med-v 2.0 trial guide
TRANSCRIPT
Trial Guide
This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
2011 Microsoft Corporation. All rights reserved.Microsoft, Windows, Windows Vista, Active Directory, Microsoft SQL Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Evaluation Guide
Trial Guide
Contents
1 Introduction to the Trial Guide..........................................................................3
2 Overview of Microsoft Enterprise Desktop Virtualization...................................42.1 What’s New in MED-V 2.0.............................................................................................52.2 MED-V 2.0 Components...............................................................................................7
3 Trial System Requirements.............................................................................8
4 Setting up the MED-V 2.0 Environment..........................................................104.1 Configure the MEDVADMIN Administration computer................................................104.2 Installing the MED-V Workspace Packager.................................................................124.3 Installing the MED-V Host Agent................................................................................12
5 Preparing a Virtual PC Image for MED-V........................................................135.1 Configure the Windows XP Mode Virtual Machine......................................................135.2 Sealing the MED-V Image Using Sysprep...................................................................155.3 Merge the Virtual Hard Disk.......................................................................................18
6 Deploying the MED-V Workspace...................................................................196.1 Create a Workspace Deployment Package.................................................................206.2 Deploying the MED-V Workspace...............................................................................226.3 Testing the MED-V Workspace...................................................................................23
7 Manage a MED-V Workspace.........................................................................267.1 Managing URL Redirection.........................................................................................267.2 Manage MED-V Workspace Settings...........................................................................27
8 MED-V Administration Toolkit.......................................................................28
9 Operations Security Best Practices................................................................30
10........................................................................Appendix A: Preparing an image for Sysprep32
Trial Guide
1 Introduction to the Trial Guide
This trial guide is designed to help you quickly set up a Microsoft Enterprise Desktop Virtualization (MED-
V) evaluation in a test environment. This guide provides details of the steps necessary to install Microsoft
MED-V components, for both the Microsoft MED-V Workspace Packager and MED- V Host Agent. This
guide creates an environment where a Windows XP-based guest (virtual machine) with applications can
be integrated into a Windows® 7 host machine. The guide includes: Installation of the MED-V Workspace
Packager and MED-V Host Agent, preparing a Windows Virtual PC-based virtual machine for MED-V,
creating and deploying a MED-V workspace, administering MED-V, troubleshooting, and exploring the
MED-V Administration Toolkit.
To help this process flow as smoothly as possible, we recommend that you read this guide carefully
before installing the Microsoft MED-V platform.
AUDIENCE FOR THIS GUIDE
This guide was written for Microsoft Windows system administrators. As an information technology (IT)
professional, you should have sufficient knowledge and experience to accomplish the following tasks.
Set up operating systems and install applications
Add computers to domains
Set up and work comfortably Active Directory® Domain Service and Microsoft Domain Name
System (DNS)
Familiarity with Windows Virtual PC
PRODUCT DOCUMENTATION
Comprehensive documentation for MED-V is available on Microsoft TechNet in the MED-V TechCenter at
http://go.microsoft.com/fwlink/?LinkId=207065 . The TechNet documentation includes the online Help for
Getting Started with MED-V, Planning and Deployment, Operations, and Troubleshooting.
3
Trial Guide
2 Overview of Microsoft Enterprise Desktop Virtualization
Microsoft Enterprise Desktop Virtualization, a core component of the Microsoft Desktop Optimization Pack
(MDOP) for Software Assurance, enables deployment and management of Microsoft Windows Virtual PC
desktops to enable key enterprise scenarios.
Incompatibility of applications with newer versions of Microsoft Windows can delay enterprise operating
system (OS) upgrades. Testing and migrating applications can be time-consuming, and meanwhile users
are unable to take advantage of the new capabilities and enhancements offered by the new OS.
By delivering applications in a Windows Virtual PC that runs a previous version of Windows XP, MED-V
removes the barriers to OS upgrades and allows administrators to complete testing and to deal with
incompatible applications after the upgrade.
From the user’s perspective, these applications are accessible from the standard desktop Start menu and
appear side-by-side with native applications—so there is minimal change to the user experience.
MED-V helps enterprises upgrade to the latest version of Windows when some applications are not yet
functional or supported. MED-V enables customers to migrate to Windows 7 while still leveraging existing
legacy Windows XP line of business applications.
4
Trial Guide
2.1 What’s New in MED-V 2.0
MED-V 2.0 contains the following improvements since version 1.0. If you are an experienced MED-V 1.0 administrator using this guide to evaluate MED-V 2.0, please take note.
MED-V WORKSPACE CREATION
MED-V Workspace Packages must be created by using Windows Virtual PC. Existing Virtual PC 2007
images must be migrated. The virtual machine Prep tool is not included in MED-V 2.0 and administrators
should configure, update, and optimize their images according to the MED-V 2.0 help file. Running
Sysprep on the MED-V image is a required step and must be performed prior to packaging.
MED-V WORKSPACE PACKAGING
The MED-V Workspace Packager packages the virtual hard drive with the appropriate settings and image
so that it can be easily deployed by administrators. Advanced features are provided in the background
using Windows PowerShellTM. This functionality replaces some of the former console abilities and
functionality that managed centralized functions of MED-V.
MED-V WORKSPACE DISTRIBUTION
Dedicated server infrastructure is no longer required for MED-V 2.0 and the client pull method for
deploying MED-V workspaces has been removed. MED-V workspaces are now deployed using electronic
software distribution (ESD) infrastructure and can be stored on common shares that are used for other
installation packages.
