Vdi virtual desktop infrastructure microsoft

If Uninstall is grayed out, you cannot remove it by this method; you might be able to remove it with Windows PowerShell, or try these steps:. This area defines the app to be used by default for certain generic functions such as e-mail, web browsing, and maps. If you want a different app to be used for a particular function, click the current entry, and then click the app you prefer to be used in the VDI image.

For a non-Microsoft app to be an available choice, you must install the app prior to adjusting this setting. These recommended values will reduce notifications and background network activity in a VDI environment:. This setting is only applicable if the Maps app is installed. In Windows Settings area, clicking the Devices icon gives you access to a number of system-related settings.

In Windows Settings area, clicking the Personalization icon gives you access to a number of system-related settings. Sometimes the default black background can cause users to think the computer is not responding. Changing the background color can help make it clearer. To do this, follow these steps:. The default setting is to use large taskbar buttons that is, a value of "Off" for Use small taskbar buttons. This setting causes the Cortana item to use a lot of taskbar area.

To avoid this, set Use small taskbar buttons to "On. In Windows Settings area, clicking the Privacy icon gives you access to a number of system-related settings. Some of these settings are also set from the "Customize settings" window, discussed at the beginning of this topic.

The default value for "Let your apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone" is On ; for VDI use the recommended value is Off. The default value for "Windows should ask for my feedback" is Automatically ; for VDI use, the recommended value is Never.

Listed apps have a default value of On , which allows them to receive information, send notifications, and update themselves whether they are being used or not.

You should disable set to Off any apps you don't want running in the background in the VDI image. In the Update settings area, click Advanced options to adjust these settings:. On the Advanced options page, click Choose how updates are delivered to access the setting for "Updates from more than one place. The settings in this section are adjustable either by navigating through Control Panel or opening the utility directly.

The fastest way to open Task Scheduler is to push the Windows button and type task scheduler or taskschd. In the results that return, click Task Scheduler to open the utility. You now have access to the list of task collections. To change the state of each scheduled task, right-click it, and then click the desired state typically, Disabled for VDI use. Click Windows again to collapse it, then click XblGameSave. The fastest way to open Performance Monitor is to push the Windows button and type performance monitor or perfmon.

In the results that return, click Performance Monitor. In the dialog that opens, click the Trace Session tab. Clear the Enabled check box. The fastest way to manage Services is to push the Windows button and type services. In the results that return, click Services. The following services are good candidates to disable for use in VDI scenarios; however, you might need to do some testing to verify that they aren't needed for your purposes. To disable a service, in the Services snap-in, right-click the service name, and then click Properties.

On the General tab, click the Startup type pull-down menu, and then click Disabled. Click OK. Push the Windows button and type control panel. In the results that return, click Control Panel. In the dialog that opens, click the Search tab, and then in the When searching non-indexed locations area, clear the check box for Include system directories. Click OK to save. On the Storage tab, select the radio button for Block all sites from storing information on this computer.

In the dialog that opens, click OK. On the Camera and Mic tab, in the Camera and Microphone Settings area, select the radio button for Block all sites from using the camera and microphone. On the Playback tab, in the Peer-assisted Networking area, select the radio button for Block all sites from using peer-assisted networking. Close the Flash Player Settings Manager. In the Home page area, enter the URL for the web site you want users to see as the home page in browsers.

You can use your favorite search engine with the terms ""start value" site:support. You might note that this document and the associated scripts on GitHub do not modify any default permissions. If you are interested in increasing your security settings, start with the project known as AaronLocker. For more information, see "AaronLocker" overview. One of the goals of a VDI image is to be as light as possible. One way to reduce the size of the image is to remove UWP applications that won't be used in the environment.

With UWP apps, there are the main application files, also known as the payload. There is a small amount of data stored in each user's profile for application specific settings.

There is also a small amount of data in the 'All Users' profile. Connectivity and timing are important factors when it comes to UWP app cleanup. If you deploy your base image to a device with no network connectivity, Windows 10 can't connect to the Microsoft Store and download apps and try to install them while you are trying to uninstall them. This might be a good strategy to allow you time to customize your image, and then update what remains at a later stage of the image creation process.

If you modify your base. WIM before you install, the apps won't be installed to begin with and your profile creation times will be shorter. Later in this section there is information on how to remove UWP apps from your installation. WIM file. A good strategy for VDI is to provision the apps you want in the base image, then limit or block access to the Microsoft Store afterward.

