diff --git a/.gitignore b/.gitignore index 55c1d9a504..b674ff367c 100644 --- a/.gitignore +++ b/.gitignore @@ -13,5 +13,4 @@ packages.config windows/keep-secure/index.md # User-specific files -.vs/ - +.vs/ \ No newline at end of file diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 469c22cfdc..ec7f86cf0e 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -1,78 +1,107 @@ { - "build_entry_point": "", - "git_repository_url_open_to_public_contributors": "", - "docsets_to_publish": [ - { - "docset_name": "microsoft-edge", - "build_output_subfolder": "browsers/edge", - "locale": "en-us", - "version": 0, - "open_to_public_contributors": "false", - "type_mapping": { - "Conceptual": "Content" - } - }, - { - "docset_name": "internet-explorer", - "build_output_subfolder": "browsers/internet-explorer", - "locale": "en-us", - "version": 0, - "open_to_public_contributors": "false", - "type_mapping": { - "Conceptual": "Content" - } - }, - { - "docset_name": "windows", - "build_output_subfolder": "windows", - "locale": "en-us", - "version": 0, - "open_to_public_contributors": "false", - "type_mapping": { - "Conceptual": "Content" - } - }, - { - "docset_name": "surface", - "build_output_subfolder": "devices/surface", - "locale": "en-us", - "version": 0, - "open_to_public_contributors": "false", - "type_mapping": { - "Conceptual": "Content" - } - }, - { - "docset_name": "surface-hub", - "build_output_subfolder": "devices/surface-hub", - "locale": "en-us", - "version": 0, - "open_to_public_contributors": "false", - "type_mapping": { - "Conceptual": "Content" - } - }, - { - "docset_name": "mdop", - "build_output_subfolder": "mdop", - "locale": "en-us", - "version": 0, - "open_to_public_contributors": "false", - "type_mapping": { - "Conceptual": "Content" - } - }, - { - "docset_name": "education", - "build_output_subfolder": "education", - "locale": "en-us", - "version": 0, - "open_to_public_contributors": "false", - "type_mapping": { - "Conceptual": "Content" - } - } - ], - "notification_subscribers": ["brianlic@microsoft.com"], - "branches_to_filter": [""] -} + "build_entry_point": "", + "need_generate_pdf": false, + "need_generate_intellisense": false, + "docsets_to_publish": [ + { + "docset_name": "education", + "build_source_folder": "education", + "build_output_subfolder": "education", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content" + } + }, + { + "docset_name": "internet-explorer", + "build_source_folder": "browsers/internet-explorer", + "build_output_subfolder": "browsers/internet-explorer", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content" + } + }, + { + "docset_name": "itpro-hololens", + "build_source_folder": "itpro-hololens", + "build_output_subfolder": "itpro-hololens", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "op" + }, + { + "docset_name": "mdop", + "build_source_folder": "mdop", + "build_output_subfolder": "mdop", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content" + } + }, + { + "docset_name": "microsoft-edge", + "build_source_folder": "browsers/edge", + "build_output_subfolder": "browsers/edge", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content" + } + }, + { + "docset_name": "surface", + "build_source_folder": "devices/surface", + "build_output_subfolder": "devices/surface", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content" + } + }, + { + "docset_name": "surface-hub", + "build_source_folder": "devices/surface-hub", + "build_output_subfolder": "devices/surface-hub", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content" + } + }, + { + "docset_name": "windows", + "build_source_folder": "windows", + "build_output_subfolder": "windows", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content" + } + } + ], + "notification_subscribers": [ + "brianlic@microsoft.com" + ], + "branches_to_filter": [ + "" + ], + "git_repository_url_open_to_public_contributors": "", + "skip_source_output_uploading": false, + "dependent_repositories": [] +} \ No newline at end of file diff --git a/education/TOC.md b/education/TOC.md new file mode 100644 index 0000000000..06913f7aef --- /dev/null +++ b/education/TOC.md @@ -0,0 +1 @@ +# [Index](index.md) \ No newline at end of file diff --git a/education/index.md b/education/index.md new file mode 100644 index 0000000000..beccdc8994 --- /dev/null +++ b/education/index.md @@ -0,0 +1 @@ +# Index test file for Open Publishing \ No newline at end of file diff --git a/itpro-hololens/TOC.md b/itpro-hololens/TOC.md new file mode 100644 index 0000000000..06913f7aef --- /dev/null +++ b/itpro-hololens/TOC.md @@ -0,0 +1 @@ +# [Index](index.md) \ No newline at end of file diff --git a/itpro-hololens/docfx.json b/itpro-hololens/docfx.json new file mode 100644 index 0000000000..24fe1da56d --- /dev/null +++ b/itpro-hololens/docfx.json @@ -0,0 +1,37 @@ +{ + "build": { + "content": [ + { + "files": [ + "**/*.md" + ], + "exclude": [ + "**/obj/**", + "itpro-hololens/**", + "**/includes/**" + ] + } + ], + "resource": [ + { + "files": [ + "**/*.png", + "**/*.jpg" + ], + "exclude": [ + "**/obj/**", + "itpro-hololens/**", + "**/includes/**" + ] + } + ], + "overwrite": [], + "externalReference": [], + "globalMetadata": {}, + "fileMetadata": {}, + "template": [ + null + ], + "dest": "itpro-hololens" + } +} \ No newline at end of file diff --git a/itpro-hololens/index.md b/itpro-hololens/index.md new file mode 100644 index 0000000000..beccdc8994 --- /dev/null +++ b/itpro-hololens/index.md @@ -0,0 +1 @@ +# Index test file for Open Publishing \ No newline at end of file diff --git a/itpro/hololens/TOC.md b/itpro/hololens/TOC.md new file mode 100644 index 0000000000..06913f7aef --- /dev/null +++ b/itpro/hololens/TOC.md @@ -0,0 +1 @@ +# [Index](index.md) \ No newline at end of file diff --git a/itpro/hololens/docfx.json b/itpro/hololens/docfx.json new file mode 100644 index 0000000000..24fe1da56d --- /dev/null +++ b/itpro/hololens/docfx.json @@ -0,0 +1,37 @@ +{ + "build": { + "content": [ + { + "files": [ + "**/*.md" + ], + "exclude": [ + "**/obj/**", + "itpro-hololens/**", + "**/includes/**" + ] + } + ], + "resource": [ + { + "files": [ + "**/*.png", + "**/*.jpg" + ], + "exclude": [ + "**/obj/**", + "itpro-hololens/**", + "**/includes/**" + ] + } + ], + "overwrite": [], + "externalReference": [], + "globalMetadata": {}, + "fileMetadata": {}, + "template": [ + null + ], + "dest": "itpro-hololens" + } +} \ No newline at end of file diff --git a/itpro/hololens/index.md b/itpro/hololens/index.md new file mode 100644 index 0000000000..beccdc8994 --- /dev/null +++ b/itpro/hololens/index.md @@ -0,0 +1 @@ +# Index test file for Open Publishing \ No newline at end of file diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 4c473b04b3..938b98668d 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -1,8 +1,5 @@ # [Keep Windows 10 secure](index.md) ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) -## [Device Guard certification and compliance](device-guard-certification-and-compliance.md) -### [Get apps to run on Device Guard-protected devices](getting-apps-to-run-on-device-guard-protected-devices.md) -### [Create a Device Guard code integrity policy based on a reference device](creating-a-device-guard-policy-for-signed-apps.md) ## [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md) ### [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) ### [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md) @@ -14,6 +11,16 @@ ### [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md) ## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) ## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) +## [Device Guard deployment guide](device-guard-deployment-guide.md) +### [Introduction to Device Guard: virtualization-based security and code integrity policies](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md) +### [Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) +### [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md) +### [Deploy Device Guard: deploy code integrity policies](deploy-device-guard-deploy-code-integrity-policies.md) +#### [Optional: Create a code signing certificate for code integrity policies](optional-create-a-code-signing-certificate-for-code-integrity-policies.md) +#### [Deploy code integrity policies: policy rules and file rules](deploy-code-integrity-policies-policy-rules-and-file-rules.md) +#### [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md) +#### [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md) +### [Deploy Device Guard: enable virtualization-based security](deploy-device-guard-enable-virtualization-based-security.md) ## [Protect derived domain credentials with Credential Guard](credential-guard.md) ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) ## [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) @@ -704,8 +711,13 @@ ##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) ##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) #### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) +#### [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md) +##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md) +##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) +##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) #### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) #### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) +#### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md) #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) @@ -827,7 +839,6 @@ ###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md) ## [Enterprise security guides](windows-10-enterprise-security-guides.md) ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) -### [Device Guard deployment guide](device-guard-deployment-guide.md) ### [Microsoft Passport guide](microsoft-passport-guide.md) ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) ### [Windows 10 security overview](windows-10-security-guide.md) diff --git a/windows/keep-secure/advanced-security-auditing-faq.md b/windows/keep-secure/advanced-security-auditing-faq.md index 3bfa640035..aba6ac5414 100644 --- a/windows/keep-secure/advanced-security-auditing-faq.md +++ b/windows/keep-secure/advanced-security-auditing-faq.md @@ -125,7 +125,7 @@ Often it is not enough to know simply that an object such as a file or folder wa ## How do I know when changes are made to access control settings, by whom, and what the changes were? -To track access control changes on computers running Windows Server 2016 Technical Preview, Windows Server 2012 R2, Windows Server 2012 Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you need to enable the following settings, which track changes to DACLs: +To track access control changes on computers running Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you need to enable the following settings, which track changes to DACLs: - **Audit File System** subcategory: Enable for success, failure, or success and failure - **Audit Authorization Policy Change** setting: Enable for success, failure, or success and failure - A SACL with **Write** and **Take ownership** permissions: Apply to the object that you want to monitor diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md index 46dddb36a1..74189887bb 100644 --- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md @@ -14,20 +14,22 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - As a security operations team member, you can manage Windows Defender ATP alerts as part of your routine activities. Alerts will appear in queues according to their current status. To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane. -> **Note**  By default, the queues are sorted from newest to oldest. +> [!NOTE] +> By default, the queues are sorted from newest to oldest. The following table and screenshot demonstrate the main areas of the **Alerts queue**. -![Screenshot of the Dashboard showing the New Alerts list and navigation bar](images/alertsq.png) +![Screenshot of the Dashboard showing the New Alerts list and navigation bar](images/alertsq2.png) Highlighted area|Area name|Description :---|:---|:--- @@ -59,7 +61,8 @@ There are three mechanisms to pivot the queue against: - **30 days** - **6 months** - > **Note**  You can change the sort order (for example, from most recent to least recent) by clicking the sort order icon ![the sort order icon looks like two arrows on top of each other](images/sort-order-icon.png) + > [!NOTE] + > You can change the sort order (for example, from most recent to least recent) by clicking the sort order icon ![the sort order icon looks like two arrows on top of each other](images/sort-order-icon.png) ### Related topics - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md index b550a091c2..6cc5b28e2f 100644 --- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -11,22 +11,22 @@ author: mjcaparas --- # Assign user access to the Windows Defender ATP portal - **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Azure Active Directory - +- Office 365 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - -Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). User can be assigned one of the following levels of permissions: +Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). You can assign users with one of the following levels of permissions: - Full access (Read and Write) - Read only access **Full access**
-Users with full access can log in, view all system information as well as resolve alerts, submit files for deep analysis, and download the onboarding package. +Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package. Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles. **Read only access**
@@ -34,13 +34,21 @@ Users with read only access can log in, view all alerts, and related information They will not be able to change alert states, submit files for deep analysis or perform any state changing operations. Assigning read only access rights requires adding the users to the “Security Reader” AAD built-in role. - +Use the following steps to assign security roles: +- Preparations: + - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/).
+ + > [!NOTE] + > You need to run the PowerShell cmdlets in an elevated command-line. -Use the following cmdlets to perform the security role assignment: +- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/en-us/library/dn194123.aspx). +- For **read and write** access, assign users to the security administrator role by using the following command: +```text +Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com" +``` +- For **read only** access, assign users to the security reader role by using the following command: +```text +Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader@Contoso.onmicrosoft.com” +``` -- Full access:
```Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader@Contoso.onmicrosoft.com”``` -- Read only access:
```Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com"``` - -For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/en-us/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups). \ No newline at end of file +For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/en-us/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups). diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 62c0c22e26..756942fd90 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -14,23 +14,27 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md ## RELEASE: Windows 10, version 1607 -The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: +The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: - [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md) -- [Remote Credential Guard](remote-credential-guard.md) +- [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) - [Windows Defender Offline in Windows 10](windows-defender-offline.md) -- [Use PowerShell cmdlets for Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md) +- [Use PowerShell cmdlets to configure and run Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md) - [Enable the Block at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md) - [Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md) - [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md) -- [Detect and block Potentially Unwanted Applications](enable-pua-windows-defender-for-windows-10.md) +- [Detect and block Potentially Unwanted Applications with Windows Defender](enable-pua-windows-defender-for-windows-10.md) +- [Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md) +- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) +- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md) +- [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) ## July 2016 |New or changed topic | Description | |----------------------|-------------| -|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated various topics throughout this section for new name and new UI in Microsoft Intune and System Center Configuration Manager. | |[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |New | |[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |New | |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |New | @@ -43,7 +47,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also |New or changed topic | Description | |----------------------|-------------| -|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Added an update about needing to reconfigure your Windows Information Protection app rules after delivery of the June service update. | +|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. | | [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New | | [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (mutiple topics) | New security monitoring reference topics | | [Windows security baselines](windows-security-baselines.md) | New | @@ -56,7 +60,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also | [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. | | [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content | |[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated info based on changes to the features and functionality.| -| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview | +| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 | |[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (mutiple topics) | New | ## April 2016 @@ -70,7 +74,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also |New or changed topic | Description | |----------------------|-------------| -|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 Technical Preview is required to manage AppLocker by using Group Policy.| +|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 is required to manage AppLocker by using Group Policy.| |[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Added pre-release content about how to set up and deploy Windows Information Protection (WIP) in an enterprise environment.| ## February 2016 diff --git a/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..5ee2fbe06a --- /dev/null +++ b/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md @@ -0,0 +1,87 @@ +--- +title: Configure an Azure Active Directory application for SIEM integration +description: Configure an Azure Active Directory application so that it can communicate with supported SIEM tools. +keywords: configure aad for siem integration, siem integration, application, oauth 2 +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +--- + +# Configure an Azure Active Directory application for SIEM integration + +**Applies to:** + +- Azure Active Directory +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +You need to add an application in your Azure Active Directory (AAD) tenant then authorize the Windows Defender ATP Alerts Export application to communicate with it so that your security information and events management (SIEM) tool can consume alerts from Windows Defender ATP portal. + +1. Login to the [Azure management portal](https://manage.windowsazure.com). + +2. Select **Active Directory**. + +3. Select your tenant. + +4. Click **Applications**, then select **Add** to create a new application. + +5. Click **Add an application my organization is developing**. + +6. Choose a client name for the application, for example, *Alert Export Client*. + +7. Select **WEB APPLICATION AND/OR WEB API** in the Type section. + +8. Assign a sign-on URL and app ID URI to the application, for example, `https://alertexportclient`. + +9. Confirm the request details and verify that you have successfully added the app. + +10. Select the application you've just created from the directory application list and click the **Configure** tab. + +11. Scroll down to the **keys** section and select a duration for the application key. + +12. Type the following URLs in the **Reply URL** field: + + - `https://DataAccess-PRD.trafficmanager.net:444/api/FetchAccessTokenFromAuthCode` + - `https://localhost:44300/WDATPconnector` + +13. Click **Save** and copy the key in a safe place. You'll need this key to authenticate the client application on Azure Active Directory. + +14. Open a web browser and connect to the following URL:
+```text +https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=&clientSecret=1234 +``` +An Azure login page appears. +> [!NOTE] +> - Replace *tenant ID* with your actual tenant ID. +> - Keep the client secret as is. This is a dummy value, but the parameter must appear. + +15. Sign in with the credentials of a user from your tenant. + +16. Click **Accept** to provide consent. Ignore the error. + +17. Click **Application configuration** under your tenant. + +18. Click **Permissions to other applications**, then select **Add application**. + +19. Click **All apps** from the **SHOW** field and submit. + +20. Click **WDATPAlertExport**, then select **+** to add the application. You should see it on the **SELECTED** panel. + +21. Submit your changes. + +22. On the **WDATPAlertExport** record, in the **Delegated Permissions** field, select **Access WDATPAlertExport**. + +23. Save the application changes. + +After configuring the application in AAD, you can continue to configure the SIEM tool that you want to use. + +## Related topics +- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md) +- [Configure Splunk to consume alerts](configure-splunk-windows-defender-advanced-threat-protection.md) +- [Configure HP ArcSight to consume alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..bd262bbc8a --- /dev/null +++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -0,0 +1,93 @@ +--- +title: Configure HP ArcSight to consume Windows Defender ATP alerts +description: Configure HP ArcSight to receive and consume alerts from the Windows Defender ATP portal. +keywords: configure hp arcsight, security information and events management tools, arcsight +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +--- + +# Configure HP ArcSight to consume Windows Defender ATP alerts + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +You'll need to configure HP ArcSight so that it can consume Windows Defender ATP alerts. + +## Before you begin + +- Get the following information from your Azure Active Directory (AAD) application by selecting the **View Endpoint** on the application configuration page: + - OAuth 2 Token refresh URL + - OAuth 2 Client ID + - OAuth 2 Client secret +- Create your OAUth 2 Client properties file or get it from your Windows Defender ATP contact. For more information, see the ArcSight FlexConnector Developer's guide. + + > [!NOTE] + > **For the authorization URL**: Append the following to the value you got from the AAD app: ```?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com```
+ > **For the redirect_uri value use**: ```https://localhost:44300/wdatpconnector``` + > +- Get the *wdatp-connector.properties* file from your Windows Defender ATP contact. This file is used to parse the information from Windows Defender ATP to HP ArcSight consumable format. +- Install the HP ArcSight REST FlexConnector package on a server that has access to the Internet. +- Contact the Windows Defender ATP team to get your refresh token or follow the steps in the section "Run restutil to Obtain a Refresh Token for Connector Appliance/ArcSight Management Center" in the ArcSight FlexConnector Developer's guide. + +## Configure HP ArcSight +The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin). + +1. Copy the *wdatp-connector.jsonparser.properties* file into the `\current\user\agent\flexagent` folder of the connector installation folder. + +2. Save the *wdatp-connector.properties* file into a folder of your choosing. + +3. Open an elevated command-line: + + a. Go to **Start** and type **cmd**. + + b. Right-click **Command prompt** and select **Run as administrator**. + +4. Enter the following command and press **Enter**: ```runagentsetup.bat```. The Connector Setup pop-up window appears. + +5. In the form fill in the following required fields with these values: + >[!NOTE] + >All other values in the form are optional and can be left blank. + + + + + + + + + + + + + + + + + + + + + + + + +
FieldValue
Configuration FileType in the name of the client property file. It must match the client property file.
Events URL`https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
Authentication TypeOAuth 2
OAuth 2 Client Properties fileSelect *wdatp-connector.properties*.
Refresh TokenPaste the refresh token that your Windows Defender ATP contact provided, or run the `restutil` tool to get it.
+6. Select **Next**, then **Save**. + +7. Run the connector. You can choose to run in Service mode or Application mode. + +8. In the HP ArcSight console, create a **Windows Defender ATP** channel with intervals and properties suitable to your enterprise needs. Windows Defender ATP alerts will appear as discrete events, with “Microsoft” as the vendor and “Windows Defender ATP” as the device name. + +## Related topics +- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md) +- [Configure Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md) +- [Configure Splunk to consume alerts](configure-splunk-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index d8db5694c4..535be7d761 100644 --- a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -14,14 +14,17 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Group Policy +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] +> [!NOTE] +> To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later. -> **Note**  To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later. - -### Onboard endpoints +## Onboard endpoints 1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Endpoint Management** on the **Navigation pane**. @@ -45,10 +48,11 @@ author: mjcaparas 9. Click **OK** and close any open GPMC windows. ## Additional Windows Defender ATP configuration settings +For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis. You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature. -### Configure sample collection settings +### Configure sample collection settings 1. On your GP management machine, copy the following files from the configuration package: @@ -66,20 +70,24 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa 6. Choose to enable or disable sample sharing from your endpoints. +>[!NOTE] +> If you don't set a value, the default value is to enable sample collection. + ### Offboard endpoints For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. -> **Note**  Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions. +> [!NOTE] +> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions. 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Endpoint Management** on the **Navigation pane**. - + b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file. - + 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. -3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click Edit. +3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**. 4. In the **Group Policy Management Editor**, go to **Computer configuration,** then **Preferences**, and then **Control panel settings**. @@ -93,15 +101,16 @@ For security reasons, the package used to offboard endpoints will expire 30 days 9. Click **OK** and close any open GPMC windows. -## Monitor endpoint configuration +## Monitor endpoint configuration With Group Policy there isn’t an option to monitor deployment of policies on the endpoints. Monitoring can be done directly on the portal, or by using the different deployment tools. -## Monitor endpoints using the portal +## Monitor endpoints using the portal 1. Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/). 2. Click **Machines view**. 3. Verify that endpoints are appearing. -> **Note**  It can take several days for endpoints to start showing on the **Machines view**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting. +> [!NOTE] +> It can take several days for endpoints to start showing on the **Machines view**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting. ## Related topics diff --git a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index 699d49c7ec..14be889faa 100644 --- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -14,11 +14,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14379 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints. For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx). @@ -35,7 +36,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre b. Select **Mobile Device Management/Microsoft Intune**, click **Download package** and save the .zip file. -2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATP.onboarding*. +2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*. 3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune). @@ -53,13 +54,15 @@ Health Status for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThrea Configuration for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1
Default value: 1 | Windows Defender ATP Sample sharing is enabled -> **Note**  The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated. +> [!NOTE] +> The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated. ### Offboard and monitor endpoints For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. -> **Note**  Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions. +> [!NOTE] +> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions. 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): @@ -82,7 +85,8 @@ Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding | Health Status for offboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | FALSE |Windows Defender ATP service is not running | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 0 | Offboarded from Windows Defender ATP -> **Note**  The **Health Status for offboarded machines** policy uses read-only properties and can't be remediated. +> [!NOTE] +> The **Health Status for offboarded machines** policy uses read-only properties and can't be remediated. ## Related topics diff --git a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index 3f7fac27dc..1d009b3943 100644 --- a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -12,52 +12,81 @@ author: mjcaparas # Configure endpoints using System Center Configuration Manager - **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) - -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] +- System Center 2012 Configuration Manager or later versions ## Configure endpoints using System Center Configuration Manager (current branch) version 1606 -System Center Configuration Manager (current branch) version 1606, currently in technical preview, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see the [Support for Windows Defender Advanced Threat Protection service](https://technet.microsoft.com/en-us/library/mt706220.aspx#BKMK_ATP) section. - -> **Note**   If you intend to use this deployment tool, ensure that you are on Windows 10 Insider Preview Build 14379 or later. This deployment method is only available from that build or later. +System Center Configuration Manager (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682). -## Configure endpoints using System Center Configuration Manager (current branch) version 1602 or earlier versions -You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in System Center Configuration Manager (current branch), version 1602 or earlier, including: System Center 2012 R2 Configuration Manager and System Center 2012 Configuration Manager. +## Configure endpoints using System Center Configuration Manager earlier versions +You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions: -### Onboard endpoints +- System Center 2012 Configuration Manager +- System Center 2012 R2 Configuration Manager +- System Center Configuration Manager (current branch), version 1511 +- System Center Configuration Manager (current branch), version 1602 + +### Onboard endpoints 1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Endpoint Management** on the **Navigation pane**. - b. Select **System Center Configuration Manager (current branch) version 1602 or earlier**, click **Download package**, and save the .zip file. + b. Select **System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file. -2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATPOnboardingScript.cmd*. +2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*. 3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. 4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic. a. Choose a predefined device collection to deploy the package to. - -### Offboard endpoints + +### Configure sample collection settings +For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis. + +You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on an endpoint. +This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint. + +The configuration is set through the following registry key entry: + +```text +Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection” +Name: "AllowSampleCollection" +Value: 0 or 1 +``` +Where:
+Key type is a D-WORD.
+Possible values are: +- 0 - doesn't allow sample sharing from this endpoint +- 1 - allows sharing of all file types from this endpoint + +The default value in case the registry key doesn’t exist is 1. + +For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/en-us/library/gg681958.aspx). + + +### Offboard endpoints For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. -> **Note**  Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions. +> [!NOTE] +> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions. 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint Management** on the **Navigation pane**. - - b. Under **Endpoint offboarding** section, select **System Center Configuration Manager (current branch) version 1602 or earlier**, click **Download package**, and save the .zip file. - + a. Click **Endpoint Management** on the **Navigation pane**. + + b. Under **Endpoint offboarding** section, select **System Center Configuration Manager System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file. + 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. 3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. @@ -65,7 +94,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days 4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic. a. Choose a predefined device collection to deploy the package to. - + ### Monitor endpoint configuration Monitoring with SCCM consists of two parts: @@ -83,12 +112,25 @@ Monitoring with SCCM consists of two parts: 4. Review the status indicators under **Completion Statistics** and **Content Status**. -If there are failed deployments (endpoints with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the endpoints. See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) topic for more information. +If there are failed deployments (endpoints with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the endpoints. For more information see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md). ![SCCM showing successful deployment with no errors](images/sccm-deployment.png) +**Check that the endpoints are compliant with the Windows Defender ATP service:**
+You can set a compliance rule for configuration item in System Center Configuration Manager to monitor your deployment. + +This rule should be a *non-remediating* compliance rule configuration item that monitors the value of a registry key on targeted machines. + +Monitor the following registry key entry: +``` +Path: “HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status” +Name: “OnboardingState” +Value: “1” +``` +For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/en-us/library/gg681958.aspx). + ## Related topics - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) -- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) -- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) +- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md index 9d4a39eccc..1e740f14b3 100644 --- a/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md @@ -11,9 +11,18 @@ author: mjcaparas --- # Configure endpoints using a local script + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network. - +## Onboard endpoints 1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Endpoint Management** on the **Navigation pane**. @@ -21,11 +30,11 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You b. Select **Local Script**, click **Download package** and save the .zip file. -2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.cmd*. +2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*. 3. Open an elevated command-line prompt on the endpoint and run the script: - a. Click **Start** and type **cmd**. + a. Go to **Start** and type **cmd**. b. Right-click **Command prompt** and select **Run as administrator**. @@ -35,24 +44,46 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You 5. Press the **Enter** key or click **OK**. -See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) topic for details on how you can manually validate that the endpoint is compliant and correctly reports telemetry. +For for information on how you can manually validate that the endpoint is compliant and correctly reports telemetry see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md). -## Offboard endpoints using a local script +## Configure sample collection settings +For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis. + +You can manually configure the sample sharing setting on the endpoint by using *regedit* or creating and running a *.reg* file. + +The configuration is set through the following registry key entry: + +```text +Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection” +Name: "AllowSampleCollection" +Value: 0 or 1 +``` +Where:
+Name type is a D-WORD.
+Possible values are: +- 0 - doesn't allow sample sharing from this endpoint +- 1 - allows sharing of all file types from this endpoint + +The default value in case the registry key doesn’t exist is 1. + + +## Offboard endpoints For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. -> **Note**  Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions. +> [!NOTE] +> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions. 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Endpoint Management** on the **Navigation pane**. - + b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file. - + 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. 3. Open an elevated command-line prompt on the endpoint and run the script: - a. Click **Start** and type **cmd**. + a. Go to **Start** and type **cmd**. b. Right-click **Command prompt** and select **Run as administrator**. @@ -62,6 +93,18 @@ For security reasons, the package used to offboard endpoints will expire 30 days 5. Press the **Enter** key or click **OK**. +## Monitor endpoint configuration +You can follow the different verification steps in the [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) to verify that the script completed successfully and the agent is running. + +Monitoring can also be done directly on the portal, or by using the different deployment tools. + +### Monitor endpoints using the portal +1. Go to the Windows Defender ATP portal. + +2. Click **Machines view**. + +3. Verify that endpoints are appearing. + ## Related topics - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md index 0028b5478b..bd69be41b4 100644 --- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Configure Windows Defender ATP endpoints -description: Use Group Policy or SCCM to deploy the configuration package or do manual registry changes on endpoints so that they are onboarded to the service. -keywords: configure endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm, system center configuration manager +description: Configure endpoints so that they are onboarded to the service. +keywords: configure endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -14,11 +14,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - Endpoints in your organization must be configured so that the Windows Defender ATP service can get telemetry from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization. Windows Defender ATP supports the following deployment tools and methods: diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 27177d0829..bc045d449a 100644 --- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Configure Windows Defender ATP endpoint proxy and Internet connection settings description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service. -keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, web proxy auto detect, wpad, netsh, winhttp, proxy server +keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -15,168 +15,91 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report telemetry and communicate with the Windows Defender ATP service. The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service. The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods: -- Configure Web Proxy Auto Detect (WPAD) settings and configure Windows to automatically detect the proxy server +- Configure the proxy server manually using a static proxy -- Configure the proxy server manually using Netsh +## Configure the proxy server manually using a static proxy +Configure a static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. -## Configure Web Proxy Auto Detect (WPAD) settings and proxy server +The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**. -Configure WPAD in the environment and configure Windows to automatically detect the proxy server through Policy or the local Windows settings. - -Enable the **Automatically detect settings** option in the Windows Proxy settings so that WinHTTP can use the WPAD feature to locate a proxy server. - -1. Click **Start** and select **Settings**. - -2. Click **Network & Internet**. - -3. Select **Proxy**. - -4. Verify that the **Automatically detect settings** option is set to On. - - ![Image showing the proxy settings configuration page](images/proxy-settings.png) - -5. If the **Use setup script** or **Manual proxy setup** options are enabled then you will need to [configure proxy settings manually by using Netsh](#configure-proxy-server-manually-using-netsh) method for WinHTTP to discover the appropriate proxy settings and connect. - -## Configure the proxy server manually using Netsh - -If **Use setup script** or **Manual proxy setup** settings are configured in the Windows Proxy setting, then endpoints will not be discovered by WinHTTP. -Use Netsh to configure the proxy settings to enable connectivity. - -You can configure the endpoint by using any of these methods: - -- Importing the configured proxy settings to WinHTTP -- Configuring the proxy settings manually to WinHTTP - -After configuring the endpoints, you'll need to verify that the correct proxy settings were applied. - -**Import the configured proxy settings to WinHTTP** - -1. Open an elevated command-line prompt on the endpoint: - - a. Click **Start** and type **cmd**. - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command and press **Enter**: - - ```text - netsh winhttp import proxy source=ie - ``` - An output showing the applied WinHTTP proxy settings is displayed. - - - **Configure the proxy settings manually to WinHTTP** - - 1. Open an elevated command-line prompt on the endpoint: - - a. Click **Start** and type **cmd**. - - b. Right-click **Command prompt** and select **Run as administrator**. - - 2. Enter the following command and press **Enter**: - - ```text - proxy [proxy-server=] ProxyServerName:PortNumber - ``` - Replace *ProxyServerName* with the fully qualified domain name of the proxy server. - - Replace *PortNumber* with the port number that you want to configure the proxy server with. - - An output showing the applied WinHTTP proxy settings is displayed. - - -**Verify that the correct proxy settings were applied** - -1. Open an elevated command-line prompt on the endpoint: - - a. Click **Start** and type **cmd**. - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command and press **Enter**: +The registry key that this policy sets can be found at: +```HKLM\Software\Policies\Microsoft\Windows\DataCollection TelemetryProxyServer``` +The policy and the registry key takes the following string format: +```text +: ``` -netsh winhttp show proxy -``` +For example: 10.0.0.6:8080 -For more information on how to use Netsh see, [Netsh Commands for Windows Hypertext Transfer Protocol (WINHTTP)](https://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx) +If the static proxy settings are configured after onboarding, then you must restart the PC to apply the proxy settings. ## Enable access to Windows Defender ATP service URLs in the proxy server If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443: -- *.blob.core.windows.net -- crl.microsoft.com -- eu.vortex-win.data.microsoft.com -- sevillegwcus.microsoft.com -- sevillegweus.microsoft.com -- sevillegwneu.microsoft.com -- sevillegwweu.microsoft.com -- us.vortex-win.data.microsoft.com -- www.microsoft.com +Primary Domain Controller | .Microsoft.com DNS record +:---|:--- + Central US | winatp-gw-cus.microsoft.com
us.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net + East US (2)| winatp-gw-eus.microsoft.com
us.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net + West Europe | winatp-gw-weu.microsoft.com
eu.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net + North Europe | winatp-gw-neu.microsoft.com
eu.vortex-win.data.microsoft.com
crl.microsoft.com
*.blob.core.windows.net +
+ If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. -If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted to the above listed URLs. ## Verify client connectivity to Windows Defender ATP service URLs Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs. -1. Download the connectivity verification tools to the PC where Windows Defender ATP sensor is running on: +1. Download the [connectivity verification tool](https://go.microsoft.com/fwlink/p/?linkid=823683) to the PC where Windows Defender ATP sensor is running on. - - [Download PsTools Suite](https://technet.microsoft.com/en-us/sysinternals/bb896649) - - [Download PortQry Command Line Port Scanner Version 2.0 utility](https://www.microsoft.com/en-us/download/details.aspx?id=17148) +2. Extract the contents of WDATPConnectivityAnalyzer on the endpoint. -2. Extract the contents of **PsTools** and **PortQry** to a directory on the computer hard drive. +3. Open an elevated command-line: -3. Open an elevated command-line: - - a. Click **Start** and type **cmd**. + a. Go to **Start** and type **cmd**. b. Right-click **Command prompt** and select **Run as administrator**. 4. Enter the following command and press **Enter**: ``` - HardDrivePath\PsExec.exe -s cmd.exe + HardDrivePath\WDATPConnectivityAnalyzer.cmd ``` - Replace *HardDrivePath* with the path where the PsTools Suite was extracted to: - ![Image showing the command line](images/psexec-cmd.png) - -5. Enter the following command and press **Enter**: - + Replace *HardDrivePath* with the path where the WDATPConnectivityAnalyzer tool was downloaded to, for example + ```text + C:\Work\tools\WDATPConnectivityAnalyzer\WDATPConnectivityAnalyzer.cmd ``` - HardDrivePath\portqry.exe -n us.vortex-win.data.microsoft.com -e 443 -p tcp - ``` - Replace *HardDrivePath* with the path where the PortQry utility was extracted to: - ![Image showing the command line](images/portqry.png) -6. Verify that the output shows that the name is **resolved** and connection status is **listening**. +5. Extract the *WDATPConnectivityAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*. -7. Repeat the same steps for the remaining URLs with the following arguments: +6. Open *WDATPConnectivityAnalyzer.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.

