Med-V 2.0 Trial Guide
Med-V 2.0 Trial Guide
Med-V 2.0 Trial Guide
This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista, Active Directory, Microsoft SQL Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Trial Guide
Contents
1 Introduction to the Trial Guide ................................................................................................ 3 2 Overview of Microsoft Enterprise Desktop Virtualization ..................................................... 4 2.1 Whats New in MED-V 2.0 ........................................................................................................5 2.2 MED-V 2.0 Components ...........................................................................................................7 3 Trial System Requirements ................................................................................................... 8 4 Setting up the MED-V 2.0 Environment .............................................................................. 10 4.1 Configure the MEDVADMIN Administration computer .............................................................. 10 4.2 Installing the MED-V Workspace Packager .............................................................................. 12 4.3 Installing the MED-V Host Agent ............................................................................................ 12 5 Preparing a Virtual PC Image for MED-V ............................................................................ 13 5.1 Configure the Windows XP Mode Virtual Machine .................................................................... 13 5.2 Sealing the MED-V Image Using Sysprep ................................................................................ 15 5.3 Merge the Virtual Hard Disk ................................................................................................... 18 6 Deploying the MED-V Workspace ....................................................................................... 19 6.1 Create a Workspace Deployment Package .............................................................................. 20 6.2 Deploying the MED-V Workspace ........................................................................................... 22 6.3 Testing the MED-V Workspace ............................................................................................... 23 7 Manage a MED-V Workspace .............................................................................................. 26 7.1 Managing URL Redirection ..................................................................................................... 26 7.2 Manage MED-V Workspace Settings ....................................................................................... 27 8 MED-V Administration Toolkit ............................................................................................ 28 9 Operations Security Best Practices ..................................................................................... 30 10 Appendix A: Preparing an image for Sysprep ..................................................................... 32
Evaluation Guide
Trial Guide
PRODUCT DOCUMENTATION
Comprehensive documentation for MED-V is available on Microsoft TechNet in the MED-V TechCenter at http://go.microsoft.com/fwlink/?LinkId=207065. The TechNet documentation includes the online Help for Getting Started with MED-V, Planning and Deployment, Operations, and Troubleshooting.
Trial Guide
Trial Guide
APPLICATION PUBLISHING
Administrators can install applications on the MED-V image either prior to packaging, after the MED-V workspace has been deployed, or by using a combination of both. MED-V no longer looks at MED-V workspace policy to publish applications, but instead refers to what is actually installed on the guest. As
Trial Guide
applications are installed on the guest, they are automatically detected and published to the host Start menu and are ready to be started by the end user.
URL REDIRECTION
MED-V 2.0 provides seamless host-to-guest web address redirection based on the settings configured and managed by the administrator. After a URL is redirected to the guest browser, the default experience is to attempt to limit the user to that redirected site. This minimizes the browsing activities that a user can perform that are not intended by the administrator. Guest-to-host browser redirection was removed.
TROUBLESHOOTING
MED-V now leverages standard host-based processes for troubleshooting. Because the MED-V workspace in no longer encrypted, it can be opened in full-screen mode within the Windows Virtual PC console, where it can be viewed and worked with as a standard workstation. In addition, the logs are no longer encrypted locally or logged centrally. MED-V now makes extensive use of the local event logs, and the logging level of the output from informational to debug levels is easily configured. Finally, a troubleshooting toolkit is now provided so administrators and help-desk personnel can have a graphical, aggregated view of all the troubleshooting options, and they can effortlessly select the activities that best suit their needs. MED-V is no longer run as a system service. Instead, it is run as user-owned processes and it only runs when a user is logged on. Functionality that was formerly provided by the system-owned service is now provided in the user-side processes.
Trial Guide
Trial Guide
Trial Guide
SYSTEM CONFIGURATION MED-V Administration Machine Note: For the purpose of the Trial Guide this machine will be referred to as MEDVADMIN This machine must be a physical machine meeting the following requirements: Requirements for Trial Guide Windows 7 Professional, Enterprise, or Ultimate (32- or 64-Bit) 2GB of RAM 40GB Hard Drive (C: partition with at least 20GB of free space) Network Connectivity to MEDVDC Installed During Trial Guide Windows Virtual PC Windows XP Mode Virtual Machine
1
Note: For the purpose of the Trial Guide this machine will be referred to as Windows XP MODE Windows Update KB977206 Note: Not necessary if Windows 7 SP1 is installed MED-V Host Agent MED-V Workspace Packager
Windows Domain Controller This machine can be physical or virtual. During this trial, the Domain Controller will only be used to create and authenticate computer and user accounts. Note: For the purpose of the Trial Guide this machine will be referred to as MEDVDC Requirements for Trial Guide Windows Server 2008 or 2008 R2 Active Directory Domain Services Installed with DNS Optional During Trial Guide Additional User Accounts
Note: Additional user accounts are for testing only and will not be covered during the trial guide.