Store apps are updated periodically in the background on normal computers. The UWP apps can be updated during the maintenance window when other updates are applied. For more information see Universal Windows Platform Apps. UWP apps that are not needed are still in the file system consuming a small amount of disk space. For apps that will never be needed, the payload of unwanted UWP apps can be removed from the base image using PowerShell commands. In fact, if you remove those from the installation.

WIM file using the links provided later in this section, you should be able to start from the beginning with a very slim list of UWP apps. Run the following command to enumerate provisioned UWP apps from a running operating system, as in this truncated example output from PowerShell:.

UWP apps that are provisioned to a system can be removed during operating system installation as part of a task sequence, or later after the operating system is installed. This might be the preferred method because it makes the overall process of creating or maintaining an image modular. Once you develop the scripts, if something changes in a subsequent build, you edit an existing script rather than repeat the process from scratch. Here are some links to information on this topic:.

Removing Windows 10 in-box apps during a task sequence. Windows 10 Keeping apps from coming back when deploying the feature update. Each UWP app should be evaluated for applicability in each unique environment. You'll want to install a default installation of Windows 10 , then note which apps are running and consuming memory. For example, you might want to consider removing apps that start automatically, or apps that automatically display information on the Start Menu, such as Weather and News that might not be of use in your environment.

If utilizing the scripts from GitHub, you can easily control which apps are removed before running the script. After downloading the script files, locate the file 'AppxPackages. See the section Customization for details. For more information, see the Windows Server powershell forum. To enumerate currently installed Windows Features, run the following PowerShell command:. Next, you might want to remove the Windows Media Player package.

There are two Windows Media Player packages in Windows 10 You can use the built-in Dism. A Dism. The Windows technology involved is called Features on Demand. Any settings made to this file will be applied to any subsequent user profiles created from a device running this image. You can control which settings to apply to the default user profile, by editing the file 'DefaultUserSettings.

One setting that you might want to consider carefully, new to this iteration of settings recommendations, is a setting called TaskbarSmallIcons. You might want to check with your user base before implementing this setting. TaskbarSmallIcons makes the Windows Task Bar smaller and consumes less screen space, makes the icons more compact, minimizes the Search interface, and is depicted before and after in the following illustrations:. Also, to reduce the transmitting of images over the VDI infrastructure, you can set the default background to a solid color instead of the default Windows 10 image.

You can also set the logon screen to be a solid color, as well as turn off the opaque blurring effect on logon. The following settings are applied to the default user profile registry hive, mainly in order to reduce animations. If some or all of these settings are not desired, delete the settings not to be applied to the new user profiles based on this image. The goal with these settings is to enable the following equivalent settings:.

For Windows 10, version , the following are the optimization settings applied to the default user profile registry hive to optimize performance:. In the local policy settings, you might want to disable images for backgrounds in VDI.

If you do want images, you might want to create custom background images at a reduced color depth to limit network bandwidth used for transmitting image information.

If you decide to specify no background image in local policy, you might want to set the background color before setting local policy, because once the policy is set, the user has no way to change the background color. It might be better to specify " null " as the background image.

There is another policy setting in the next section on not using background over Remote Desktop Protocol sessions. If the equivalent settings are not specified in any other way, such as group policy, the settings would still apply.

The following settings were chosen to not counter or conflict with any setting that has anything to do with security. These settings were chosen to remove settings or disable functionality that might not be applicable to VDI environments. We recommend using a low resolution, non-complex image so less data is transmitted over the network each time the image is rendered.

If you enable this policy setting, automatic learning stops, and any stored data is deleted. Users can't configure this setting in Control Panel. Windows doesn't connect to an online font provider and only enumerates locally-installed fonts. Disable passive polling check box Enabled. Use this setting if you're on an isolated network or using a static IP address.

Offline files Allow or disallow use of Offline Files. In the disabled state, no Teredo interfaces are present on the host. The Connect to suggested open hotspots , Connect to networks shared by my contacts , and Enable paid services are turned off, but users on this device can enable them.

If you enable this setting, apps and system features won't be able to receive notifications from the network from WNS or by using notification-polling APIs. Enabled Device installation Prevent device metadata retrieval from the Internet Enabled Device installation Prevent Windows from sending an error report when a device driver requests additional software during installation Enabled Device installation Turn off Found New Hardware balloons during device installation.

Turns off web-to-app linking and http s URIs are opened in the default browser instead of starting the associated app.

The Windows device is not discoverable by other devices, and can't participage in cross-device experiences. If you enable this policy setting, all Windows Update features are removed. Windows automatic updating is also disabled; you'll neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.

If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer won't contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities. NOTE: Only use this policy if you have an alternate means to the latest certificate revocation list. This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator NCSI to determine whether your computer is connected to the Internet or to a more limited network As part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address.