+The tool checks the connectivity of Windows Defender ATP service URLs that Windows Defender ATP client is configured to interact with. It then prints the results into the *WDATPConnectivityAnalyzer.txt* file for each URL that can potentially be used to communicate with the Windows Defender ATP services. For example: + ```text + Testing URL : https://xxx.microsoft.com/xxx + 1 - Default proxy: Succeeded (200) + 2 - Proxy auto discovery (WPAD): Succeeded (200) + 3 - Proxy disabled: Succeeded (200) + 4 - Named proxy: Doesn't exist + 5 - Command line proxy: Doesn't exist + ``` - - portqry.exe -n eu.vortex-win.data.microsoft.com -e 443 -p tcp - - portqry.exe -n sevillegwcus.microsoft.com -e 443 -p tcp - - portqry.exe -n sevillegweus.microsoft.com -e 443 -p tcp - - portqry.exe -n sevillegwweu.microsoft.com -e 443 -p tcp - - portqry.exe -n sevillegwneu.microsoft.com -e 443 -p tcp - - portqry.exe -n www.microsoft.com -e 80 -p tcp - - portqry.exe -n crl.microsoft.com -e 80 -p tcp +If at least one of the connectivity options returns a (200) status, then the Windows Defender ATP client can communicate with the tested URL properly using this connectivity method.

-8. Verify that each URL shows that the name is **resolved** and the connection status is **listening**. - -If the any of the verification steps indicate a fail, then verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. +However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure. ## Related topics - [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..9811157abe --- /dev/null +++ b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md @@ -0,0 +1,43 @@ +--- +title: Configure security information and events management tools +description: Configure supported security information and events management tools to receive and consume alerts. +keywords: configure siem, security information and events management tools, splunk, arcsight +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +--- + +# Configure security information and events management (SIEM) tools to consume alerts + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Windows Defender ATP supports security information and events management (SIEM) tools to consume alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to get alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment. + +Windows Defender ATP currently supports the following SIEM tools: + +- Splunk +- HP ArcSight + +To use either of these supported SIEM tools you'll need to: + +- [Configure an Azure Active Directory application for SIEM integration in your tenant](configure-aad-windows-defender-advanced-threat-protection.md) +- Configure the supported SIEM tool: + - [Configure Splunk to consume alerts](configure-splunk-windows-defender-advanced-threat-protection.md) + - [Configure HP ArcSight to consume alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) + +## In this section + +Topic | Description +:---|:--- +[Configure an Azure Active Directory application](configure-aad-windows-defender-advanced-threat-protection.md)| Learn about configuring an Azure Active Directory application to integrate with supported security information and events management (SIEM) tools. + [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to consume Windows Defender ATP alerts. + [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to consume Windows Defender ATP alerts. diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..fc3fe7916f --- /dev/null +++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md @@ -0,0 +1,110 @@ +--- +title: Configure Splunk to consume Windows Defender ATP alerts +description: Configure Splunk to receive and consume alerts from the Windows Defender ATP portal. +keywords: configure splunk, security information and events management tools, splunk +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +--- + +# Configure Splunk to consume Windows Defender ATP alerts + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +You'll need to configure Splunk so that it can consume Windows Defender ATP alerts. + +## Before you begin + +- Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk +- Contact the Windows Defender ATP team to get your refresh token +- Get the following information from your Azure Active Directory (AAD) application by selecting the **View Endpoint** on the application configuration page: + - OAuth 2 Token refresh URL + - OAuth 2 Client ID + - OAuth 2 Client secret + +## Configure Splunk + +1. Login in to Splunk. + +2. Click **Search & Reporting**, then **Settings** > **Data inputs**. + +3. Click **REST** under **Local inputs**. +> [!NOTE] +> This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). + +4. Click **New**. + +5. Type the following values in the required fields, then click **Save**: +> [!NOTE] +>All other values in the form are optional and can be left blank. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldValue
Endpoint URL https://DataAccess-PRD.trafficmanager.net:444/api/alerts
HTTP MethodGET
Authentication Typeoauth2
OAuth 2 Token Refresh URL Value taken from AAD application
OAuth 2 Client IDValue taken from AAD application
OAuth 2 Client SecretValue taken from AAD application
Response typeJson
Response HandlerJSONArrayHandler
Polling IntervalNumber of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
Set sourcetypeFrom list
Source type\_json
+ +After completing these configuration steps, you can go to the Splunk dashboard and run queries. + +You can use the following query as an example in Splunk:
+```source="rest://windows atp alerts"|spath|table*``` + + +## Related topics +- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md) +- [Configure Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md) +- [Configure HP ArcSight to consume alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index c8f96612a3..988deb9e06 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -12,7 +12,7 @@ author: brianlic-msft **Applies to** - Windows 10 -- Windows Server 2016 Technical Preview +- Windows Server 2016 Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets. @@ -158,6 +158,7 @@ First, you must add the virtualization-based security features. You can do this ``` syntax dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all ``` + > [!NOTE] > You can also add these features to an online image by using either DISM or Configuration Manager. @@ -183,6 +184,7 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. 4. Close Registry Editor. + > [!NOTE] > You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. @@ -290,7 +292,7 @@ Some ways to store credentials are not protected by Credential Guard, including: - Software that manages credentials outside of Windows feature protection - Local accounts and Microsoft Accounts -- Credential Guard does not protect the Active Directory database running on Windows Server 2016 Technical Preview domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 Technical Preview servers running Remote Desktop Gateway. If you're using a Windows Server 2016 Technical Preview server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise. +- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise. - Key loggers - Physical attacks - Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access high value assets in your organization. @@ -328,7 +330,7 @@ Enabling compound authentication also enables Kerberos armoring, which provides ### Deploying machine certificates -If the domain controllers in your organization are running Windows Server 2016 Technical Preview, devices running Windows 10 will automatically enroll a machine certificate when Credential Guard is enabled and the PC is joined to the domain. +If the domain controllers in your organization are running Windows Server 2016, devices running Windows 10 will automatically enroll a machine certificate when Credential Guard is enabled and the PC is joined to the domain. If the domain controllers are running Windows Server 2012 R2, the machine certificates must be provisioned manually on each device. You can do this by creating a certificate template on the domain controller or certificate authority and deploying the machine certificates to each device. The same security procedures used for issuing smart cards to users should be applied to machine certificates. @@ -348,6 +350,7 @@ On devices that are running Credential Guard, enroll the devices using the machi ``` syntax CertReq -EnrollCredGuardCert MachineAuthentication ``` + > [!NOTE] > You must restart the device after enrolling the machine authentication certificate.   @@ -364,6 +367,7 @@ By using an authentication policy, you can ensure that users only sign into devi ``` syntax .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:”” –groupOU:”” –groupName:”” ``` + ### Deploy the authentication policy Before setting up the authentication policy, you should log any failed attempt to apply an authentication policy on the KDC. To do this in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. @@ -388,6 +392,7 @@ Now you can set up an authentication policy to use Credential Guard. 14. Click **OK** to create the authentication policy. 15. Close Active Directory Administrative Center. + > [!NOTE] > When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios.   diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index 024ddab8e2..e68df885fb 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -14,11 +14,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - The **Dashboard** displays a snapshot of: - The latest active alerts on your network @@ -40,18 +41,18 @@ You can view the overall number of active ATP alerts from the last 30 days in yo Each group is further sub-categorized into their corresponding alert severity levels. Click the number of alerts inside each alert ring to see a sorted view of that category's queue (**New** or **In progress**). -See the [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) topic for more information. +For more information see, [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md). -The **Latest ATP alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. See the [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) topics for more information. +The **Latest ATP alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. For more information see, [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md). ## Machines at risk This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label). ![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/machines-at-risk.png) -Click the name of the machine to see details about that machine. See the [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-a-machine) topic for more information. +Click the name of the machine to see details about that machine. For more information see, [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-a-machine). -You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. See the [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) topic for more information. +You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md). ## Status The **Status** tile informs you if the service is active and running and the unique number of machines (endpoints) reporting over the past 30 days. @@ -84,7 +85,8 @@ Threats are considered "active" if there is a very high probability that the mal Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine. -> **Note**  The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> [!NOTE] +> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. ### Related topics - [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md index a5d2bec8ce..4a509cf46a 100644 --- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -14,13 +14,15 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP. -> **Note**  This document covers the information specific to the Windows Defender ATP service. Other data shared and stored by Windows Defender and Windows 10 is covered under the [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). See the [Windows 10 privacy FAQ for more information](http://windows.microsoft.com/en-au/windows-10/windows-privacy-faq). +> [!NOTE] +> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). See also [Windows 10 privacy FAQ](http://windows.microsoft.com/en-au/windows-10/windows-privacy-faq) for more information. ## What data does Windows Defender ATP collect? @@ -28,7 +30,7 @@ Microsoft will collect and store information from your configured endpoints in a Information collected includes code file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as GUIDs, names, and the operating system version). -Microsoft stores this data in a Microsoft Azure security-specific data store, and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://azure.microsoft.com/en-us/support/trust-center/). +Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://azure.microsoft.com/en-us/support/trust-center/). Microsoft uses this data to: - Proactively identify indicators of attack (IOAs) in your organization @@ -39,10 +41,10 @@ Microsoft does not mine your data for advertising or for any other purpose other ## Do I have the flexibility to select where to store my data? -Data for this new service is stored in Microsoft Azure datacenters in the United States and European Union based on the geolocation properties. Subject to the relevant preview program you may be able to specify your preferred geolocation when you onboard to the service. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations in which your data will reside. Microsoft will not transfer the data from the specified geolocation except in specific circumstances during the preview stage. +When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation. ## Is my data isolated from other customer data? -Yes. The new cloud service provides appropriate segregation at a number of levels, such as isolation of files, configurations, and telemetry data. Aside from data access authentication, simply keeping different data appropriately segregated provides well-recognized protection. +Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides. ## How does Microsoft prevent malicious insider activities and abuse of high privilege roles? @@ -58,18 +60,14 @@ Additionally, Microsoft conducts background verification checks of certain opera No. Customer data is isolated from other customers and is not shared. However, insights on the data resulting from Microsoft processing, and which don’t contain any customer specific data, might be shared with other customers. Each customer can only access data collected from its own organization and generic data that Microsoft provides. ## How long will Microsoft store my data? What is Microsoft’s data retention policy? -Your data privacy is one of Microsoft's key commitments for the cloud. For this service, at contract termination or expiration, your data will be erased from Microsoft’s systems to make it unrecoverable after 90 days (from contract termination or expiration). +**At service onboarding**
+You can choose the data retention policy for your data. This determines how long Window Defender ATP will store your data. There’s a flexibility of choosing in the range of 1 month to six months to meet your company’s regulatory compliance needs. + +**At contract termination or expiration**
+Your data will be kept for a period of at least 90 days, during which it will be available to you. At the end of this period, that data will be erased from Microsoft’s systems to make it unrecoverable, no later than 180 days from contract termination or expiration. + ## Can Microsoft help us maintain regulatory compliance? Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP has a roadmap for obtaining national, regional and industry-specific certifications, starting with ISO 27001. The service is designed, implemented, and maintained according to the compliance and privacy principles of ISO 27001, as well as Microsoft’s compliance standards. By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run, including this new Microsoft cloud service. -## Is there a difference between how Microsoft handles data for the preview programs and for General Availability? -Subject to the preview program you are in, you could be asked to choose to store your data in a datacenter either in Europe or United States. Your data will not be copied or moved outside of the datacenter you choose, except in the following specific circumstance: - -1. You choose Europe as your datacenter, and -2. You [submit a file for deep analysis](investigate-files-windows-defender-advanced-threat-protection.md#submit-files-for-analysis). - -In this circumstance, the submitted file will be sent to the US deep analysis laboratory. The results of the analysis will be stored in the European datacenter, and the file and data will be deleted from the US deep analysis laboratory and datacenter. - -This is a temporary measure as we work to integrate our deep analysis capabilities into the European datacenter. If you have any concerns or questions about submitting files for deep analysis and you are using a European datacenter, or if you’d like to be updated as to when the European deep analysis lab is online, email [winatp@microsoft.com](mailto:winatp@microsoft.com). diff --git a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..2ad4b75d16 --- /dev/null +++ b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md @@ -0,0 +1,32 @@ +--- +title: Windows Defender compatibility +description: Learn about how Windows Defender works with Windows Defender ATP. +keywords: windows defender compatibility, defender, windows defender atp +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +--- + +# Windows Defender compatibility + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +The Windows Defender Advanced Threat Protection agent depends on Windows Defender for some capabilities such as file scanning. + +If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender on that endpoint will enter into passive mode. + +Windows Defender will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. + +The Windows Defender interface will be disabled, and users on the endpoint will not be able to use Windows Defender to perform on-demand scans or configure most options. + +For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md# compatibility-with-windows-defender-advanced-threat-protection). diff --git a/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md b/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md index 97ad8e6624..57d8b9394e 100644 --- a/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md +++ b/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md @@ -30,11 +30,11 @@ These applications can increase the risk of your network being infected with mal Since the stakes are higher in an enterprise environment, the potential disaster and potential productivity and performance disruptions that PUA brings can be a cause of concern. Hence, it is important to deliver trusted protection in this field. -**Enable PUA protection in SCCM and Intune** +##Enable PUA protection in SCCM and Intune The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Intune in their infrastructure. -***Configure PUA in SCCM*** +###Configure PUA in SCCM For SCCM users, PUA is enabled by default. See the following topics for configuration details: @@ -43,7 +43,8 @@ If you are using these versions | See these topics System Center Configuration Manager (current branch) version 1606 | [Create a new antimalware policy](https://technet.microsoft.com/en-US/library/mt613199.aspx#To-create-a-new-antimalware-policy)
[Real-time Protection Settings](https://technet.microsoft.com/en-US/library/mt613199.aspx#Real-time-Protection-Settings) System Center 2012 R2 Endpoint Protection
System Center 2012 Configuration Manager
System Center 2012 Configuration Manager SP1
System Center 2012 Configuration Manager SP2
System Center 2012 R2 Configuration Manager
System Center 2012 Endpoint Protection SP1
System Center 2012 Endpoint Protection
System Center 2012 R2 Configuration Manager SP1| [How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508770.aspx#BKMK_PUA) -***Use PUA audit mode in SCCM*** +
+###Use PUA audit mode in SCCM You can use PowerShell to detect PUA without blocking them. In fact, you can run audit mode on individual machines. This feature is useful if your company is conducting an internal software security compliance check and you’d like to avoid any false positives. @@ -62,16 +63,16 @@ You can use PowerShell to detect PUA without blocking them. In fact, you can run > PUA events are reported in the Windows Event Viewer and not in SCCM. -***Configure PUA in Intune*** +###Configure PUA in Intune PUA is not enabled by default. You need to [Create and deploy a PUA configuration policy to use it](https://docs.microsoft.com/en-us/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). See the [Potentially Unwanted Application Detection policy setting](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune) for details. - ***Use PUA audit mode in Intune*** +###Use PUA audit mode in Intune You can detect PUA without blocking them from your client. Gain insights into what can be blocked. -**View PUA events** +##View PUA events PUA events are reported in the Windows Event Viewer and not in SCCM or Intune. To view PUA events: @@ -83,18 +84,18 @@ PUA events are reported in the Windows Event Viewer and not in SCCM or Intune. T You can find a complete list of the Microsoft antimalware event IDs, the symbol, and the description of each ID in [Windows Server Antimalware Events TechNet](https://technet.microsoft.com/library/dn913615.aspx). -**What PUA notifications look like** +##What PUA notifications look like When a detection occurs, end users who enabled the PUA detection feature will see the following notification: To see historical PUA detections that occurred on a PC, users can go to History, then **Quarantined items** or **All detected items**. -**PUA threat-naming convention** +##PUA threat file-naming convention When enabled, potentially unwanted applications are identified with threat names that start with “PUA:”, such as, PUA:Win32/Creprote. -**PUA blocking conditions** +##PUA blocking conditions PUA protection quarantines the file so they won’t run. PUA will be blocked only at download or install-time. A file will be included for blocking if it has been identified as PUA and meets one of the following conditions: * The file is being scanned from the browser diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md index 33d2044176..9fb1f45bd6 100644 --- a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md +++ b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md @@ -10,11 +10,11 @@ ms.pagetype: security author: eross-msft --- -# List of enlightened Microsoft apps for use with Windows Information Protection(WIP) +# List of enlightened Microsoft apps for use with Windows Information Protection (WIP) **Applies to:** -- Windows 10, version 6017 +- Windows 10, version 1607 - Windows 10 Mobile Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md index f019d14fdf..3dd165c68a 100644 --- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Review events and errors on endpoints with Event Viewer description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service. -keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Advanced Threat Protection service, cannot start, broken, can't start +keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -15,16 +15,19 @@ author: iaanw **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Event Viewer +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/en-US/library/aa745633(v=bts.10).aspx) on individual endpoints. For example, if endpoints are not appearing in the **Machines view** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. -> **Note**  It can take several days for endpoints to begin reporting to the Windows Defender ATP service. +> [!NOTE] +> It can take several days for endpoints to begin reporting to the Windows Defender ATP service. **Open Event Viewer and find the Windows Defender ATP service event log:** @@ -35,7 +38,8 @@ For example, if endpoints are not appearing in the **Machines view** list, you m a. You can also access the log by expanding **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE** and click on **Operational**. - > **Note**  SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. + > [!NOTE] + > SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. 3. Events recorded by the service will appear in the log. See the following table for a list of events recorded by the service. @@ -49,39 +53,39 @@ For example, if endpoints are not appearing in the **Machines view** list, you m 1 -Windows Advanced Threat Protection service started (Version ```variable```). +Windows Defender Advanced Threat Protection service started (Version ```variable```). Occurs during system start up, shut down, and during onbboarding. Normal operating notification; no action required. 2 -Windows Advanced Threat Protection service shutdown. +Windows Defender Advanced Threat Protection service shutdown. Occurs when the endpoint is shut down or offboarded. Normal operating notification; no action required. 3 -Windows Advanced Threat Protection service failed to start. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to start. Failure code: ```variable```. Service did not start. Review other messages to determine possible cause and troubleshooting steps. 4 -Windows Advanced Threat Protection service contacted the server at ```variable```. -variable = URL of the Windows Defender ATP processing servers.
+Windows Defender Advanced Threat Protection service contacted the server at ```variable```. +Variable = URL of the Windows Defender ATP processing servers.
This URL will match that seen in the Firewall or network activity. Normal operating notification; no action required. 5 -Windows Advanced Threat Protection service failed to connect to the server at ```variable```. -variable = URL of the Windows Defender ATP processing servers.
+Windows Defender Advanced Threat Protection service failed to connect to the server at ```variable```. +Variable = URL of the Windows Defender ATP processing servers.
The service could not contact the external processing servers at that URL. Check the connection to the URL. See [Configure proxy and Internet connectivity](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#configure-proxy-and-Internet-connectivity). 6 -Windows Advanced Threat Protection service is not onboarded and no onboarding parameters were found. +Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. The endpoint did not onboard correctly and will not be reporting to the portal. Onboarding must be run before starting the service.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
@@ -89,72 +93,66 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 7 -Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: ```variable``` -The endpoint did not onboard correctly and will not be reporting to the portal. +Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: ```variable```. +Variable = detailed error description. The endpoint did not onboard correctly and will not be reporting to the portal. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). 8 -Windows Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable``` -The endpoint did not onboard correctly and will not be reporting to the portal. -Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +Windows Defender Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable```. +**During onboarding:** The service failed to clean its configuration during the onboarding. The onboarding process continues.