While it is possible to use the Windows XP Mode image with MED-V 2.0 for trial or proof of concept purposes, Microsoft recommends that customers build images for MED-V based on their volume license media as this allows customers to have a higher level of control over their MED-V workspace environment. For production use, customers should use volume license media to create Windows OS images as the Windows XP Mode virtual image is not covered under Virtual Desktop Access (VDA) or Windows Software Assurance virtualization rights.
Trial Guide
g. Welcome to Setup for Windows XP Mode, click Next. h. Accept the default destination folder for installing Windows XP Mode, then click Next. i. Setup Completed, deselect Launch Windows XP Mode and click Finish.
10
Trial Guide
j.
Next, launch Windows6.1-KB958559-xZZ-RefreshPkg.msu to install Windows Virtual PC, where ZZ will be the bit version (x86 or x64), which was selected during the initial selection of downloads. Click Yes to install the Windows Update (KB958559). Accept the Microsoft Software License Agreement.
k. l.
m. Installation Complete, click Restart Now. n. (Optional) After restarting, open C:\TrialGuide and launch Windows6.1-KB977206xZZ.msu to install the XP Mode Update, where ZZ will be the bit version (x86 or x64) based on selection during download portion and click Yes to install the Windows Software Update and upon completion click Restart Now. Note: This last update is only required if the machine used as the MEDVADMIN machine doesnt support hardware-assisted virtualization or it isnt enabled in the BIOS. Note: If the Windows 7 machine has Service Pack 1 installed, this is also not required as it has already been applied.
11
Trial Guide
12
Trial Guide
13
Trial Guide
8. From the Windows XP Mode virtual machine, block Internet Explorer 7 and 8 automatic updates: Download the IE7BlockerToolkit.exe: Toolkit to Disable Automatic Delivery of IE7 Download the IE8BlockerTookit.exe: Toolkit to Disable Automatic Delivery of IE8 o The downloaded files, when run, will ask where to place extracted files. Enter C:\TrialGuide then click Yes to confirm creation of the directory. o Once complete, open command prompt and change directory to C:\TrialGuide. Enter the following command including the periods: IE70Blocker.cmd . /B IE80Blocker.cmd . /B
9. Install the .NET Framework 3.5 SP1: Microsoft .NET Framework 3.5 Service Pack 1. 10. Apply all Windows Updates to the Windows XP Mode machine by running Windows Update. 11. Download and install the Microsoft XML Notepad 2007 application. a. Note: XML Notepad will normally work natively on Windows 7. The installation of XML Notepad has been included as a way to demonstrate MED-V application interoperability with the Windows 7 host and is NOT a requirement for MED-V to function in any environment. 12. Create a shortcut to the Microsoft XML Notepad 2007 application in the C:\Documents and Settings\All Users\Start Menu. 13. Enable the local Administrator account and assign it a password: a. In Computer Management, expand Local Users and Groups, select Users, right-click Administrator and select Properties. b. Uncheck the Account is disabled box and click Ok. c. Right-click the Administrator account, select Set Password and click Proceed. d. Provide a password for the local Administrator account, click Ok and click Okay. Note: Be sure to remember this password for the local administrator account. Since the Windows XP Mode virtual machine is being used for this trial no further preparation is required to perform further clean up or compacting of the Windows XP Mode virtual machine before moving on to the Sysprep phase.
14
Trial Guide
In the future, if you decide to prepare your own Windows Virtual PC images for use with MED-V, you may wish to perform these additional tasks in order to minimize the overall size of the Windows Virtual PC Image before moving on to Sysprep. Information regarding these additional steps is provided in Appendix A.