FIRST TIME SETUP
The first time setup process is now integrated with the standard imaging convention of Sysprep. The
MED-V workspace first time setup process can dynamically apply settings specified in the MED-V
Workspace Packager to the image as it begins Mini-Setup. The scripting tool in the console has been
removed and the first time setup process is now based on options that are specified in the sysprep.inf file
and configured in the MED-V Workspace Packager by the administrator.
APPLICATION PUBLISHING
Administrators can install applications on the MED-V image either prior to packaging, after the MED-V
workspace has been deployed, or by using a combination of both. MED-V no longer looks at MED-V
workspace policy to publish applications, but instead refers to what is actually installed on the guest. As
5
Trial Guide
applications are installed on the guest, they are automatically detected and published to the host Start
menu and are ready to be started by the end user.
URL REDIRECTION
MED-V 2.0 provides seamless host-to-guest web address redirection based on the settings configured
and managed by the administrator. After a URL is redirected to the guest browser, the default experience
is to attempt to limit the user to that redirected site. This minimizes the browsing activities that a user can
perform that are not intended by the administrator. Guest-to-host browser redirection was removed.
TROUBLESHOOTING
MED-V now leverages standard host-based processes for troubleshooting. Because the MED-V
workspace in no longer encrypted, it can be opened in full-screen mode within the Windows Virtual PC
console, where it can be viewed and worked with as a standard workstation. In addition, the logs are no
longer encrypted locally or logged centrally. MED-V now makes extensive use of the local event logs, and
the logging level of the output – from informational to debug levels – is easily configured. Finally, a
troubleshooting toolkit is now provided so administrators and help-desk personnel can have a graphical,
aggregated view of all the troubleshooting options, and they can effortlessly select the activities that best
suit their needs.
MED-V is no longer run as a system service. Instead, it is run as user-owned processes and it only runs
when a user is logged on. Functionality that was formerly provided by the system-owned service is now
provided in the user-side processes.
6
Trial Guide
2.2 MED-V 2.0 Components
MED-V WORKSPACE PACKAGER
The MED-V Workspace Packager is responsible for converting a prepared Windows Virtual PC image in
to a MED-V compatible workspace package. It facilitates packaging the MED-V Workspace Package in
such a way that it can be easily distributed via any ESD method and configures how the MED-V
Workspace will interoperate with the host desktop. The MED-V Workspace Packager provides step-by-
step guidance on how to create MED-V workspaces and contains wizards that help in the process.
MED-V HOST AND GUEST AGENT
There are two separate but related components to the MED-V 2.0 solution: the MED-V Host Agent and
Guest Agent. The Host Agent resides on the host computer (a user’s computer that is running Windows
7) and provides a channel to communicate with the MED-V Workspace (the MED-V virtual machine
running in the host computer). It also provides certain MED-V related functionality, such as application
publishing. The MED-V software contained in the MED-V Guest Agent provides a channel to
communicate with the MED-V host. It also supports the MED-V Host Agent with functions like performing
first time setup. The MED-V Guest Agent is installed initially during first time setup and is updated by the
Host Agent post installation.
7
Trial Guide
3 Trial System Requirements
The following section lists the computer systems used for this evaluation.
This Trial Guide was designed to allow you to explore the features of Microsoft Enterprise Desktop
Virtualization. This document was not designed for evaluating how Microsoft Desktop Virtualization
should be implemented in a production environment. As such, it is strongly recommend that the trial be
implemented in a test lab environment using new or unused physical or virtual machines following the
exact configurations described in this guide.
SYSTEMS DIAGRAM
8
Trial Guide
SYSTEM CONFIGURATION
MED-V Administration Machine
Note: For the purpose of the Trial Guide this machine will be referred to as… MEDVADMIN
This machine must be a physical machine meeting the following requirements:
Requirements for Trial Guide Installed During Trial Guide• Windows 7 Professional, Enterprise, or
Ultimate (32- or 64-Bit)
• 2GB of RAM
• 40GB Hard Drive (C: partition with at least 20GB of free space)
• Network Connectivity to MEDVDC
• Windows Virtual PC
• Windows XP Mode Virtual Machine1
Note: For the purpose of the Trial Guide this machine will be referred to as Windows XP MODE
• Windows Update KB977206
Note: Not necessary if Windows 7 SP1 is installed
• MED-V Host Agent
• MED-V Workspace Packager
Windows Domain Controller
This machine can be physical or virtual. During this trial, the Domain Controller will only be used to create and authenticate computer and user accounts.
Note: For the purpose of the Trial Guide this machine will be referred to as… MEDVDC
Requirements for Trial Guide Optional During Trial Guide• Windows Server 2008 or 2008 R2
• Active Directory Domain Services Installed with DNS
• Additional User Accounts
Note: Additional user accounts are for testing only and will not be covered during the trial guide.
1 While it is possible to use the Windows XP Mode image with MED-V 2.0 for trial or proof of concept purposes, Microsoft recommends that customers build images for MED-V based on their volume license media as this allows customers to have a higher level of control over their MED-V workspace environment. For production use, customers should use volume license media to create Windows OS images as the Windows XP Mode virtual image is not covered under Virtual Desktop Access (VDA) or Windows Software Assurance virtualization rights.