**During offboarding:** The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running. + +**Onboarding:** No action required.

**Offboarding:** Reboot the system.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). 9 -Windows Advanced Threat Protection service failed to change its start type. Failure code: ```variable``` -The endpoint did not onboard correctly and will not be reporting to the portal. +Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: ```variable```. +**During onboarding:** The endpoint did not onboard correctly and will not be reporting to the portal.

**During offboarding:** Failed to change the service start type. The offboarding process continues. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). 10 -Windows Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```. The endpoint did not onboard correctly and will not be reporting to the portal. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). 11 -Windows Advanced Threat Protection service completed. +Onboarding or re-onboarding of Windows Defender Advanced Threat Protection service completed. The endpoint onboarded correctly. Normal operating notification; no action required.
It may take several hours for the endpoint to appear in the portal. 12 -Windows Advanced Threat Protection failed to apply the default configuration. -Service was unable to apply configuration from the processing servers. -This is a server error and should resolve after a short period. +Windows Defender Advanced Threat Protection failed to apply the default configuration. +Service was unable to apply the default configuration. +This error should resolve after a short period of time. 13 -Service machine ID calculated: ```variable``` +Windows Defender Advanced Threat Protection machine ID calculated: ```variable```. Normal operating process. Normal operating notification; no action required. -14 -Service cannot calculate machine ID. Failure code: ```variable``` -Internal error. -Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) - - 15 -Windows Advanced Threat Protection cannot start command channel with URL: ```variable``` -variable = URL of the Windows Defender ATP processing servers.
+Windows Defender Advanced Threat Protection cannot start command channel with URL: ```variable```. +Variable = URL of the Windows Defender ATP processing servers.
The service could not contact the external processing servers at that URL. Check the connection to the URL. See [Configure proxy and Internet connectivity](#configure-proxy-and-Internet-connectivity). 17 -Windows Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```. An error occurred with the Windows telemetry service. -[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled)
+[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). 18 @@ -171,44 +169,45 @@ If this error persists after a system restart, ensure all Windows updates have f 20 -Cannot wait for OOBE (Windows Welcome) to complete. Failure code: ```variable``` +Cannot wait for OOBE (Windows Welcome) to complete. Failure code: ```variable```. Internal error. If this error persists after a system restart, ensure all Windows updates have full installed. 25 -Windows Advanced Threat Protection service failed to reset health status in the registry, causing the onboarding process to fail. Failure code: ```variable``` -The endpoint did not onboard correctly and will not be reporting to the portal. +Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: ```variable```. +The endpoint did not onboard correctly. +It will report to the portal, however the service may not appear as registered in SCCM or the registry. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). 26 -Windows Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```. The endpoint did not onboard correctly.
It will report to the portal, however the service may not appear as registered in SCCM or the registry. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). 27 -Windows Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable```. Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
Ensure real-time antimalware protection is running properly. 28 -Windows Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable``` +Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```. An error occurred with the Windows telemetry service. [Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). 30 -Windows Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable```. Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
@@ -216,24 +215,115 @@ Ensure real-time antimalware protection is running properly. 31 -Windows Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable``` -An error occurred with the Windows telemetry service. +Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```. +An error occurred with the Windows telemetry service during onboarding. The offboarding process continues. [Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled). +32 +Windows Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1 +An error occurred during offboarding. +Reboot the machine. + + 33 -Windows Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```. A unique identifier is used to represent each endpoint that is reporting to the portal.
If the identifier does not persist, the same machine might appear twice in the portal. Check registry permissions on the endpoint to ensure the service can update the registry. 34 -Windows Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable``` +Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```. An error occurred with the Windows telemetry service. [Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) +See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). + + +35 +Windows Defender Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```. +An error occurred with the Windows telemetry service during offboarding. The offboarding process continues. + +Check for errors with the Windows telemetry service. + + +36 +Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration succeeded. Completion code: ```variable```. +Registering Windows Defender Advanced Threat Protection with the Connected User Experiences and Telemetry service completed successfully. +Normal operating notification; no action required. + + +37 +Windows Defender Advanced Threat Protection A module is about to exceed its quota. Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4. +The machine has almost used its allocated quota of the current 24-hour window. It’s about to be throttled. +Normal operating notification; no action required. + + +38 +Network connection is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4. +The machine is using a metered/paid network and will be contacting the server less frequently. +Normal operating notification; no action required. + + +39 +Network connection is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4. +The machine is not using a metered/paid connection and will contact the server as usual. +Normal operating notification; no action required. + + +40 +Battery state is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2. +The machine has low battery level and will contact the server less frequently. +Normal operating notification; no action required. + + +41 +Battery state is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2. +The machine doesn’t have low battery level and will contact the server as usual. +Normal operating notification; no action required. + + +42 +Windows Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4 +Internal error. The service failed to start. +If this error persists, contact Support. + + +43 +Windows Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5 +Internal error. The service failed to start. +If this error persists, contact Support. + + +44 +Offboarding of Windows Defender Advanced Threat Protection service completed. +The service was offboarded. +Normal operating notification; no action required. + + +45 +Failed to register and to start the event trace session [%1]. Error code: %2 +An error occurred on service startup while creating ETW session. This caused service start-up failure. +If this error persists, contact Support. + + +46 +Failed to register and start the event trace session [%1] due to lack of resources. Error code: %2. This is most likely because there are too many active event trace sessions. The service will retry in 1 minute. +An error occurred on service startup while creating ETW session due to lack of resources. The service started and is running, but will not report any sensor event until the ETW session is started. +Normal operating notification; no action required. The service will try to start the session every minute. + + +47 +Successfully registered and started the event trace session - recovered after previous failed attempts. +This event follows the previous event after successfully starting of the ETW session. +Normal operating notification; no action required. + + +48 +Failed to add a provider [%1] to event trace session [%2]. Error code: %3. This means that events from this provider will not be reported. +Failed to add a provider to ETW session. As a result, the provider events aren’t reported. +Check the error code. If the error persists contact Support. diff --git a/windows/keep-secure/guidance-and-best-practices-wip.md b/windows/keep-secure/guidance-and-best-practices-wip.md index 28eb875c28..70cee10111 100644 --- a/windows/keep-secure/guidance-and-best-practices-wip.md +++ b/windows/keep-secure/guidance-and-best-practices-wip.md @@ -21,6 +21,7 @@ This section includes info about the enlightened Microsoft apps, including how t ## In this section |Topic |Description | |------|------------| +|[Windows Information Protection (WIP) overview](wip-enterprise-overview.md) |High-level overview info about why to use WIP, the enterprise scenarios, and how to turn it off. | |[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |A list of all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as Windows Information Protection (WIP), in your enterprise. | |[Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. | |[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |We've come up with a list of suggested testing scenarios that you can use to test WIP in your company. | \ No newline at end of file diff --git a/windows/keep-secure/images/alert-details.png b/windows/keep-secure/images/alert-details.png index 7d23ae0374..e2f5a387b0 100644 Binary files a/windows/keep-secure/images/alert-details.png and b/windows/keep-secure/images/alert-details.png differ diff --git a/windows/keep-secure/images/alertsq2.png b/windows/keep-secure/images/alertsq2.png index a11b5ba76b..8e823cd9c7 100644 Binary files a/windows/keep-secure/images/alertsq2.png and b/windows/keep-secure/images/alertsq2.png differ diff --git a/windows/keep-secure/images/machines-view.png b/windows/keep-secure/images/machines-view.png index 3baf15a05f..f1d00f4035 100644 Binary files a/windows/keep-secure/images/machines-view.png and b/windows/keep-secure/images/machines-view.png differ diff --git a/windows/keep-secure/images/onboardingstate.png b/windows/keep-secure/images/onboardingstate.png index 0606e2b2c6..ab49c49e17 100644 Binary files a/windows/keep-secure/images/onboardingstate.png and b/windows/keep-secure/images/onboardingstate.png differ diff --git a/windows/keep-secure/images/portal-image.png b/windows/keep-secure/images/portal-image.png index be59f06fa5..c038da30de 100644 Binary files a/windows/keep-secure/images/portal-image.png and b/windows/keep-secure/images/portal-image.png differ diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md index 813a67705d..2dc4c2628a 100644 --- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md +++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md @@ -340,6 +340,7 @@ You’ll need this software to set Windows Hello for Business policies in your e
  • Azure AD subscription
  • [Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)
  • AD CS with NDES
    • +<<<<<<< HEAD
  • Configuration Manager for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work
    • diff --git a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md index d724b1862d..8bd01c944f 100644 --- a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md @@ -14,11 +14,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - Alerts in Windows Defender ATP indicate possible security breaches on endpoints in your organization. There are three alert severity levels, described in the following table. @@ -43,17 +44,39 @@ Details displayed about the alert include: - When the alert was last observed - Alert description - Recommended actions -- The potential scope of breach +- The incident graph - The indicators that triggered the alert -![A detailed view of an alert when clicked](images/alert-details.png) - Alerts attributed to an adversary or actor display a colored tile with the actor name. Click on the actor's name to see a threat intelligence profile of the actor, including a brief overview of the actor, their interests or targets, tools, tactics, and processes (TTPs) as well as areas where it's active worldwide. You will also see a set of recommended actions to take. Some actor profiles include a link to download a more comprehensive threat intelligence report. +![A detailed view of an alert when clicked](images/alert-details.png) + +## Incident graph +The incident graph provides a visual representation of where an alert was seen, events that triggered the alert, and which other machines are affected by the event. It provides an illustrated alert footprint on the original machine and expands to show the footprint of each alert event on other machines. + +You can click the circles on the incident graph to expand the nodes and view the associated events or files related to the alert. + +## Alert spotlight +The alert spotlight feature helps ease investigations by highlighting alerts related to a specific machine and events. You can highlight an alert and its related events in the machine timeline to increase your focus during an investigation. + +You can click on the machine link from the alert view to see the alerts related to the machine. + + + > [!NOTE] + > This shortcut is not available from the Incident graph machine links. + +Alerts related to the machine are displayed under the **Alerts related to this machine** section. +Clicking on an alert row takes you the to the date in which the alert was flagged on **Machine timeline**. This eliminates the need to manually filter and drag the machine timeline marker to when the alert was seen on that machine. + +You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and other events that occurred on the machine. Right-click on any alert from either section and select **Mark related events**. This highlights alerts and events that are related and helps differentiate between the other alerts listed in the timeline. Highlighted events are displayed in all filtering modes whether you choose to view the timeline by **Detections**, **Behaviours**, or **Verbose**. + +You can also remove the highlight by right-clicking a highlighted alert and selecting **Unmark related events**. + + ### Related topics - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) - [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md index fd75059fff..d138e36e1f 100644 --- a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md @@ -13,11 +13,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain. You can see information from the following sections in the URL view: diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md index 5dfb3959f9..6c1309102d 100644 --- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md @@ -13,11 +13,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach. You can get information from the following sections in the file view: @@ -62,11 +63,13 @@ Use the deep analysis feature to investigate the details of any file, usually du In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis. -> **Note**  Only files from Windows 10 can be automatically collected. +> [!NOTE] +> Only files from Windows 10 can be automatically collected. You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/en-us/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available. -> **Note**  Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP. +> [!NOTE] +> Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP. When the sample is collected, Windows Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on machines, communication to IPs, and registry modifications. @@ -84,7 +87,8 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure A progress bar is displayed and provides information on the different stages of the analysis. You can then view the report when the analysis is done. -> **Note**  Depending on machine availability, sample collection time can vary. There is a 3-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file. +> [!NOTE] +> Depending on machine availability, sample collection time can vary. There is a 1-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file. ## View deep analysis report @@ -121,10 +125,11 @@ HKLM\SOFTWARE\Policies\Microsoft\Sense\AllowSampleCollection Value = 0 - block sample collection Value = 1 - allow sample collection ``` -5. Change the organizational unit through the Group Policy. See [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md). +5. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md). 6. If these steps do not resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com). -> **Note**  If the value *AllowSampleCollection* is not available, the client will allow sample collection by default. +> [!NOTE] +> If the value *AllowSampleCollection* is not available, the client will allow sample collection by default. ### Related topics - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md index e1427b0400..dd72b28bc9 100644 --- a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md @@ -13,12 +13,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - - Examine possible communication between your machines and external internet protocol (IP) addresses. Identifying all machines in the organization that communicated with a suspected or known malicious IP address, such as Command and Control (C2) servers, helps determine the potential scope of breach, associated files, and infected machines. @@ -43,7 +43,8 @@ The **Communication with IP in organization** section provides a chronological v Details about the IP address are displayed, including: registration details (if available), reverse IPs (for example, domains), prevalence of machines in the organization that communicated with this IP Address (during selectable time period), and the machines in the organization that were observed communicating with this IP address. -> **Note**  Search results will only be returned for IP addresses observed in communication with machines in the organization. +> [!NOTE] +> Search results will only be returned for IP addresses observed in communication with machines in the organization. Use the search filters to define the search criteria. You can also use the timeline search box to filter the displayed results of all machines in the organization observed communicating with the IP address, the file associated with the communication and the last date observed. diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md index 0a7f63c71b..7eae125102 100644 --- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md @@ -14,11 +14,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, and the number of active malware detections. This view allows you to identify machines with the highest risk at a glance, and keep track of all the machines that are reporting telemetry in your network. Use the Machines view in these two main scenarios: @@ -37,7 +38,8 @@ The Machines view contains the following columns: - **Active Alerts** - the number of alerts reported by the machine by severity - **Active malware detections** - the number of active malware detections reported by the machine -> **Note**  The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> [!NOTE] +> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. Click any column header to sort the view in ascending or descending order. @@ -55,7 +57,8 @@ You can filter the view by the following time periods: - 30 days - 6 months -> **Note**  When you select a time period, the list will only display machines that reported within the selected time period. For example, selecting 1 day will only display a list of machines that reported telemetry within the last 24-hour period. +> [!NOTE] +> When you select a time period, the list will only display machines that reported within the selected time period. For example, selecting 1 day will only display a list of machines that reported telemetry within the last 24-hour period. The threat category filter lets you filter the view by the following categories: @@ -65,7 +68,7 @@ The threat category filter lets you filter the view by the following categories: - Threat - Low severity -See the [Investigate machines with active alerts](dashboard-windows-defender-advanced-threat-protection.md#investigate-machines-with-active-malware-detections) topic for a description of each category. +For more information on the description of each category see, [Investigate machines with active alerts](dashboard-windows-defender-advanced-threat-protection.md#investigate-machines-with-active-malware-detections). You can also download a full list of all the machines in your organization, in CSV format. Click the **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) to download the entire list as a CSV file. @@ -100,6 +103,8 @@ You'll see an aggregated view of alerts, a short description of the alert, detai This feature also enables you to selectively drill down into a behavior or event that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a specified time period. +You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alerts-spotlight) feature to see the correlation between alerts and events on a specific machine. + ![The timeline shows an interactive history of the alerts seen on a machine](images/timeline.png) Use the search bar to look for specific alerts or files associated with the machine. diff --git a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md index 718b2e22ce..ef1ab6abe0 100644 --- a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md @@ -14,14 +14,15 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - Windows Defender ATP notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu. -See the [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts) topic for more details on how to investigate alerts. +For more information on how to investigate alerts see, [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts). Click the **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) on the top of the alert to access the Manage Alert menu and manage alerts. @@ -55,7 +56,7 @@ You can resolve an alert by changing the status of the alert to **Resolved**. Th ![You can resolve an alert as valid, valid - allowed, or false alarm](images/resolve-alert.png) -The comments and change of status are recorded in the [Comments and history window](#view-history-and-comments). +The comments and change of status are recorded in the Comments and history window. ![The comments window will display a history of status changes](images/comments.png) @@ -86,7 +87,8 @@ The context of the rule lets you tailor the queue to ensure that only alerts you 1. Click the **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) on the heading of an existing alert. 2. Choose the context for suppressing the alert. -> **Note**  You cannot create a custom or blank suppression rule. You must start from an existing alert. +> [!NOTE] +> You cannot create a custom or blank suppression rule. You must start from an existing alert. **See the list of suppression rules:** @@ -95,7 +97,8 @@ The context of the rule lets you tailor the queue to ensure that only alerts you ![Click the settings icon and then Suppression rules to create and modify rules](images/suppression-rules.png) -> **Note**  You can also click **See rules** in the confirmation window that appears when you suppress an alert. +> [!NOTE] +> You can also click **See rules** in the confirmation window that appears when you suppress an alert. The list of suppression rules shows all the rules that users in your organization have created. Each rule shows: diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md index 1bc9344b78..85249ee5d8 100644 --- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -14,33 +14,102 @@ author: iaanw **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - There are some minimum requirements for onboarding your network and endpoints. ## Minimum requirements ### Network and data storage and configuration requirements - - - - -When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in either a European or United States datacenter. +When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: either in a European or United States datacenter. > **Notes**   - You cannot change your data storage location after the first-time setup. - Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data. ### Endpoint hardware and software requirements -Endpoints on your network must be running Windows 10 Insider Preview Build 14332 or later. The hardware requirements for Windows Defender ATP on endpoints is the same as those for Windows 10 Insider Preview Build 14332 or later. +The Windows Defender ATP agent only supports the following editions of Windows 10: -> **Note**  Endpoints that are running Windows Server and mobile versions of Windows are not supported. +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education -Internet connectivity on endpoints is also required. See [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) for additional proxy configuration settings. +Endpoints on your network must be running one of these editions. + +The hardware requirements for Windows Defender ATP on endpoints is the same as those for the supported editions. + +> [!NOTE] +> Endpoints that are running Windows Server and mobile versions of Windows are not supported. + +#### Internet connectivity +Internet connectivity on endpoints is required. + +SENSE can utilize up to 5MB daily of bandwidth to communicate with the Windows Defender ATP cloud service and report cyber data. + +> [!NOTE] +> SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. + +For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) . Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10, but if it has been disabled you can turn it on by following the instructions in the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) section. +### Telemetry and diagnostics settings +You must ensure that the telemetry and diagnostics service is enabled on all the endpoints in your organization. +By default, this service is enabled, but it's good practice to check to ensure that you'll get telemetry from them. +**Use the command line to check the Windows 10 telemetry and diagnostics service startup type**: + +1. Open an elevated command-line prompt on the endpoint: + + a. Go to **Start** and type **cmd**. + + b. Right-click **Command prompt** and select **Run as administrator**. + +2. Enter the following command, and press **Enter**: + + ```text + sc qc diagtrack + ``` + +If the service is enabled, then the result should look like the following screenshot: + +![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png) + +If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start. + + + +**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:** + +1. Open an elevated command-line prompt on the endpoint: + + a. Go to **Start** and type **cmd**. + + b. Right-click **Command prompt** and select **Run as administrator**. + +2. Enter the following command, and press **Enter**: + + ```text + sc config diagtrack start=auto + ``` + +3. A success message is displayed. Verify the change by entering the following command, and press **Enter**: + + ```text + sc qc diagtrack + ``` + +## Windows Defender signature updates are configured +The Windows Defender ATP agent depends on Windows Defender’s ability to scan files and provide information about them. If Windows Defender is not the active antimalware in your organization, you may need to configure the signature updates. For more information see [Configure Windows Defender in Windows 10](windows-defender-in-windows-10.md). + +When Windows Defender is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender goes on passive mode. For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md# compatibility-with-windows-defender-advanced-threat-protection). + +## Windows Defender Early Launch Antimalware (ELAM) driver is enabled +If you're running Windows Defender as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard. + +If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender ELAM driver is enabled. For more information on how to validate and enable the Windows Defender ELAM driver see, [Ensure the Windows Defender ELAM driver is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-windows-defender-elam-driver-is-enabled). diff --git a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md index 942dfa02ee..1c962bc1ec 100644 --- a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md @@ -14,13 +14,15 @@ author: iaanw **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - You need to onboard to Windows Defender ATP before you can use the service. + ## In this section Topic | Description :---|:--- diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md index 6363ce613d..177d0998d6 100644 --- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md @@ -14,12 +14,12 @@ author: DulceMV **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - - Enterprise security teams can use the Windows Defender ATP portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches. You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to: @@ -37,19 +37,20 @@ When you open the portal, you’ll see the main areas of the application: ![Windows Defender Advanced Threat Protection portal](images/portal-image.png) -> **Note**  Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> [!NOTE] +> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section. Area | Description :---|:--- (1) Settings | Provides access to configuration settings such as time zone, alert suppression rules, and license information. -(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Preferences setup**, and **Endpoint Management**. +(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Preferences setup**, and **Enpoint Management**. **Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization. **Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts. **Machines view**| Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. -**Preferences setup**| Shows the settings you selected and lets you update your industry preferences and retention policy period. -**Endpoint Management**| Allows you to download the onboarding configuration package. +**Preferences setup**| Shows the settings you selected and lets you update your industry preferences and retention policy period. +**Enpoint Management**| Allows you to download the onboarding configuration package. (3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view. (4) Search | Search for machines, files, external IP Addresses, or domains across endpoints. The drop-down combo box allows you to select the entity type. diff --git a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md index 72a30d320b..81f36a3d4e 100644 --- a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md +++ b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md @@ -83,10 +83,15 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows **Sign in to PC using the phone** +<<<<<<< HEAD 1. Open the **Microsoft Authenticator** app, choose your account, and tap the name of the PC to sign in to. > **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account. ![select a device](images/phone-signin-device-select.png) +======= +1. Open the **Microsoft Authenticator** app and tap the name of the PC to sign in to. + > **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account. +>>>>>>> parent of 9891b67... from master   2. Enter the work PIN that you set up when you joined the phone to the cloud domain or added a work account. diff --git a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index 61313be105..d74bdf6189 100644 --- a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -216,7 +216,7 @@ The following Windows 10 services are protected with virtualization-based secur - **Credential Guard** (LSA Credential Isolation): prevents pass-the-hash attacks and enterprise credential theft that happens by reading and dumping the content of lsass memory - **Device Guard** (Hyper-V Code Integrity): Device Guard uses the new virtualization-based security in Windows 10 to isolate the Code Integrity service from the Windows kernel itself, which lets the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container. -- **Other isolated services**: for example, on Windows Server Technical Preview 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers. +- **Other isolated services**: for example, on Windows Server 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers. >**Note:**  Virtualization-based security is only available with Windows 10 Enterprise. Virtualization-based security requires devices with UEFI (2.3.1 or higher) with Secure Boot enabled, x64 processor with Virtualization Extensions and SLAT enabled. IOMMU, TPM 2.0. and support for Secure Memory overwritten are optional, but recommended.   @@ -747,7 +747,7 @@ For more information about conditional access, see [Azure Conditional Access Pre For on-premises applications there are two options to enable conditional access control based on a device's compliance state: - For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more details, see the [Azure AD Conditional Access preview updated: Now supports On-Premises and Custom LOB apps](http://go.microsoft.com/fwlink/p/?LinkId=691618) blog post. -- Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server Technical Preview 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications. +- Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications. ![figure 13](images/hva-fig12-conditionalaccess12.png) diff --git a/windows/keep-secure/requirements-to-use-applocker.md b/windows/keep-secure/requirements-to-use-applocker.md index 6389eb2755..2f9e009bd2 100644 --- a/windows/keep-secure/requirements-to-use-applocker.md +++ b/windows/keep-secure/requirements-to-use-applocker.md @@ -32,7 +32,7 @@ The following table show the on which operating systems AppLocker features are s | Version | Can be configured | Can be enforced | Available rules | Notes | | - | - | - | - | - | -| Windows 10| Yes| Yes| Packaged apps
    Executable
    Windows Installer
    Script
    DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise and Windows Server 2016 Technical Preview. | +| Windows 10| Yes| Yes| Packaged apps
    Executable
    Windows Installer
    Script
    DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise and Windows Server 2016. | | Windows Server 2012 R2| Yes| Yes| Packaged apps
    Executable
    Windows Installer
    Script
    DLL| | | Windows 8.1| Yes| Yes| Packaged apps
    Executable
    Windows Installer
    Script
    DLL| Only the Enterprise edition supports AppLocker| | Windows RT 8.1| No| No| N/A|| diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md index bf02b33e04..595d3e6855 100644 --- a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md +++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md @@ -50,5 +50,5 @@ Command | Description \-AddDynamicSignature [-Path] | Loads a dynamic signature \-ListAllDynamicSignature [-Path] | Lists the loaded dynamic signatures \-RemoveDynamicSignature [-SignatureSetID] | Removes a dynamic signature - +
    The command-line utility provides detailed information on the other commands supported by the tool. diff --git a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md index 81d0358abb..e45619b0a3 100644 --- a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md @@ -14,11 +14,12 @@ author: DulceMV **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - Use the **Settings** menu ![Settings icon](images/settings.png) to configure the time zone, suppression rules, and view license information. ## Time zone settings @@ -52,7 +53,7 @@ To set the time zone: 3. The time zone indicator changes to **Timezone:Local**. Click it again to change back to **Timezone:UTC**. ## Suppression rules -The suppression rules control what alerts are suppressed. You can suppress alerts so that certain activities are not flagged as suspicious. See [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts). +The suppression rules control what alerts are suppressed. You can suppress alerts so that certain activities are not flagged as suspicious. For more information see, [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts). ## License Click the license link in the **Settings** menu to view the license agreement information for Windows Defender ATP. diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md index 81b6385faf..049685cef2 100644 --- a/windows/keep-secure/tpm-recommendations.md +++ b/windows/keep-secure/tpm-recommendations.md @@ -14,7 +14,7 @@ author: brianlic-msft **Applies to** - Windows 10 - Windows 10 Mobile -- Windows Server 2016 Technical Preview +- Windows Server 2016 - Windows 10 IoT Core (IoT Core) This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10. @@ -104,7 +104,7 @@ For end consumers, TPM is behind the scenes but still very relevant for Hello, P - TPM is optional on IoT Core. -### Windows Server 2016 Technical Preview +### Windows Server 2016 - TPM is optional for Windows Server SKUs unless the SKU meets the additional qualification (AQ) criteria for the Host Guardian Services scenario in which case TPM 2.0 is required. diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 6cbed263b3..2025b51e99 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -7,58 +7,48 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: iaanw +author: mjcaparas --- # Troubleshoot Windows Defender Advanced Threat Protection onboarding issues **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] +You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues. +This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints. -You might need to troubleshoot the Windows Defender Advanced Threat Protection onboarding process if you encounter issues. -This page provides detailed steps for troubleshooting endpoints that aren't reporting correctly, and common error codes encountered during onboarding. +If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an endpoint onboarding or connectivity problem. -## Endpoints are not reporting to the service correctly +## Troubleshoot onboarding when deploying with Group Policy +Deployment with Group Policy is done by running the onboarding script on the endpoints. The Group Policy console does not indicate if the deployment has succeeded or not. -If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after 20 minutes, it might indicate an endpoint onboarding or connectivity problem. +If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint). -Go through the following verification topics to address this issue: +If the script completes successfully, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur. -- [Ensure the endpoint is onboarded successfully](#Ensure-that-the-endpoint-is-onboarded-successfully) -- [Ensure the Windows Defender ATP service is enabled](#Ensure-that-the-Windows-Defender-ATP-service-is-enabled) -- [Ensure the telemetry and diagnostics service is enabled](#Ensure-that-telemetry-and-diagnostics-service-is-enabled) -- [Ensure the endpoint has an Internet connection](#Ensure-that-the-Windows-Defender-ATP-endpoint-has-internet-connection) +## Troubleshoot onboarding issues when deploying with System Center Configuration Manager +When onboarding endpoints using the following versions of System Center Configuration Manager: +- System Center 2012 Configuration Manager +- System Center 2012 R2 Configuration Manager +- System Center Configuration Manager (current branch) version 1511 +- System Center Configuration Manager (current branch) version 1602 -### Ensure the endpoint is onboarded successfully -If the endpoints aren't reporting correctly, you might need to check that the Windows Defender ATP service was successfully onboarded onto the endpoint. +Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the endpoints. You can track the deployment in the Configuration Manager Console. -**Check the onboarding state in Registry**: +If the deployment fails, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint). -1. Click **Start**, type **Run**, and press **Enter**. +If the onboarding completed successfully but the endpoints are not showing up in the **Machines view** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur. -2. From the **Run** dialog box, type **regedit** and press **Enter**. - -4. In the **Registry Editor** navigate to the Status key under: - - ```text -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection -``` - -5. Check the **OnboardingState** value is set to **1**. - - ![Image of OnboardingState status in Registry Editor](images/onboardingstate.png) - -If the **OnboardingState** value is not set to **1**, you can use Event Viewer to review errors on the endpoint. - -If you configured your endpoints with a deployment tool that required a script, you can check the event viewer for the onboarding script results. -
    -**Check the result of the script**: +## Troubleshoot onboarding when deploying with a script on the endpoint +**Check the result of the script on the endpoint**: 1. Click **Start**, type **Event Viewer**, and press **Enter**. 2. Go to **Windows Logs** > **Application**. @@ -66,25 +56,82 @@ If you configured your endpoints with a deployment tool that required a script, 3. Look for an event from **WDATPOnboarding** event source. If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue. -> **Note**  The following event IDs are specific to the onboarding script only. +> [!NOTE] +> The following event IDs are specific to the onboarding script only. Event ID | Error Type | Resolution steps :---|:---|:--- -5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection``` -10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```. Verify that the script was ran as an administrator. -15 | Failed to start SENSE service |Check the service status (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). +5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. +10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically
    ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.
    Verify that the script was ran as an administrator. +15 | Failed to start SENSE service |Check the service status (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). +15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender ELAM driver, see [Ensure the Windows Defender ELAM driver is enabled](#ensure-the-windows-defender-elam-driver-is-enabled) for instructions. 30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). -35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```. The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). -40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). +35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location
    ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.
    The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). +40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). +65 | Insufficient privileges| Run the script again with administrator privileges. + +## Troubleshoot onboarding issues using Microsoft Intune +You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue. + +Use the following tables to understand the possible causes of issues while onboarding: + +- Microsoft Intune error codes and OMA-URIs table +- Known issues with non-compliance table +- Mobile Device Management (MDM) event logs table + +If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint Management** section of the portal, and run it in an elevated command prompt. + +**Microsoft Intune error codes and OMA-URIs**: + +Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps +:---|:---|:---|:---|:--- +0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
    Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.