If you enable this policy setting, NCSI does not run either of the two active tests. With this setting enabled, the background image shows without blur. If you disable or do not configure this policy setting, the local computer clock doesn't synchronize time with NTP servers. NOTE: Consider this setting very carefully.

Windows devices that are joined to a domain should use NT5DS. Virtual machines sometimes use "enhancements" or "integration services". If you enable this policy setting, the advertising ID is turned off. Apps can't use the ID for experiences across apps.

If you choose the Force Deny option, Windows apps are not allowed to access account information and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access the call history and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access contacts and employees in your organization cannot change it.

If you choose the Force Allow option, Windows apps are allowed to access email and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access location and employees in your organization cannot change it.

If you choose the Force Deny option, Windows apps are not allowed to access messaging and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access notifications and employees in your organization cannot change it.

If you choose the Force Deny option, Windows apps are not allowed to access tasks and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access the calendar and employees in your organization can't change it. If you choose the Force Deny option, Windows apps are not allowed to access the camera and employees in your organization can't change it.

If you choose the Force Deny option, Windows apps are not allowed to access the microphone and employees in your organization can't change it. If you choose the Force Deny option, Windows apps are not allowed to access trusted devices and employees in your organization can't change it.

If you choose the Force Deny option, Windows apps are not allowed to communicate with unpaired wireless devices and employees in your organization can't change it. If you choose the Force Deny option, Windows apps won't have access to control radios and employees in your organization can't change it. If you choose the Force Deny option, Windows apps are not allowed to make phone calls and employees in your organization can't change it. If you choose the Force Deny option, Windows apps are not allowed to run in the background and employees in your organization can't change it.

If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. This policy setting prevents Windows tips from being shown to users. If you enable this policy setting, users will no longer see personalized recommendations from Microsoft and notifications about their Microsoft account. SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet.

When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. The user will also not be able to view the location of the last use of their active digitizer on their device. File Explorer Turn off caching of thumbnail pictures Enabled File Explorer Turn off display of recent search entries in the File Explorer search box Enabled File Explorer Turn off the caching of thumbnails in hidden thumbs.

Users won't receive enhanced suggestions while typing in the Address bar. In addition, users won't be able to change the Suggestions setting. If you enable this policy setting, user won't be suggested matches when entering Web addresses.

The user can't change the auto-complete for setting web addresses. If you enable this policy setting, browser geolocation support is turned off.

If you disable this policy setting, the entry points and functionality associated with this feature are turned off. If you enable this policy setting, the user cannot use the Compatibility View button or manage the Compatibility View sites list. Microsoft collects your browsing history to improve how flip ahead with page prediction works.

This feature isn't available for Internet Explorer for the desktop. If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background. If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.

If you enable this setting the automatic download and update of map data is turned off. If you enable this policy setting, features that generate network traffic on the Offline Maps settings page are turned off.

Note: This might turn off the entire settings page. This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.

Turns off compatibility lists in Microsoft Edge. If you disable this setting, the Microsoft Compatibility List isn't used during browser navigation. Directs Edge to open with blank content when a new tab is opened. Disables autofill on address bar. However, to ensure an optimal experience we recommend that you review the following guidance.

Although other VDI solutions haven't been certified by the Microsoft Edge team yet, it's expected that the most common workflows in Microsoft Edge should be supported.

The following guidance may or may not be applicable to your chosen solution. When designing your VDI environment you should carefully consider the workflows and needs of your users to achieve optimal performance, and understand the limits of your server configuration.

The following minimum requirements are recommended for deploying Microsoft Edge on a VDI environment:.

Large and complex web applications and extensions will need more memory and processing capability, which must be considered when configuring your virtual environment. Many VDI solutions allow access to persisted environments, where users are assigned a virtual environment that persists between sessions, and non-persisted environments, where users are assigned to one of several available machines, possibly a different machine each session, user data may or may not sync between sessions.

When using a non-persisted environment, one usually creates a "golden image" that has the required apps and configurations that will be deployed on each device. Use the following recommendations as a guide for preparing a golden image. If you are on Windows 10, version and above, you should already have Microsoft Edge installed on your system. However, if you're using an older version of Windows or want to deploy a different Microsoft Edge channel, follow these steps:.

For non-persisted machines, the best practice to disable automatic updates and update Microsoft Edge by updating the golden image to ensure that there are no version mismatches among the pool of virtual machines. Update policy override default. Update policy override. On non-persisted setups, it's important to consider that VMs may not maintain user state between sessions or users may be assigned a VM they've never used before. In this scenario, the VM doesn't have any of the user's data.