9
Trial Guide
4 Setting up the MED-V 2.0 Environment
This section with walk you throw the process of preparing the MED-V environment for use:
Configuring the MEDVADMIN Administration computer
Installing the MED-V Workspace Packager
Installing the MED-V Host Agent
4.1 Configure the MEDVADMIN Administration computer
This process will configure the MEDVADMIN machine for use with Windows Virtual PC, XP Mode and MED-V.
1. Join the MEDVADMIN machine to the domain and restart the machine.
2. Apply all windows updates to the machine.
3. Ensure the .NET Framework 3.5 SP1 Windows feature is enabled in Control Panel\Programs and Features\Turn Windows Features On or Off.
4. Install Windows XP Mode:
a. Click on the link to the Windows XP Mode with Virtual PC Home Page: Windows XP Mode with Virtual PC
b. Select your edition of Windows 7 and desired language for the installation.
c. Click Download Windows XP Mode (Step 2), save the installation file to C:\TrialGuide.
Note: You may be prompted to run validation. If so, run through validation in order to download Windows XP Mode.
d. Click Download Windows Virtual PC (Step 3), save the installation file to C:\TrialGuide.
e. Click Update Windows XP Mode (Step 4), save the installation file to C:\TrialGuide.
f. Open C:\TrialGuide and launch WindowsXPMode_en-us.exe to install the XP Mode virtual machine.
g. Welcome to Setup for Windows XP Mode, click Next.
h. Accept the default destination folder for installing Windows XP Mode, then click Next.
i. Setup Completed, deselect Launch Windows XP Mode and click Finish.
10
Trial Guide
j. Next, launch Windows6.1-KB958559-xZZ-RefreshPkg.msu to install Windows Virtual PC, where ZZ will be the bit version (x86 or x64), which was selected during the initial selection of downloads.
k. Click Yes to install the Windows Update (KB958559).
l. Accept the Microsoft Software License Agreement.
m. Installation Complete, click Restart Now.
n. (Optional) After restarting, open C:\TrialGuide and launch Windows6.1-KB977206-xZZ.msu to install the XP Mode Update, where ZZ will be the bit version (x86 or x64) based on selection during download portion and click Yes to install the Windows Software Update and upon completion click Restart Now.
Note: This last update is only required if the machine used as the MEDVADMIN machine doesn’t support hardware-assisted virtualization or it isn’t enabled in the BIOS.
Note: If the Windows 7 machine has Service Pack 1 installed, this is also not required as it has already been applied.
11
Trial Guide
4.2 Installing the MED-V Workspace Packager
This process will walk you through installing the MED-V Workspace Packager on the MEDVADMIN machine. The Workspace Packager will be used later to package the MED-V Workspace for distribution to clients and define how the image will interoperate with the host desktop.
Perform the following steps on the MEDVADMIN computer:
1. Double-click the MED-V_WorkspacePackager_setup.exe installer file to start the installation.
2. The Microsoft Enterprise Desktop Virtualization (MED-V) Workspace Packager Setup wizard opens. Click Next to continue.
3. Accept the Microsoft Software License Terms, and then click Next.
4. Accept the default destination folder for installing the MED-V Workspace Packager, and then click Next.
5. On the Ready to Install MED-V Workspace Packager page, click Install.
6. After the installation is completed successfully, click Finish to close the wizard.
7. To verify that the installation of the MED-V Workspace Packager was successful, click Start\All Programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager.
4.3 Installing the MED-V Host Agent
This process will walk you through installing the MED-V Host Agent on the MEDVADMIN machine. The Host Agent is the MED-V component that facilitates communication between the host and the MED-V Workspace that is providing the MED-V functionality to the end user.
Perform the following steps on the MEDVADMIN computer:
1. Double-click the MED-V_HostAgent_Setup.exe installer file to start the installation.
1. The Microsoft Enterprise Desktop Virtualization (MED-V) Host Agent Setup wizard opens. Click Next to continue.
2. Accept the Microsoft Software License Terms, and then click Next.
3. Accept the default destination folder for installing the MED-V Host Agent. Click Next.
4. To begin the installation, click Install.
5. After the installation is completed successfully, click Finish to close the wizard.
12
Trial Guide
5 Preparing a Virtual PC Image for MED-V
MED-V requires preparation of a Windows Virtual PC virtual machine image before moving forward with configuring for deployment using MED-V. This section will walk through:
Configuring the Microsoft Windows 7 XP Mode virtual machine for use as a MED-V Workspace image.
Sealing the MED-V Image using Sysprep
5.1 Configure the Windows XP Mode Virtual Machine
Perform the following steps on the MEDVADMIN computer to setup WINDOWS XP MODE:
1. Click Start\All Programs\Windows Virtual PC\Windows XP Mode to start Setup.
2. Accept the Microsoft XP Mode License Agreement, click Next.
3. Installation folder and credentials:
a. Accept the default installation directory.
b. Enter and Confirm Password, click Next.
4. Help protect your computer, choose Not right now, click Next.
5. Setup will share drives on this computer with Windows XP Mode, click Start Setup.
6. The setup process for the Windows XP Mode will take a few minutes to complete.
Important: MED-V requires the installation of the Integration Components package. As this guide is using the XP Mode virtual machine, the integration components are already installed. If you are creating your own virtual machine, see the following link for more information: Install the Integration Components Package
7. RemoteApp Update: After installing the Integration Components package, you are prompted to install the following update: "Update for Windows XP SP3 to enable RemoteApp". This is a required component for MED-V.