    **Troubleshooting steps:**
    Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.

    Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). + | | | Onboarding
    Offboarding
    SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.

    **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.

    If it doesn't exist, open an elevated command and add the key. + | | | SenseIsRunning
    OnboardingState
    OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.

    **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).

    Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). + | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

    Currently is supported platforms: Enterprise, Education, and Professional.
    Server is not supported. + 0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

    Currently is supported platforms: Enterprise, Education, and Professional.
    -**Use Event Viewer to identify and adress onboarding errors**: +**Known issues with non-compliance** + +The following table provides information on issues with non-compliance and how you can address the issues. + +Case | Symptoms | Possible cause and troubleshooting steps +:---|:---|:--- +1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | **Possible cause:** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already.

    **Troubleshooting steps:** Wait for OOBE to complete. +2 | Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. | **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start.

    **Troubleshooting steps:** The issue should automatically be fixed within 24 hours. +3 | Machine is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same machine at same time. + +
    +**Mobile Device Management (MDM) event logs** + +View the MDM event logs to troubleshoot issues that might arise during onboarding: + +Log name: Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider + +Channel name: Admin + +ID | Severity | Event description | Troubleshooting steps +:---|:---|:---|:--- +1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ELAM driver needs to be enabled see, [Ensure the Windows Defender ELAM driver is enabled](#ensure-the-windows-defender-elam-driver-is-enabled) for instructions. + +## Troubleshoot onboarding issues on the endpoint +If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines view an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent: +- [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) +- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled) +- [Ensure the service is set to start](#ensure-the-service-is-set-to-start) +- [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection) +- [Ensure the Windows Defender ELAM driver is enabled](#ensure-the-windows-defender-elam-driver-is-enabled) + + +### View agent onboarding errors in the endpoint event log 1. Click **Start**, type **Event Viewer**, and press **Enter**. 2. In the **Event Viewer (Local)** pane, expand **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE**. - > **Note**  SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. + > [!NOTE] + > SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. 3. Select **Operational** to load the log. @@ -98,101 +145,16 @@ Event ID | Error Type | Resolution steps Event ID | Message | Resolution steps :---|:---|:--- -5 | Windows Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). -6 | Windows Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual). -7 | Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again. -15 | Windows Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). +5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). +6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual). +7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again. +15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support. - - -### Ensure the Windows Defender ATP service is enabled -If the endpoints aren't reporting correctly, you might need to check that the Windows Defender ATP service is set to automatically start and is running on the endpoint. - -You can use the SC command line program for checking and managing the startup type and running state of the service. - -**Check the Windows Defender ATP service startup type from the command line:** - -1. Open an elevated command-line prompt on the endpoint: - - a. Click **Start**, type **cmd**, and press **Enter**. - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command, and press **Enter**: - - ```text - sc qc sense - ``` - -If the the service is running, then the result should look like the following screenshot: - - ![Result of the sq query sense command](images/sc-query-sense-autostart.png) - -If the service ```START_TYPE``` is not set to ```AUTO_START```, then you'll need to set the service to automatically start. - -**Change the Windows Defender ATP service startup type from the command line:** - -1. Open an elevated command-line prompt on the endpoint: - - a. Click **Start**, type **cmd**, and press **Enter**. - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command, and press **Enter**: - - ```text - sc config sense start=auto - ``` - -3. A success message is displayed. Verify the change by entering the following command and press **Enter**: - - ```text - sc qc sense - ``` - -**Check the Windows Defender ATP service is running from the command line:** - -1. Open an elevated command-line prompt on the endpoint: - - a. Click **Start**, type **cmd**, and press **Enter**. - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command, and press **Enter**: - - ```text - sc query sense - ``` - -If the service is running, the result should look like the following screenshot: - -![Result of the sc query sense command](images/sc-query-sense-running.png) - -If the service **STATE** is not set to **RUNNING**, then you'll need to start it. - -**Start the Windows Defender ATP service from the command line:** - -1. Open an elevated command-line prompt on the endpoint: - - a. Click **Start**, type **cmd**, and press **Enter**. - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command, and press **Enter**: - - ```text - sc start sense - ``` - -3. A success message is displayed. Verify the change by entering the following command and press **Enter**: - - ```text - sc qc sense - ``` +
    +There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly. ### Ensure the telemetry and diagnostics service is enabled -If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. The service may have been disabled by other programs or user configuration changes. - +If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes. First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't). @@ -212,12 +174,11 @@ First, you should check that the service is set to start automatically when Wind sc qc diagtrack ``` -If the service is enabled, then the result should look like the following screenshot: + If the service is enabled, then the result should look like the following screenshot: -![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png) - -If the ```START_TYPE``` is not set to ```AUTO_START```, then you'll need to set the service to automatically start. + ![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png) + If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start. **Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:** @@ -240,109 +201,13 @@ If the ```START_TYPE``` is not set to ```AUTO_START```, then you'll need to set sc qc diagtrack ``` -**Use the Windows Services console to check the Windows 10 telemetry and diagnostics service startup type**: +4. Start the service. -1. Open the services console: - - a. Click **Start** and type **services**. - - b. Press **Enter** to open the console. - -2. Scroll through the list of services until you find **Connected User Experiences and Telemetry**. - -3. Check the **Startup type** column - the service should be set as **Automatic**. - -If the startup type is not set to **Automatic**, you'll need to change it so the service starts when the endpoint does. - - -**Use the Windows Services console to set the Windows 10 telemetry and diagnostics service to automatically start:** - -1. Open the services console: - - a. Click **Start** and type **services**. - - b. Press **Enter** to open the console. - -2. Scroll through the list of services until you find **Connected User Experiences and Telemetry**. - -3. Right-click on the entry and click **Properties**. - -4. On the **General** tab, change the **Startup type:** to **Automatic**, as shown in the following image. Click OK. - - ![Select Automatic to change the startup type in the Properties dialog box for the service](images/windefatp-utc-console-autostart.png) - -### Ensure the service is running - -**Use the command line to check the Windows 10 telemetry and diagnostics service is running**: - -1. Open an elevated command-line prompt on the endpoint: - - a. **Click **Start** and type **cmd**.** - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command, and press **Enter**: - - ```text - sc query diagtrack - ``` - -If the service is running, the result should look like the following screenshot: - -![Result of the sc query command for sc query diagtrack](images/windefatp-sc-query-diagtrack.png) - -If the service **STATE** is not set to **RUNNING**, then you'll need to start it. - - -**Use the command line to start the Windows 10 telemetry and diagnostics service:** - -1. Open an elevated command-line prompt on the endpoint: - - a. **Click **Start** and type **cmd**.** - - b. Right-click **Command prompt** and select **Run as administrator**. - -2. Enter the following command, and press **Enter**: - - ```text - sc start diagtrack - ``` - -3. A success message is displayed. Verify the change by entering the following command, and press **Enter**: - - ```text - sc query diagtrack - ``` - -**Use the Windows Services console to check the Windows 10 telemetry and diagnostics service is running**: - -1. Open the services console: - - a. Click **Start** and type **services**. - - b. Press **Enter** to open the console. - -2. Scroll through the list of services until you find **Connected User Experiences and Telemetry**. - -3. Check the **Status** column - the service should be marked as **Running**. - -If the service is not running, you'll need to start it. - - -**Use the Windows Services console to start the Windows 10 telemetry and diagnostics service:** - -1. Open the services console: - - a. Click **Start** and type **services**. - - b. Press **Enter** to open the console. - -2. Scroll through the list of services until you find **Connected User Experiences and Telemetry**. - -3. Right-click on the entry and click **Start**, as shown in the following image. - -![Select Start to start the service](images/windef-utc-console-start.png) + a. In the command prompt, type the following command and press **Enter**: + ```text + sc start diagtrack + ``` ### Ensure the endpoint has an Internet connection @@ -352,90 +217,103 @@ WinHTTP is independent of the Internet browsing proxy settings and other user co To ensure that sensor has service connectivity, follow the steps described in the [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls) topic. -If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) topic. +If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) topic. -## Troubleshoot onboarding issues using Microsoft Intune -You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue. +### Ensure the Windows Defender ELAM driver is enabled +If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. -Use the following tables to understand the possible causes of issues while onboarding: +**Check the ELAM driver status:** -- Microsoft Intune error codes and OMA-URIs table -- Known issues with non-compliance table -- Mobile Device Management (MDM) event logs table +1. Open a command-line prompt on the endpoint: -If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint Management** section of the portal, and run it in an elevated command prompt. + a. Click **Start**, type **cmd**, and select **Command prompt**. -**Microsoft Intune error codes and OMA-URIs**: +2. Enter the following command, and press Enter: + ``` + sc qc WdBoot + ``` + If the ELAM driver is enabled, the output will be: -Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps -:---|:---|:---|:---|:--- -0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
    Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.

    **Troubleshooting steps:**
    Check the event IDs in the [Ensure the endpoint is onboarded successfully](#ensure-the-endpoint-is-onboarded-successfully) section.

    Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). - | | | Onboarding
    Offboarding
    SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.

    **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.

    If it doesn't exist, open an elevated command and add the key. - | | | SenseIsRunning
    OnboardingState
    OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.

    **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).

    Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). - | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

    Currently is supported platforms: Enterprise, Education, and Professional.
    Server is not supported. - 0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

    Currently is supported platforms: Enterprise, Education, and Professional. + ``` + [SC] QueryServiceConfig SUCCESS -
    -**Known issues with non-compliance** + SERVICE_NAME: WdBoot + TYPE : 1 KERNEL_DRIVER + START_TYPE : 0 BOOT_START + ERROR_CONTROL : 1 NORMAL + BINARY_PATH_NAME : \SystemRoot\system32\drivers\WdBoot.sys + LOAD_ORDER_GROUP : Early-Launch + TAG : 0 + DISPLAY_NAME : Windows Defender Boot Driver + DEPENDENCIES : + SERVICE_START_NAME : + ``` + If the ELAM driver is disabled the output will be: + ``` + [SC] QueryServiceConfig SUCCESS -The following table provides information on issues with non-compliance and how you can address the issues. + SERVICE_NAME: WdBoot + TYPE : 1 KERNEL_DRIVER + START_TYPE : 0 DEMAND_START + ERROR_CONTROL : 1 NORMAL + BINARY_PATH_NAME : \SystemRoot\system32\drivers\WdBoot.sys + LOAD_ORDER_GROUP : _Early-Launch + TAG : 0 + DISPLAY_NAME : Windows Defender Boot Driver + DEPENDENCIES : + SERVICE_START_NAME : + ``` -Case | Symptoms | Possible cause and troubleshooting steps -:---|:---|:--- -1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | **Possible cause:** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already.

    **Troubleshooting steps:** Wait for OOBE to complete. -2 | Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. | **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start.

    **Troubleshooting steps:** The issue should automatically be fixed within 24 hours. -3 | Machine is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same machine at same time. +#### Enable the ELAM driver -
    -**Mobile Device Management (MDM) event logs** +1. Open an elevated PowerShell console on the endpoint: -View the MDM event logs to troubleshoot issues that might arise during onboarding: + a. Click **Start**, type **powershell**. -Log name: Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider + b. Right-click **Command prompt** and select **Run as administrator**. -Channel name: Admin +2. Run the following PowerShell cmdlet: -ID | Severity | Event description | Description -:---|:---|:---|:--- -1801 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Get Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3) | Windows Defender ATP has failed to get specific node's value.
    TokenName: Contains node name that caused the error.
    Result: Error details. -1802 | Information | Windows Defender Advanced Threat Protection CSP: Get Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3) | Windows Defender ATP has completed to get specific node's value.
    TokenName: Contains node name

    Result: Error details or succeeded. -1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value.

    TokenName: Contains node name that caused the error

    Result: Error details. -1820 | Information | Windows Defender Advanced Threat Protection CSP: Set Nod's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value.

