, and then click Next.
13. On the Administrator Group page, type ContosoAppVAdmins in the Group Name field, and then
click Next.
14. On the Default Provider Group page, type ContosoAppVUsers, and then click Next.
15. On the Content Path page, note the default location of the content folder, and then click Next.
16. Click Install. The installation will take a few moments.
17. Click Finish, and then click Yes to restart the system.
18. Log on to NYC-SVR3 as Contoso\Administrator with the password of Pa$$w0rd.

1. Launch Control Panel, click System and Security, and open the Windows Firewall applet.
2. Click Allow a program or feature through Windows Firewall.
3. On the Allowed Programs dialog box, click Allow another program.
4. In the Add a Program dialog box, click Browse.
5. Navigate to C:\Program Files (x86)\Microsoft System Center App Virt Management Server\App
Virt Management Server\bin, select sghwdsptr.exe, click Open, and then click Add.
6. Repeat steps 3 to 5 to add sghwsvr.exe.
7. In the Allowed Programs dialog box, click OK and then close Windows Firewall.
Task 5: Configure the App-V Management Server Service

1. On NYC-SVR3, click Start, type Services.msc, and then press ENTER.
2. Locate the Application Virtualization Management Server service. Start the service manually if it is
not running.
3. Right-click the Application Virtualization Management Server service, and then click Properties.
4. Click the drop-down menu for the Startup type, and then select Automatic (Delayed Start). Click
OK.
Note: You are performing this step because the SQL Server is running on the same computer. The
App-V Management service is dependent on the start of the SQL service and occasionally times out if
the SQL service is slow to start.
5. In Hyper-V Manager, revert the 10324A-NYC-SVR3 virtual machine. Leave 10324A-NYC-DC1

running for the next exercise.
Exercise 3: Installing an App-V Streaming Server

Task 1: Install a streaming server
1. Start 10324A-NYC-SVR3 and wait for the server to start completely.
2. Log on to NYC-SVR3 as Contoso\Administrator with a password of Pa$$w0rd.
3. Click Start, and then in the search box type \\NYC-DC1\E$\Labfiles
\Mod06\Server\Streaming , and then press ENTER. Double-click Setup.exe.
4. On the Microsoft Application Virtualization Streaming Server welcome page, click Next.
5. Select the check box to accept the license agreement, and then click Next.
6. On the Microsoft Update page, click I don't want to use Microsoft Update, and then click Next.
7. On the Customer Information page, type Contoso in the Organization field, and then click Next.
8. On the Installation Path page, click Next.
9. On the Connection Security Mode page, remove the check mark next to Use enhanced security
and then click Next.
10. On the TCP Port Configuration page, note the default port of 554, and then click Next.
11. On the Content Root page, note the default location of the content folder, and then click Next.
12. On the Advanced Settings page, notice the available options, and then click Next.
14. Click Finish, and then click Yes to restart the system.
Task 2: Share the Content folder

1. Log on to NYC-SVR3 as Administrator with a password of Pa$$w0rd.
2. Open Windows Explorer, navigate to C:\Program Files (x86)
\Microsoft System Center App Virt Streaming Server, right-click the content folder, point to
Share with, and then click Advanced sharing. In the content Properties box, click the Advanced
Sharing button.
3. In the Advanced Sharing dialog box, select the Share this folder check box.
4. Click Permissions, and ensure that Read permission to this folder is given to Everyone.
5. Click Add, add the Domain Admins group, grant Full Control, and then click OK.
6. Click OK again to close the Advanced Sharing box, and then click Close.
Task 3: Copy a package to the Content folder

1. In Windows Explorer navigate to \\NYC-DC1\E$\Labfiles\Mod06\.
2. Right-click the Word03 folder, and then click Copy.
3. Navigate to C:\Program Files (x86)\Microsoft System Center App Virt Streaming Server\content
folder, and then click Paste.
4. Close Windows Explorer.

1. Launch Control Panel, click System and Security, and open the Windows Firewall applet.
2. Click Allow a program or feature through Windows Firewall.
3. On the Allowed Programs dialog box, click Allow another program.
4. In the Add a Program dialog box, click Browse.
5. Navigate to C:\Program Files (x86)\Microsoft System Center App Virt Streaming Server\ bin,
select sglwdsptr.exe, click Open, and then click Add.
6. Repeat steps 3 to 5 to add sglwsvr.exe.
7. In the Allowed Programs dialog box, click OK and then close Windows Firewall.
Task 5: Restart the Application Virtualization Streaming Server service

1. Click Start and type Services.msc in the Search box and press ENTER.
2. Locate the Application Virtualization Streaming Server service and click Restart.
3. Close the Services console.
Exercise 4: Configuring a Client to Use the Streaming Server

Task 1: Edit the client registry key
1. Start the 10324A-NYC-CL1 virtual machine.
2. Log on as Contoso\Administrator with a password of Pa$$w0rd.
3. Click Start, type Regedit.exe, and then press Enter.
4. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE
\Microsoft\SoftGrid\4.5\Client\Configuration key.
5. In the details pane, double-click ApplicationSourceRoot.
6. In the Edit String dialog box, enter RTSP://NYC-SVR3:554 in the Value data: field. Click OK and
then close the Registry Editor.
Task 2: Use the Sftmime utility to load the package into the client cache
1. Click Start and then click All Programs. Notice there is no icon for Microsoft Office Word Viewer
2003.
2. In the Search box, type cmd, and then press ENTER.
3. In the Command Prompt, type the following command and press ENTER:
sftmime add package:Word03 /manifest \\\NYC-

SVR3\Content\Word03\Wordviewer03_manifest.xml
Note: The UNC path in the command requires three backslashes at the beginning of the path.

Click Start, click All Programs, and then click the icon for Microsoft Office Word Viewer 2003. The
application will check for updates on the streaming server and successfully launch.

following steps:

Lab A: Deploying the App-V Client in Stand-Alone Mode L7-1
Module 7: Planning and Deploying App-V Clients

Lab A: Deploying the App-V Client in Stand-
Alone Mode
Exercise 1: Installing and Configuring the App-V Client
Task 1: Install the App-V Client in Stand-Alone mode
1. On NYC-CL2, open Windows Explorer, browse to
\\NYC-DC1\E$\Labfiles\Mod07\Client\x86, and then double-click Setup.exe.
2. In the InstallShield dialog box, notice the listed software requirements have a status of Pending, and
then click Install.
4. On the License Agreement page, accept the license, and then click Next.
5. On the Microsoft Update page, click I dont want to use Microsoft Update, and then click Next.
6. On the Setup Type page, click Custom, and then click Next.
7. On the Destination Folder page, click Next.
8. On the Application Virtualization Data Location page, notice the default locations, and then click
Next.
9. On the Cache Size Settings page, notice the available options, and then click Next.
10. On the Runtime Package Policy Configuration page, clear the Require User authorization even
when cached check box.
11. In the Application Authorization section, select the Allow streaming from file check box.
12. In the Automatically Load Application section, under When to Auto Load, clear the On Launch
and On Login check boxes, and then click Next.
13. On the Publishing Server page, click Next, click Install, and then click Finish. Close Windows
Explorer.
Exercise 2: Installing a Stand-Alone Package

Task 1: Install a stand-alone package
\Labfiles\Mod07.
2. Copy the Word03 folder to C:\.
3. In C:\Word03, double-click Wordviewer03.msi.
4. On the Welcome to the Wordviewer03 Setup Wizard page, click Next.
5. Click Close when the installation completes, and then close Windows Explorer.
Task 2: Examine the properties of the package file and the data locations
1. Click Start, click Control Panel, click System and Security, click Administrative Tools, and then
double-click Application Virtualization Client.
2. Click Applications, and in the details pane, double-click Microsoft Office Word Viewer 2003.
L7-2 Lab A: Deploying the App-V Client in Stand-Alone Mode
3. Click the Package tab, and then observe the Current Statistics:
Answer: 39 megabytes (MB)
Question: What is the Size in Cache?
Answer: 39 MB
Answer: 9 MB
4. Click Cancel.
5. Close the Microsoft Application Virtualization Client and Control Panel.
6. Click Start, and then click Computer.
7. Click the Organize drop-down arrow on the toolbar, and then click Folder and search options. Click
the View tab, click Show hidden files, folders, and drives, and then click OK.
8. Navigate to the global data location at C:\ProgramData\Microsoft
\Application Virtualization Client\SoftGrid Client, and then examine the contents:
Question: What is the size of the sftfs.fsd file?
Answer: The file will be approximately 44 MB.
9. Navigate to the user specific data location at
C:\Users\Administrator.CONTOSO\AppData\Roaming\SoftGrid Client, and then notice the
shortcut_ex.dat file and the userinfo.dat file. These files maintain per-user shortcut and identity
information.