Important: If you are not prompted to install the RemoteApp update, you can download and install it on the Windows XP Mode virtual machine manually from the following link: Update for Windows XP SP3 to enable RemoteApp
Reboot the virtual machine after the install of RemoteApp is complete.
13
Trial Guide
8. From the Windows XP Mode virtual machine, block Internet Explorer 7 and 8 automatic updates:
Download the IE7BlockerToolkit.exe: Toolkit to Disable Automatic Delivery of IE7
Download the IE8BlockerTookit.exe: Toolkit to Disable Automatic Delivery of IE8
o The downloaded files, when run, will ask where to place extracted files. Enter C:\
TrialGuide then click Yes to confirm creation of the directory.
o Once complete, open command prompt and change directory to C:\TrialGuide.
Enter the following command including the periods:
IE70Blocker.cmd . /B
IE80Blocker.cmd . /B
9. Install the .NET Framework 3.5 SP1: Microsoft .NET Framework 3.5 Service Pack 1 .
10. Apply all Windows Updates to the Windows XP Mode machine by running Windows Update.
11. Download and install the Microsoft XML Notepad 2007 application.
a. Note: XML Notepad will normally work natively on Windows 7. The installation of XML Notepad has been included as a way to demonstrate MED-V application interoperability with the Windows 7 host and is NOT a requirement for MED-V to function in any environment.
12. Create a shortcut to the Microsoft XML Notepad 2007 application in the C:\Documents and Settings\All Users\Start Menu.
13. Enable the local Administrator account and assign it a password:
a. In Computer Management, expand Local Users and Groups, select Users, right-click Administrator and select Properties.
b. Uncheck the Account is disabled box and click Ok.
c. Right-click the Administrator account, select Set Password and click Proceed.
d. Provide a password for the local Administrator account, click Ok and click Okay.
Note: Be sure to remember this password for the local administrator account.
Since the Windows XP Mode virtual machine is being used for this trial no further preparation is required to perform further clean up or compacting of the Windows XP Mode virtual machine before moving on to the Sysprep phase.
In the future, if you decide to prepare your own Windows Virtual PC images for use with MED-V, you may wish to perform these additional tasks in order to minimize the overall size of the Windows
14
Trial Guide
Virtual PC Image before moving on to Sysprep. Information regarding these additional steps is provided in Appendix A.
5.2 Sealing the MED-V Image Using Sysprep
After you have installed everything that you want to include in your Windows Virtual PC image, you can configure the image for use in MED-V. This section provides guidance for configuring your MED-V image using Sysprep to run first-time setup (FTS) prior to creating your workspace package.
First-time setup prepares a MED-V workspace for use by the end user. The process creates a virtual machine from the image packaged in the MED-V workspace and then runs Windows Mini-Setup on the virtual machine. This includes the running of custom setup scripts and the first time setup completion application, FtsCompletion.exe.
Perform the following steps on the Windows XP Mode computer:
1. Click Start\All Programs\Windows Virtual PC\Windows XP Mode to start the virtual machines.
2. Create a folder named Sysprep in the root of the MED-V image C: drive.
3. Download the Windows XP Service Pack 3 Deployment Tools (deploy.cab).
4. Right click and extract the deploy.cab file and copy Sysprep.exe, Setupcl.exe and Setupmgr.exe to the Sysprep folder.
Note: For the step-by-step process on how to use the System Preparation Tool (Sysprep) click here.
5. From the Sysprep folder, double click Setupmgr.exe to start the Windows Setup Manager Wizard, and then click Next on the Welcome screen.
6. On the New or Existing Answer File, leave Create new checked, and then click Next.
7. On the Product to Install, choose Sysprep setup, click Next.
8. On the Platform screen, choose Windows XP Professional, the click Next.
9. License Agreement screen, select Yes, fully automate the installation, and click Next.
10. Complete the answer file questions with the following information:
a. Name and Organization: Enter the name and organization appropriate for destination computers.
b. Display Settings: Leave the defaults.
c. Time Zone: Select the appropriate time for destination computers.
d. Product Key: Enter the product key that was provided in the file that was included with the XP Mode virtual machine. This can be found on the MEDVADMIN computer in C:\Program Files\Windows XP Mode\Key.txt.
15
Trial Guide
NOTE: The product key is not validated in this form and you will not be warned if it is entered incorrectly. Make sure to check that the key is correct.
e. Computer Name: Select Automatically generate computer name.
f. Administrator Password: Select Use the following Administrator password and type the password for the Administrator account. Also, select When a destination computer starts, automatically log on as Administrator and set the Number of times to log on automatically to 1.
g. Networking Components: Select Typical Settings.
h. Workgroup or Domain:
Click Domain then enter in the domain name for the Active Directory domain created for the Trial Guide Example: Contoso.com.
Click the check box for Create a computer account in the domain.
Specify a user account that has permission to add a computer to the domain and enter and confirm the password.
Click Next.
Important: You must configure the MED-V guest to join the domain specifying an account that has permission to add a computer to the domain.
i. Telephony: Click Next.
j. Regional Settings: Click Next, unless specific regional settings are required.
k. Languages: Select any languages required to support end users. Click Next.
l. Install Printers: Click Next.
m. Run Once: Add the following commands, and then click Next.
wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%\
c:\Program Files\Microsoft Enterprise Desktop Virtualization\FtsCompletion.exe
n. Additional Commands: Click Next.
o. Identification String: Click Next.
