As I’ve been involved with multiple XenDesktop projects over the last few months, I’ve found myself constantly repeating the steps in Citrix’s Windows 7 Optimization Guide. Today was my probably the 5+ time I had to perform these steps, I figure it would be worth while to spend a bit more time automating some of the process so that I have something to reference in the future.
First and foremost, the guide can be downloaded here: http://support.citrix.com/article/CTX127050
Disabling Services
The first section of the document:
… suggests services that can be disabled so what I did was use the following commands in a batch file to stop and disable the services:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
net stop BITS
sc config BITS start= disabled
net stop UxSms
sc config UxSms start= disabled
net stop FDResPub
sc config FDResPub start= disabled
net stop HomeGroupListener
sc config HomeGroupListener start= disabled
net stop HomeGroupProvider
sc config HomeGroupProvider start= disabled
net stop CISVC
sc config CISVC start= disabled
net stop CscService
sc config CscService start= disabled
net stop wscsvc
sc config wscsvc start= disabled
net stop SysMain
sc config SysMain start= disabled
net stop Themes
sc config Themes start= disabled
net stop WinDefend
sc config WinDefend start= disabled
net stop WMPNetworkSvc
sc config WMPNetworkSvc start= disabled
net stop WSearch
sc config WSearch start= disabled
pause
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
**Note that I included a pause command at the end so I could review whether any of the commands failed.
One of the issues I’ve constantly come across with virtual desktops is with the Windows Update Service. As much as I agree that the Windows Update service should be disabled for the virtual desktops, I prefer to use group policy to disable the service because by doing it that way I won’t need to re-enable the service when updating the master image. Now you might be wondering why I’m talking about the Windows Update service when the optimization guide doesn’t actually disable the service and the reason why is because the guide lists Windows Defender as a service to disable. What I’ve found in past deployments is that this affects the Windows Update service and if it was disabled, Windows Update may error out when you attempt to patch the Windows desktop. This in turn has lead me to exclude this service from being disabled at the master image level but disabled for the desktops in the desktop pool. If you’ve come across the same problem as I have, you can simply omit the following lines in the batch file:
net stop WinDefend
sc config WinDefend start= disabled
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Group Policy Objects
The second section of the guide includes settings that are disabled via either local policy on the master image or Group Policy:
My preference is to create a GPO that omits the Windows Update configuration due to reasons I stated above and apply it to the virtual desktops.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Computer Registry Optimization
The next section of the guide lists registry settings that are applied to the HKLM and HKU of the registry of the master image which can be easily applied via the following lines in a .reg file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisableLastAccessUpdate"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNNS\Parameters]
"EnableOffload"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableTaskOffload"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"ServicesPipeTimeout"=dword:0002bf20
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows]
"ErrorMode"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\Explorer]
"NoRemoteRecursiveEvents"=dword:00000001
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaveActive"="0"
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Optional Provisioning Services Computer Registry Optimization
The next section of the optimization guide lists configuration settings that pertain more to Provisioning Services with vDisks so whether you would like to apply them is at your discretion. If you do choose to, they can be easily applied via the following lines in a .reg file:
Windows Registry Editor Version 5.00
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]
"Enable"="N"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout]
"EnableAutoLayout"=dword:00000000
[HKLM\SYSTEM\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled"=dword:00000000
"LogEvent"=dword:00000000
"SendAlert"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled"=dword:00000000 "LogEvent"=dword:00000000
"SendAlert"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"DisablePasswordChange"=dword:00000001
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"File"="D:\EventLogs\Application.evtx"
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
"File"="D:\EventLogs\Security.evtx"
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"File"="D:\EventLogs\System.evtx"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"MaxSize"=dword:00010000
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
"MaxSize"=dword:00010000
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"MaxSize"=dword:00010000
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Optional Computer Registry Optimization
The last set of optional computer registry optimization settings has to do with the recycling bin behavior and whether they are applied will again be at your discretion:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket]
"UseGlobalSettings"=dword:00000001
"NukeOnDelete"=dword:00000001
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
User Policy Optimization
The next section provides optimization settings for the user that can be easily applied via GPO:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
User Registry Optimization
The next section lists the registry settings that are applied to the user. Since these settings are made to HKLU, you’ll need to use GPO Preferences to apply the configuration:
Ensure that these settings are applied to the user objects and not the computer objects.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Final Configuration Optimization
The only final configuration optimization I use when setting up mater images is the Boot Animation setting that can be applied via the following command:
bcdedit /set bootux disabled
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Note that I left out a few optimization settings listed in the documentation so please reference the guide to ensure you don’t miss any configuration changes that applies to your environment.
2 comments:
Thank you Terence.
you're the man.. thanks for doing what I was too lazy to do
Post a Comment