1. On NYC-CL2, click Start, click All Programs, and then click Microsoft Office Word Viewer 2003. A
message will appear above the notification area indicating that Microsoft Word Viewer is launching.
2. Click the Microsoft Application Virtualization Desktop Client Notification icon in the system tray,
and then click Exit. Click OK to close the application.

following steps:
Lab B: Managing Client Configuration Features

Exercise 1: Configuring the App-V Client Properties
Task 1: Access the App-V Client properties
1. On NYC-CL1, click Start, type Sftcmc.msc, and then press ENTER.
2. In the Application Virtualization Client console right-click Application Virtualization (Local), and
then click Properties.
Task 2: Configure logging levels and locations

1. On the General tab, click the drop-down arrow under Log Level, and then select Error.
2. Beside the Location field, click Browse, and then browse to C:\Windows\Logs. Click Save, and then
click Apply.
Task 3: Configure the App-V Client properties

1. Click the Interface tab, click Always show the App Virt Client in the notification area, and then
click Apply.
2. Click the File System tab, and then click Use free disk space threshold.
3. Type 5000 in the Minimum free space (MB) field to allow the cache to use all but 5 gigabytes (GB)
of the disk space, and then click Apply.
4. Click the Connectivity tab, type 120 in the Limit disconnected operation to (days) box, and then
click Apply.
5. Click the Permissions tab, select the Manage Publishing Servers check box, and then click OK.
Exercise 2: Configuring a Publishing Server for the App-V Client

Task 1: Add a new publishing server for the App-V Client
1. In the Application Virtualization Client, right-click the Publishing Servers node, and then click New
Server.
2. In the New Publishing Server - Step 1 dialog box, type Contoso App-V Management as the
display name.
3. Click the drop-down arrow under Type, select Application Virtualization Server, and then click
Next.
4. In the New Publishing Server - Step 2 dialog box, type NYC-SVR2 in the Host Name field, and
then click Finish.
Task 2: Configure the DC Refresh settings, and then refresh the client manually
1. On NYC-CL1, select the Publishing Servers node, right-click the Contoso App-V Management
server entry in the details pane, and then click Properties. Click the Refresh tab.
2. Select the Refresh publishing every: check box, set the time interval to be 2 hours, and then click
Apply.
3. Click Refresh to force the immediate refresh to the server manually, and then click OK.
Exercise 3: Configuring Applications by Using the Desktop Client

Task 1: Inspect the properties, and then load the application into the cache
1. Click the Applications node in the Application Virtualization Client. Notice the current Package
Status is Idle (0%).
Note: You may have to refresh the view to see the application listed.
2. Right-click the Microsoft Word Viewer application, and then click Properties. Inspect the properties.
3. In the Microsoft Word Viewer Properties dialog box, click the Package tab. Answer the following
questions.
Answer: 6 MB
Answer: 0 MB
Answer: 0 MB
4. Click Load and then click OK. Notice the Package Status changes to Loading. Press F5 to refresh the
console view.
5. Access the Properties of the application again and click the Package tab.
Answer: 2 MB
Answer: 2 MB
Task 2: Create a custom file extension

1. Right-click the File Type Associations node, and then click New Association.
2. In the New Association - Step 1 dialog box, type ABC in the Extension field, and then click Next.
3. In the New Association - Step 2 dialog box, ensure that the Microsoft Word Viewer application is
selected, and then click Finish.
4. Click the File Type Associations node, and then notice that the ABC file extension is now listed and
associated with the Microsoft Office Word Viewer application.
Task 3: Test the file extension

1. On NYC-CL1, click Start, type CMD in the search box, and then press ENTER.
2. In the command prompt, type fsutil file createnew test.abc 1000, and then press ENTER.
3. Close the command prompt.
5. Navigate to C:\Users\Administrator.Contoso, and notice the file has been created and shows the
icon of Microsoft Office Word Viewer.
6. Double-click the Test.abc file. The file opens in Microsoft Word Viewer application.
7. Close the Microsoft Word Viewer application.
Exercise 4: Installing and Configuring Settings by Using the Group Policy App-V
Template
Task 1: Install the App-V Group Policy template
1. On NYC-DC1, open Windows Explorer, browse to E:\Labfiles\Mod07, and then double-click
AppVADMTemplate.msi.
2. Accept the license agreement, and then click Next.
3. On the Select Installation Folder page, click Next.
4. On the Confirm Installation page, click Next. After installation completes, click Close. Close
Windows Explorer.
Task 2: Add the template to the Group Policy Object Editor of the Default Domain Policy
1. On NYC-DC1, click Start, click Administrative Tools, and then click Group Policy Management.
2. Expand Forest, expand Domains, and then expand Contoso.com.
3. Right-click Default Domain Policy, and then click Edit.
4. Expand Default Domain Policy, expand Computer Configuration, expand Policies, right-click
Administrative Templates, and then click Add/Remove Templates.
5. In the Add/Remove Templates dialog box, click Add.
6. In the Policy Templates dialog box, navigate to C:\AppVADMTemplate, click AppVirt.adm, click
Open, and then click Close.
Task 3: Grant permission to add applications to all users

1. In the Group Policy Management Editor, expand Administrative Templates, expand Classic
Administrative Templates (ADM), expand Microsoft Application Virtualization Client, and then
click Permissions.
2. In the details pane, double-click Add Application.
3. In the Add Application dialog box, click Enabled, and then click OK.
4. Switch back to NYC-CL1.
5. On NYC-CL1, click Start, type GPUpdate in the Search box, and then press ENTER.
6. Click Start, type Sftcmc.msc, and then press ENTER.
7. In the Application Virtualization Client, right-click Application Virtualization (Local), and then click
Properties.
8. Click the Permissions tab, and note that the Add applications check box is now selected to grant
users this permission.

following steps:


Lab A: Publishing Applications in the App-V Environment L8-1
Module 8: Managing and Administering Application Virtualization

Lab A: Publishing Applications in the App-V
Environment
Exercise 1: Configuring System Options
Task 1: Connect to the App-V Web service
1. On NYC-SVR2, click Start, point to Administrative Tools, and then click Application Virtualization
Management Console.
2. Right-click NYC-SVR2, and then click Configure Connection.
3. Ensure the Use Secure Connection check box is cleared, and that the Port is 80.
4. In the Configure Connection dialog box, click Specify Windows Account.
5. In the Name field, type Contoso\Administrator.
6. In the Password field, type Pa$$w0rd, and then click OK.
Task 2: Configure the default content path and the duration for database usage
1. Right-click NYC-SVR2, and then click System Options.
2. On the General tab of the System Options dialog box, ensure that the Universal Naming Convention
(UNC) path \\NYC-SVR2\Content is specified.
3. Click the Database tab.
4. In the Usage History section, set the Keep Usage For (Months) field to be 12 months, and then
click OK.
Exercise 2: Managing App-V Administrators

Task 1: Grant administrative access to the Domain Admins group
1. In the Application Virtualization Management Console, expand NYC-SVR2, and then click the
Administrators node.
2. In the Actions pane, click Add Administrator Group.
3. Type Domain Admins in the Select Groups dialog box, and then click OK.
Exercise 3: Publishing and Configuring an Application

Task 1: Copy the sequenced application to the Content Shared folder
1. On NYC-SVR2, click the Windows Explorer button in the taskbar.
2. Navigate to \\NYC-DC1\E$\Labfiles\Mod08, right-click the Word03 folder, and then click Copy.
3. Navigate to C:\Content, right-click, and then click Paste.
Task 2: Import the sequenced application to the Management Console

1. In the Application Virtualization Management Console, select and then right-click the Applications
node, and then click Import Applications.
L8-2 Lab A: Publishing Applications in the App-V Environment
2. Navigate to C:\Content\Word03, click the Wordviewer03.sprj file, and then click Open.
3. In the New Application Wizard, on the General Information page, observe the settings, and then
click Next.
4. On the Published Shortcuts page, click the check box to Publish to Users Desktop, and then click
Next.
5. On the File Associations page, click Next.
6. On the Access Permissions page, click Add.
7. Type Domain Users; AppVUsers in the Select Groups dialog box, click OK, and then click Next.
8. Click Finish to complete the import.
Task 3: Create an Application Group

1. Right-click the Applications node, and then click New Application Group.
2. In the New Application Group Wizard dialog box, type Microsoft Office Viewers in the
Application Group Name field, and then click Finish.
Task 4: Move the Microsoft Office Viewer applications into the Application Group
1. In the Applications node, right-click the Microsoft Office Word Viewer 2003 application, and then
click Move.
2. In the Select Target dialog box, expand Applications, click Microsoft Office Viewers, and then
click OK.
3. Repeat the procedure to move the Microsoft Word Viewer into the Microsoft Office Viewers group.
Task 5: Modify permissions for the Application Group

1. Right-click the Microsoft Office Viewers application group, and then click Properties.
2. In the Microsoft Office Viewers Properties dialog box, click the Access Permissions tab.
3. Select Domain Users, and then click Remove.
4. Verify that the AppVUsers group has access permissions, and then click OK.
Exercise 4: Verifying Application Permissions

Task 1: Test permissions for users
1. Log on to NYC-CL1 as Contoso\AppVUser1 with a password of Pa$$w0rd. Ensure the icons for
both Microsoft Office Viewers appear on the desktop.
2. Log off.
3. Log on as Contoso\ruser with a password of Pa$$w0rd. Ensure the icons for the Microsoft Office
Viewers do not appear on the desktop.
4. Log off NYC-CL1.
Lab A: Publishing Applications in the App-V Environment L8-3
Lab B: Implementing License Enforcement

Exercise 1: Publishing an Application
Task1: Copy a sequenced application to the Content folder
1. On NYC-SVR2, open Windows Explorer, and then navigate to
\\NYC-DC1\E$\Labfiles\Mod08.
2. Copy the Excel folder to the C:\Content folder.
Task 2: Publish Microsoft Excel Viewer

1. If required, launch the Application Virtualization Management Console from Administrative Tools.
2. Right-click the Applications node, and then click Import Applications.
3. Browse to C:\Content\Excel, click Excel.sprj, and then click Open.
4. On the General Information page, click Next.
5. On the Published Shortcuts page, click the check box to Publish to Users Desktop.
6. Verify that Publish to Users Start Menu is selected, type Excel in the text box, and then click Next.
9. Type AppVUsers, click OK, and then click Next.
10. Click Finish.
Exercise 2: Creating a License Group

Task 1: Create a new named license
1. On NYC-SVR2, in the Application Virtualization Management Console, right-click the Application
Licenses node, and then click New Named License.
2. In the Application License Group Name field, type Excel Users, and then click Next.
3. In the License Description field, type Excel Named License, and then click Next.
4. On the Named License User page, click Add.
5. In the User Name field, type Contoso\AppVUser1, and then click OK.
6. Click Finish.
Task 2: Assign the license group to an application

1. In the Application Virtualization Management Console, click the Applications node, and in the details
pane, right-click Microsoft Office Excel Viewer, and then click Properties.
2. On the General page, click the drop-down arrow under Application License Group, select Excel
Users, and then click OK.
Exercise 3: Creating a New Provider Policy