15
Trial Guide
d. Product Key: Enter the product key that was provided in the file that was included with the XP Mode virtual machine. This can be found on the MEDVADMIN computer in C:\Program Files\Windows XP Mode\Key.txt. NOTE: The product key is not validated in this form and you will not be warned if it is entered incorrectly. Make sure to check that the key is correct. e. Computer Name: Select Automatically generate computer name. f. Administrator Password: Select Use the following Administrator password and type the password for the Administrator account. Also, select When a destination computer starts, automatically log on as Administrator and set the Number of times to log on automatically to 1.
g. Networking Components: Select Typical Settings. h. Workgroup or Domain: Click Domain then enter in the domain name for the Active Directory domain created for the Trial Guide Example: Contoso.com. Click the check box for Create a computer account in the domain. Specify a user account that has permission to add a computer to the domain and enter and confirm the password. Click Next.
Important: You must configure the MED-V guest to join the domain specifying an account that has permission to add a computer to the domain. i. j. Telephony: Click Next. Regional Settings: Click Next, unless specific regional settings are required.
k. Languages: Select any languages required to support end users. Click Next. l. Install Printers: Click Next.
m. Run Once: Add the following commands, and then click Next.
wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%\ c:\Program Files\Microsoft Enterprise Desktop Virtualization\FtsCompletion.exe
16
Trial Guide
11. After completing the answer file select Finish. A message box appears stating that Setup Manager created an answer file with the settings provided. 12. Save the answer file in the C:\Sysprep directory created earlier and select OK. Click Cancel on the Setup Manager screen or File and Exit. 13. From the C:\Sysprep, execute the System Preparation Tool (Sysprep.exe). 14. Select OK when the warning prompt appears. 15. The Sysprep Properties dialog appears. Select Dont reset grace period for activation. Select Use Mini-Setup.
16. Click Reseal. A confirmation prompt appears. Select OK. Sysprep will complete and the machine will shut down. 17. After you have run Sysprep on your Virtual PC, image, the virtual machine shuts down the next step is Merging the hard disk into one VHD file.
17
Trial Guide
18
Trial Guide
19
Trial Guide
20
Trial Guide
CREATING A WORKSAPCE PACKAGE Perform the following steps on the MEDVADMIN computer: 1. Open the MED-V Workspace Packager, click Start\All programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager. 2. On the MED-V Workspace Packager main panel, click Create a MED-V Workspace Package. a. Package Information: Specify the MED-V workspace package name. Enter: MED-V Trial Specify the MED-V workspace package folder: Enter: C:\MED-V Trial b. Select Windows XP Virtual Image: Click Browse to the location for the merged Virtual hard drive (C:\VM\XPMode.vhd). Click Open and then Click Next. c. Select First Time Setup Settings which specify the process that MED-V follows during first time setup. Unattended setup, but notify end users before first time setup begins. Create a unique MED-V workspace for each user of the computer. Automatically add MED-V workspace users to the Administrators group. Select these settings then click Next. d. MED-V Messages Screen: Review the specific messages and click Next to accept the defaults. e. Naming Computers: Specifies how the MED-V virtual machine is named. Select Let MED-V manage computer names. Note the default is MEDV + random fill. Click Next. f. Copy Settings from Host: Specifies how the settings for the MED-V workspace are defined. Select Settings to copy from Host Computer to the MED-V workspace. Choose: Copy regional settings Copy user settings Copy domain name Copy domain organizational unit Then click Next.
21
Trial Guide
g. Startup and Networking: Review the default settings for starting the MED-V workspace, networking, and under Store Credentials, select Enabled, and then click Next. h. Web Redirection: i. URL redirection contains those URLs that you want redirected from the host computer to Internet Explorer 6 in the MED-V workspace. When you are using the packaging wizard to create the MED-V workspace, you type, import or copy and paste this redirection information. Enter each web address on a single line. For example: http://www.medvdemo.com http://*.contoso.com http://www.microsoft.com/silverlight ii. Select Do no change the Internet zone security level and Remove default browsing capabilities and click Next. i. Summary: Verify your MED-V workspace settings then click Create and start to build the MED-V workspace deployment package.
3. Click Close to close the packaging wizard and return to the MED-V Workspace Packager.
22
Trial Guide
MED-V Trial.reg
2. On the MEDVADMIN computer browse to C:\MED-V Trial 3. In the MED-V Trial folder double click setup.exe to start the installation of the MED-V workspace. 4. On the Welcome to the MED-V Trial Setup Wizard, click Next. 5. Ready to install MED-V Trial, click Install. Note: This will start the installation of the VHD file and may take several minutes. 6. On the MED-V Trial Setup Wizard Complete window, leave the check mark in the box next to Start MED-V, and then click Finish. This will start the initiation of the workspace. The Set up the MED-V Workspace window will open indicating the virtual environment is being created for application compatibility. Click the Start button to begin the installation immediately. You will be prompted to enter your credentials that are used to log in to the MED-V workspace. This is where MED-V end users will enter their domain credentials. Enter the credentials to continue. Check the Remember my credentials checkbox and click Ok. On the Task Bar the MED-V 2.0 icon is available. Hover the mouse over the MED-V icon and the message Setting up the MED-V Workspace for use will be displayed. Again this could take some time. As the process of Setting up the MED-V Workspace continues, the message The MEDV Workspace is initializing will be displayed over the MED-V icon.