    TokenName: Contains node name

    Result: Error details or succeeded. + ```text + 'Set-ExecutionPolicy -ExecutionPolicy Bypass’ + ``` +3. Run the following PowerShell script: + + ```text + Add-Type @' + using System; + using System.IO; + using System.Runtime.InteropServices; + using Microsoft.Win32.SafeHandles; + using System.ComponentModel; + + public static class Elam{ + [DllImport("Kernel32", CharSet=CharSet.Auto, SetLastError=true)] + public static extern bool InstallELAMCertificateInfo(SafeFileHandle handle); + + public static void InstallWdBoot(string path) + { + Console.Out.WriteLine("About to call create file on {0}", path); + var stream = File.Open(path, FileMode.Open, FileAccess.Read, FileShare.Read); + var handle = stream.SafeFileHandle; + + Console.Out.WriteLine("About to call InstallELAMCertificateInfo on handle {0}", handle.DangerousGetHandle()); + if (!InstallELAMCertificateInfo(handle)) + { + Console.Out.WriteLine("Call failed."); + throw new Win32Exception(Marshal.GetLastWin32Error()); + } + Console.Out.WriteLine("Call successful."); + } + } + '@ + + $driverPath = $env:SystemRoot + "\System32\Drivers\WdBoot.sys" + [Elam]::InstallWdBoot($driverPath) + ``` - ## Related topics - [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) - [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) - diff --git a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md index 8340e9dcc0..5ed6bf4bc5 100644 --- a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md @@ -13,11 +13,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - This section addresses issues that might arise as you use the Windows Defender Advanced Threat service. ### Server error - Access is denied due to invalid credentials @@ -39,9 +40,11 @@ U.S. region: - sevillefeedback-prd.trafficmanager.net - sevillesettings-prd.trafficmanager.net - threatintel-cus-prd.cloudapp.net -- threatintel-eus-prd.cloudapp.net - - +- threatintel-eus-prd.cloudapp.net +- winatpauthorization.windows.com +- winatpfeedback.windows.com +- winatpmanagement.windows.com +- winatponboarding.windows.com EU region: @@ -52,7 +55,10 @@ EU region: - sevillesettings-prd.trafficmanager.net - threatintel-neu-prd.cloudapp.net - threatintel-weu-prd.cloudapp.net - +- winatpauthorization.windows.com +- winatpfeedback.windows.com +- winatpmanagement.windows.com +- winatponboarding.windows.com ### Windows Defender ATP service shows event or error logs in the Event Viewer diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md index 717abdaec8..cadbd4c872 100644 --- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md @@ -14,11 +14,12 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - A typical security breach investigation requires a member of a security operations team to: 1. View an alert on the **Dashboard** or **Alerts queue** @@ -41,6 +42,6 @@ Topic | Description [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts in Windows Defender ATP which might indicate possible security breaches on endpoints in your organization. [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats. [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach. -[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external internet protocol (IP) addresses. +[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses. [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain. [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert. diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md index bae239bf1c..16a3332352 100644 --- a/windows/keep-secure/windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md @@ -14,12 +14,13 @@ author: mjcaparas **Applies to:** -- Windows 10 Insider Preview Build 14332 or later +- Windows 10 Enterprise +- Windows 10 Enterprise for Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - -Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks. +Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks. Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service: @@ -63,7 +64,7 @@ detect sophisticated cyber-attacks, providing: - Behavior-based, cloud-powered, advanced attack detection - Finds the attacks that made it past all other defenses (post breach detection),provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on endpoints. + Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on endpoints. - Rich timeline for forensic investigation and mitigation @@ -78,10 +79,12 @@ detect sophisticated cyber-attacks, providing: Topic | Description :---|:--- [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | This overview topic for IT professionals provides information on the minimum requirements to use Windows Defender ATP such as network and data storage configuration, and endpoint hardware and software requirements, and deployment channels. -[Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | You'll need to onboard and configure the Windows Defender ATP service and the endpoints in your network before you can use the service. Learn about how you can assign users to the Windows Defender ATP service in Azure Active Directory (AAD) and using a configuration package to configure endpoints. [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)| Learn about how Windows Defender ATP collects and handles information and where data is stored. +[Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)| Before users can access the portal, they'll need to be granted specific roles in Azure Active Directory. +[Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | You'll need to onboard and configure the Windows Defender ATP service and the endpoints in your network before you can use the service. Learn about how you can assign users to the Windows Defender ATP service in Azure Active Directory (AAD) and using a configuration package to configure endpoints. [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the main features of the service and how it leverages Microsoft technology to protect enterprise endpoints from sophisticated cyber attacks. [Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise. [Windows Defender Advanced Threat Protection settings](settings-windows-defender-advanced-threat-protection.md) | Learn about setting the time zone and configuring the suppression rules to configure the service to your requirements. [Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP. [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required. +[Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) | Learn about how Windows Defender works in conjunction with Windows Defender ATP. \ No newline at end of file diff --git a/windows/keep-secure/windows-defender-block-at-first-sight.md b/windows/keep-secure/windows-defender-block-at-first-sight.md index 6f7d62ba38..71894a0846 100644 --- a/windows/keep-secure/windows-defender-block-at-first-sight.md +++ b/windows/keep-secure/windows-defender-block-at-first-sight.md @@ -21,7 +21,7 @@ Block at First Sight is a feature of Windows Defender cloud protection that prov You can enable Block at First Sight with Group Policy or individually on endpoints. -## Backend procesing and near-instant determinations +## Backend processing and near-instant determinations When a Windows Defender client encounters a suspicious but previously undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. @@ -86,16 +86,16 @@ Block at First Sight requires a number of Group Policy settings to be configured 5. Expand the tree through **Windows components > Windows Defender > MAPS**. -1. Double-click the **Configure the Block at First Sight feature** setting and set the option to **Enabled**. +1. Double-click the **Configure the ‘Block at First Sight’ feature** setting and set the option to **Enabled**. > [!NOTE] > The Block at First Sight feature will not function if the pre-requisite group policies have not been correctly set. -### Manually enable Block at First Sight on Individual clients +### Manually enable Block at First Sight on individual clients To configure un-managed clients that are running Windows 10, Block at First Sight is automatically enabled as long as **Cloud-based protection** and **Automatic sample submission** are both turned on. -**Enable Block at First Sight on invididual clients** +**Enable Block at First Sight on individual clients** 1. Open Windows Defender settings: @@ -110,4 +110,4 @@ To configure un-managed clients that are running Windows 10, Block at First Sigh ## Related topics -- [Windows Defender in Windows 10](windows-defender-in-windows-10.md) \ No newline at end of file +- [Windows Defender in Windows 10](windows-defender-in-windows-10.md) diff --git a/windows/keep-secure/windows-defender-in-windows-10.md b/windows/keep-secure/windows-defender-in-windows-10.md index 07242d64f4..e052d1a3bb 100644 --- a/windows/keep-secure/windows-defender-in-windows-10.md +++ b/windows/keep-secure/windows-defender-in-windows-10.md @@ -1,76 +1,78 @@ ---- -title: Windows Defender in Windows 10 (Windows 10) -description: This topic provides an overview of Windows Defender, including a list of system requirements and new features. -ms.assetid: 6A9EB85E-1F3A-40AC-9A47-F44C4A2B55E2 -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -author: jasesso ---- - -# Windows Defender in Windows 10 - -**Applies to** -- Windows 10 - -Windows Defender in Windows 10 is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. -This topic provides an overview of Windows Defender, including a list of system requirements and new features. - -For more important information about running Windows Defender on a server platform, see [Windows Defender Overview for Windows Server Technical Preview](https://technet.microsoft.com/library/dn765478.aspx). - -Take advantage of Windows Defender by configuring settings and definitions using the following tools: -- Microsoft Active Directory *Group Policy* for settings -- Windows Server Update Services (WSUS) for definitions - -Windows Defender provides the most protection when cloud-based protection is enabled. Learn how to enable cloud-based protection in [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md). -> **Note:**  System Center 2012 R2 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, and Microsoft Intune can provide centralized management of Windows Defender, including: -- Settings management -- Definition update management -- Alerts and alert management -- Reports and report management - -When you enable endpoint protection for your clients, it will install an additional management layer on Windows Defender to manage the in-box Windows Defender agent. While the client user interface will still appear as Windows Defender, the management layer for Endpoint Protection will be listed in the **Add/Remove Programs** control panel, though it will appear as if the full product is installed. - - -### Compatibility with Windows Defender Advanced Threat Protection - -Windows Defender Advanced Threat Protection (ATP) is an additional service that helps enterprises to detect, investigate, and respond to advanced persistent threats on their network. - -See the [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) topics for more information about the service. - -If you are enrolled in Windows Defender ATP, and you are not using Windows Defender as your real-time protection service on your endpoints, Windows Defender will automatically enter into a passive mode. - -In passive mode, Windows Defender will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won’t run, and Windows Defender will not provide real-time protection from malware. - -You can [configure updates for Windows Defender](configure-windows-defender-in-windows-10.md), however you can't move Windows Defender into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. - -If you uninstall the other product, and choose to use Windows Defender to provide protection to your endpoints, Windows Defender will automatically return to its normal active mode. - - -  -### Minimum system requirements - -Windows Defender has the same hardware requirements as Windows 10. For more information, see: -- [Minimum hardware requirements](https://msdn.microsoft.com/library/windows/hardware/dn915086.aspx) -- [Hardware component guidelines](https://msdn.microsoft.com/library/windows/hardware/dn915049.aspx) - -### New and changed functionality - -- **Improved detection for unwanted applications and emerging threats using cloud-based protection.** Use the Microsoft Active Protection Service to improve protection against unwanted applications and advanced persistent threats in your enterprise. -- **Windows 10 integration.** All Windows Defender in Windows 10 endpoints will show the Windows Defender user interface, even when the endpoint is managed. -- **Operating system, enterprise-level management, and bring your own device (BYOD) integration.** Windows 10 introduces a mobile device management (MDM) interface for devices running Windows 10. Administrators can use MDM-capable products, such as Intune, to manage Windows Defender on Windows 10 devices. - -For more information about what's new in Windows Defender in Windows 10, see [Windows Defender in Windows 10: System integration](https://www.microsoft.com/security/portal/enterprise/threatreports_august_2015.aspx) on the Microsoft Active Protection Service website. - -## In this section - -Topic | Description -:---|:--- -[Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)|Use Active Directory or Windows Server Update Services to manage and deploy updates to endpoints on your network. Configure and run special scans, including archive and email scans. -[Configure updates for Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)|Configure definition updates and cloud-based protection with Active Directory and Windows Server Update Services. -[Windows Defender Offline in Windows 10](windows-defender-offline.md)|Manually run an offline scan directly from winthin Windows without having to download and create bootable media. -[Use PowerShell cmdlets for Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)|Run scans and configure Windows Defender options with Windows PowerShell cmdlets in Windows 10. -[Enable the Black at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md)|Use the Block at First Sight feature to leverage the Windows Defender cloud. -[Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md)|Enable or disable enhanced notifications on endpoints running Windows Defender for greater details about threat detections and removal. -[Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)|Review event IDs in Windows Defender for Windows 10 and take the appropriate actions. +--- +title: Windows Defender in Windows 10 (Windows 10) +description: This topic provides an overview of Windows Defender, including a list of system requirements and new features. +ms.assetid: 6A9EB85E-1F3A-40AC-9A47-F44C4A2B55E2 +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +author: jasesso +--- + +# Windows Defender in Windows 10 + +**Applies to** +- Windows 10 + +Windows Defender in Windows 10 is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. +This topic provides an overview of Windows Defender, including a list of system requirements and new features. + +For more important information about running Windows Defender on a server platform, see [Windows Defender Overview for Windows Server Technical Preview](https://technet.microsoft.com/library/dn765478.aspx). + +Take advantage of Windows Defender by configuring settings and definitions using the following tools: +- Microsoft Active Directory *Group Policy* for settings +- Windows Server Update Services (WSUS) for definitions + +Windows Defender provides the most protection when cloud-based protection is enabled. Learn how to enable cloud-based protection in [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md). +> **Note:**  System Center 2012 R2 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, and Microsoft Intune can provide centralized management of Windows Defender, including: +- Settings management +- Definition update management +- Alerts and alert management +- Reports and report management + +When you enable endpoint protection for your clients, it will install an additional management layer on Windows Defender to manage the in-box Windows Defender agent. While the client user interface will still appear as Windows Defender, the management layer for Endpoint Protection will be listed in the **Add/Remove Programs** control panel, though it will appear as if the full product is installed. + + +### Compatibility with Windows Defender Advanced Threat Protection + +Windows Defender Advanced Threat Protection (ATP) is an additional service that helps enterprises to detect, investigate, and respond to advanced persistent threats on their network. + +See the [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) topics for more information about the service. + +If you are enrolled in Windows Defender ATP, and you are not using Windows Defender as your real-time protection service on your endpoints, Windows Defender will automatically enter into a passive mode. + +In passive mode, Windows Defender will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won’t run, and Windows Defender will not provide real-time protection from malware. + +You can [configure updates for Windows Defender](configure-windows-defender-in-windows-10.md), however you can't move Windows Defender into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. + +If you uninstall the other product, and choose to use Windows Defender to provide protection to your endpoints, Windows Defender will automatically return to its normal active mode. + + +  +### Minimum system requirements + +Windows Defender has the same hardware requirements as Windows 10. For more information, see: +- [Minimum hardware requirements](https://msdn.microsoft.com/library/windows/hardware/dn915086.aspx) +- [Hardware component guidelines](https://msdn.microsoft.com/library/windows/hardware/dn915049.aspx) + +### New and changed functionality + +- **Improved detection for unwanted applications and emerging threats using cloud-based protection.** Use the Microsoft Active Protection Service to improve protection against unwanted applications and advanced persistent threats in your enterprise. +- **Windows 10 integration.** All Windows Defender in Windows 10 endpoints will show the Windows Defender user interface, even when the endpoint is managed. +- **Operating system, enterprise-level management, and bring your own device (BYOD) integration.** Windows 10 introduces a mobile device management (MDM) interface for devices running Windows 10. Administrators can use MDM-capable products, such as Intune, to manage Windows Defender on Windows 10 devices. + +For more information about what's new in Windows Defender in Windows 10, see [Windows Defender in Windows 10: System integration](https://www.microsoft.com/security/portal/enterprise/threatreports_august_2015.aspx) on the Microsoft Active Protection Service website. + +## In this section + +Topic | Description +:---|:--- +[Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)|Use Active Directory or Windows Server Update Services to manage and deploy updates to endpoints on your network. Configure and run special scans, including archive and email scans. +[Configure updates for Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)|Configure definition updates and cloud-based protection with Active Directory and Windows Server Update Services. +[Windows Defender Offline in Windows 10](windows-defender-offline.md)|Manually run an offline scan directly from winthin Windows without having to download and create bootable media. +[Use PowerShell cmdlets for Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)|Run scans and configure Windows Defender options with Windows PowerShell cmdlets in Windows 10. +[Enable the Block at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md)|Use the Block at First Sight feature to leverage the Windows Defender cloud. +[Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md)|Enable or disable enhanced notifications on endpoints running Windows Defender for greater details about threat detections and removal. +[Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md)|Use the command-line utility to run a Windows Defender scan. +[Detect and block Potentially Unwanted Applications with Windows Defender](enable-pua-windows-defender-for-windows-10.md)|Use the Potentially Unwanted Application (PUA) feature in Managed Windows Defender to identify and block unwanted software during download and install time. +[Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)|Review event IDs in Windows Defender for Windows 10 and take the appropriate actions. diff --git a/windows/keep-secure/windows-defender-offline.md b/windows/keep-secure/windows-defender-offline.md index d861493653..bdd1e45d8b 100644 --- a/windows/keep-secure/windows-defender-offline.md +++ b/windows/keep-secure/windows-defender-offline.md @@ -1,181 +1,181 @@ ---- -title: Windows Defender Offline in Windows 10 -description: You can use Windows Defender Offline straight from the Windows Defender client. You can also manage how it is deployed in your network. -keywords: scan, defender, offline -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -author: iaanw ---- - -# Windows Defender Offline in Windows 10 - -**Applies to:** - -- Windows 10, version 1607 - -Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). - -In Windows 10, Windows Defender Offline can be run with one click directly from the Windows Defender client. In previous versions of Windows, a user had to install Windows Defender Offline to bootable media, restart the endpoint, and load the bootable media. - -## Pre-requisites and requirements - -Windows Defender Offline in Windows 10 has the same hardware requirements as Windows 10. - -For more information about Windows 10 requirements, see the following topics: - -- [Minimum hardware requirements](https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx) - -- [Hardware component guidelines](https://msdn.microsoft.com/library/windows/hardware/dn915049(v=vs.85).aspx) - -> [!NOTE] -> Windows Defender Offline is not supported on machines with ARM processors, or on Windows Server Stock Keeping Units. - -To run Windows Defender Offline from the endpoint, the user must be logged in with administrator privileges. - -## Windows Defender Offline updates - -Windows Defender Offline uses the most up-to-date signature definitions available on the endpoint; it's updated whenever Windows Defender is updated with new signature definitions. Depending on your setup, this is usually though Microsoft Update or through the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). - -> [!NOTE] -> Before running an offline scan, you should attempt to update the definitions on the endpoint. You can either force an update via Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest updates from the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). - -For information on setting up Windows Defender updates, see the [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) topic. - -## Usage scenarios - -In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Windows Defender Offline needs to run, it will prompt the user on the endpoint. The need to perform an offline scan will also be revealed in System Center Configuration Manager, if you're using it to manage your endpoints. - -The prompt can occur via a notification, similar to the following: - -![Windows notification showing the requirement to run Windows Defender Offline](images/defender/notification.png) - -The user will also be notified within the Windows Defender client: - -![Windows Defender showing the requirement to run Windows Defender Offline](images/defender/client.png) - -In Configuration Manager, you can identify the status of endpoints by navigating to **Monitoring > Overview > Security > Endpoint Protection Status > System Center Endpoint Protection Status**. Windows Defender Offline scans are indicated under **Malware remediation status** as **Offline scan required**. - -![System Center Configuration Manager indicating a Windows Defender Offline scan is required](images/defender/sccm-wdo.png) - -## Manage notifications - - -You can suppress Windows Defender Offline notifications with Group Policy. - -> [!NOTE] -> Changing these settings will affect *all* notifications from Windows Defender. Disabling notifications will mean the endpoint user will not see any messages about any threats detected, removed, or if additional steps are required. - -**Use Group Policy to suppress Windows Defender notifications:** - -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. - -3. In the **Group Policy Management Editor** go to **Computer configuration**. - -4. Click **Policies** then **Administrative templates**. - -5. Expand the tree to **Windows components > Windows Defender > Client Interface**. - -1. Double-click the **Suppress all notifications** setting and set the option to **Enabled**. Click **OK**. This will disable all notifications shown by the Windows Defender client. - -## Configure Windows Defender Offline settings - -You can use Windows Management Instrumentation to enable and disable certain features in Windows Defender Offline. For example, you can use `Set-MpPreference` to change the `UILockdown` setting to disable and enable notifications. - -For more information about using Windows Management Instrumentation to configure Windows Defender Offline, including configuration parameters and options, see the following topics: - -- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/windows/desktop/dn439477(v=vs.85).aspx) - -- [Windows Defender MSFT_MpPreference class](https://msdn.microsoft.com/en-us/library/windows/desktop/dn455323(v=vs.85).aspx) - -For more information about notifications in Windows Defender, see the [Configure enhanced notifications in Windows Defender](windows-defender-enhanced-notifications.md)] topic. - -## Run a scan - -Windows Defender Offline uses up-to-date threat definitions to scan the endpoint for malware that might be hidden. In Windows 10, version 1607, you can manually force an offline scan using Windows Update and Security settings. - -> [!NOTE] -> Before you use Windows Defender Offline, make sure you save any files and shut down running programs. The Windows Defender Offline scan takes about 15 minutes to run. It will restart the endpoint when the scan is complete. - -You can set up a Windows Defender Offline scan with the following: - -- Windows Update and Security settings - -- Windows Defender - -- Windows Management Instrumentation - -- Windows PowerShell - -- Group Policy - -> [!NOTE] -> The scan is performed outside of the usual Windows operating environment. The user interface will appear different to a normal scan performed by Windows Defender. After the scan is completed, the endpoint will be restarted and Windows will load normally. - -**Run Windows Defender Offline from Windows Settings:** - -1. Open the **Start** menu and click or type **Settings**. - -1. Click **Update & Security** and then **Windows Defender**. Scroll to the bottom of the settings page until you see the **Windows Defender Offline** section. - -1. Click **Scan offline**. - - ![Windows Defender Offline setting](images/defender/settings-wdo.png) - -1. Follow the prompts to continue with the scan. You might be warned that you'll be signed out of Windows and that the endpoint will restart. - -**Run Windows Defender Offline from Windows Defender:** - -1. Open the **Start** menu, type **windows defender**, and press **Enter** to open the Windows Defender client. - -1. On the **Home** tab click **Download and Run**. - - ![Windows Defender home tab showing the Download and run button](images/defender/download-wdo.png) - -1. Follow the prompts to continue with the scan. You might be warned that you'll be signed out of Windows and that the endpoint will restart. - - -**Use Windows Management Instrumentation to configure and run Windows Defender Offline:** - -Use the `MSFT_MpWDOScan` class (part of the Windows Defender Windows Management Instrumentation provider) to run a Windows Defender Offline scan. - -The following Windows Management Instrumentation script snippet will immediately run a Windows Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows. - -```WMI -wmic /namespace:\\root\Microsoft\Windows\Defender path MSFT_MpWDOScan call Start -``` - -For more information about using Windows Management Instrumentation to run a scan in Windows Defender, including configuration parameters and options, see the following topics: - -- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/windows/desktop/dn439477(v=vs.85).aspx) - -- [MSFT_MpWDOScan class article](https://msdn.microsoft.com/library/windows/desktop/mt622458(v=vs.85).aspx) - -**Run Windows Defender Offline using PowerShell:** - -Use the PowerShell parameter `Start-MpWDOScan` to run a Windows Defender Offline scan. - -For more information on available cmdlets and optios, see the [Use PowerShell cmdlets to configure and run Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md) topic. - -## Review scan results - -Windows Defender Offline scan results will be listed in the main Windows Defender user interface after performing the scan. - -1. Open the **Start** menu, type **windows defender**, and press **Enter** to open the Windows Defender client. - -1. Go to the **History** tab. - -1. Select **All detected items**. - -1. Click **View details**. - -Any detected items will display. Items that are detected by Windows Defender Offline will be listed as **Offline** in the **Detection source**: - -![Windows Defender detection source showing as Offline](images/defender/detection-source.png) - -## Related topics - +--- +title: Windows Defender Offline in Windows 10 +description: You can use Windows Defender Offline straight from the Windows Defender client. You can also manage how it is deployed in your network. +keywords: scan, defender, offline +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +author: iaanw +--- + +# Windows Defender Offline in Windows 10 + +**Applies to:** + +- Windows 10, version 1607 + +Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). + +In Windows 10, Windows Defender Offline can be run with one click directly from the Windows Defender client. In previous versions of Windows, a user had to install Windows Defender Offline to bootable media, restart the endpoint, and load the bootable media. + +## Pre-requisites and requirements + +Windows Defender Offline in Windows 10 has the same hardware requirements as Windows 10. + +For more information about Windows 10 requirements, see the following topics: + +- [Minimum hardware requirements](https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx) + +- [Hardware component guidelines](https://msdn.microsoft.com/library/windows/hardware/dn915049(v=vs.85).aspx) + +> [!NOTE] +> Windows Defender Offline is not supported on machines with ARM processors, or on Windows Server Stock Keeping Units. + +To run Windows Defender Offline from the endpoint, the user must be logged in with administrator privileges. + +## Windows Defender Offline updates + +Windows Defender Offline uses the most up-to-date signature definitions available on the endpoint; it's updated whenever Windows Defender is updated with new signature definitions. Depending on your setup, this is usually though Microsoft Update or through the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). + +> [!NOTE] +> Before running an offline scan, you should attempt to update the definitions on the endpoint. You can either force an update via Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest updates from the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx). + +For information on setting up Windows Defender updates, see the [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) topic. + +## Usage scenarios + +In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Windows Defender Offline needs to run, it will prompt the user on the endpoint. The need to perform an offline scan will also be revealed in System Center Configuration Manager, if you're using it to manage your endpoints. + +The prompt can occur via a notification, similar to the following: + +![Windows notification showing the requirement to run Windows Defender Offline](images/defender/notification.png) + +The user will also be notified within the Windows Defender client: + +![Windows Defender showing the requirement to run Windows Defender Offline](images/defender/client.png) + +In Configuration Manager, you can identify the status of endpoints by navigating to **Monitoring > Overview > Security > Endpoint Protection Status > System Center Endpoint Protection Status**. Windows Defender Offline scans are indicated under **Malware remediation status** as **Offline scan required**. + +![System Center Configuration Manager indicating a Windows Defender Offline scan is required](images/defender/sccm-wdo.png) + +## Manage notifications + + +You can suppress Windows Defender Offline notifications with Group Policy. + +> [!NOTE] +> Changing these settings will affect *all* notifications from Windows Defender. Disabling notifications will mean the endpoint user will not see any messages about any threats detected, removed, or if additional steps are required. + +**Use Group Policy to suppress Windows Defender notifications:** + +1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. + +3. In the **Group Policy Management Editor** go to **Computer configuration**. + +4. Click **Policies** then **Administrative templates**. + +5. Expand the tree to **Windows components > Windows Defender > Client Interface**. + +1. Double-click the **Suppress all notifications** setting and set the option to **Enabled**. Click **OK**. This will disable all notifications shown by the Windows Defender client. + +## Configure Windows Defender Offline settings + +You can use Windows Management Instrumentation to enable and disable certain features in Windows Defender Offline. For example, you can use `Set-MpPreference` to change the `UILockdown` setting to disable and enable notifications. + +For more information about using Windows Management Instrumentation to configure Windows Defender Offline, including configuration parameters and options, see the following topics: + +- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/windows/desktop/dn439477(v=vs.85).aspx) + +- [Windows Defender MSFT_MpPreference class](https://msdn.microsoft.com/en-us/library/windows/desktop/dn455323(v=vs.85).aspx) + +For more information about notifications in Windows Defender, see the [Configure enhanced notifications in Windows Defender](windows-defender-enhanced-notifications.md)] topic. + +## Run a scan + +Windows Defender Offline uses up-to-date threat definitions to scan the endpoint for malware that might be hidden. In Windows 10, version 1607, you can manually force an offline scan using Windows Update and Security settings. + +> [!NOTE] +> Before you use Windows Defender Offline, make sure you save any files and shut down running programs. The Windows Defender Offline scan takes about 15 minutes to run. It will restart the endpoint when the scan is complete. + +You can set up a Windows Defender Offline scan with the following: + +- Windows Update and Security settings + +- Windows Defender + +- Windows Management Instrumentation + +- Windows PowerShell + +- Group Policy + +> [!NOTE] +> The scan is performed outside of the usual Windows operating environment. The user interface will appear different to a normal scan performed by Windows Defender. After the scan is completed, the endpoint will be restarted and Windows will load normally. + +**Run Windows Defender Offline from Windows Settings:** + +1. Open the **Start** menu and click or type **Settings**. + +1. Click **Update & Security** and then **Windows Defender**. Scroll to the bottom of the settings page until you see the **Windows Defender Offline** section. + +1. Click **Scan offline**. + + ![Windows Defender Offline setting](images/defender/settings-wdo.png) + +1. Follow the prompts to continue with the scan. You might be warned that you'll be signed out of Windows and that the endpoint will restart. + +**Run Windows Defender Offline from Windows Defender:** + +1. Open the **Start** menu, type **windows defender**, and press **Enter** to open the Windows Defender client. + +1. On the **Home** tab click **Download and Run**. + + ![Windows Defender home tab showing the Download and run button](images/defender/download-wdo.png) + +1. Follow the prompts to continue with the scan. You might be warned that you'll be signed out of Windows and that the endpoint will restart. + + +**Use Windows Management Instrumentation to configure and run Windows Defender Offline:** + +Use the `MSFT_MpWDOScan` class (part of the Windows Defender Windows Management Instrumentation provider) to run a Windows Defender Offline scan. + +The following Windows Management Instrumentation script snippet will immediately run a Windows Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows. + +```WMI +wmic /namespace:\\root\Microsoft\Windows\Defender path MSFT_MpWDOScan call Start +``` + +For more information about using Windows Management Instrumentation to run a scan in Windows Defender, including configuration parameters and options, see the following topics: + +- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/windows/desktop/dn439477(v=vs.85).aspx) + +- [MSFT_MpWDOScan class article](https://msdn.microsoft.com/library/windows/desktop/mt622458(v=vs.85).aspx) + +**Run Windows Defender Offline using PowerShell:** + +Use the PowerShell parameter `Start-MpWDOScan` to run a Windows Defender Offline scan. + +For more information on available cmdlets and optios, see the [Use PowerShell cmdlets to configure and run Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md) topic. + +## Review scan results + +Windows Defender Offline scan results will be listed in the main Windows Defender user interface after performing the scan. + +1. Open the **Start** menu, type **windows defender**, and press **Enter** to open the Windows Defender client. + +1. Go to the **History** tab. + +1. Select **All detected items**. + +1. Click **View details**. + +Any detected items will display. Items that are detected by Windows Defender Offline will be listed as **Offline** in the **Detection source**: + +![Windows Defender detection source showing as Offline](images/defender/detection-source.png) + +## Related topics + - [Windows Defender in Windows 10](windows-defender-in-windows-10.md) \ No newline at end of file diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md index 29e5c3e336..b46f78d870 100644 --- a/windows/manage/TOC.md +++ b/windows/manage/TOC.md @@ -36,6 +36,131 @@ ## [Configure devices without MDM](configure-devices-without-mdm.md) ## [Windows 10 servicing options](introduction-to-windows-10-servicing.md) ## [Application development for Windows as a service](application-development-for-windows-as-a-service.md) +## [Application Virtualization (App-V) for Windows](appv-for-windows.md) +### [Getting Started with App-V](appv-getting-started.md) +#### [About App-V](appv-about-appv.md) +##### [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md) +#### [Evaluating App-V](appv-evaluating-appv.md) +#### [High Level Architecture for App-V](appv-high-level-architecture.md) +#### [Accessibility for App-V](appv-accessibility.md) +### [Planning for App-V](appv-planning-for-appv.md) +#### [Preparing Your Environment for App-V](appv-preparing-your-environment.md) +##### [App-V Prerequisites](appv-prerequisites.md) +##### [App-V Security Considerations](appv-security-considerations.md) +#### [Planning to Deploy App-V](appv-planning-to-deploy-appv.md) +##### [App-V Supported Configurations](appv-supported-configurations.md) +##### [App-V Capacity Planning](appv-capacity-planning.md) +##### [Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md) +##### [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) +##### [Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md) +##### [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md) +##### [Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md) +##### [Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md) +##### [Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md) +#### [App-V Planning Checklist](appv-planning-checklist.md) +### [Deploying App-V](appv-deploying-appv.md) +#### [Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md) +##### [About Client Configuration Settings](appv-client-configuration-settings.md) +##### [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) +##### [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md) +##### [How to Install the Sequencer](appv-install-the-sequencer.md) +##### [How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md) +#### [Deploying the App-V Server](appv-deploying-the-appv-server.md) +##### [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) +##### [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md) +##### [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md) +##### [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md) +##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md) +##### [How to install the Management Server on a Standalone Computer and Connect it to the Database ](appv-install-the-management-server-on-a-standalone-computer.md) +##### [About App-V Reporting](appv-reporting.md) +##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md) +#### [App-V Deployment Checklist](appv-deployment-checklist.md) +#### [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md) +#### [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md) +### [Operations for App-V](appv-operations.md) +#### [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md) +##### [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md) +##### [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md) +##### [How to Create and Use a Project Template](appv-create-and-use-a-project-template.md) +##### [How to Create a Package Accelerator](appv-create-a-package-accelerator.md) +##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md) +#### [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md) +##### [About App-V Dynamic Configuration](appv-dynamic-configuration.md) +##### [How to Connect to the Management Console ](appv-connect-to-the-management-console.md) +##### [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) +##### [How to Configure Access to Packages by Using the Management Console ](appv-configure-access-to-packages-with-the-management-console.md) +##### [How to Publish a Package by Using the Management Console ](appv-publish-a-packages-with-the-management-console.md) +##### [How to Delete a Package in the Management Console ](appv-delete-a-package-with-the-management-console.md) +##### [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md) +##### [How to Register and Unregister a Publishing Server by Using the Management Console](appv-register-and-unregister-a-publishing-server-with-the-management-console.md) +##### [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md) +##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) +##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](appv-customize-virtual-application-extensions-with-the-management-console.md) +##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console ](appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) +#### [Managing Connection Groups](appv-managing-connection-groups.md) +##### [About the Connection Group Virtual Environment](appv-connection-group-virtual-environment.md) +##### [About the Connection Group File](appv-connection-group-file.md) +##### [How to Create a Connection Group](appv-create-a-connection-group.md) +##### [How to Create a Connection Group with User-Published and Globally Published Packages](appv-create-a-connection-group-with-user-published-and-globally-published-packages.md) +##### [How to Delete a Connection Group](appv-delete-a-connection-group.md) +##### [How to Publish a Connection Group](appv-publish-a-connection-group.md) +##### [How to Make a Connection Group Ignore the Package Version](appv-configure-connection-groups-to-ignore-the-package-version.md) +##### [How to Allow Only Administrators to Enable Connection Groups](appv-allow-administrators-to-enable-connection-groups.md) +#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md) +##### [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) +##### [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) +#### [Using the App-V Client Management Console](appv-using-the-client-management-console.md) +##### [How to Access the Client Management Console](appv-accessing-the-client-management-console.md) +##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server ](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) +#### [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) +##### [How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md) +#### [Maintaining App-V](appv-maintaining-appv.md) +##### [How to Move the App-V Server to Another Computer](appv-move-the-appv-server-to-another-computer.md) +#### [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md) +##### [How to Load the PowerShell Cmdlets and Get Cmdlet Help ](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md) +##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md) +##### [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md) +##### [How to Modify Client Configuration by Using PowerShell](appv-modify-client-configuration-with-powershell.md) +##### [How to Apply the User Configuration File by Using PowerShell](appv-apply-the-user-configuration-file-with-powershell.md) +##### [How to Apply the Deployment Configuration File by Using PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md) +##### [How to Sequence a Package by Using PowerShell ](appv-sequence-a-package-with-powershell.md) +##### [How to Create a Package Accelerator by Using PowerShell](appv-create-a-package-accelerator-with-powershell.md) +##### [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md) +##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md) +### [Troubleshooting App-V](appv-troubleshooting.md) +### [Technical Reference for App-V](appv-technical-reference.md) +#### [Performance Guidance for Application Virtualization](appv-performance-guidance.md) +#### [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) +#### [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md) +#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md) +## [User Experience Virtualization (UE-V) for Windows](uev-for-windows.md) +### [Get Started with UE-V](uev-getting-started.md) +#### [What's New in UE-V for Windows 10, version 1607](uev-whats-new-in-uev-for-windows.md) +#### [User Experience Virtualization Release Notes](uev-release-notes-1607.md) +#### [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md) +### [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) +#### [Deploy Required UE-V Features](uev-deploy-required-features.md) +#### [Deploy UE-V for use with Custom Applications](uev-deploy-uev-for-custom-applications.md) +### [Administering UE-V](uev-administering-uev.md) +#### [Manage Configurations for UE-V](uev-manage-configurations.md) +##### [Configuring UE-V with Group Policy Objects](uev-configuring-uev-with-group-policy-objects.md) +##### [Configuring UE-V with System Center Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md) +##### [Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md) +###### [Managing the UE-V Service and Packages with Windows PowerShell and WMI](uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md) +###### [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md) +#### [Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md) +#### [Manage Administrative Backup and Restore in UE-V](uev-manage-administrative-backup-and-restore.md) +#### [Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md) +#### [Migrating UE-V Settings Packages](uev-migrating-settings-packages.md) +#### [Using UE-V with Application Virtualization Applications](uev-using-uev-with-application-virtualization-applications.md) +### [Troubleshooting UE-V](uev-troubleshooting.md) +### [Technical Reference for UE-V](uev-technical-reference.md) +#### [Sync Methods for UE-V](uev-sync-methods.md) +#### [Sync Trigger Events for UE-V](uev-sync-trigger-events.md) +#### [Synchronizing Microsoft Office with UE-V](uev-synchronizing-microsoft-office-with-uev.md) +#### [Application Template Schema Reference for UE-V](uev-application-template-schema-reference.md) +#### [Accessibility for UE-V](uev-accessibility.md) +#### [Security Considerations for UE-V](uev-security-considerations.md) ## [Windows Store for Business](windows-store-for-business.md) ### [Sign up and get started](sign-up-windows-store-for-business-overview.md) ####[Windows Store for Business overview](windows-store-for-business-overview.md) diff --git a/windows/manage/appv-about-appv.md b/windows/manage/appv-about-appv.md new file mode 100644 index 0000000000..a0bfee5042 --- /dev/null +++ b/windows/manage/appv-about-appv.md @@ -0,0 +1,473 @@ +--- +title: About App-V (Windows 10) +description: About App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# About App-V for Windows + +Applies to: Windows 10, version 1607 + +Review the following sections for information about significant changes that apply to Application Virtualization (App-V) for Windows: + +[App-V software prerequisites and supported configurations](#bkmk-51-prereq-configs) + +[Migrating to App-V](#bkmk-migrate-to-51) + +[What’s New in App-V](#bkmk-whatsnew) + +[App-V support for Windows 10](#bkmk-win10support) + +[App-V Management Console Changes](#bkmk-mgmtconsole) + +[Sequencer Improvements](#bkmk-seqimprove) + +[Improvements to Package Converter](#bkmk-pkgconvimprove) + +[Support for multiple scripts on a single event trigger](#bkmk-supmultscripts) + +[Hardcoded path to installation folder is redirected to virtual file system root](#bkmk-hardcodepath) + +## App-V for Windows software prerequisites and supported configurations + + +See the following links for the App-V for Windows software prerequisites and supported configurations. + + ++++ + + + + + + + + + + + + + + + + +
    Links to prerequisites and supported configurationsDescription