Task1: Create a new provider policy
1. Right-click the Provider Policies node, and click New Provider Policy.
L8-4 Lab A: Publishing Applications in the App-V Environment
2. On the Provider Policy Properties page, type Licensed in the Policy Name field, and then click
Next.
3. On the Group Assignment page, click Add.
4. Type AppVUsers, click OK, and then click Next.
5. On the Provider Pipeline page, click the Licensing check box, and then select Enforce License
Policies from the drop-down list.
6. Click Finish.
7. Click OK in the information dialog box.
Task2: Restart the service

1. Click Start, then type Services.msc in the Search box, and then press ENTER.
2. Locate and click the Application Virtualization Management Server service, and then click Restart
the service.
3. Close the Services console.
Task 3: Modify the Excel .osd file to use the new provider policy
1. On NYC-SVR2, open Windows Explorer, and then navigate to C:\Content\Excel.
2. Use Notepad.exe to open the Microsoft Office Excel Viewer 12.0.6219.1000.osd file.
3. Modify the hypertext reference (HREF) tag line by inserting the ?Customer=Licensed text so that the
HREF tag now reads:
HREF="RTSP://NYC-SVR2:554/Excel/Excel.sft?Customer=Licensed"
4. Save and close the file.
Exercise 4: Testing License Enforcement

Task 1: Test license enforcement
published copy of Microsoft Office Excel Viewer. Notice that you are not able to start the application.
Click OK, and then log off.
published copy of Microsoft Office Excel Viewer. Notice that the application starts as expected.

following steps:

Lab: Sequencing Applications for Virtualization L9-1
Module 9: Sequencing Applications for Virtualization

Lab: Sequencing Applications for Virtualization
Exercise 1: Installing the App-V Sequencer
Task 1: Install the App-V Sequencer
1. On NYC-CL2, click the Windows Explorer button in the task bar, browse to \\NYC-
DC1\E$\Labfiles\Mod09\Sequencer\x86, and then double-click Setup.exe.
2. In the InstallShield Wizard, click Install to install Microsoft Visual C++ 2005 Service Pack 1 (SP1)
Redistributable Package (x86), and then click Next.
4. Accept the default destination folder, and then click Next.
5. Click Install.
6. Clear the Launch the program check box, and then click Finish.
Task 2: Create drive Q

1. Click Start, right-click Computer, and then click Manage.
2. In Computer Management, expand Storage, and then click Disk Management.
3. On Disk 0, right-click the Unallocated space, and then click New Simple Volume.
4. In the New Simple Volume Wizard, click Next.
5. On the Specify Volume Size page, click Next.
6. On the Assign Drive Letter or Path page, click the drop-down arrow, select Q as the drive letter, and
then click Next.
7. On the Format Partition page, click Next, and then click Finish.
8. Close all open windows.
Exercise 2: Sequencing an Application

Task 1: Sequence Microsoft Office Word Viewer 2003
\Labfiles\Mod09. Copy the Word Viewer 2003 folder to C:\. Close Windows Explorer.
2. Click Start, click All Programs, click Microsoft Application Virtualization, and then click Microsoft
Application Virtualization Sequencer.
3. In the Microsoft Application Virtualization Sequencer application, click Create a Package.
4. On the Package Information page, type WordViewer03. In the Comments field, type Sequenced
on Windows 7, and then click Next.
5. On the Monitor Installation page, click Begin Monitoring.
6. In the Browse For Folder dialog box, ensure drive Q is selected, and then click Make New Folder.
7. Name the new folder Word03, and then click OK. Wait for the virtual environment to load.
L9-2 Lab: Sequencing Applications for Virtualization
9. Navigate to C:\Word Viewer 2003, and then double-click the Wdviewer.exe file.
11. Click Browse, navigate to the Q:\Word03 folder, and then click OK.
12. Click Install.
13. On the Microsoft Office Word Viewer 2003 Setup has Completed dialog box, click OK.
14. Close the Word Viewer 2003 window, and return to the App-V Sequencer.
15. Click Stop Monitoring, and then click Next.
16. On the Configure Applications page, in the right pane, click the Microsoft Office 2003
component, and then click Remove. Click OK in the message box, and then click Next.
17. On the Launch Applications page, click Launch All. You are establishing feature block 1.
18. After the application launches, close the application, and then click Next.
19. On the Sequence Package page, click Finish.
20. In the Wordviewer03 dialog box, take note of the Launch Size and the Package Size values, and
then click the Deployment tab.
21. Click the drop-down arrow below Protocol, and then select RTSP.
22. In the Hostname field, type NYC-SVR2.
23. Ensure the port as 554.
24. In the Path field, type Word03. This is the relative path in the content folder.
25. On the Menu bar, click Package, and then click Save.
26. In the Documents folder, right-click, point to New, and then click Folder.
27. Name the new folder Word03.
28. Save the WordViewer03.sprj file into the Word03 folder.
29. Close the sequencer, and then close all open windows.
Exercise 3: Deploying and Testing the Application

1. Click Start, and then click Documents.
3. Click Start, type \\NYC-SVR2, and then press ENTER.
4. Open the Content shared folder, and then right-click and click Paste.
Task 2: Import the application

1. On NYC-SVR2, click Start, click Administrative Tools, and then click Application Virtualization
Management Console.
2. Expand NYC-SVR2, right-click Applications, and then click Import Applications.
3. In the Open dialog box, navigate to C:\Content\Word03, click Wordviewer03.sprj, and then click
Open.
4. In the New Application Wizard, click Next.
5. On the Published Shortcuts page, select the Publish to User's Desktop check box, and then click
Next.
8. In the Select Groups dialog box, type AppVUsers, click OK, and then click Next.
9. Click Finish.

1. Log on to NYC-CL1 as AppVUser1 with a password of Pa$$w0rd.
2. Double-click the Microsoft Office Word Viewer 2003 desktop shortcut. Ensure that the application
launches correctly.
3. Click Cancel to close the Open dialog box.
4. On the Microsoft Word Viewer menu bar, click Help, and then click About Microsoft Office Word
Viewer. Take note of the version number. It should be 11.6506.6505.
5. Click OK, and then close Microsoft Word Viewer.
6. Log off NYC-CL1.
Exercise 4: Upgrading and Redeploying the Application

Task 1: Upgrade the application
1. On NYC-CL2, click Start, click All Programs, click Microsoft Application Virtualization, and then
click Microsoft Application Virtualization Sequencer.
2. Click Upgrade a Package.
3. In the Open For Package Upgrade dialog box, navigate to the Documents\Word03 folder, click the
Wordviewer03.sprj file, and then click Open.
4. Click Yes to Overwrite Decode Destination.
5. In the Package Information dialog box, click Next.
8. Navigate to C:\Word Viewer 2003, and then double-click the office2003-KB923276-FullFile-
ENU.exe file.
9. Click Yes to install the update.
10. Click Yes to accept the license agreement.
11. Click OK to acknowledge that the update applied successfully.
12. Close the Word Viewer 2003 window.
14. On the Configure Applications page, click Next.
15. On the Launch Applications page, click Launch All.
16. After the application launches, close the application, and then click Next.
17. Click Finish. On the Properties tab, note that the Launch Size and Package Size values are both
larger than the original package.
19. Close the sequencer.

1. On NYC-CL2, click Start, click Documents, and open the Word03 folder. Notice that the
Wordviewer03 file now has a 2 at the end of the file name to indicate the version.
2. Click the back arrow to return to the Documents folder.
4. Click the address bar, and then type \\NYC-SVR2\Content, and then press ENTER.
5. Right-click and click Paste.
6. In the Confirm Folder Replace dialog box, click Yes.
7. In the Copy File dialog box, select the check box below Do this for the next 2 conflicts, and then
click Copy and Replace.
8. In the Confirm Folder Replace dialog box, select the check box below Do this for all current items,
and then click Yes.
Task 3: Upgrade the package version

1. Return to NYC-SVR2.
2. Click Start, click Administrative Tools, and then click Application Virtualization Management
Console.
3. Expand NYC-SVR2, and then click the Packages node.
4. In the details pane, right-click the Wordviewer03_Package, and then click Add Version.
5. In the Add Package Version Wizard, click Browse.
6. In the Open dialog box, navigate to C:\Content\Word03
\Wordviewer03_2.sft, click Open, and then click Next.
7. In the Enter Relative Path for package file folder, click Next.
8. On the Summary page, click Finish.
9. Expand the Packages node, and then click the Wordviewer03_Package. In the details pane, notice
that there now are two versions.
Task 4: Test the deployment

1. On NYC-CL1, log on again as AppVUser1 with a password of Pa$$w0rd.
2. Double-click the Microsoft Office Word Viewer 2003 desktop shortcut. Notice a pop-up box in the
notification tray says Checking for Updates.
3. Click Cancel to close the Open dialog box.
4. On the Microsoft Word Viewer menu bar, click Help, and then click About Microsoft Office Word
Viewer. Take note of the version number. It should be 11.8104.6505.
5. Click OK, and then close Microsoft Word Viewer.
6. Log off NYC-CL1.
Exercise 5: Sequencing a Hard-Coded Application

Task 1: Sequence the Microsoft Office PowerPoint Viewer
1. On NYC-CL2 click Start, click All Programs, click Microsoft Application Virtualization, and then
click Microsoft Application Virtualization Sequencer.
2. In the Microsoft Application Virtualization Sequencer application, click Create a Package.
3. On the Package Information page, type PPT. In the Comments field, type Sequenced on Windows
7, and then click Next.
5. In the Browse For Folder dialog box, ensure drive Q is selected, and then click Make New Folder.
6. Name the new folder PPT, and then click OK. Wait for the virtual environment to load.
7. Open Windows Explorer, navigate to \\NYC-DC1\E$\LabFiles\Mod09, and then double-click the
PowerPointViewer.exe file.
8. Accept the license agreement, and then click Continue.
9. Click OK to acknowledge that the installation is complete, and then close the Mod09 folder.
11. On the Configure Applications page, click Next.
12. On the Launch Applications page, click Launch All.
13. After the application launches, accept the license terms, close the application, and then click Next.
14. On the Sequence Package page, click Finish.
15. On the Deployment tab, click the drop-down arrow below Protocol, and then click RTSP.
16. In the Hostname field, type NYC-SVR2.
17. Ensure the port is 554.
18. In the Path field, type PPT. This is the relative path in the content folder.
20. Browse to the Documents folder, right-click and then point to New and then click Folder.
21. Name the new folder PPT.
22. Save the PPT.sprj file into the PPT folder.
23. Close all open windows, and then log off.