7. At the completion of the MED-V configuration, a balloon message will appear stating The MED-V Workspace was successfully setup. Again, hover the mouse over the MED-V icon on the system tray and a message will be displayed indicating The MED-V workspace Applications are Ready for Use.
Trial Guide
HOW TO TEST URL REDIRECTION 1. Open an Internet Explorer browser in the MEDVADMIN computer and test the following URLs: http://www.medvdemo.com http://www.contoso.com http://www.microsoft.com/silverlight 2. Verify that the webpage is opened in Internet Explorer on the Windows XP Mode virtual machine. 3. Notice that the Internet Explorer bar has limited functionality that promotes users only using it for the websites that require Internet Explorer 6. 4. Repeat this process for each URL that you want to test.
HOW TO TEST MED-V APPLICATION AND DOCUMENT REDIRECTION 1. On the MEDVADMIN computer, click Start, All Programs and launch XML Notepad. 2. Not that the XML Notepad application launches within a Windows XP-style window. This shows that the application is running from within the MED-V workspace. 3. Ensure that the Tree View is selected and choose Insert | Comment | Before and type some text in the right pane. 4. Click File, Save As. Name the document Test and save it in the My Documents folder. 5. Close XML Notepad. 6. From the MEDVADMIN desktop, click Start, Documents. Notice that you see the Test document in the folder. 7. Double-click the Test document. Notice that XML Notepad re-opens from within MED-V. This is due to MED-V having created a File Type Association on the MEDVADMIN computer. MANAGING PRINTERS IN MED-V WORKSPACES In most cases, MED-V handles printer redirection automatically. After first time setup finishes, MED-V identifies all network printers installed on the host then installs the relevant drivers in the MED-V workspace. The network printer must have windows XP drivers installed and available for the printer to automatically be installed on the MED-V Workspace. The following list offers some additional guidance: MED-V only manages network printers. MED-V only installs printer drivers if found on the print server.
24
Trial Guide
MED-V workspace users must be members of the Administrative group of the MED-V workspace to install third-party printer drivers. Printers manually installed on the guest are not accessible to the host.
Perform the following steps to test the printing capabilities of the MED-V workspace. 1. Open Internet Explorer 8 and open http://www.medvdemo.com. 2. After it opens in Internet Explorer 6 click on File | Print. 3. Choose to print the document and drop down the list of available printers and select an appropriate printer.
25
Trial Guide
26
Trial Guide
8. Set Action to Replace. Set Hive to HKEY_LOCAL_MACHINE, Set Key Path to SOFTWARE\Microsoft\Medv\v2\UserExperience, Set Value Name to RedirectUrls, Set Value type to REG_MULTI_SZ. In Value data enter http://download.microsoft.com and click Ok. 9. Close the Group Policy Management Editor window. 10. Under Group Policy Objects, drag-and-drop the MED-V Web Redirection GPO to the OU that contains the MEDVADMIN machine. Open Internet Explorer and browse to http://download.microsoft.com. Notice that the web page opens within the Internet Explorer 6 browser from the MED-V workspace.
4. Click Save asto save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using your chosen method such as a logon script. Note: MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create this updated registry file.
27
Trial Guide
Trial Guide
Warning: Resetting the MED-V workspace causes first time setup to rerun; this reloads the original virtual hard drive. All data that has been stored in the MED-V workspace since first time setup will be deleted. 2. Click Reset. VIEWING MED-V PUBLISHED APPLICATIONS 1. On the MED-V Administration Toolkit windows, click View Published Applications. 2. The published applications window opens and displays a list of the published applications in the MED-V workspace. You can use this information to troubleshoot certain issues, such as determining whether an application was published as expected. VIEWING MED-V REDIRECTED WEB ADDRESSES 1. On the MED-V Administration Toolkit window, click View Redirected Web Addresses. 2. The Web Addresses Redirected to the MED-V Workspace windows open and displays a list of the redirected web addresses. You can use this information to troubleshoot certain issues, such as determining whether a web address was specified correctly for redirection. OPENING THE MED-V WORKSPACE VIRTUAL MACHINE 1. On the Med-V Administration Toolkit window, click View MED-V Workspace Full Screen. 2. MED-V closes if it was running, and the MED-V workspace virtual machine opens in full screen mode. You can use this full screen window to easily access all of the components of the virtual machine that might be helpful in troubleshooting, such as its hard drive and settings files.