    [App-V Prerequisites](appv-prerequisites.md)

    Prerequisite software that you must install before you can get started with App-V for Windows

    [App-V Supported Configurations](appv-supported-configurations.md)

    Supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client components

    + +  + +**Support for using Configuration Manager with App-V:** App-V supports System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager. + +## Upgrade to App-V for Windows + + +Use the following information to upgrade to App-V for Windows from earlier versions. See [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) for more information. + +### Before you start the upgrade + +Review the following information before you start the upgrade: + + ++++ + + + + + + + + + + + + + + + + + + + + +
    Items to review before upgradingDescription

    Components to upgrade, in any order

      +

    1. App-V Server

      2. +

    2. Sequencer

      3. +

    3. App-V Client or App-V Remote Desktop Services (RDS) Client

      4. +
    +
    +Note   +

    Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from [Application Virtualization 5.0 Client UI Application](http://www.microsoft.com/download/details.aspx?id=41186).

    +
    +
    +  +

    Upgrading from App-V 4.x

    You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V for Windows. For more information, see [Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)

    + +

    Upgrading from App-V 5.0 or later

    You can upgrade to App-V for Windows directly from any of the following versions:

    +
      +

    • App-V 5.0

      • +

    • App-V 5.0 SP1

      • +

    • App-V 5.0 SP2

      • +

    • App-V 5.0 SP3

      • +
    +

    To upgrade to App-V for Windows, follow the steps in the remaining sections of this topic.

    +

    Packages and connection groups will continue to work with App-V for Windows as they currently do.

    + +  + +### Steps to upgrade the App-V infrastructure + +Complete the following steps to upgrade each component of the App-V infrastructure to App-V for Windows. The following order is only a suggestion; you can upgrade components in any order. + + ++++ + + + + + + + + + + + + + + + + + + + + +
    StepFor more information

    Step 1: Upgrade the App-V Server.

    +
    +Note   +

    If you are not using the App-V Server, skip this step and go to the next step.

    +
    +
    +  +

    Follow these steps:

    +
      +

    1. Do one of the following, depending on the method you are using to upgrade the management database and/or reporting database:

      + ++++ + + + + + + + + + + + + + + + + +
      Database upgrade methodStep

      Windows Installer

      Skip this step and go to step 2, “If you are upgrading the App-V Server...”

      SQL scripts

      Follow the steps in [How to Deploy the App-V Databases by Using SQL Scripts](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts).

      +

    2. If you are upgrading the App-V for Windows Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/check-reg-key-svr).

      3. +

    3. Follow the steps in [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)

      4. +

       

      +

    Step 2: Install the new App-V for Windows sequencer.

    See [How to Install the Sequencer](appv-install-the-sequencer.md).

    Step 3: Enable the in-box App-V Client.

    See [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).

    + +  + +### Converting packages created using a prior version of App-V + +Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion. + +>**Note**   +App-V for Windows packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and so there is no need to convert App-V 5.0 packages to App-V for Windows packages. + +  + +## What’s New in App-V + + +These sections are for users who are already familiar with App-V and want to know what has changed in App-V for Windows. If you are not already familiar with App-V, you should start by reading [Planning for App-V](appv-planning-for-appv.md). + + +### App-V Management Console Changes + +This section compares the App-V for Windows Management Console’s current and previous functionality. + +### Silverlight is no longer required + +The Management Console UI no longer requires Silverlight. The Management Console is built on HTML5 and Javascript. + +### Notifications and messages are displayed individually in a dialog box + + ++++ + + + + + + + + + + + + + + + + + + + + +
    New in App-V for WindowsPrior to App-V

    Number of messages indicator:

    +

    On the title bar of the App-V Management Console, a number is now displayed next to a flag icon to indicate the number of messages that are waiting to be read.

    You could see only one message or error at a time, and you were unable to determine how many messages there were.

    Message appearance:

    +
      +

    • Messages that require user input appear in a separate dialog box that displays on top of the current page that you were viewing, and require a response before you can dismiss them.

      • +

    • Messages and errors appear in a list, with one beneath the other.

      • +

    You could see only one message or error at a time.

    Dismissing messages:

    +

    Use the Dismiss All link to dismiss all messages and errors at one time, or dismiss them one at a time.

    You could dismiss messages and errors only one at a time.

    + +  + +### Console pages are now separate URLs + + ++++ + + + + + + + + + + + + +
    New in App-V for WindowsPrior to App-V for Windows

    Each page in the console has a different URL, which enables you to bookmark specific pages for quick access in the future.

    +

    The number that appears in some URLs indicates the specific package. These numbers are unique.

    All console pages are accessed through the same URL.

    + +  + +### New, separate CONNECTION GROUPS page and menu option + + ++++ + + + + + + + + + + + + +
    New in App-V for WindowsPrior to App-V for Windows

    The CONNECTION GROUPS page is now part of the main menu, at the same level as the PACKAGES page.

    To open the CONNECTION GROUPS page, you navigate through the PACKAGES page.

    + +  + +### Menu options for packages have changed + + ++++ + + + + + + + + + + + + + + + + +
    New in App-V for WindowsPrior to App-V Windows

    The following options are now buttons that appear at the bottom of the PACKAGES page:

    +
      +

    • Add or Upgrade

      • +

    • Publish

      • +

    • Unpublish

      • +

    • Delete

      • +
    +

    The following options will still appear when you right-click a package to open the drop-down context menu:

    +
      +

    • Publish

      • +

    • Unpublish

      • +

    • Edit AD Access

      • +

    • Edit Deployment Config

      • +

    • Transfer deployment configuration from…

      • +

    • Transfer access and configuration from…

      • +

    • Delete

      • +
    +

    When you click Delete to remove a package, a dialog box opens and asks you to confirm that you want to delete the package.

    The Add or Upgrade option was a button at the top right of the PACKAGES page.

    +

    The Publish, Unpublish, and Delete options were available only if you right-clicked a package name in the packages list.

    The following package operations are now buttons on the package details page for each package:

    +
      +

    • Transfer (drop-down menu with the following options):

      +
        +

      • Transfer deployment configuration from…

        • +

      • Transfer access and configuration from…

        • +
      • +

    • Edit (connection groups and AD Access)

      • +

    • Unpublish

      • +

    • Delete

      • +

    • Edit Default Configuration

      • +

    These package options were available only if you right-clicked a package name in the packages list.

    + +  + +### Icons in left pane have new colors and text + +The colors of the icons in the left pane have been changed, and text added, to make the icons consistent with other Microsoft products. + +### Overview page has been removed + +In the left pane of the Management Console, the OVERVIEW menu option and its associated OVERVIEW page have been removed. + +### Sequencer Improvements + +The following improvements have been made to the package editor in the App-V Sequencer. + +### Import and export the manifest file + +You can import and export the AppxManifest.xml file. To export the manifest file, select the **Advanced** tab and in the Manifest File box, click **Export...**. You can make changes to the manifest file, such as removing shell extensions or editing file type associations. + +After you make your changes, click **Import...** and select the file you edited. After you successfully import it back in, the manifest file is immediately updated within the package editor. + +**Caution**   +When you import the file, your changes are validated against the XML schema. If the file is not valid, you will receive an error. Be aware that it is possible to import a file that is validated against the XML schema, but that might still fail to run for other reasons. + +  + +### Addition of Windows 10 to operating systems list + +In the Deployment tab, Windows 10 32-bit and Windows 10-64 bit have been added to the list of operating systems for which you can sequence a package. If you select **Any Operating System**, Windows 10 is automatically included among the operating systems that the sequenced package will support. + +### Current path displays at bottom of virtual registry editor + +In the Virtual Registry tab, the path now displays at the bottom of the virtual registry editor, which enables you to determine the currently selected key. Previously, you had to scroll through the registry tree to find the currently selected key. + +### Combined “find and replace” dialog box and shortcut keys added in virtual registry editor + +In the virtual registry editor, shortcut keys have been added for the Find option (Ctrl+F), and a dialog box that combines the “find” and “replace” tasks has been added to enable you to find and replace values and data. To access this combined dialog box, select a key and do one of the following: + +- Press **Ctrl+H** + +- Right-click a key and select **Replace**. + +- Select **View** > **Virtual Registry** > **Replace**. + +Previously, the “Replace” dialog box did not exist, and you had to make changes manually. + +### Rename registry keys and package files successfully + +You can rename virtual registry keys and files without experiencing Sequencer issues. Previously, the Sequencer stopped working if you tried to rename a key. + +### Import and export virtual registry keys + +You can import and export virtual registry keys. To import a key, right-click the node under which to import the key, navigate to the key you want to import, and then click **Import**. To export a key, right-click the key and select **Export**. + +### Import a directory into the virtual file system + +You can import a directory into the VFS. To import a directory, click the **Package Files** tab, and then click **View** > **Virtual File System** > **Import Directory**. If you try to import a directory that contains files that are already in the VFS, the import fails, and an explanatory message is displayed. Prior to App-V, you could not import directories. + +### Import or export a VFS file without having to delete and then add it back to the package + +You can import files to or export files from the VFS without having to delete the file and then add it back to the package. For example, you might use this feature to export a change log to a local drive, edit the file using an external editor, and then re-import the file into the VFS. + +To export a file, select the **Package Files** tab, right-click the file in the VFS, click **Export**, and choose an export location from which you can make your edits. + +To import a file, select the **Package Files** tab and right-click the file that you had exported. Browse to the file that you edited, and then click **Import**. The imported file will overwrite the existing file. + +After you import a file, you must save the package by clicking **File** > **Save**. + +### Menu for adding a package file has moved + +The menu option for adding a package file has been moved. To find the Add option, select the **Package Files** tab, then click **View** > **Virtual File System** > **Add File**. Previously, you right-clicked a folder under the VFS node, and chose **Add File**. + +### Virtual registry node expands MACHINE and USER hives by default + +When you open the virtual registry, the MACHINE and USER hives are shown below the top-level REGISTRY node. Previously, you had to expand the REGISTRY node to show the hives beneath. + +### Enable or disable Browser Helper Objects + +You can enable or disable Browser Helper Objects by selecting a new check box, Enable Browser Helper Objects, on the Advanced tab of the Sequencer user interface. If Browser Helper Objects: + +- Exist in the package and are enabled, the check box is selected by default. + +- Exist in the package and are disabled, the check box is clear by default. + +- Exist in the package, with one or more enabled and one or more disabled, the check box is set to indeterminate by default. + +- Do not exist in the package, the check box is disabled. + +### Improvements to Package Converter + +You can now use the package converter to convert App-V 4.6 packages that contain scripts, and registry information and scripts from source .osd files are now included in package converter output. + +For more information including examples, see [Migrating to App-V for Windows from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md). + +### Support for multiple scripts on a single event trigger + +App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you are converting from App-V 4.6 to App-V 5.0 or later. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is installed as part of the App-V client installation. + +For more information, including a list of event triggers and the context under which scripts can be run, see the Scripts section in [About App-V Dynamic Configuration](appv-dynamic-configuration.md). + + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Release Notes for App-V](appv-release-notes-for-appv-for-windows.md) + +  + +  + + + + + diff --git a/windows/manage/appv-accessibility.md b/windows/manage/appv-accessibility.md new file mode 100644 index 0000000000..a77cc5c218 --- /dev/null +++ b/windows/manage/appv-accessibility.md @@ -0,0 +1,169 @@ +--- +title: Accessibility for App-V (Windows 10) +description: Accessibility for App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Accessibility for App-V + + +Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. + +## Keyboard Shortcuts for the App-V Management Server + + +Following are the keyboard Shortcuts for the App-V Management Server: + + ++++ + + + + + + + + + + + + + + + + + + + + +
    To do thisPress

    Close a dialog box.

    Esc

    Perform the default action of a dialog box.

    Enter

    Refresh the current page of the App-V client console.

    F5

    + +  + +## Keyboard Shortcuts for the App-V Sequencer + + +Following are the keyboard shortcuts for the Virtual Registry tab in the package editor in the App-V Sequencer: + + ++++ + + + + + + + + + + + + + + + + +
    To do thisPress

    Open the Find dialog box.

    CTRL + F

    Open the Replace dialog box.