following steps:
Lab: Configuring RDS and RemoteApp Programs L10-1
Module 10: Configuring Remote Desktop Services and RemoteApp

Lab: Configuring RDS and RemoteApp
Programs
Exercise 1: Preparing the RDS Environment
Task 1: Add the Remote Desktop Service role to the NYC-DC1 server
1. On the Start menu of the NYC-DC1 server, point to Administrative Tools, and then click Server
Manager. The Server Manager window opens.
2. In Server Manager, right-click Roles, and then select Add Roles.
3. On the Before You Begin page, click Next.
4. On the Select Server Roles page, select Remote Desktop Services, and then click Next twice.
5. On the Select Role Services page, select Remote Desktop Session Host.
6. In the Add Roles Wizard dialog box, click Install Remote Desktop Role Session Host anyway (not
recommended), and then click Next twice.
7. On the Specify Authentication Method for Remote Desktop Session Host page, click Require
Network Level Authentication, and then click Next.
8. Click Next three more times, and then click Install.
9. Wait until installation finishes. On Installation Results page, click Close. In Add Roles Wizard dialog
box, click Yes to restart the computer.
10. Wait until the server restarts. Log on to NYC-DC1 as Contoso\Administrator, with Pa$$w0rd as
password.
11. After you log on to NYC-DC1, Server Manager opens. Wait until the Resume Configuration Wizard
finishes. On the Installation Results page, click Close, and then minimize Server Manager.
Task 2: Add the Remote Desktop Service role to the NYC-SVR1 server
1. On the Start menu of the NYC-SVR1 server, point to Administrative Tools, and then click Server
2. In Server Manager, right-click Roles, and then select Add Roles.
5. On the Select Role Services page, select Remote Desktop Session Host, Remote Desktop
Connection Broker, and Remote Desktop Web Access.
6. In the Add Roles Wizard dialog box, click Add Required Role Services, and then click Next twice.
8. Click Next five more times, and then click Install.
9. Wait until installation finishes. On Installation Results page, click Close. In the Add Roles Wizard
dialog box, click Yes to restart the computer.
10. Wait until the server restarts. Log on to NYC-SVR1 as Contoso\Administrator with Pa$$w0rd as
password.
11. After you log on to NYC-SVR1, Server Manager opens. Wait until the Resume Configuration Wizard
L10-2 Lab: Configuring RDS and RemoteApp Programs
Task 3: Configure Group Membership on the RD Session Host servers

1. On NYC-DC1, switch to Server Manager, expand Roles, expand Active Directory Domain Services,
expand Active Directory Users and Computers, expand Contoso.com, and then click the Users
container.
2. Add the RD Web Computers group as a member to the TS Web Access Computers Group.
3. Select the Builtin container, and then add the RD Users group as a member to the Remote Desktop
Users group.
4. Minimize Server Manager on NYC-DC1.
5. On NYC-SVR1, switch to Server Manager, expand Configuration, expand Local Users and Groups,
and click Groups.
6. Add the RD Web Computers group as a member to the local TS Web Access Computers Group.
7. Add the RD Users group as a member to the local Remote Desktop Users group.
8. Minimize Server Manager on NYC-SVR1.
Exercise 2: Publishing RemoteApp Programs

Task 1: Publish RemoteApp programs
1. You will first publish RemoteApp programs on the NYC-DC1 Remote Desktop Session Host server. On
the Start menu of the NYC-DC1 server, point to Administrative Tools, point to Remote Desktop
Services, and then click RemoteApp Manager. The RemoteApp Manager window opens.
2. In the Actions pane of RemoteApp Manager, click Add RemoteApp Programs.
3. Click Next in the Welcome to the RemoteApp Wizard.
4. Select the check box next to Calculator and Paint, and then click Next. Calculator and Paint
represent applications that are available on a Remote Desktop Session Host Server. However, in
reality, you could make any business application available.
5. Click Finish in the Review Settings window. Calculator and Paint are added to the list of available
RemoteApp Programs.
6. Next you will publish RemoteApp programs on the NYC-SVR1 Remote Desktop Session Host server.
On the Start menu of the NYC-SVR1 server, point to Administrative Tools, point to Remote
Desktop Services, and then click RemoteApp Manager. The RemoteApp Manager window opens.
7. In the Actions pane of RemoteApp Manager, click Add RemoteApp Programs.
8. Click Next in the Welcome to the RemoteApp Wizard.
9. Click Browse, point to Notepad in the Windows\System32 folder, and then click Open.
10. Select the check box next to WordPad, and then click Next. WordPad and Notepad are used to
represent applications that are available on a Remote Desktop Session Host Server. However, in
reality, you can make any business application available.
11. Click Finish in the Review Settings window. Notepad.exe and WordPad are added to the list of
available RemoteApp Programs. By publishing different applications on different Remote Desktop
Host Session servers, you are separating the workload.
Task 2: Configure Remote Desktop Connection Broker to aggregate list of RemoteApp

programs
1. You will configure Remote Desktop Connection Broker on NYC-SVR1 to aggregate published
RemoteApp applications on two RD Session Host servers--NYC-DC1 and NYC-SVR1. On the Start
menu of the NYC-SVR1 server, point to Administrative Tools, point to Remote Desktop Services,
and then click Remote Desktop Connection Manager. The Remote Desktop Connection Manager
window opens.
2. In Remote Desktop Connection Manager, click RemoteApp Sources, and then in the Actions pane,
click Add RemoteApp Source.
3. Enter NYC-DC1.contoso.com as RemoteApp source name, and then click Add.

4. Click Add RemoteApp Source, enter NYC-SVR1.contoso.com as RemoteApp source name, and
then click Add.
5. Close the Remote Desktop Connection Manager window.
Task 3: Configure Remote Desktop Web Access to use Remote Desktop Connection
Broker
1. In this task, you will configure Remote Desktop Web Access to provide a list of all RemoteApp
programs that are available on two RD Session Host servers. On the Start menu of the NYC-SVR1
server, point to Administrative Tools, point to Remote Desktop Services, and then click Remote
Desktop Web Access Configuration. The Internet Explorer window opens.
2. Click Continue to this website (not recommended). This error occurs because the Web site
certificate is issued to NYC-SVR1.contoso.msft, and you are connecting to localhost.
3. Enter contoso\administrator as the Domain\username and Pa$$w0rd as Password, and then click
Sign in.
4. Select the An RD Connection Broker server radio button, enter NYC-SVR1.contoso.com in Source
name, and then click OK. The Enterprise Remote Access setting configures the Remote Desktop
Web Access page to retrieve the aggregated list of RemoteApp programs from the RD Connection
Broker computer.
5. Verify that all four RemoteApp published applications are displayed on the Enterprise Remote
Access Web page.
Task 4: Access Remote Desktop Web Access from the client

1. In this task, you will test the configuration of the Remote Desktop Connection Broker to verify that
you see all four published RemoteApp applications available on one Remote Desktop Services Web
Access page. On NYC-CL1, start Internet Explorer, and then enter https://NYC-SVR1.contoso.com
/RDWeb in the address bar. Press ENTER.
2. Right-click the information bar, and then select Run Add-on to allow the Microsoft Remote
Desktop Services Web Access add-on to install on the computer. Click Run in Internet Explorer
Security Warning dialog box.
3. Enter contoso\ruser as Domain\username and Pa$$w0rd as Password, and then click Sign in.
4. Verify that all four RemoteApp published applications are displayed on the Enterprise Remote
Access Web page.
5. Click Notepad. Review the warning in the RemoteApp dialog box, and then click Connect.
6. Log on as Contoso\ruser with Pa$$w0rd as password and then click OK.
7. The Notepad RemoteApp program opens.
8. Verify that the RemoteApp program looks and behaves as if it was installed locally, and then close
Notepad.
Task 5: Configure and test RemoteApp User Assignment

1. In this task, you will implement and test RemoteApp User Assignment. This is new feature in Windows
Server 2008 R2 Remote Desktop Services, and it specifies which users can see the icon for a
RemoteApp program. On NYC-SVR1 server, switch to RemoteApp Manager, right-click WordPad in
the RemoteApp Programs list, and then select Properties.
2. On the User Assignment tab, select Specified domain users and domain groups, and then click
Add. Enter contoso\Administrator, and then click OK. This allows only administrators to view the
RemoteApp icon for WordPad. Click OK in the RemoteApp Properties dialog box.
3. Switch to NYC-CL1, and refresh the page in Internet Explorer. As ruser no longer has permissions for
the WordPad RemoteApp program, the WordPad icon no longer is available, and there are only three
RemoteApp programs available on the Enterprise Remote Access Web page.
4. You also can remove the RemoteApp program icon from the RD Web Access Web page for all users.
To test this feature, on NYC-DC1 server, switch to RemoteApp Manager, right-click Paint in
RemoteApp Programs, and then click Hide in RD Web Access.
5. Switch to NYC-CL1, and refresh the page in Internet Explorer. The Paint icon no longer is available,
and there are only two RemoteApp programs available on the Enterprise Remote Access Web page.
Exercise 3: Accessing Published RemoteApp Programs