11. After completing the answer file select Finish. A message box appears stating that Setup Manager created an answer file with the settings provided.
16
Trial Guide
12. Save the answer file in the C:\Sysprep directory created earlier and select OK. Click Cancel on the Setup Manager screen or File and Exit.
13. From the C:\Sysprep, execute the System Preparation Tool (Sysprep.exe).
14. Select OK when the warning prompt appears.
15. The Sysprep Properties dialog appears.
Select Don’t reset grace period for activation.
Select Use Mini-Setup.
16. Click Reseal. A confirmation prompt appears. Select OK. Sysprep will complete and the machine will shut down.
17. After you have run Sysprep on your Virtual PC, image, the virtual machine shuts down the next step is Merging the hard disk into one VHD file.
17
Trial Guide
5.3 Merge the Virtual Hard Disk
This section is required only because we are using the XP Mode virtual machine. The XP Mode machine creates a differencing disk when first launched and stores all changes in the differencing disk. In order to allow this virtual machine to work with MED-V, we need to merge these disks in to one VHD. The steps in this section may not be necessary when using your own virtual machine.
1. Click Start\All Programs\Windows Virtual PC\Windows Virtual PC.
2. Right-Click the Windows XP Mode Virtual Machine from the list and select Settings.
3. Select Hard Disk 1 from the list of settings.
4. Select Modify to start the Virtual PC Modify virtual hard disk wizard.
5. Select Merge virtual hard disk.
6. Select the New File radio button, enter C:\VM\XPMode and click Merge. Select Yes at the warning.
7. Select OK to close the wizard.
18
Trial Guide
6 Deploying the MED-V Workspace
Before the MED-V image can be used it must be packaged and deployed to MED-V hosts.
This section will walk you through:
Creating a MED-V workspace package
Deploying the MED-V workspace package
Testing the MED-V workspace
6.1
19
Trial Guide
6.1 Create a Workspace Deployment Package
A MED-V workspace is the Windows XP desktop environment that hosts legacy Windows and Internet Explorer-based applications. You can create multiple MED-V workspaces, each customized with its own applications, configuration, settings, and rules, and deploy one workspace per Windows 7 host.
The MED-V Workspace Packager is divided into two main sections:
1. The main panel that includes three buttons you use to create and manage MED-V workspaces.
2. A Help Center on the right side of the GUI that provides information and guidance to help you create, test, and manage MED-V workspaces.
20
Trial Guide
CREATING A WORKSAPCE PACKAGE
Perform the following steps on the MEDVADMIN computer:
1. Open the MED-V Workspace Packager, click Start\All programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager.
2. On the MED-V Workspace Packager main panel, click Create a MED-V Workspace Package.
a. Package Information:
Specify the MED-V workspace package name. Enter: MED-V Trial
Specify the MED-V workspace package folder: Enter: C:\MED-V Trial
b. Select Windows XP Virtual Image: Click Browse to the location for the merged Virtual hard drive (C:\VM\XPMode.vhd). Click Open and then Click Next.
c. Select First Time Setup Settings which specify the process that MED-V follows during first time setup.
Unattended setup, but notify end users before first time setup begins.
Create a unique MED-V workspace for each user of the computer.
Automatically add MED-V workspace users to the Administrators group.
Select these settings then click Next.
d. MED-V Messages Screen: Review the specific messages and click Next to accept the defaults.
e. Naming Computers: Specifies how the MED-V virtual machine is named. Select “Let MED-V manage computer names.” Note the default is “MEDV” + random fill. Click Next.
f. Copy Settings from Host: Specifies how the settings for the MED-V workspace are defined. Select Settings to copy from Host Computer to the MED-V workspace. Choose:
Copy regional settings
Copy user settings
Copy domain name
Copy domain organizational unit
Then click Next.
21
Trial Guide
g. Startup and Networking: Review the default settings for starting the MED-V workspace, networking, and under Store Credentials, select Enabled, and then click Next.
h. Web Redirection:
i. URL redirection contains those URLs that you want redirected from the host computer to Internet Explorer 6 in the MED-V workspace. When you are using the packaging wizard to create the MED-V workspace, you type, import or copy and paste this redirection information.
Enter each web address on a single line. For example:
http://www.medvdemo.comhttp://*.contoso.comhttp://www.microsoft.com/silverlight
ii. Select Do no change the Internet zone security level and Remove default browsing capabilities and click Next.
i. Summary: Verify your MED-V workspace settings then click Create and start to build the MED-V workspace deployment package.
3. Click Close to close the packaging wizard and return to the MED-V Workspace Packager.
6.2 Deploying the MED-V Workspace
After you have created your MED-V installer package, you can deploy it throughout your enterprise by using your company’s preferred method of provisioning software and other applications or manually.
For the purpose of the Trial Guide the following procedures will deploy the MED-V workspace manually.
Note: For the purpose of demonstrating printer redirection in this Trial Guide, if one is available, we recommend having a network printer installed that also has Windows XP drivers and is already configured as a printer on the MEDVADMIN machine.
TO DEPLOY A WORKSPACE MANUALLY
1. On the MEDVADMIN computer ensure the following files are in the MED-V package folder you specified when creating the package.