    CTRL + H

    + +  + +### Access Any Command with a Few Keystrokes + +**Important**   +The information in this section only applies to the App-V sequencer. For specific information about the App-V server, see the Keyboard Shortcuts for the App-V Management Server section of this document. + +  + +Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: + +1. Press ALT. + + An underline appears beneath the keyboard shortcut for each feature that is available in the current view. + +2. Press the letter underlined in the keyboard shortcut for the feature that you want to use. + +**Note**   +To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. + +  + +## Documentation in Alternative Formats + + +If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. + +For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: + + ++++ + + + + + + + + + + + + + + + + + + + + + + +

    Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

    +

    20 Roszel Road

    +

    Princeton, NJ 08540

    Telephone number from within the United States:

    (800) 221-4792

    Telephone number from outside the United States and Canada:

    (609) 452-0606

    Fax:

    (609) 987-8116

    [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)

    Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

    + +  + +## Customer Service for People with Hearing Impairments + + +If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: + +- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. + +- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. + +Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. + +## For More Information + + +For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431). + +## Related topics + + +[Getting Started with App-V](appv-getting-started.md) + +  + +  + + + + + diff --git a/windows/manage/appv-accessing-the-client-management-console.md b/windows/manage/appv-accessing-the-client-management-console.md new file mode 100644 index 0000000000..4c622c5423 --- /dev/null +++ b/windows/manage/appv-accessing-the-client-management-console.md @@ -0,0 +1,26 @@ +--- +title: How to access the client management console (Windows 10) +description: How to access the client management console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# How to access the client management console + +Use the App-V client management console to manage packages on the computer running the App-V client. + +> [!NOTE] +To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V client. + +The client management console is available from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=41186). + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Operations for App-V](appv-operations.md) diff --git a/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md new file mode 100644 index 0000000000..71e3960d3e --- /dev/null +++ b/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md @@ -0,0 +1,45 @@ +--- +title: How to Add or Remove an Administrator by Using the Management Console (Windows 10) +description: How to Add or Remove an Administrator by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Add or Remove an Administrator by Using the Management Console + + +Use the following procedures to add or remove an administrator on the Microsoft Application Virtualization (App-V) server. + +**To add an administrator using the Management Console** + +1. Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of Access Directory (AD) users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server. + +2. To add a new administrator, click **Add Administrator** Type the name of the administrator that you want to add in the **Active Directory Name** field. Ensure you provide the associated user account domain name. For example, **Domain** \\ **UserName**. + +3. Select the account that you want to add and click **Add**. The new account is displayed in the list of server administrators. + +**To remove an administrator using the Management Console** + +1. Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server. + +2. Right-click the account to be removed from the list of administrators and select **Remove**. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md new file mode 100644 index 0000000000..a5f136d917 --- /dev/null +++ b/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md @@ -0,0 +1,54 @@ +--- +title: How to Add or Upgrade Packages by Using the Management Console (Windows 10) +description: How to Add or Upgrade Packages by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Add or Upgrade Packages by Using the Management Console + + +You can the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**. + +**To add a package to the Management Console** + +1. Click the **Packages** tab in the navigation pane of the Management Console display. + + The console displays the list of packages that have been added to the server along with status information about each package. When a package is selected, detailed information about the package is displayed in the **PACKAGES** pane. + + Click the **Ungrouped** drop-down list box and specify how the packages are to be displayed in the console. You can also click the associated column header to sort the packages. + +2. To specify the package you want to add, click **Add or Upgrade Packages**. + +3. Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then click **Add**. + + **Important**   + You must select a package with the **.appv** file name extension. + +   + +4. The page displays the status message **Adding <Packagename>**. Click **IMPORT STATUS** to check the status of a package that you have imported. + + Click **OK** to add the package and close the **Add Package** page. If there was an error during the import, click **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane. + +5. Click **Close** to close the **Add or Upgrade Packages** page. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-administering-appv-with-powershell.md b/windows/manage/appv-administering-appv-with-powershell.md new file mode 100644 index 0000000000..5d9ef4ace0 --- /dev/null +++ b/windows/manage/appv-administering-appv-with-powershell.md @@ -0,0 +1,138 @@ +--- +title: Administering App-V by Using PowerShell (Windows 10) +description: Administering App-V by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Administering App-V by Using PowerShell + + +Microsoft Application Virtualization (App-V) provides Windows PowerShell cmdlets, which can help administrators perform various App-V tasks. The following sections provide more information about using PowerShell with App-V. + +## How to administer App-V by using PowerShell + + +Use the following PowerShell procedures to perform various App-V tasks. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NameDescription

    [How to Load the PowerShell Cmdlets and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)

    Describes how to install the PowerShell cmdlets and find cmdlet help and examples.

    [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)

    Describes how to manage the client package lifecycle on a stand-alone computer using PowerShell.

    [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)

    Describes how to manage connection groups using PowerShell.

    [How to Modify Client Configuration by Using PowerShell](appv-modify-client-configuration-with-powershell.md)

    Describes how to modify the client using PowerShell.

    [How to Apply the User Configuration File by Using PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)

    Describes how to apply a user configuration file using PowerShell.

    [How to Apply the Deployment Configuration File by Using PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)

    Describes how to apply a deployment configuration file using PowerShell.

    [How to Sequence a Package by Using PowerShell](appv-sequence-a-package-with-powershell.md)

    Describes how to create a new package using PowerShell.

    [How to Create a Package Accelerator by Using PowerShell](appv-create-a-package-accelerator-with-powershell.md)

    Describes how to create a package accelerator using PowerShell. You can use package accelerators automatically sequence large, complex applications.

    [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)

    Describes how to enable the computer running the App-V to send reporting information.

    [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)

    Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.

    + +  + +**Important**   +Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for PowerShell. + +  + +## PowerShell Error Handling + + +Use the following table for information about App-V PowerShell error handling. + + ++++ + + + + + + + + + + + + + + + + +
    EventAction

    Using the RollbackOnError attribute with embedded scripts

    When you use the RollbackOnError attribute with embedded scripts, the attribute is ignored for the following events:

    +
      +

    • Removing a package

      • +

    • Unpublishing a package

      • +

    • Terminating a virtual environment

      • +

    • Terminating a process

      • +

    Package name contains $

    If a package name contains the character ( $ ), you must use a single-quote ( ), for example,

    +

    Add-AppvClientPackage ‘Contoso$App.appv’

    + +  + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-administering-virtual-applications-with-the-management-console.md b/windows/manage/appv-administering-virtual-applications-with-the-management-console.md new file mode 100644 index 0000000000..0b47267c1a --- /dev/null +++ b/windows/manage/appv-administering-virtual-applications-with-the-management-console.md @@ -0,0 +1,113 @@ +--- +title: Administering App-V Virtual Applications by Using the Management Console (Windows 10) +description: Administering App-V Virtual Applications by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Administering App-V Virtual Applications by Using the Management Console + + +Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers that run the App-V client. One or more management servers typically share a common data store for configuration and package information. + +The management server uses Active Directory Domain Services (AD DS) groups to manage user authorization and has SQL Server installed to manage the database and data store. + +Because the management servers stream applications to end users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. The management server consists of the following components: + +- Management Server – Use the management server to manage packages and connection groups. + +- Publishing Server – Use the publishing server to deploy packages to computers that run the App-V client. + +- Management Database - Use the management database to manage the package access and to publish the server’s synchronization with the management server. + +## Management Console tasks + + +The most common tasks that you can perform with the App-V Management console are: + +- [How to Connect to the Management Console](appv-connect-to-the-management-console.md) + +- [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) + +- [How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md) + +- [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md) + +- [How to Delete a Package in the Management Console](appv-delete-a-package-with-the-management-console.md) + +- [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md) + +- [How to Register and Unregister a Publishing Server by Using the Management Console](appv-register-and-unregister-a-publishing-server-with-the-management-console.md) + +- [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md) + +- [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) + +- [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](appv-customize-virtual-application-extensions-with-the-management-console.md) + +- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) + +The main elements of the App-V Management Console are: + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    Management Console tabDescription

    Packages tab

    Use the PACKAGES tab to add or upgrade packages.

    Connection Groups tab

    Use the CONNECTION GROUPS tab to manage connection groups.

    Servers tab

    Use the SERVERS tab to register a new server.

    Administrators tab

    Use the ADMINISTRATORS tab to register, add, or remove administrators in your App-V environment.

    + +  + +**Important**   +JavaScript must be enabled on the browser that opens the Web Management Console. + +  + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other resources for this App-V deployment + + +- [Application Virtualization (App-V) overview](appv-for-windows.md) + +- [Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-allow-administrators-to-enable-connection-groups.md b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md new file mode 100644 index 0000000000..faef4d1c5f --- /dev/null +++ b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md @@ -0,0 +1,70 @@ +--- +title: How to Allow Only Administrators to Enable Connection Groups (Windows 10) +description: How to Allow Only Administrators to Enable Connection Groups +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Allow Only Administrators to Enable Connection Groups + + +You can configure the App-V client so that only administrators (not end users) can enable or disable connection groups. In earlier versions of App-V, you could not prevent end users from performing these tasks. + +**Note**   +**This feature is supported starting in App-V 5.0 SP3.** + +  + +Use one of the following methods to allow only administrators to enable or disable connection groups. + + ++++ + + + + + + + + + + + + + + + + +
    MethodSteps

    Group Policy setting

    Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:

    +

    Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing

    PowerShell cmdlet

    Run the Set-AppvClientConfiguration cmdlet with the –RequirePublishAsAdmin parameter.

    +

    Parameter values:

    +
      +

    • 0 - False

      • +

    • 1 - True

      • +
    +

    Example:: Set-AppvClientConfiguration –RequirePublishAsAdmin1

    + +  + +**Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Managing Connection Groups](appv-managing-connection-groups.md) + +  + +  + + + + + diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md new file mode 100644 index 0000000000..1d9ff36d03 --- /dev/null +++ b/windows/manage/appv-application-publishing-and-client-interaction.md @@ -0,0 +1,1291 @@ +--- +title: Application Publishing and Client Interaction (Windows 10) +description: Application Publishing and Client Interaction +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Application Publishing and Client Interaction + + +This article provides technical information about common App-V client operations and their integration with the local operating system. + +## App-V package files created by the Sequencer + + +The Sequencer creates App-V packages and produces a virtualized application. The sequencing process creates the following files: + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FileDescription

    .appv

      +

    • The primary package file, which contains the captured assets and state information from the sequencing process.

      • +

    • Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.

      • +

    .MSI

    Executable deployment wrapper that you can use to deploy .appv files manually or by using a third-party deployment platform.

    _DeploymentConfig.XML

    File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V client.

    _UserConfig.XML

    File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V client.

    Report.xml

    Summary of messages resulting from the sequencing process, including omitted drivers, files, and registry locations.

    .CAB

    Optional: Package accelerator file used to automatically rebuild a previously sequenced virtual application package.

    .appvt

    Optional: Sequencer template file used to retain commonly reused Sequencer settings.

    + +  + +For information about sequencing, see [Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkID=269810). + +## What’s in the appv file? + + +The appv file is a container that stores XML and non-XML files together in a single entity. This file is built from the AppX format, which is based on the Open Packaging Conventions (OPC) standard. + +To view the appv file contents, make a copy of the package, and then rename the copied file to a ZIP extension. + +The appv file contains the following folder and files, which are used when creating and publishing a virtual application: + +| Name | Type | Description | +| - | - | - | +| Root | File folder | Directory that contains the file system for the virtualized application that is captured during sequencing. | +| [Content_Types].xml | XML File | List of the core content types in the appv file (e.g. DLL, EXE, BIN). | +| AppxBlockMap.xml | XML File | Layout of the appv file, which uses File, Block, and BlockMap elements that enable location and validation of files in the App-V package.| +| AppxManifest.xml | XML File | Metadata for the package that contains the required information for adding, publishing, and launching the package. Includes extension points (file type associations and shortcuts) and the names and GUIDs associated with the package.| +| FilesystemMetadata.xml | XML File | List of the files captured during sequencing, including attributes (e.g., directories, files, opaque directories, empty directories,and long and short names). | +| PackageHistory.xml | XML File | Information about the sequencing computer (operating system version, Internet Explorer version, .Net Framework version) and process (upgrade, package version).| +| Registry.dat | DAT File | Registry keys and values captured during the sequencing process for the package.| +| StreamMap.xml | XML File | List of files for the primary and publishing feature block. The publishing feature block contains the ICO files and required portions of files (EXE and DLL) for publishing the package. When present, the primary feature block includes files that have been optimized for streaming during the sequencing process.| + +  + +## App-V client data storage locations + +The App-V client performs tasks to ensure that virtual applications run properly and work like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets. + +| Name | Location | Description | +| - | - | - | +| Package Store | %ProgramData%\App-V| Default location for read only package files| +| Machine Catalog | %ProgramData%\Microsoft\AppV\Client\Catalog| Contains per-machine configuration documents| +| User Catalog | %AppData%\Microsoft\AppV\Client\Catalog| Contains per-user configuration documents| +| Shortcut Backups | %AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups| Stores previous integration points that enable restore on package unpublish| +| Copy on Write (COW) Roaming | %AppData%\Microsoft\AppV\Client\VFS| Writeable roaming location for package modification| +| Copy on Write (COW) Local | %LocalAppData%\Microsoft\AppV\Client\VFS| Writeable non-roaming location for package modification| +| Machine Registry | HKLM\Software\Microsoft\AppV| Contains package state information, including VReg for machine or globally published packages (Machine hive)| +| User Registry | HKCU\Software\Microsoft\AppV| Contains user package state information including VReg| +| User Registry Classes | HKCU\Software\Classes\AppV| Contains additional user package state information| + +Additional details for the table are provided in the section below and throughout the document. + +### Package store + +The App-V Client manages the applications assets mounted in the package store. This default storage location is `%ProgramData%\App-V`, but you can configure it during or after setup by using the `Set-AppVClientConfiguration` Windows PowerShell cmdlet, which modifies the local registry (`PackageInstallationRoot` value under the `HKLM\Software\Microsoft\AppV\Client\Streaming` key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named for the Package GUID and Version GUID. + +Example of a path to a specific application: + +``` syntax +C:\ProgramData\App-V\PackGUID\VersionGUID +``` + +To change the default location of the package store during setup, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). + +### Shared Content Store + +If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see . + +> [!NOTE] +> The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. + +  + +### Package catalogs + +The App-V Client manages the following two file-based locations: + +- **Catalogs (user and machine).** + +- **Registry locations** - depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine Catalog stores global information applicable to all users or any user, and the User Catalog stores information applicable to a specific user. The Catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version.  + +### Machine catalog + + ++++ + + + + + + + + + + + + + + + + + + + + + + +

    Description

    Stores package documents that are available to users on the machine, when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.

    +

    If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (e.g., the package directory is in a shared disk location).

    +

    If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.

    Default storage location

    %programdata%\Microsoft\AppV\Client\Catalog\

    +

    This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.

    Files in the machine catalog

      +

    • Manifest.xml

      • +

    • DeploymentConfiguration.xml

      • +

    • UserManifest.xml (Globally Published Package)

      • +

    • UserDeploymentConfiguration.xml (Globally Published Package)

      • +

    Additional machine catalog location, used when the package is part of a connection group

    The following location is in addition to the specific package location mentioned above:

    +

    %programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID

    Additional files in the machine catalog when the package is part of a connection group

      +

    • PackageGroupDescriptor.xml

      • +

    • UserPackageGroupDescriptor.xml (globally published Connection Group)

      • +
    + +  + +### User catalog + + ++++ + + + + + + + + + + + + + + + + + + + + + + +

    Description

    Created during the publishing process. Contains information used for publishing the package, and also used at launch to ensure that a package is provisioned to a specific user. Created in a roaming location and includes user-specific publishing information.

    +

    When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.

    +

    For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.

    Default storage location

    appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID

    Files in the user catalog

      +

    • UserManifest.xml

      • +

    • DynamicConfiguration.xml or UserDeploymentConfiguration.xml

      • +

    Additional user catalog location, used when the package is part of a connection group

    The following location is in addition to the specific package location mentioned above:

    +

    appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID

    Additional file in the machine catalog when the package is part of a connection group

    UserPackageGroupDescriptor.xml

    + +  + +### Shortcut backups + +During the publishing process, the App-V Client backs up any shortcuts and integration points to `%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups.` This backup enables the restoration of these integration points to the previous versions when the package is unpublished. + +### Copy on Write files + +The Package Store contains a pristine copy of the package files that have been streamed from the publishing server. During normal operation of an App-V application, the user or service may require changes to the files. These changes are not made in the package store in order to preserve your ability to repair the application, which removes these changes. These locations, called Copy on Write (COW), support both roaming and non-roaming locations. The location where the modifications are stored depends where the application has been programmed to write changes to in a native experience. + +### COW roaming + +The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\**\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings. + +### COW local + +The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (e.g. Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-**S** location stores user based changes. + +## Package registry + + +Before an application can access the package registry data, the App-V Client must make the package registry data available to the applications. The App-V Client uses the real registry as a backing store for all registry data. + +When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at `%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat`. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time. + +**Registry.dat from Package Store ** > **%ProgramData%\Microsoft\AppV\Client\Vreg\{VersionGuid}.dat** +  + +When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. + +### Package registry staging vs. connection group registry staging + +When connection groups are present, the previous process of staging the registry holds true, but instead of having one hive file to process, there are more than one. The files are processed in the order in which they appear in the connection group XML, with the first writer winning any conflicts. + +The staged registry persists the same way as in the single package case. Staged user registry data remains for the connection group until it is disabled; staged machine registry data is removed on connection group removal. + +### Virtual registry + +The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality – that is any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the registry COW -> package -> native. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data. + +### Registry locations + +There are two package registry locations and two connection group locations where the App-V Client stores registry information, depending on whether the Package is published individually or as part of a connection group. There are three COW locations for packages and three for connection groups, which are created and managed by the VREG. Settings for packages and connection groups are not shared: + +**Single Package VReg:** + + ++++ + + + + + + + + + + + + + + + + + + +

    Location

    Description

    COW

      +

    • Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)

      • +

    • User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes

      • +

    • User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non elevated process)

      • +

    Package

      +

    • Machine Registry\Client\Packages\PkgGUID\Versions\VerGuid\Registry\Machine

      • +

    • User Registry Classes\Client\Packages\PkgGUID\Versions\VerGUID\Registry

      • +

    Native

      +

    • Native application registry location

      • +
    + +  + +  + +**Connection Group VReg:** + + ++++ + + + + + + + + + + + + + + + + + + +

    Location

    Description

    COW

      +

    • Machine Registry\Client\PackageGroups\GrpGUID\REGISTRY (only elevate process can write)

      • +

    • User Registry\Client\PackageGroups\GrpGUID\REGISTRY (Anything written to HKCU except Software\Classes

      • +

    • User Registry Classes\Client\PackageGroups\GrpGUID\REGISTRY

      • +

    Package

      +

    • Machine Registry\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY

      • +

    • User Registry Classes\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY

      • +

    Native

      +

    • Native application registry location

      • +
    + +  + +  + +There are two COW locations for HKLM; elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first. + +### Pass-through keys + +Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key `HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry`. Any key that appears under this multi-string value (and their children) will be treated as pass-through. + +The following locations are configured as pass-through locations by default: + +- HKEY\_CURRENT\_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel + +- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel + +- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT + +- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\services\\eventlog\\Application + +- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\WMI\\Autologger + +- HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings + +- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib + +- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies + +- HKEY\_CURRENT\_USER\\SOFTWARE\\Policies + +The purpose of Pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI based applications. It is recommend that administers do not modify any of the default pass-through keys, but in some instances, based on application behavior may require adding additional pass-through keys. + +## App-V package store behavior + + +App-V manages the Package Store, which is the location where the expanded asset files from the appv file are stored. By default, this location is stored at %ProgramData%\\App-V, and is limited in terms of storage capabilities only by free disk space. The package store is organized by the GUIDs for the package and version as mentioned in the previous section. + +### Add packages + +App-V Packages are staged upon addition to the computer with the App-V Client. The App-V Client provides on-demand staging. During publishing or a manual Add-AppVClientPackage, the data structure is built in the package store (c:\\programdata\\App-V\\{PkgGUID}\\{VerGUID}). The package files identified in the publishing block defined in the StreamMap.xml are added to the system and the top level folders and child files staged to ensure proper application assets exist at launch. + +### Mounting packages + +Packages can be explicitly loaded using the PowerShell `Mount-AppVClientPackage` or by using the **App-V Client UI** to download a package. This operation completely loads the entire package into the package store. + +### Streaming packages + +The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MAcHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming: + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    PolicyDescription

    AllowHighCostLaunch

    Allows streaming over 3G and cellular networks

    AutoLoad

    Specifies the Background Load setting:

    +

    0 - Disabled

    +

    1 – Previously Used Packages only

    +

    2 – All Packages

    PackageInstallationRoot

    The root folder for the package store in the local machine

    PackageSourceRoot

    The root override where packages should be streamed from

    SharedContentStoreMode

    Enables the use of Shared Content Store for VDI scenarios

    + +  + +  + +These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors around streaming packages that must be explained: + +- Background Streaming + +- Optimized Streaming + +- Stream Faults + +### Background streaming + +The PowerShell cmdlet `Get-AppvClientConfiguration` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched. + +### Optimized streaming + +App-V packages can be configured with a primary feature block during sequencing. This setting allows the sequencing engineer to monitor launch files for a specific application, or applications, and mark the blocks of data in the App-V package for streaming at first launch of any application in the package. + +### Stream faults + +After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store. + +### Package upgrades + +App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: `%ProgramData%\App-V\{PkgGUID}\{newVerGUID}`. The upgrade operation is optimized by creating hard links to identical- and streamed-files from other versions of the same package. + +### Package removal + +The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the PowerShell cmdlet `Remove-AppVClientPackge` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. + +## Roaming registry and data + + +App-V is able to provide a near-native experience when roaming, depending on how the application being used is written. By default, App-V roams AppData that is stored in the roaming location, based on the roaming configuration of the operating system. Other locations for storage of file-based data do not roam from computer to computer, since they are in locations that are not roamed. + +### Roaming requirements and user catalog data storage + +App-V stores data, which represents the state of the user’s catalog, in the form of: + +- Files under %appdata%\\Microsoft\\AppV\\Client\\Catalog + +- Registry settings under `HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages` + +Together, these files and registry settings represent the user’s catalog, so either both must be roamed, or neither must be roamed for a given user. App-V does not support roaming %AppData%, but not roaming the user’s profile (registry), or vice versa. + +> [!NOTE] +> The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under `HKEY_CURRENT_USER` is missing or mismatched with the data in %appdata%. + +  + +### Registry-based data + +App-V registry roaming falls into two scenarios, as shown in the following table. + + ++++ + + + + + + + + + + + + + + + + +
    ScenarioDescription

    Applications that are run as standard users

    When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:

    +
      +

    • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE

      • +

    • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWARE

      • +
    +

    The locations are enabled for roaming based on the operating system settings.

    Applications that are run with elevation

    When an application is launched with elevation:

    +
      +

    • HKLM data is stored in the HKLM hive on the local computer

      • +

    • HKCU data is stored in the User Registry location

      • +
    +

    In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:

    +
      +

    • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\{UserSID}\REGISTRY\MACHINE\SOFTWARE

      • +

    • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\Registry\User\{UserSID}\SOFTWARE