Task 1: Configure digital signing of .rdp files on RD Session Host servers
1. In the previous exercise, you found out that when you start a RemoteApp program from the RD Web
Access Web page, you get additional dialog boxes before the remote application starts. In this
exercise you will configure RDS to avoid such prompts. On NYC-SVR1, switch to RemoteApp
Manager, and in the Actions pane, click Digital Signature Settings.
2. In the RemoteApp Deployment Settings dialog box, on the Digital Signature tab, select the check
box next to Sign with a digital certificate, and then click Change.
3. In the Windows Security window, select NYC-SVR1.contoso.com, click OK, and then click OK again
to close the RemoteApp Deployment Settings dialog box.
4. On NYC-DC1, switch to RemoteApp Manager, and then in the Actions pane, click Digital Signature
Settings.
5. In the RemoteApp Deployment Settings dialog box, on the Digital Signature tab, select the check
box next to Sign with a digital certificate, and then click Change.
6. In the Windows Security window, select the digital certificate for
NYC-DC1.contoso.com, click OK, and then click OK again to close the RemoteApp Deployment
Settings dialog box.
7. Switch to NYC-CL1, and then refresh the page in Internet Explorer.
Task 2: Configure SSO for accessing RD Session Host servers

1. You will configure SSO by configuring Local Group Policy. On NYC-CL1, on the Start menu, in the
Search field, enter gpedit.msc. Right-click gpedit.msc, and then click Run as administrator.
2. In the User Account Control prompt, enter contoso\administrator as the user name, Pa$$w0rd as
the password, and then cick Yes. The Local Group Policy Editor opens.
3. In the Local Group Policy Editor, expand Computer Configuration, expand Administrative
Templates, expand System, and then click Credentials Delegation.
4. In details pane, double-click Allow Delegating Default Credentials, select Enabled, click Show, and
then enter TERMSRV/* as the Value. By doing that, you will allow credentials delegation to any RD
Session Host server. Click OK twice, and then minimize the Local Group Policy Editor window.
Task 3: Configure a trusted .rdp publisher

1. If you want to avoid the RemoteApp warning that specifies that the remote program could harm your
computer, you must configure a trusted .rdp publisher. In this task, you will use Local Group Policy,
but in a production environment, you would use domain Group Policy. On NYC-CL1, switch to the
Local Group Policy Editor, expand Computer Configuration, expand Administrative Templates,
expand Windows Components, expand Remote Desktop Services, and then click Remote
Desktop Connection Client.
.rdp publishers, and then click Enabled.
3. On NYC-CL1, switch to Internet Explorer, where you have the Enterprise Remote Access page open,
and then click Notepad. In the RemoteApp dialog box, click the NYC-SVR1.contoso.com link.
4. In the Certificate window, click the Details tab, scroll down, and then click the Thumbprint field.
Highlight the thumbprint numbers in the details box, copy them by pressing CTRL+C, click OK, and
then click Cancel in the RemoteApp dialog box.
Note: Do not highlight the leading or ending space in the thumbprint box!
5. Switch to the Specify SHA1 thumbprints of certificates representing trusted .rdp publishers window,
right-click in the Comma-separated list of SHA1 trusted certificate thumbprints entry box, and
then select Paste. Click OK, and then minimize Local Group Policy Editor.
6. In Internet Explorer, on the Enterprise Remote Access page, click Notepad. Verify that the Notepad
RemoteApp program opens without any prompt. With this configuration, users can start RemoteApp
programs in the same way as locally installed programs. Close Notepad.
Task 4: Package a RemoteApp program as a Windows Installer package

1. On NYC-SVR1, in RemoteApp Manager, right-click WordPad, and then click Create Windows
Installer Package.
2. In the Welcome to the RemoteApp Wizard, click Next.
3. On the Specify Package Settings page, accept the default settings, and then click Next.
4. On the Configure Distribution Package page, clear the check box next to the Start menu folder
option, and select the check boxes for Desktop and Associate client extensions for this program
with the RemoteApp program. Click Next, and then click Finish.
5. Windows Explorer opens. Navigate to C:\Program Files, right-click Packaged Programs, point to
Share with, and then click Advanced sharing.
6. Click Advanced Sharing, select the check box next to Share this folder, click OK, and then click
Close. Close the Windows Explorer window.
Task 5: Install and test the RemoteApp Windows Installer package

1. On NYC-CL1, on the Start menu, type \\nyc-svr1\ in the Search field.
2. Click Packaged Programs. Double-click wordpad.msi.
3. In the User Account Control prompt, enter contoso\administrator as the user name, Pa$$w0rd as
the password, and then click Yes.
4. Verify that after installation is complete, the Wordpad shortcut is added to the desktop.
5. Double-click the Wordpad shortcut, and then verify that the RemoteApp program opens without any
prompt. Close Wordpad.
6. Right-click the desktop, point to New, and then click Text Document. Specify the file name as
Report.docx. Docx is one of the extensions that is associated with Wordpad, and you selected to
associate extensions for this program with the RemoteApp program.
7. Click Yes in the Rename dialog box.
8. Double-click Report.docx, and verify that it opens in the Wordpad RemoteApp program. Close
Wordpad.
Task 6: Implement RemoteApp and Desktop Connection

1. In this task, you will integrate published RemoteApp programs with the Start menu of a client
computer. On the Start menu of NYC-CL1, in the Search field, type remote, and from the results list,
click RemoteApp and Desktop Connections.
2. Click Set up a new connection with RemoteApp and Desktop Connections.
3. Enter https://NYC-SVR1.contoso.com/RDweb/Feed/webfeed.aspx in the Connection URL, and then

click Next.
4. Click Next on Ready to set up the connection.
5. Click Finish on You have successfully set up the following connection.
6. Verify that there is new program group available, RemoteApp and Desktop Connections, on your
Start menu, All Programs. The program group contains all RemoteApp applications that are
available to the user. You also can create a configuration file that creates this program group by using
Remote Desktop Connection Manager.

following steps:
Lab: Implementing User State Virtualization L11-1
Module 11: Implementing User State Virtualization

Lab: Implementing User State Virtualization
Exercise 1: Configuring and Testing Roaming Profiles
Task 1: Configure a roaming profile and configure a pilot group of users to use roaming
profiles
1. On NYC-DC1, click Start, click Computer and then double-click Local Disk (C:).
2. Right-click Profiles, and then click Properties.
3. In the Profiles Properties dialog box, click the Sharing tab.
4. Click Advanced Sharing.
5. In the Advanced Sharing dialog box, verify that the Share this folder check box is selected.
6. Click Permissions.
7. In the Permissions for Profiles dialog box, click Everyone, click Remove, and then click Add.
8. In the Select Users, Computers, Service Accounts, or Groups dialog box, in the Enter the object
names to select (examples) box, type Authenticated Users, and then click Check Names.
9. Click OK, and in the Permissions for Profiles dialog box, click Authenticated Users, select the
Change check box under Allow, and then click OK.
10. In the Advanced Sharing dialog box, click Caching.
11. In the Offline Settings dialog box, click No Files or programs from the shared folder are
available offline, and then click OK.
12. In the Advanced Sharing dialog box, click OK.
13. In the Profiles Properties dialog box, click Close.
14. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
15. In Active Directory Users and Computers, expand Active Directory Users and Computers, expand
Contoso.com, and then click IT.
16. In the results pane, click Candy Spoon, press CTRL, and then click Terri Chudzik.
17. Right-click any of these two objects, and then click Properties.
18. In the Properties for Multiple Items dialog box, click the Profile tab.
19. Select the Profile path check box, in the Profile path box, type
\\NYC-DC1\Profiles\%username%, and then click OK.
Task 2: Make changes to user environment

1. Log on to NYC-CL1 as Candy with password Pa$$w0rd.
2. Right-click the Desktop, and then click Personalize.
3. In Personalization, click the Landscapes theme. Click Desktop Background and next to Picture
location, select Windows Desktop Backgrounds. Click Save changes and then close the
Personalization window.
5. Resize Windows Explorer so that you can also see the desktop.
6. Right-click Local Disk (C:), and then click Create shortcut.
Task 3: Log on to a second computer and verify roaming of the changes

1. Log on to the NYC-CL2 virtual machine as Candy using the password Pa$$w0rd.
Question: Do the Desktop personalization options appear as you configured them, including the
desktop shortcut?
L11-2 Lab: Implementing User State Virtualization
Answer: Yes.
Question: Is the shortcut to drive C retained on Desktop?
Answer: Yes.
Exercise 2: Configuring and Testing Folder Redirection