C:\MED-V Trial
XPMode.medv
setup.exe
MED-V Trial.msi
MED-V Trial.ps1
22
Trial Guide
MED-V Trial.reg
2. On the MEDVADMIN computer browse to C:\MED-V Trial
3. In the MED-V Trial folder double click setup.exe to start the installation of the MED-V workspace.
4. On the Welcome to the MED-V Trial Setup Wizard, click Next.
5. Ready to install MED-V Trial, click Install.
Note: This will start the installation of the VHD file and may take several minutes.
6. On the MED-V Trial Setup Wizard Complete window, leave the check mark in the box next to Start MED-V, and then click Finish.
This will start the initiation of the workspace. The Set up the MED-V Workspace window will open indicating the virtual environment is being created for application compatibility. Click the Start button to begin the installation immediately.
You will be prompted to enter your credentials that are used to log in to the MED-V workspace. This is where MED-V end users will enter their domain credentials. Enter the credentials to continue. Check the Remember my credentials checkbox and click Ok.
On the Task Bar the MED-V 2.0 icon is available. Hover the mouse over the MED-V icon and the message “Setting up the MED-V Workspace for use” will be displayed. Again this could take some time.
As the process of Setting up the MED-V Workspace continues, the message “The MED-V Workspace is initializing” will be displayed over the MED-V icon.
7. At the completion of the MED-V configuration, a balloon message will appear stating “The MED-V Workspace was successfully setup.”
Again, hover the mouse over the MED-V icon on the system tray and a message will be displayed indicating “The MED-V workspace Applications are Ready for Use.”
6.3 Testing the MED-V Workspace
The topics in this section provide instructions to test the deployed MED-V workspace. You can verify the settings that you configured in your MED-V workspace on the MEDVADMIN computer by performing the following tasks.
23
Trial Guide
HOW TO TEST URL REDIRECTION
1. Open an Internet Explorer browser in the MEDVADMIN computer and test the following URLs:
http://www.medvdemo.comhttp://www.contoso.com http://www.microsoft.com/silverlight
2. Verify that the webpage is opened in Internet Explorer on the Windows XP Mode virtual machine.
3. Notice that the Internet Explorer bar has limited functionality that promotes users only using it for the websites that require Internet Explorer 6.
4. Repeat this process for each URL that you want to test.
HOW TO TEST MED-V APPLICATION AND DOCUMENT REDIRECTION
1. On the MEDVADMIN computer, click Start, All Programs and launch XML Notepad.
2. Not that the XML Notepad application launches within a Windows XP-style window. This shows that the application is running from within the MED-V workspace.
3. Ensure that the Tree View is selected and choose Insert | Comment | Before and type some text in the right pane.
4. Click File, Save As. Name the document Test and save it in the My Documents folder.
5. Close XML Notepad.
6. From the MEDVADMIN desktop, click Start, Documents. Notice that you see the Test document in the folder.
7. Double-click the Test document. Notice that XML Notepad re-opens from within MED-V. This is due to MED-V having created a File Type Association on the MEDVADMIN computer.
MANAGING PRINTERS IN MED-V WORKSPACES
In most cases, MED-V handles printer redirection automatically. After first time setup finishes, MED-V identifies all network printers installed on the host then installs the relevant drivers in the MED-V workspace. The network printer must have windows XP drivers installed and available for the printer to automatically be installed on the MED-V Workspace.
The following list offers some additional guidance:
MED-V only manages network printers.
MED-V only installs printer drivers if found on the print server.
24
Trial Guide
MED-V workspace users must be members of the Administrative group of the MED-V workspace to install third-party printer drivers.
Printers manually installed on the guest are not accessible to the host.
Perform the following steps to test the printing capabilities of the MED-V workspace.
1. Open Internet Explorer 8 and open http://www.medvdemo.com.
2. After it opens in Internet Explorer 6 click on File | Print.
3. Choose to print the document and drop down the list of available printers and select an appropriate printer.
25
Trial Guide
7 Manage a MED-V Workspace
After the MED-V Workstation is deployed to MED-V Hosts, it may be necessary to update MED-V configuration. This section provides guidance updating settings after deployment:
Managing URL Redirection
Managing MED-V Workspace Settings
7.1 Managing URL Redirection
After you deploy a MED-V workspace you can use the MED-V Workspace Packager to add or remove URL redirection in the MED-V workspace.
METHOD 1: MANAGE WEB REDIRECTION WITH THE MED-V WORKSPACE PACKAGER
1. To open the MED-V Workspace Packager, click Start\All Programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager.
2. On the MED-V Workspace Packager main panel, click Manage Web Redirection.
3. In the Manage Web Redirection window, you can type, paste, or import a list of the URLs that are redirected to Internet Explorer in the MED-V workspace.
4. Click Save as… to save the updated URL redirection files in the specified folder. MED-V then creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using your chosen method, such as a logon script or ESD solution, by creating a script that will merge the REG file settings with the local system.
METHOD 1: UPDATE URL REDIRECTION INFORMATION USING GROUP POLICY
Note: This method will overwrite any current settings for URL Redirection so all of the current URLs would need to be included unless the intent is in removal.
1. Launch GPMC.MSC on your Domain Controller.
2. Expand Domains, yourDomain, Group Policy Objects.
3. Right-click Group Policy Objects and click New.
4. In the Name field, enter MED-V Web Redirection and click Ok.
5. Right-click MED-V Web Redirection and select Edit.
6. Under Computer Configuration, expand Preferences, Windows Settings.
7. Right-click Registry and select New, Registry Item.
26
Trial Guide
8. Set Action to Replace. Set Hive to HKEY_LOCAL_MACHINE, Set Key Path to SOFTWARE\Microsoft\Medv\v2\UserExperience, Set Value Name to RedirectUrls, Set Value type to REG_MULTI_SZ. In Value data enter http://download.microsoft.com and click Ok.