29
Trial Guide
2. Configuring a MED-V workspace for all users on a shared computer. When configuring a MED-V workspace so that it can be accessed by all users on a shared computer, realize that the guest virtual machine (VHD) is put in a location that gives Read and Write access to all users on that system. 3. Configuring a proxy account for domain joining. When configuring a proxy account for joining virtual machines to the domain, you must know that it is possible for an end user to obtain the proxy account credentials. Thus, necessary precautions must be taken, such as limiting account user rights, to prevent an end user from using the credentials for causing harm. 4. Sysprep Configuration. Although the Sysprep.inf file is encrypted by default, its contents can be decrypted and read by any determined end user who can successfully log on to the virtual machine. This raises security concerns because the Sysprep.inf file can contain credentials in addition to a Windows product key.
30
Trial Guide
You can lessen this risk by setting up a limited account for joining virtual machines to the domain and specifying the credentials for that account when configuring Sysprep. Alternately, you can also configure Sysprep and first time setup to run in Attended mode and require end users to provide their credentials for joining the virtual machine to the domain. A MED-V best practice is to specify that FtsCompletion.exe is run under an account that gives the end user rights to connect to the guest through the Remote Desktop Connection (RDC) Client. 5. End-user authentication. Enabling the startup and networking screen, store credentials, disable caching of end user credentials provides the best user experience of MED-V, but creates the potential that someone could gain access to the end users credentials. The only way to lessen this risk is by electing to disable the caching of credentials in step 6.1.2.g.
31
Trial Guide
2. Turn off System Restore. You can also specify this step in your Sysprep.inf file. a. In the Control Panel, change to Classic View, double-click System, and then select the System Restore tab. b. Select Turn off System Restore and then click OK. 3. Set maximum event log sizes and clear all events. a. Open the event viewer. b. Right-click on Application and click Properties. c. In the Log Size area, set Maximum Log Size to 512KB and then select Overwrite events as needed.
d. Click Clear Log. In the Event Viewer dialog box that appears, click No. e. In the Properties window, click OK. f. Repeat steps a through e for the Security and System logs.
4. Run the Disk Cleanup Tool. In the Start menu, select All Programs\Accessories\System Tools\Disk Cleanup. 5. Remove the page file.
32
Trial Guide
a. In the Control Panel, double click System, and then select the Advanced tab. b. In the Performance area, click Settings. c. Select the Advanced tab. In the Virtual Memory area, click Change.
d. Select the No paging file button, click Set, click Ok, Ok and click Ok e. Click Yes to restart the virtual machine. f. Once the virtual machine has restarted after removing the page file, from within the virtual machine, Shut Down the virtual machine by clicking the Ctrl-Alt-Del button in the Virtual PC Toolbar, clicking the Shut Down button, setting the pull-down menu to Shut down and clicking OK.
DEFRAGMENTING AND PRE-COMPACTING THE VIRTUAL HARD DISK Perform the following step on the MEDVADMIN computer: 1. In Control Panel on the host computer that is running Windows 7, click Administrative Tools, double-click Computer Management, then click Disk Management. 2. By using the Disk Management Console, attach (mount) the virtual hard disk and then defragment the disk. 3. By using an ISO extraction tool, extract the precompact.iso located in the \Program Files\Windows Virtual PC\Integration Components folder. 4. Use the precompact.exe program to compress the Windows XP virtual hard disk. 5. By using the Disk Management Console, detach the virtual hard disk. COMPACTING THE VIRTUAL HARD DISK Perform the following step on the MEDVADMIN computer: 1. Open Windows Virtual PC. 2. Click Start, click All Programs, click Windows Virtual PC, then click Windows Virtual PC. 3. Right-click your Windows XP image and select Settings. 4. Click Hard Disk for the one that corresponds to your Windows XP image, and then click Modify. 5. Click Compact virtual hard disk. 6. Click Compact and then click OK. 7. Create a backup copy of your Windows XP image by making and storing an additional copy of the .vhd file located in the directory that you specified in step 4.1.4.e, after it has been compacted.
33