Task 1: Configure folder redirection
1. Switch to the NYC-DC1 virtual machine.
2. Click Start, click Computer, and then double-click Local Disk (C:).
3. In Windows Explorer, click New folder.
4. Type Redirected Folders, and then press ENTER.
5. Double-click Redirected Folders.
7. Type Marketing, and then press ENTER.
9. Type Production, and then press ENTER.
10. Right-click Marketing and then click Properties.
11. In the Marketing Properties dialog box, click the Sharing tab.
14. In the Share name box, type Marketing$.
16. In the Permissions for Marketing$ dialog box, ensure that Everyone is clicked, click Remove, and
then click Add.
names to select (examples) box, type Marketing, click Check Names, and then click OK.
18. In the Permissions for Marketing$ dialog box, click Marketing, under Allow select the Full Control
check box, and then click OK.
20. In the Marketing Properties dialog box, click Close.
21. Right-click Production, and then click Properties.
22. In the Production Properties dialog box, click the Sharing tab.
25. In the Share name box, type Production$.
27. In the Permissions for Production$ dialog box, ensure that Everyone is clicked, click Remove, and
then click Add.
names to select (examples) box, type Production, and then click Check Names.
29. Click OK, and in the Permissions for Production$ dialog box, click Production, select the Full
Control check box under Allow, and then click OK.
31. In the Production Properties dialog box, click Close.
32. Right-click Marketing, and then click Properties.
33. Click the Security tab.
34. Click Advanced.
35. Click Change Permissions.
36. Clear the Include inheritable permissions from this objects parent check box.
37. In the Windows Security dialog box, click Add.
38. In the Advanced Security Settings for Marketing dialog box, click OK, and then click OK again.
39. In the Marketing Properties dialog box, click Edit.
40. In the Permissions for Marketing dialog box, click Add.
names to select (examples) box, type Marketing, click Check Names, and then click OK.
42. In the Permissions for Marketing dialog box, click OK.
43. In the Marketing Properties dialog box, click Advanced, and then click Change Permissions.
44. In the Permissions entries list, click Marketing (CONTOSO\Marketing), and then click Edit.
45. In the Permission Entry for Marketing dialog box, in the Apply to list, click This folder only, in the
Permissions list select the Create folders / append data check box under Allow column, and then
click OK.
46. Click OK three times to close all dialog boxes.
47. Right-click Production, and then click Properties.
48. Click the Security tab.
49. Click Advanced.
53. In the Advanced Security Settings for Production dialog box, click OK, and then click OK again.
54. In the Production Properties dialog box, click Edit.
55. In the Permissions for Production dialog box, click Add.
names to select (examples) box, type Production, click Check Names, and then click OK.
57. In the Permissions for Production dialog box, click OK.
58. In the Production Properties dialog box, click Advanced, and then click Change Permissions.
59. In the Permissions entries list, click Production (CONTOSO\ Production), and then click Edit.
60. In the Permission Entry for Production dialog box, in the Apply to list, click This folder only, in
the Permissions list, select the Create folders / append data check box under Allow column, and
then click OK four times.
61. Click Start, point to Administrative Tools, and then click Group Policy Management.
62. In Group Policy Management, expand Forest: Contoso.com.
63. Expand Domains, right click Contoso.com, and then click Create a GPO in this domain, and Link it
here
64. In the New GPO dialog box, type Redirection in Name box, and then click OK.
65. Right-click Redirection, and then click Edit.
66. In the Group Policy Management Editor, expand User Configuration, expand Policies, expand
Windows Settings, and then expand Folder Redirection.
67. Right-click Documents, and then click Properties.
68. In the Documents Properties dialog box, in the Setting list, click Advanced Specify locations for
various user groups.
69. Click Add, and in the Specify Group and Location dialog box, in the Security Group Membership
box, type Marketing.
70. In the Target Folder Location list, click Create a folder for each user under the root path.
71. In the Root Path box, type \\NYC-DC1\marketing$ and then click OK.
72. Click Add, and in the Specify Group and Location dialog box, in the Security Group Membership
box, type Production.
73. In the Target Folder Location list, click Create a folder for each user under the root path.
74. In the Root Path box, type \\NYC-DC1\Production$, and then click OK.
75. In the Documents Properties dialog box, click the Settings tab.
76. Under Policy Removal, click Redirect the folder back to the local userprofile location when
policy is removed, and then click OK.
77. In the Warning dialog box, click Yes.
78. In the Group Policy Management Editor, in the tree, right-click Pictures, and then click Properties.
79. On the Target tab, in the Setting list, click Follow the Documents folder, and then click OK.
80. In the Warning dialog box, click Yes.
81. Repeat steps 78-80 for the Music and Videos folders.
82. Close the Group Policy Management Editor.
83. Close Group Policy Management.
84. Switch to the NYC-CL1 virtual machine.
85. Log on to the NYC-CL1 virtual machine as Contoso\Administrator using the password Pa$$w0rd.
86. Click Start, point to All Programs, click Accessories, and then click Command Prompt.
87. At the command prompt, type gpupdate /force, and then press ENTER.
88. Read the message at the command prompt, type Y, and then press ENTER.
Task 2: Verify that folders are redirected and not stored in the profile
1. Log on to the NYC-CL1 virtual machine as Contoso\Adam using the password Pa$$w0rd.
2. Click Start, and then click Adam Carter and then double-click My Documents.
3. In My Documents click the Address bar and make sure that path
\\NYC-DC1\marketing$\adam\Documents is revealed.
4. In Documents, right-click some free space in the window, point to New, and click Text Document.
5. Press ENTER to confirm the filename.
6. Double-click the file.
7. Type Updated, and in File menu, click Save.
8. Close the file.
10. Log on to the NYC-CL1 virtual machine as Contoso\Bart using the password Pa$$w0rd.
11. Click Start, click Bart Duncan and then double-click My Documents.
12. In My Documents, click the Address bar.
Question: What path is revealed?
Answer: \\NYC-DC1\production$\Bart\Documents
13. Click Start, click Computer, double click Local Disk (C:).
14. Double click the Users folder and then double click the folder named Bart.
15. Make sure that the folders Documents, Pictures and Videos are not present in Barts local folder.
18. In Windows Explorer, locate C:\Redirected Folders\Production.
Question: Can you see the Bart folder?
Answer: Yes.
Exercise 3: Configuring Offline Files

Task 1: Create and share the company-wide data folder
2. Click Start, click Computer, and then double-click Local Disk (C:).
4. Type CorpData, and then press ENTER.
5. Right-click CorpData, and then click Properties.
6. In the CorpData Properties dialog box, click the Sharing tab.
10. In the Permissions for CorpData dialog box, click Everyone, click Remove, and then click Add.
names to select (examples) box, type Authenticated Users, and then click Check Names.
12. Click OK, and in the Permissions for CorpData dialog box, click Authenticated Users, under Allow,
select the Full Control check box, and then click OK.
13. In the Advanced Sharing dialog box, click Caching.
14. In the Offline Settings dialog box, ensure that Only the files and programs that users specify will
be available offline is selected, and then click OK.
16. In the CorpData Properties dialog box, click the Security tab.
17. Click Advanced.
21. In the Advanced Security Settings for CorpData dialog box, click OK, and then click OK again.
22. In the CorpData Properties dialog box, click Edit.
23. In the Permissions for CorpData dialog box, click Add.
names to select (examples) box, type Authenticated Users, click Check Names, and then click OK.
25. In the Permissions for CorpData dialog box, in the Group or user names list, click Authenticated
Users, and then in the Permissions for Authenticated Users list, under Allow, select the Full
control check box.
26. In the Permissions for CorpData dialog box, click OK.
27. In the CorpData Properties dialog box, click Close.
Task 2: Configure the client-side offline settings using Group Policy

1. Click Start, point to Administrative Tools, and then click Group Policy Management.
2. Right-click Default Domain Policy, and then click Edit.
3. In the Group Policy Management Editor, ensure that the option Computer Configuration is
expanded, expand Policies, expand Administrative Templates, expand Network, and then click
Offline Files.
4. In the results pane, double-click Administratively assigned offline files.
5. In the Administratively assigned offline files dialog box, click Enabled, and then click Show.
6. In the Show Contents box, in Value name field type CorpData, and in Value field type \\NYC-
DC1\CorpData, and then click OK.
7. In the Administratively assigned offline files dialog box, click OK.
8. In the results pane, double-click Synchronize all offline files when logging on.
9. In the Synchronize all offline files when logging on dialog box, click Enabled, and then click OK.
10. Close the Group Policy Management Editor.
11. Close Group Policy Management.
Task 3: Refresh Group Policy on the client workstations

2. Log on to the NYC-CL1 virtual machine as Contoso\administrator using the password Pa$$w0rd.
7. Log on to the NYC-CL2 virtual machine as Contoso\administrator using the password Pa$$w0rd.
Task 4: Create a text document and make it available offline

2. Log on to the NYC-CL1 virtual machine as Contoso\Don using the password Pa$$w0rd.
3. Click Start, right-click Computer, and then click Map network drive.
4. In the Map Network Drive dialog box, in the Folder box, type
\\NYC-DC1\CorpData, and then click Finish.
5. In CorpData (\\NYC-DC1) (Z:), click New folder.
6. Type Don, and then press ENTER.
7. Double-click Don, and then right-click some free space in the folder.
8. Click New, and then click Rich Text Document.
9. Type Dons Document, and then press ENTER.
10. Double-click Dons Document..
11. Type Saved by Don, and then click the Office button.
12. Click Save, and then close WordPad.
13. Right-click Dons Document, and then click Always Available Offline. Close all open windows.
Task 5: Simulate a network problem and try to access offline file

2. Click Start, right-click Network, and then click Properties.
3. In Network and Sharing Center, in the Tasks list, click Change adapter settings
4. In Network Connections, right-click Local Area Connection 2, and then click Disable.
5. Switch to NYC-CL1, click Start, click Computer and then double click CorpData (\\NYC-DC1) (Z:)
drive.
6. Verify that you can access Dons Document file even when NYC-DC1 is not available.

following steps:

Lab: Configuring Virtual Desktop Infrastructure L12-1
Module 12: Configuring Virtual Desktop Infrastructure

Lab: Configuring Virtual Desktop Infrastructure
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must perform
the following steps:
2. Ensure that the 10324A-NYC-DC1 virtual machine is running.
3. If required, connect to the virtual machine. Log on to 10324A-NYC-DC1 as Contoso\Administrator using
the password Pa$$w0rd.
4. On the physical host machine, open Network and Sharing Center and click Change adapter settings.
5. Open the Properties for the network connection that is labeled Internal Network.
6. Ensure that the IPv4 settings are configured as follows:
IP address: 192.168.10.100/24
DNS server: 192.168.10.1
7. On the physical host computer, click Start, right-click Computer, and then click Properties.
8. Under Computer name, domain, and workgroup settings, click Change settings.
9. On the System Properties box, on the Computer Name tab, click Change.
10. Under Computer name, change the name to Hostx (where x is a number that your instructor provides).
11. Under Member of, click the Domain option, and then type Contoso.com. Click OK.
12. In the Windows Security box, provide Contoso\Administrator and Pa$$w0rd for the credentials, and then
click OK.
13. In the Computer Name/Domain Changes box, click OK. At the second prompt, click OK again.
14. In the System Properties box, click Close.
15. At the restart prompt, click Restart Later. You will shut down NYC-DC1 before restarting the host computer.
16. On NYC-DC1, click Start, and then next to Log off, point to the arrow, and click Shut down. Type shut down
in the comment field, and then click OK.
17. After NYC-DC1 shuts down, restart the physical host computer.
18. After the host computer restarts, log on as the local administrator.
20. Ensure that the 10324A-NYC-DC1, 10324A-NYC-SVR1, 10324A-NYC-CL1, 10324A-NYC-CL2, and 10324A-
NYC-CL3 virtual machines are running. If you are prompted for user credentials, logon as the local
administrator.
21. If required, connect to the virtual machines. Log on to all virtual machines except 10324A-NYC-CL1 as
Contoso\Administrator using the password Pa$$w0rd. Do not log on to 10324A-NYC-CL1 until instructed
to do so.
22. In Hyper-V Manager, rename 10324A-NYC-CL2 display name to
23. In Hyper-V Manager, rename 10324A-NYC-CL3 display name to
L12-2 Lab: Configuring Virtual Desktop Infrastructure
Exercise 1: Configuring RDS Infrastructure for VDI