9. Close the Group Policy Management Editor window.
10. Under Group Policy Objects, drag-and-drop the MED-V Web Redirection GPO to the OU that contains the MEDVADMIN machine.
Open Internet Explorer and browse to http://download.microsoft.com. Notice that the web page opens within the Internet Explorer 6 browser from the MED-V workspace.
7.2 Manage MED-V Workspace Settings
MANAGE SETTINGS IN A MED-V WORKSPACE
1. Open the MED-V Workspace Packager; click Start\All Programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager.
2. On the MED-V Workspace Packager main panel, click Manage Settings.
3. In the Manage Settings window, you can configure the following MED-V workspace settings:
a. Start MED-V workspace: Choose whether to start the MED-V workspace at user logon, at first use, or to let the end user decide when the MED-V workspace starts.
b. Networking: Choose Shared or Bridged for your networking settings. The default is Shared.
c. Store credentials: Choose whether you want to store the end user credentials.
4. Click Save as…to save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using your chosen method such as a logon script.
Note: MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create this updated registry file.
27
Trial Guide
8 MED-V Administration Toolkit
In the event that you are encountering issues with the operation of the MED-V Workspace and you wish to gather more detailed troubleshooting data, the MED-V Administration Toolkit lets you access and configure event logs, restart or reset the MED-V workspace, and view the published applications and redirected web addresses in the MED-V workspace. You can also use the Med-V Administrations Toolkit to open the MED-V workspace virtual machine in full-screen mode.
OPEN THE MED-V ADMINISTRATION TOOLKIT
1. From the Start menu of the host computer that contains the MED-V workspace you are troubleshooting, open the Command Prompt.
2. Navigate to C:\Program Files\Microsoft Enterprise Desktop Virtualization.
3. At the command prompt, type MedvHost /toolkit.
VIEWING AND CONFIGURING MED-V LOGS
1. On the MED-V Administration Toolkit window, click the Host Events (Windows 7) button to open the event viewer for the host computers. Or, click the Guest Events (Windows XP) button to open the event viewer for the guest virtual machine.
2. The event viewer opens and displays the corresponding event logs that you can use when troubleshooting issues with MED-V.
CONFIGURING MED-V EVENT LOGS
You can specify the MED-V event logging level by selecting the corresponding option button on the MED-V Administrations Toolkit. When setting the event logging level, it is set for both the host computer and the guest virtual machine.
RESTARTING AND RESETTING A MED-V WORKSPACE
Restarting the MED-V workspace is the same as restarting a physical computer. Resetting the MED-V workspace reruns first time setup, which deletes all data stored in the virtual machine. Typically you should only reset the MED-V workspace to resolve serious troubleshooting issues.
RESTARTING A MED-V WORKSPACE
1. On the MED-V Administration Toolkit window, click Restart MED-V Workspace. A dialog window opens for you to confirm that you want to restart the workspace.
2. Click Restart.
RESETTING A MED-V WORKSPACE
28
Trial Guide
1. On the MED-V Administration Toolkit window, click Reset MED-V Workspace. A dialog window opens for you to confirm that you want to reset the workspace.
Warning: Resetting the MED-V workspace causes first time setup to rerun; this reloads the original virtual hard drive. All data that has been stored in the MED-V workspace since first time setup will be deleted.
2. Click Reset.
VIEWING MED-V PUBLISHED APPLICATIONS
1. On the MED-V Administration Toolkit windows, click View Published Applications.
2. The published applications window opens and displays a list of the published applications in the MED-V workspace. You can use this information to troubleshoot certain issues, such as determining whether an application was published as expected.
VIEWING MED-V REDIRECTED WEB ADDRESSES
1. On the MED-V Administration Toolkit window, click View Redirected Web Addresses.
2. The Web Addresses Redirected to the MED-V Workspace windows open and displays a list of the redirected web addresses. You can use this information to troubleshoot certain issues, such as determining whether a web address was specified correctly for redirection.
OPENING THE MED-V WORKSPACE VIRTUAL MACHINE
1. On the Med-V Administration Toolkit window, click View MED-V Workspace Full Screen.
2. MED-V closes if it was running, and the MED-V workspace virtual machine opens in full screen mode. You can use this full screen window to easily access all of the components of the virtual machine that might be helpful in troubleshooting, such as its hard drive and settings files.
29
Trial Guide
9 Operations Security Best Practices
As an authorized administrator, you are responsible to protect the information of the users and maintain security of your organization during and after the deployment of MED-V workspaces. In particular, consider the following issues.
1. Customizing Internet Explorer in the MED-V workspace. Earlier versions of the Windows operating system and Internet Explorer are not as secure as current versions. Therefore, Internet Explorer in the MED-V workspace is configured to prevent browsing and other activities that can pose security risks. In addition, the Internet security zone setting for Internet Explorer in the MED-V workspace is set to the highest level. By default, both of these configurations are set in the MED-V Workspace Packager when you create your MED-V workspace package.