Task 1: Add the RDS role to the NYC-SVR1 server
1. On the Start menu of the NYC-SVR1 server, point to Administrative Tools, and then click Server
2. In Server Manager, right-click Roles, and then click Add Roles.
5. On the Select Role Services page, select Remote Desktop Session Host, Remote Desktop
Connection Broker, and Remote Desktop Web Access.
6. In the Add Roles Wizard dialog box, click Add Required Role Services, and then click Next twice.
8. Accept the default values on the following pages by clicking Next five more times, and then click
Install.
9. Wait until installation finishes. On the Installation Results page, click Close. In the Add Roles
Wizard dialog box, click Yes to restart the computer.
10. Wait until the server restarts. Log on to the NYC-SVR1 server as Contoso\Administrator, with
Pa$$w0rd as password.
11. After you log on to NYC-SVR1, Server Manager opens. Wait until the Resume Configuration Wizard
Task 2: Configure the RD Virtualization Host Server

1. On the physical host computer, on Start menu, point to Administrative Tools, and then click Server
Manager.
2. Under the Roles Summary heading, click Add Roles.
4. On the Select Server Roles page, select the Remote Desktop Services check box, and then click
Next.
5. On the Remote Desktop Services page, click Next.
6. On the Select Role Services page, select the Remote Desktop Virtualization Host check box, and
then click Next.
7. On the Confirm Installation Selections page, click Install.
8. After the installation is complete, click Close, and then close Server Manager on the physical host
server.
Task 3: Configure RD Web Access to use RD Connection Broker

1. On the Start menu of the NYC-SVR1 server, point to Administrative Tools, point to Remote
Desktop Services, and then click Remote Desktop Web Access Configuration. The Microsoft
Internet Explorer window opens.
2. Click Continue to this website (not recommended). This error occurs because shortcut points to
localhost and not to NYC-SVR1.contoso.com, as it is defined in the digital certificate that the Web site
uses.
3. Enter Contoso\administrator as Domain\username, Pa$$w0rd as Password, and then click Sign in.
4. Select An RD Connection Broker server, enter NYC-SVR1.contoso.com in Source name, and then
click OK. The Enterprise Remote Access Web page is displayed, but it is empty, as there are no
published RemoteApp programs or virtual desktops available yet.
5. On NYC-SVR1, close Internet Explorer.
Exercise 2: Configuring a Virtual Machine for VDI

Task 1: Configure Windows 7 virtual machines for VDI
1. On NYC-CL2, click Start, right-click Computer, click Properties, and then click Remote settings.
2. Under Remote Desktop, click Allow connections only from computers running Remote Desktop
with Network Level Authentication (more secure), click OK, and then close the System window.
3. On NYC-CL2, click Start, right-click Computer, and then click Manage. When Computer
Management opens, expand Local Users and Groups, click Groups, and add Contoso\RD Users to
local group Remote Desktop Users. Close Computer Management.
4. Click Start, in the Search field, type regedit, and then press ENTER.
5. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Control\Terminal Server, double-click the AllowRemoteRPC registry entry, and in the Value data
box type 1, click OK, and then close Registry Editor.
6. On the Start menu, in the Search field, type firewall, and from the results list, click Allow a program
through Windows Firewall.
7. Select the Remote Service Management check box, and then click OK.
8. Finally, you must grant the RD Virtualization Host computer account (physical host computer)
permissions to the RDP protocol on NYC-CL2 and then restart the Remote Desktop Services service. A
script for this has been provided in \\NYC-DC1\E$\Labfiles\Mod12\RDSConfig\. Edit RDS-
pool.bat to replace <physical host> with the name of your physical host server, and then save the
modified file. Run RDS-pool.bat. When prompted, type Y and press ENTER to continue the
operation.
9. Log off NYC-CL2.
10. Repeat steps 1 to 9 on NYC-CL3.
Task 2: Create a snapshot to enable the virtual machines to roll back

1. In the NYC-CL2 window, on the Action menu, click Snapshot.
2. In the Snapshot Name window, enter RDV_Rollback as the snapshot name, and then click Yes.
3. On NYC-CL2, on the Action menu, click Save.
4. In the NYC-CL3 window, on the Action menu, click Snapshot.
5. In the Snapshot Name window, enter RDV_Rollback as the snapshot name, and then click Yes.
6. On NYC-CL3, on the Action menu, click Save.
Exercise 3: Configuring and Testing the Personal Virtual Desktop

Task 1: Configure the Personal Virtual Desktop
1. On the Start menu of the NYC-SVR1 server, point to Administrative Tools, point to Remote
Desktop Services, and then click Remote Desktop Connection Manager.
2. In the Actions pane of Remote Desktop Connection Manager, click Configure Virtual Desktops.
4. On the Specify an RD Virtualization Host Server page, in the Server name box, type name of your
physical host server, click Add, and then click Next.
5. On the Configure Redirection Settings page, in the Server name box, type NYC-
SVR1.contoso.com, and then click Next.
6. On the Specify an RD Web Access Server page, in the Server name box, type NYC-
SVR1.contoso.com, and then click Next.
7. On the Confirm Changes page, click Apply.
8. On the Summary Information page, verify that the Assign personal virtual desktop check box
is selected, and then click Finish.
9. On the Assign Personal Virtual Desktop page, click Select User.
10. In the Enter the object name to select box, type Contoso\ruser, and then click OK.
11. In the Virtual machine box, select NYC-CL2.contoso.com, and then click Next.
12. Confirm that the User name and Virtual machine boxes are correct, and then click Assign.
13. Clear the Assign another virtual machine to another user check box, and then click Finish.
You can verify which virtual machine is assigned to the user in Active Directory Users and
Computers, on the Personal Virtual Page tab of ruser properties.
Task 2: Configure digital signing of .rdp files, single sign-on, and trusted .rdp publisher
When you want to connect to a virtual desktop, by default, you get a security prompt because the .rdp file
is not digitally signed. You then must provide user credentials for logging on to the virtual desktop. You
can avoid those prompts by configuring digital signing of .rdp files, adding a trusted .rdp publisher, and
configuring single sign-on. For this lab, we will use local Group Policy to configure those settings, but in
real life you would configure them by using domain Group Policy.
1. On NYC-SVR1, in Remote Desktop Connection Manager, click RD Virtualization Host Servers,
right-click RD Virtualization Host Servers, and then click Properties.
2. In Virtual Desktops Properties, select the Digital Signature tab, and then select the check box next
to Sign with a digital certificate. Click Select, select NYC-SVR1.contoso.com, and then click OK.
3. In Virtual Desktops Properties, click OK, and minimize Remote Desktop Connection Manager.
4. From the Hyper-V Manager console, connect to NYC-CL1, and log on as Contoso\ruser with the
password Pa$$w0rd.
5. On NYC-CL1, on the Start menu, in the Search field, enter gpedit.msc. In the Programs list, right-
click gpedit.msc, and then click Run as administrator.
6. In User Account Control prompt, enter contoso\administrator as the user name, Pa$$w0rd as the
password, and then click Yes. The Local Group Policy Editor opens.
7. In the Local Group Policy Editor, expand Computer Configuration, expand Administrative
Templates, expand System, and then click Credentials Delegation.
8. In details pane, double-click on Allow Delegating Default Credentials, select Enabled, click Show,
and enter TERMSRV/* as the Value. By doing that, you will allow credentials delegation to any RD
Session Host server. Click OK twice, and then minimize the Local Group Policy Editor window.
9. On NYC-CL1, open Internet Explorer, and navigate to the
https://NYC-SVR1.contoso.com/RDWeb page.
10. Right-click on the information bar, and then select Run Add-on to allow the Microsoft Remote
Desktop Service Web Access add-on to run on the computer. Click Run in the Internet Explorer -
Security Warning dialog box.
11. Enter contoso\ruser as Domain\username, Pa$$w0rd as Password, and select This is a private
computer, and then click Sign in.
12. Verify that there is a My Desktop icon on the Enterprise Remote Access Web page. Click the My
Desktop icon.
13. In the Remote Desktop Connection dialog box, click
NYC-SVR1.contoso.com Publisher name.
14. In the Certificate window, click the Details tab, scroll down, and then select Thumbprint. Select the
thumbprint numbers in the details box, copy them by pressing CTRL+C, click OK in the Certificate
window, and then click Cancel in the Remote Desktop Connection dialog.
Important: Do not select the leading space at the front of the thumbprint.
15. On NYC-CL1, switch to Local Group Policy Editor, expand Computer Configuration, expand
Administrative Templates, expand Windows Components, expand Remote Desktop Services,
and then click Remote Desktop Connection Client.
.rdp publishers, and then select Enabled.
17. Right-click in Coma-separated list of SHA1 trusted certificate thumbprint entry box, and then
select Paste. Click OK, and then close Local Group Policy Editor.
Task 3: Test the Personal Virtual Desktop

1. On NYC-CL1, switch to Internet Explorer, and on the Enterprise Remote Access Web page, click the
My Desktop icon.
2. View the Remote Desktop Connection dialog box. After a few seconds, it will display that it is
waking the virtual machine. You can follow in Hyper-V Manager on the physical host server that the
NYC-CL2.contoso.com virtual machine is starting.
3. When you log on to NYC-CL2, right-click on the desktop, point to New, and then click Folder. Name
the folder as you like (you can give it your name, such as Joe.)
4. On the Start menu, select Log off, and then log off from the virtual computer.
5. In Internet Explorer, on the Enterprise Remote Access Web page, click the My Desktop icon again.
6. When you log on to NYC-CL2, verify that the folder with your name is still on the desktop. This is
because when you are using a personal virtual desktop, RDV_Rollback snapshot is not applied, and
the local user profile is preserved on the virtual computer.
7. On the Start menu, select Log off, and log off from the virtual computer.
8. On NYC-CL1, minimize Internet Explorer.
9. On the physical host server, in Hyper-V Manager, select
NYC-CL2.contoso.com, and in the Actions pane, click Revert. In Revert Virtual Machine dialog,
click Revert.
Task 4: Remove the assignment of a personal virtual desktop from a user

expand Active Directory Users and Computers, and expand Contoso.com, and then click the RDS
Users organizational unit.
2. Right-click ruser, select Properties, and then click the Personal Virtual Desktop tab.
3. Remove the check mark from Assign a personal virtual desktop to this user, and then click OK.
4. Minimize Server Manager on NYC-DC1.
Exercise 4: Configuring and Testing User State Virtualization and the Virtual
Desktop Pool
Task 1: Configure a roaming profile and folder redirection
expand Active Directory Users and Computers, and expand Contoso.com, and then click the RDS
Users organizational unit.
2. Right-click the VDI user, select Properties, and then click the Profile tab. Enter \\NYC-
DC1.contoso.com\Profiles\%username% as the Profile path, and then click OK.
3. In Server Manager, expand Features, expand Group Policy Management, expand
Forest:contoso.com, expand Domains, expand contoso.com, and then click RDS Users. Right-click
the RDS Users organizational unit, and then select Create a GPO in this domain, and Link it here.
4. In the New GPO window, enter Folder Redirection as Name, and then click OK.
5. In the Server Manager, expand RDS Users organizational unit, right-click on Folder Redirection, and
then select Edit. The Group Policy Management Editor opens.
6. In the Group Policy Management Editor, expand User Configuration, expand Policies, expand
Windows Settings, and then expand Folder Redirection. Right-click the Desktop node, and then
select Properties.
7. In the Desktop Properties window, select Basic Redirect everyones folder to the same location
setting, enter \\NYC-SVR1.contoso.com\desktops as the Root Path, and then click OK. In the
Warning window, click Yes, because there is not Windows XP or older computers in the environment.
8. Close Group Policy Management Editor, and then minimize Server Manager.
Task 2: Configure the Virtual Desktop Pool

As your already specified your physical server as RD Virtualization Host, in Exercise 3, Task 1, you can start
configuring your virtual desktop pool. If RD Virtualization Host would not be specified yet, you would
need to run the Configure Virtual Desktops Wizard first.
1. On the NYC-SVR1 server, maximize Remote Desktop Connection Manager.
2. In the Remote Desktop Connection Manager, in the navigation pane, click Remote Desktop
Connection Manager: NYC-SVR1, and in the Actions pane, click Create Virtual Desktop Pool.
3. On the Welcome to the Create Virtual Desktop Pool Wizard page, click Next.
4. On the Select Virtual Machines page, select NYC-CL2.contoso.com and NYC-CL3.contoso.com
virtual machines, and then click Next.
5. On the Set Pool Properties page, in the Display Name box, type Contoso Virtual Desktop Pool. In
the Pool ID box, type CONTOSO_VDP, and then click Next.
6. On the Results page, click Finish.
7. Minimize Remote Desktop Connection Manager on NYC-SVR1.
Task 3: Verify the Virtual Desktop Pool functionality

1. On NYC-CL1, in Internet Explorer, press F5 to refresh the page.
2. Verify that there is Contoso Virtual Desktop Pool icon on the Enterprise Remote Access Web
page, and then click the Contoso Virtual Desktop Pool icon.
3. Verify that remote desktop connection is established to NYC-CL2. When you log on, right-click on the
desktop, select New, Folder, and then name the folder Pooled VDI.
4. On the Start menu, select Log off, and then log off the virtual computer.
5. Now you will establish connection to the virtual desktop on the NYC-CL2 computer as a different
user, so that Remote User (ruser) will next time connect to second virtual computer in the pool. On
the NYC-DC1 server, start Internet Explorer, and then enter http://NYC-SVR1.contoso.com/RDWeb
in the address bar.
6. Right-click on the information bar, and then select Run Add-on to allow Microsoft Remote
Desktop Service Web Access add-on on the computer. Click Run in the Internet Explorer Security
Warning dialog box.
7. On NYC-DC1, in Internet Explorer, on the Enterprise Remote Access Web page, enter contoso\vdi
as Domain\username and Pa$$w0rd as Password, select This is a private computer, and then click
Sign in.
8. In Internet Explorer on the Enterprise Remote Access Web page, click the Contoso Virtual
Desktop Pool icon.
9. As we configured trusted .rdp publisher and credentials delegation in Local Group Policy on NYC-CL1,
you are presented with prompts that do not occur on NYC-CL1. In the Remote Desktop Connection
dialog, click Connect, and in Windows Security, click Use another account, and then provide
Contoso\vdi as the user name and Pa$$w0rd as the password. Click OK.
10. Verify that you are connected to the NYC-CL2 virtual computer. Open Windows Explorer, and verify
that inside C:\Users folder there is no ruser subfolder because it was discarded after that user logged
off, when RDV_Rollback snapshot was applied. Minimize the remote desktop session.
11. On NYC-CL1, in Internet Explorer, on the Enterprise Remote Access Web page, click the Contoso
Virtual Desktop Pool icon. Because you configured trusted .rdp publisher and credentials
delegation, no additional prompts are shown.
12. Verify that you are connected to the NYC-CL3 virtual computer, and that Pooled VDI folder is on the
desktop. Because you configured user state virtualization, the state of the user is available on any
computer in the virtual desktop pool.
13. On the Start menu, select Log off, and then log off the virtual computer. On the physical server host,
in Hyper-V Manager, follow the status of the NYC-CL3.contoso.com virtual computer. Its status will
change from Saving to Saved, then to Starting, and finally to Running, as RDV_Rollback snapshot is
taking effect, and all changes in the NYC-CL3.contoso.com virtual machine are discarded.
To complete the lab

following steps:
4. For the NYC-CL2 and NYC-CL3 virtual machines, you will need to delete the RDV_Rollback snapshots
first, and then revert to the first snapshot.

10324A ENU TrainerHandbook

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

10324A ENU TrainerHandbook

Hochgeladen von

Copyright:

Verfügbare Formate

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

2010 Microsoft Corporation. All rights reserved.

All other trademarks are property of their respective owners.

Product Number: 10324A

Part Number: X17-41915

Gary DunlopContent Developer

Damir Dizdarevic Content Developer

Slavko Kukrika Content Developer

Stan Reimer Content Developer

Nelson Ruest Technical Reviewer

Module 2: Implementing Windows Virtual PC and Windows XP Mode

Module 3: Implementing Microsoft Enterprise Desktop Virtualization

Module 4: Configuring and Deploying MED-V Images

Module 5: Managing a MED-V Deployment

Module 6: Implementing Microsoft Application Virtualization

Module 7: Planning and Deploying App-V Clients

Lesson 1: Overview of the App-V Client 7-3

Module 8: Managing and Administering Application Virtualization

Module 9: Sequencing Applications for Virtualization

Module 10: Configuring Remote Desktop Services and RemoteApp

Module 11: Implementing User State Virtualization

Module 12: Configuring Virtual Desktop Infrastructure

Module 13: Summary of Desktop Virtualization Technologies

Lab Answer Keys

About This Course

Administer the App-V infrastructure by using the App-V Management Console.

Module 1, Overview of Desktop and Application Virtualization

Module 2, Implementing Windows Virtual PC and Windows XP Mode

Module 3, Implementing Microsoft Enterprise Desktop Virtualization

Module 4, Configuring and Deploying MED-V Images

Module 5, Managing a MED-V Deployment

Module 6, Implementing Microsoft Application Virtualization

Module 7, Planning and Deploying App-V Clients

Module 8, Managing and Administering Application Virtualization

Module 9, Sequencing Applications for Virtualization

Module 10, Configuring Remote Desktop Services and RemoteApp

Module 11, Implementing User State Virtualization

Module 12, Configuring Virtual Desktop Infrastructure

Module 13, Summary of Desktop Virtualization Technologies

Course Companion Content on the http://www.microsoft.com/learning/companionmoc/ Site:

To provide additional comments or feedback on the course, send e-mail to

Virtual Machine Environment

Virtual Machine Configuration

Virtual machine Role

10324A -NYC-CL1 Windows 7 client in the Contoso.com domain

10324A -NYC-CL2 Windows 7 client in the Contoso.com domain

10324A -NYC-CL3 Windows 7 client in the Contoso.com domain

Course Hardware Level

Microsoft Mouse or compatible pointing device

Challenges of Traditional Network Environments

Data Centers Are Reaching Capacity

Server Utilization Is Very Low

Managing Physical Servers Requires Significantly More Effort

Supporting Legacy Systems Can Be Difficult

Application Compatibility Can Be Complicated

User Environments Are More Flexible

Question: Why are your organizations exploring the use of virtualization?

What Is Server Virtualization?

Benefits of Server Virtualization

What Is Desktop Virtualization?

Client-Hosted Desktop Virtualization

Virtual Desktop Infrastructure

Microsoft Enterprise Desktop Virtualization