By using Internet Explorer Administration Kit (IEAK) or by changing the defaults in the MED-V Workspace Packager, you can customize the MED-V version of Internet Explorer. However, realize that if you customize Internet Explorer in the MED-V workspace in such a way as to make it less secure, you can expose your organization to those security risks that are present in older versions of Internet Explorer.
From a security perspective, best practices for managing the MED-V version of Internet Explorer are as follows:
When creating your MED-V workspace package, leave the defaults set so that the MED-V version of Internet Explorer is configured to prevent browsing and other activities that can pose security risks.
When creating your MED-V workspace package, leave the defaults set so that the security setting for the Internet security zone remains at the highest level.
Configure your enterprise proxy or Internet Explorer Content Advisor to block domains that are outside your company’s intranet.
2. Configuring a MED-V workspace for all users on a shared computer. When configuring a MED-V workspace so that it can be accessed by all users on a shared computer, realize that the guest virtual machine (VHD) is put in a location that gives Read and Write access to all users on that system.
3. Configuring a proxy account for domain joining. When configuring a proxy account for joining virtual machines to the domain, you must know that it is possible for an end user to obtain the proxy account credentials. Thus, necessary precautions must be taken, such as limiting account user rights, to prevent an end user from using the credentials for causing harm.
4. Sysprep Configuration. Although the Sysprep.inf file is encrypted by default, its contents can be decrypted and read by any determined end user who can successfully log on to the virtual machine. This raises security concerns because the Sysprep.inf file can contain credentials in addition to a Windows product key.
30
Trial Guide
You can lessen this risk by setting up a limited account for joining virtual machines to the domain and specifying the credentials for that account when configuring Sysprep. Alternately, you can also configure Sysprep and first time setup to run in Attended mode and require end users to provide their credentials for joining the virtual machine to the domain.
A MED-V best practice is to specify that FtsCompletion.exe is run under an account that gives the end user rights to connect to the guest through the Remote Desktop Connection (RDC) Client.
5. End-user authentication. Enabling the “startup and networking screen, store credentials, disable” caching of end user credentials provides the best user experience of MED-V, but creates the potential that someone could gain access to the end user’s credentials. The only way to lessen this risk is by electing to disable the caching of credentials in step 6.1.2.g.
31
Trial Guide
10Appendix A: Preparing an image for Sysprep
Although it is optional, it is recommended that you compact your virtual hard disk to reclaim empty space and reduce the size of the virtual hard disk.
COMPACTING THE VIRTUAL HARD DISK
Perform the following step on the MEDVADMIN computer:
PREPARING THE VIRTUAL HARD DISK
Perform the following steps on the WINDOWS XP MODE virtual machine:
1. Clear the DLL cache.
a. At a command prompt, type sfc /cachesize=1
b. Restart the virtual machine by clicking the Ctrl-Alt-Del button in the Virtual PC Toolbar, clicking the Shut Down button, setting the pull-down menu to Restart and clicking OK..
c. At a command prompt, type sfc /purgecache
2. Turn off System Restore. You can also specify this step in your Sysprep.inf file.
a. In the Control Panel, change to Classic View, double-click System, and then select the System Restore tab.
b. Select Turn off System Restore and then click OK.
3. Set maximum event log sizes and clear all events.
a. Open the event viewer.
b. Right-click on Application and click Properties.
c. In the Log Size area, set Maximum Log Size to 512KB and then select Overwrite events as needed.
d. Click Clear Log. In the Event Viewer dialog box that appears, click No.
e. In the Properties window, click OK.
f. Repeat steps a through e for the Security and System logs.
4. Run the Disk Cleanup Tool.
In the Start menu, select All Programs\Accessories\System Tools\Disk Cleanup.
32
Trial Guide
5. Remove the page file.
a. In the Control Panel, double –click System, and then select the Advanced tab.
b. In the Performance area, click Settings.
c. Select the Advanced tab. In the Virtual Memory area, click Change.
d. Select the No paging file button, click Set, click Ok, Ok and click Ok
e. Click Yes to restart the virtual machine.
f. Once the virtual machine has restarted after removing the page file, from within the virtual machine, Shut Down the virtual machine by clicking the Ctrl-Alt-Del button in the Virtual PC Toolbar, clicking the Shut Down button, setting the pull-down menu to Shut down and clicking OK.
DEFRAGMENTING AND PRE-COMPACTING THE VIRTUAL HARD DISK
Perform the following step on the MEDVADMIN computer:
1. In Control Panel on the host computer that is running Windows 7, click Administrative Tools, double-click Computer Management, then click Disk Management.
2. By using the Disk Management Console, attach (mount) the virtual hard disk and then defragment the disk.
3. By using an ISO extraction tool, extract the precompact.iso located in the \Program Files\Windows Virtual PC\Integration Components folder.
4. Use the precompact.exe program to compress the Windows XP virtual hard disk.
5. By using the Disk Management Console, detach the virtual hard disk.
COMPACTING THE VIRTUAL HARD DISK
Perform the following step on the MEDVADMIN computer:
1. Open Windows Virtual PC.
2. Click Start, click All Programs, click Windows Virtual PC, then click Windows Virtual PC.
3. Right-click your Windows XP image and select Settings.
4. Click Hard Disk for the one that corresponds to your Windows XP image, and then click Modify.
5. Click Compact virtual hard disk.
6. Click Compact and then click OK.
33
Trial Guide
7. Create a backup copy of your Windows XP image by making and storing an additional copy of the .vhd file located in the directory that you specified in step 4.1.4.e, after it has been compacted.
34