      • +
    + +  + +### App-V and folder redirection + +App-V supports folder redirection of the roaming AppData folder (%AppData%). When the virtual environment is started, the roaming AppData state from the user’s roaming AppData directory is copied to the local cache. Conversely, when the virtual environment is shut down, the local cache that is associated with a specific user’s roaming AppData is transferred to the actual location of that user’s roaming AppData directory. + +A typical package has several locations mapped in the user’s backing store for settings in both AppData\\Local and AppData\\Roaming. These locations are the Copy on Write locations that are stored per user in the user’s profile, and that are used to store changes made to the package VFS directories and to protect the default package VFS. + +The following table shows local and roaming locations, when folder redirection has not been implemented. + +| VFS directory in package | Mapped location of backing store | +| - | - | +| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\ProgramFilesX86 | +| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\SystemX86 | +| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\Windows | +| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\appv_ROOT| +| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\AppData | + +The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location). + +| VFS directory in package | Mapped location of backing store | +| - | - | +| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\ProgramFilesX86 | +| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\SystemX86 | +| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\Windows | +| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\appv\_ROOT | +| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\AppData | +  + +The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: + +1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory. + +2. If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens. + +3. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory. + +This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are: + +1. App-V application is shut down, which shuts down the virtual environment. + +2. The local cache of the roaming AppData location is compressed and stored in a ZIP file. + +3. A timestamp at the end of the ZIP packaging process is used to name the file. + +4. The timestamp is recorded in the registry: HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime as the last known AppData timestamp. + +5. The folder redirection process is called to evaluate and initiate the ZIP file uploaded to the roaming AppData directory. + +The timestamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: + +1. The user starts the virtual environment by starting an application. + +2. The application’s virtual environment checks for the most recent time stamped ZIP file, if present. + +3. The registry is checked for the last known uploaded timestamp, if present. + +4. The most recent ZIP file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the ZIP file. + +5. If the local last known upload timestamp is earlier than that of the most recent ZIP file in the roaming AppData location, the ZIP file is extracted to the local temp directory in the user’s profile. + +6. After the ZIP file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. + +7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. + +This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: + +1. During repair, detect if the path to the user’s roaming AppData directory is not local. + +2. Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations. + +3. Delete the timestamp stored in the registry, if present. + +This process will re-create both the local and network locations for AppData and remove the registry record of the timestamp. + +## App-V client application lifecycle management + + +In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client. + +This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: . + +The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) or use Windows PowerShell: + +``` syntax +get-command *appv* +``` + +### Publishing refresh + +The publishing refresh process is comprised of several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process at user logon, machine startup, and at scheduled intervals. The configuration of the client during setup listed above is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following PowerShell cmdlets: + +- **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages. + +- **Set-AppVPublishingServer:** Modifies the current settings for the App-V Publishing Server. + +- **Set-AppVClientConfiguration:** Modifies the currents settings for the App-V Client. + +- **Sync-AppVPublishingServer:** Initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server. + +The focus of the following sections is to detail the operations that occur during different phases of an App-V Publishing Refresh. The topics include: + +- Adding an App-V Package + +- Publishing an App-V Package + +### Adding an App-V package + +Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the `Add-AppVClientPackage` cmdlet in PowerShell, except during the publishing refresh add process, the configured publishing server is contacted and passes a high-level list of applications back to the client to pull more detailed information and not a single package add operation. The process continues by configuring the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming. + +**How to add an App-V package** + +1. Manual initiation via Windows PowerShell or Task Sequence initiation of the Publishing Refresh process. + + 1. The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users. + + 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per package basis. + +2. The Publishing Agent on the App-V Client performs all actions below serialized. + + Evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group cannot be processed. + +3. Configure the packages by identifying an Add or Update operations. + + 1. The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server. + + 2. The package file is opened and the AppXManifest.xml and StreamMap.xml are downloaded to the Package Store. + + 3. Completely stream publishing block data defined in the StreamMap.xml. Stores the publishing block data in the Package Store\\PkgGUID\\VerGUID\\Root. + + - Icons: Targets of extension points. + + - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, directly accessed or via file types. + + - Scripts: Download scripts directory for use throughout the publishing process. + + 4. Populate the Package store: + + 1. Create sparse files on disk that represent the extracted package for any directories listed. + + 2. Stage top level files and directories under root. + + 3. All other files are created when the directory is listed as sparse on disk and streamed on demand. + + 5. Create the machine catalog entries. Create the Manifest.xml and DeploymentConfiguration.xml from the package files (if no DeploymentConfiguration.xml file in the package a placeholder is created). + + 6. Create location of the package store in the registry HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog + + 7. Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat + + 8. Register the package with the App-V Kernal Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV + + 9. Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing. + +4. Configure Connection Groups by adding and enabling or disabling. + +5. Remove objects that are not published to the target (user or machine). + + > [!NOTE] + > This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published). + +   + +6. Invoke background load mounting based on client configuration. + +7. Packages that already have publishing information for the machine or user are immediately restored. + + > [!NOTE]    + > This condition occurs as a product of removal without unpublishing with background addition of the package. + +   + +This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user). + +![package add file and registry data](images/packageaddfileandregistrydata.png) + +### Publishing an App-V package + +During the Publishing Refresh operation, the specific publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. The following are the detailed steps. + +**How to publish and App-V package** + +1. Package entries are added to the user catalog + + 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the User Catalog + + 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the Machine Catalog + +2. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV + +3. Perform integration tasks. + + 1. Create extension points. + + 2. Store backup information in the user’s registry and roaming profile (Shortcut Backups). + + **Note**   + This enables restore extension points if the package is unpublished. + +   + + 3. Run scripts targeted for publishing timing. + +Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the machine and users catalog information above for details. + +![package add file and registry data - global](images/packageaddfileandregistrydata-global.png) + +### Application launch + +After the Publishing Refresh process, the user launches and subsequently re-launches an App-V application. The process is very simple and optimized to launch quickly with a minimum of network traffic. The App-V Client checks the path to the user catalog for files created during publishing. After rights to launch the package are established, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. With the virtual environment created and configured for the specific package and application, the application starts. + +**How to launch App-V applications** + +1. User launches the application by clicking on a shortcut or file type invocation. + +2. The App-V Client verifies existence in the User Catalog for the following files + + - UserDeploymentConfiguration.xml + + - UserManifest.xml + +3. If the files are present, the application is entitled for that specific user and the application will start the process for launch. There is no network traffic at this point. + +4. Next, the App-V Client checks that the path for the package registered for the App-V Client service is found in the registry. + +5. Upon finding the path to the package store, the virtual environment is created. If this is the first launch, the Primary Feature Block downloads if present. + +6. After downloading, the App-V Client service consumes the manifest and deployment configuration files to configure the virtual environment and all App-V subsystems are loaded. + +7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. + + ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png) + +### Upgrading an App-V package + +The App-V package upgrade process differs from the older versions of App-V. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time as the package store and catalogs are updated with the new resources. The only process specific to the addition of new version resources is storage optimization. During an upgrade, only the new files are added to the new version store location and hard links are created for unchanged files. This reduces the overall storage by only presenting the file on one disk location and then projecting it into all folders with a file location entry on the disk. The specific details of upgrading an App-V Package are as follows: + +**How to upgrade an App-V package** + +1. The App-V Client performs a Publishing Refresh and discovers a newer version of an App-V Package. + +2. Package entries are added to the appropriate catalog for the new version + + 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID + + 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID + +3. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV + +4. Perform integration tasks. + + 1. Integrate extensions points (EP) from the Manifest and Dynamic Configuration files. + + 2. File based EP data is stored in the AppData folder utilizing Junction Points from the package store. + + 3. Version 1 EPs already exist when a new version becomes available. + + 4. The extension points are switched to the Version 2 location in machine or user catalogs for any newer or updated extension points. + +5. Run scripts targeted for publishing timing. + +6. Install Side by Side assemblies as required. + +### Upgrading an in-use App-V package + +If you try to upgrade a package that is in use by an end user, the upgrade task is placed in a pending state. The upgrade will run later, according to the following rules: + +| Task type | Applicable rule | +| - | - | +| User-based task, e.g., publishing a package to a user | The pending task will be performed after the user logs off and then logs back on. | +| Globally based task, e.g., enabling a connection group globally | The pending task will be performed when the computer is shut down and then restarted. | + +When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows: + +| User-based or globally based task | Where the registry key is generated | +| - | - | +| User-based tasks | HKEY\_CURRENT\_USER\Software\Microsoft\AppV\Client\PendingTasks | +| Globally based tasks | HKEY\_LOCAL\_MACHINE\Software\Microsoft\AppV\Client\PendingTasks | + +The following operations must be completed before users can use the newer version of the package: + +| Task | Details | +| - | - | +| Add the package to the computer | This task is computer specific and you can perform it at any time by completing the steps in the Package Add section above. | +| Publish the package | See the Package Publishing section above for steps. This process requires that you update extension points on the system. End users cannot be using the application when you complete this task. | + +Use the following example scenarios as a guide for updating packages. + +| Scenario | Requirements | +| - | - | +| App-V package is not in use when you try to upgrade | None of the following components of the package can be in use: virtual application, COM server, or shell extensions.

    The administrator publishes a newer version of the package and the upgrade works the next time a component or application inside the package is launched. The new version of the package is streamed and ran. | +| App-V package is in use when the administrator publishes a newer version of the package | The upgrade operation is set to pending by the App-V Client, which means that it is queued and carried out later when the package is not in use.

    If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.

    If the package has shell extensions, which are permanently loaded by Windows Explorer, the user cannot be logged in. Users must log off and the log back in to initiate the App-V package upgrade.| + +  +### Global vs user publishing + +App-V Packages can be published in one of two ways; User which entitles an App-V package to a specific user or group of users and Global which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: + +- **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. + +- **User published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via Windows PowerShell commands). + +### Removing an App-V package + +Removing App-V applications in a Full Infrastructure is an unpublish operation, and does not perform a package removal. The process is the same as the publish process above, but instead of adding the removal process reverses the changes that have been made for App-V Packages. + +### Repairing an App-V package + +The repair operation is very simple but may affect many locations on the machine. The previously mentioned Copy on Write (COW) locations are removed, and extension points are de-integrated and then re-integrated. Please review the COW data placement locations by reviewing where they are registered in the registry. This operation is done automatically and there is no administrative control other than initiating a Repair operation from the App-V Client Console or via Windows PowerShell (Repair-AppVClientPackage). + +## Integration of App-V packages + + +The App-V Client and package architecture provides specific integration with the local operating system during the addition and publishing of packages. Three files define the integration or extension points for an App-V Package: + +- AppXManifest.xml: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. + +- DeploymentConfig.xml: Provides configuration information of computer and user based integration extension points. + +- UserConfig.xml: A subset of the Deploymentconfig.xml that only provides user- based configurations and only targets user-based extension points. + +### Rules of integration + +When App-V applications are published to a computer with the App-V Client, some specific actions take place as described in the list below: + +- Global Publishing: Shortcuts are stored in the All Users profile location and other extension points are stored in the registry in the HKLM hive. + +- User Publishing: Shortcuts are stored in the current user account profile and other extension points are stored in the registry in the HKCU hive. + +- Backup and Restore: Existing native application data and registry (such as FTA registrations) are backed up during publishing. + + 1. App-V packages are given ownership based on the last integrated package where the ownership is passed to the newest published App-V application. + + 2. Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This will not initiate a restore of the data or registry. + + 3. Restore the backed up data when the last package is unpublished or removed on a per extension point basis. + +### Extension points + +The App-V publishing files (manifest and dynamic configuration) provide several extension points that enable the application to integrate with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section: + +- Shortcuts + +- File Type Associations + +- Shell Extensions + +- COM + +- Software Clients + +- Application capabilities + +- URL Protocol Handler + +- AppPath + +- Virtual Application + +### Shortcuts + +The short cut is one of the basic elements of integration with the OS and is the interface for direct user launch of an App-V application. During the publishing and unpublishing of App-V applications. + +From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section similar to the following: + +``` syntax + + + [{Common Desktop}]\Adobe Reader.lnk + [{AppVPackageRoot}]\Reader\AcroRd32.exe + [{Windows}]\Installer\{AC76BA86-7AD7-1033-7B44-A94000000001}\SC_Reader.ico + + + 1 + [{AppVPackageRoot}]\Reader\AcroRd32.exe + + +``` + +As mentioned previously, the App-V shortcuts are placed by default in the user’s profile based on the refresh operation. Global refresh places shortcuts in the All Users profile and user refresh stores them in the specific user’s profile. The actual executable is stored in the Package Store. The location of the ICO file is a tokenized location in the App-V package. + +### File type associations + +The App-V Client manages the local operating system File Type Associations during publishing, which enables users to use file type invocations or to open a file with a specifically registered extension (.docx) to start an App-V application. File type associations are present in the manifest and dynamic configuration files as represented in the example below: + +``` syntax + + + + .xdp + AcroExch.XDPDoc + application/vnd.adobe.xdp+xml + + + AcroExch.XDPDoc + Adobe Acrobat XML Data Package File + 65536 + [{Windows}]\Installer\{AC76BA86-7AD7-1033-7B44-A94000000001}\XDPFile_8.ico + + Read + + [{AppVPackageRoot}]\Reader\AcroRd32.exe + Open + "[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1" + + + [{AppVPackageRoot}]\Reader\AcroRd32.exe + Printto + "[{AppVPackageRoot}]\Reader\AcroRd32.exe" /t "%1" "%2" "%3" "%4" + + + [{AppVPackageRoot}]\Reader\AcroRd32.exe + Read + Open with Adobe Reader + "[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1" + + + + + +``` + +**Note**   +In this example: + +- `.xdp` is the extension + +- `AcroExch.XDPDoc` is the ProgId value (which points to the adjoining ProgId) + +- `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable + +  + +### Shell extensions + +Shell extensions are embedded in the package automatically during the sequencing process. When the package is published globally, the shell extension gives users the same functionality as if the application were locally installed. The application requires no additional setup or configuration on the client to enable the shell extension functionality. + +**Requirements for using shell extensions:** + +- Packages that contain embedded shell extensions must be published globally. + +- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: + + - The version of the application is 64-bit. + + - The Sequencer is running on a 64-bit computer. + + - The package is being delivered to a 64-bit App-V client computer. + +The following table displays the supported shell extensions. + +| Handler | Description | +| - | - | +| Context menu handler | Adds menu items to the context menu. It is called before the context menu is displayed. | +| Drag-and-drop handler | Controls the action upon right-click drag-and-drop and modifies the context menu that appears. | +| Drop target handler | Controls the action after a data object is dragged-and-dropped over a drop target such as a file.| +| Data object handler| Controls the action after a file is copied to the clipboard or dragged-and-dropped over a drop target. It can provide additional clipboard formats to the drop target.| +| Property sheet handler| Replaces or adds pages to the property sheet dialog box of an object.| +| Infotip handler| Allows retrieving flags and infotip information for an item and displaying it inside a popup tooltip upon mouse- hover.| +| Column handler| Allows creating and displaying custom columns in Windows Explorer *Details view*. It can be used to extend sorting and grouping.| +| Preview handler| Enables a preview of a file to be displayed in the Windows Explorer Preview Pane.| + +  + +### COM + +The App-V Client supports publishing applications with support for COM integration and virtualization. COM integration allows the App-V Client to register COM objects on the local operating system and virtualization of the objects. For the purposes of this document, the integration of COM objects requires additional detail. + +App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml). + +Details on App-V integration are available at: . + +### Software clients and application capabilities + +App-V supports specific software clients and application capabilities extension points that enable virtualized applications to be registered with the software client of the operating system. This enables users to select default programs for operations like email, instant messaging, and media player. This operation is performed in the control panel with the Set Program Access and Computer Defaults, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. + +Example of software client registration of an App-V based mail client. + +``` syntax + + + + + + + Mozilla Thunderbird + Mozilla Thunderbird + [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe,0 + + + "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /SetAsDefaultAppGlobal + "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /HideShortcuts + "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /ShowShortcuts + + 1 + + + + [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe + "[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe" -mail + + [{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll + + Thunderbird URL + 2 + [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe,0 + + [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe + "[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe" -osint -compose "%1" + + + + + + + +``` + +**Note**   +In this example: + +- `` is the overall Software Clients setting to integrate Email clients + +- `` is the flag to set a particular Email client as the default Email client + +- `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration + +  + +### URL Protocol handler + +Applications do not always specifically called virtualized applications utilizing file type invocation. For, example, in an application that supports embedding a mailto: link inside a document or web page, the user clicks on a mailto: link and expects to get their registered mail client. App-V supports URL Protocol handlers that can be registered on a per-package basis with the local operating system. During sequencing, the URL protocol handlers are automatically added to the package. + +For situations where there is more than one application that could register the specific URL Protocol handler, the dynamic configuration files can be utilized to modify the behavior and suppress or disable this feature for an application that should not be the primary application launched. + +### AppPath + +The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing. + +The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: . + +### Virtual application + +This subsystem provides a list of applications captured during sequencing which is usually consumed by other App-V components. Integration of extension points belonging to a particular application can be disabled using dynamic configuration files. For example, if a package contains two applications, it is possible to disable all extension points belonging to one application, in order to allow only integration of extension points of other application. + +### Extension point rules + +The extension points described above are integrated into the operating system based on how the packages has been published. Global publishing places extension points in public machine locations, where user publishing places extension points in user locations. For example a shortcut that is created on the desktop and published globally will result in the file data for the shortcut (%Public%\\Desktop) and the registry data (HKLM\\Software\\Classes). The same shortcut would have file data (%UserProfile%\\Desktop) and registry data (HKCU\\Software\\Classes). + +Extension points are not all published the same way, where some extension points will require global publishing and others require sequencing on the specific operating system and architecture where they are delivered. Below is a table that describes these two key rules. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Virtual ExtensionRequires target OS SequencingRequires Global Publishing

    Shortcut

    File Type Association

    URL Protocols

    X

    AppPaths

    X

    COM Mode

    Software Client

    X

    Application Capabilities

    X

    X

    Context Menu Handler

    X

    X

    Drag-and-drop Handler

    X

    Data Object Handler

    X

    Property Sheet Handler

    X

    Infotip Handler

    X

    Column Handler

    X

    Shell Extensions

    X

    Browser Helper Object

    X

    X

    Active X Object

    X

    X

    + +  + +## Dynamic configuration processing + + +Deploying App-V packages to one machine or user is very simple. However, as organizations deploy AppV applications across business lines and geographic and political boundaries, the ability to sequence an application one time with one set of settings becomes impossible. App-V was designed for this scenario, as it captures specific settings and configurations during sequencing in the Manifest file, but also supports modification with Dynamic Configuration files. + +App-V dynamic configuration allows for specifying a policy for a package either at the machine level or at the user level. The Dynamic Configuration files enable sequencing engineers to modify the configuration of a package, post-sequencing, to address the needs of individual groups of users or machines. In some instances it may be necessary to make modifications to the application to provide proper functionality within the App-V environment. For example, it may be necessary to make modifications to the \_\*config.xml files to allow certain actions to be performed at a specified time during the execution of the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application. + +App-V Packages contain the Manifest file inside of the appv package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow the publishing of an application to different desktops or users with different extension points. The two Dynamic Configuration Files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files. + +### Example for dynamic configuration files + +The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V Sequencing Guide at: [http://go.microsoft.com/fwlink/?LinkID=269810](http://go.microsoft.com/fwlink/?LinkID=269810). + +**Manifest** + +``` syntax + + + [{Common Programs}]\7-Zip\7-Zip File Manager.lnk + [{AppVPackageRoot}]\7zFM.exe + [{AppVPackageRoot}]\7zFM exe.O.ico + + +``` + +**Deployment Configuration** + +``` syntax + + + + + + + + + + +``` + +**User Configuration** + +``` syntax + + + + + [{Desktop}]\7-Zip\7-Zip File Manager.lnk + [{AppVPackageRoot}]\7zFM.exe + [{AppVPackageRoot}]\7zFM exe.O.ico + + + + + + + + [{Desktop}]\7-Zip\7-Zip File Manager.lnk + [{AppVPackageRoot}]\7zFM.exe + [{AppVPackageRoot}]\7zFM.exe.O.ico + + + [{Common Programs}]\7-Zip\7-Zip File Manager.Ink + [{AppVPackageRoot}]\7zFM.exe + [{AppVPackageRoot)]\7zFM.exe.O.ico + + + + + + + + + + + + +``` + +## Side-by-side assemblies + + +App-V supports the automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. And for assemblies consisting of Visual C++ (Version 8 and newer) and/or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they were not installed during monitoring. The Side by Side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in deployed App-V applications to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. + +Side by Side Assembly support in App-V has the following features. + +- Automatic captures of SxS assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation. + +- The App-V Client automatically installs required SxS assemblies to the client computer at publishing time when they are not present. + +- The Sequencer reports the VC run-time dependency in Sequencer reporting mechanism. + +- The Sequencer allows opting to not package the assemblies that are already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers. + +### Automatic publishing of SxS assemblies + +During publishing of an App-V package with SxS assemblies the App-V Client will check for the presence of the assembly on the machine. If the assembly does not exist, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the Side by Side assembly installations that are part of the base packages, as the connection group does not contain any information about assembly installation. + +> [!NOTE] +> Unpublishing or removing a package with an assembly does not remove the assemblies for that package. + +  + +## Client logging + + +The App-V client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer, under Applications and Services Logs\\Microsoft\\AppV\\Client. + +There are three specific categories of events recorded described below. + +**Admin**: Logs events for configurations being applied to the App-V Client, and contains the primary warnings and errors. + +**Operational**: Logs the general App-V execution and usage of individual components creating an audit log of the App-V operations that have been completed on the App-V Client. + +**Virtual Application**: Logs virtual application launches and use of virtualization subsystems. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md new file mode 100644 index 0000000000..5da620fe9f --- /dev/null +++ b/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -0,0 +1,48 @@ +--- +title: How to Apply the Deployment Configuration File by Using PowerShell (Windows 10) +description: How to Apply the Deployment Configuration File by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Apply the Deployment Configuration File by Using PowerShell + + +The dynamic deployment configuration file is applied when a package is added or set to a computer running the App-V client before the package has been published. The file configures the default settings for package for all users on the computer running the App-V client. This section describes the steps used to use a deployment configuration file. The procedure is based on the following example and assumes the following package and configuration files exist on a computer: + +**c:\\Packages\\Contoso\\MyApp.appv** + +**c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** + +**To Apply the Deployment Configuration File Using PowerShell** + +- To specify a new default set of configurations for all users who will run the package on a specific computer, using a PowerShell console type the following: + + **Add-AppVClientPackage –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** + + **Note**   + This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document: + + **Set-AppVClientPackage –Name Myapp –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** + +   + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md b/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md new file mode 100644 index 0000000000..b924e0df13 --- /dev/null +++ b/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md @@ -0,0 +1,45 @@ +--- +title: How to Apply the User Configuration File by Using PowerShell (Windows 10) +description: How to Apply the User Configuration File by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Apply the User Configuration File by Using PowerShell + + +The dynamic user configuration file is applied when a package is published to a specific user and determines how the package will run. + +Use the following procedure to specify a user-specific configuration file. The following procedure is based on the example: + +**c:\\Packages\\Contoso\\MyApp.appv** + +**To apply a user Configuration file** + +1. To add the package to the computer using the PowerShell console type the following command: + + **Add-AppVClientPackage c:\\Packages\\Contoso\\MyApp.appv**. + +2. Use the following command to publish the package to the user and specify the updated the dynamic user configuration file: + + **Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath c:\\Packages\\Contoso\\config.xml** + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-capacity-planning.md b/windows/manage/appv-capacity-planning.md new file mode 100644 index 0000000000..b41c87dd1b --- /dev/null +++ b/windows/manage/appv-capacity-planning.md @@ -0,0 +1,958 @@ +--- +title: App-V Capacity Planning (Windows 10) +description: App-V Capacity Planning +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# App-V Capacity Planning + + +The following recommendations can be used as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure. + +**Important**   +Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary. + +  + +## Determine the Project Scope + + +Before you design the App-V infrastructure, you must determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization. + + ++++ + + + + + + + + + + + + + + + + +
    TaskMore Information

    Determine Application Scope

    Depending on the applications to be virtualized, the App-V infrastructure can be set up in different ways. The first task is to define what applications you want to virtualize.

    Determine Location Scope

    Location scope refers to the physical locations (for example, enterprise-wide or a specific geographic location) where you plan to run the virtualized applications. It can also refer to the user population (for example, a single department) who will run the virtual applications. You should obtain a network map that includes the connection paths as well as available bandwidth to each location and the number of users using virtualized applications and the WAN link speed.

    + +  + +## Determine Which App-V Infrastructure is Required + + +**Important**   +Both of the following models require the App-V client to be installed on the computer where you plan to run virtual applications. + +You can also manage your App-V environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md). + +  + +- **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios: + + - With disconnected remote users who cannot connect to the App-V infrastructure. + + - When you are running a software management system, such as Configuration Manager 2012. + + - When network bandwidth limitations inhibit electronic software distribution. + +- **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V Full Infrastructure Model consists of one or more App-V management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios: + + **Important**   + The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V Supported Configurations](appv-supported-configurations.md). + +   + + - When you want to use the Management Server to publish the application to target computers. + + - For rapid provisioning of applications to target computers. + + - When you want to use App-V reporting. + +## End-to-end Server Sizing Guidance + + +The following section provides information about end-to-end App-V sizing and planning. For more specific information, refer to the subsequent sections. + +**Note**   +Round trip response time on the client is the time taken by the computer running the App-V client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server. + +  + +- 20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (<3 seconds) + +- A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time. (<5 seconds) + +## App-V Management Server Capacity Planning Recommendations + + +The App-V publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V management server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md). + +**Note**   +The default refresh time on the App-V publishing server is ten minutes. + +  + +When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server: + +1. Number of publishing servers making simultaneous requests. + +2. Number of connection groups configured on the management server. + +3. Number of access groups configured on the management server. + +The following table displays more information about each factor that impacts round trip time. + +**Note**   +Round trip response time is the time taken by the computer running the App-V publishing server to receive a successful package metadata update from the management server. + +  + + ++++ + + + + + + + + + + + + + + + + + + + + +
    Factors impacting round trip response timeMore Information

    The number of publishing servers simultaneously requesting package metadata refreshes.

    +
      +

    • A single management server can respond to up to 320 publishing servers requesting publishing metadata simultaneously.

      • +

    • Round trip response time for 320 pub servers is ~40 seconds.

      • +

    • For <50 publishing servers requesting metadata simultaneously, the round trip response time is <5 seconds.

      • +

    • From 50 to 320 publishing servers, the response time increases linearly (approximately 2x).

      • +

    The number of connection groups configured on the management server.

    +

    +
      +

    • For up to 100 connection groups, there is no significant change in the round trip response time on the publishing server.

      • +

    • For 100 - 400 connection groups, there is a minor linear increase in the round trip response time.

      • +

    The number of access groups configured on the management server.

    +

    +
      +

    • For up to 40 access groups, there is a linear (approximately 3x) increase in the round trip response time on the publishing server.

      • +
    + +  + +The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-Vmanagement server. + + ++++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ScenarioVariationNumber of connection groupsNumber of access groupsNumber of publishing serversNetwork connection type publishing server / management serverRound trip response time on the publishing server (in seconds)CPU utilization on management server

    Publishing servers simultaneously contacting management server for publishing metadata.

    Number of publishing servers

    +
      +

    • 0

      • +

    • 0

      • +

    • 0

      • +

    • 0

      • +

    • 0

      • +

    • 0

      • +

    +
      +

    • 1

      • +

    • 1

      • +

    • 1

      • +

    • 1

      • +

    • 1

      • +

    • 1

      • +

    +
      +

    • 50

      • +

    • 100

      • +

    • 200

      • +

    • 300

      • +

    • 315

      • +

    • 320

      • +

    +
      +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    +
      +

    • 5

      • +

    • 10

      • +

    • 19

      • +

    • 32

      • +

    • 30

      • +

    • 37

      • +

    +
      +

    • 17

      • +

    • 17

      • +

    • 17

      • +

    • 15

      • +

    • 17

      • +

    • 15

      • +

    Publishing metadata contains connection groups

    Number of connection groups

    +
      +

    • 10

      • +

    • 50

      • +

    • 100

      • +

    • 150

      • +

    • 300

      • +

    • 400

      • +

    +
      +

    • 1

      • +

    • 1

      • +

    • 1

      • +

    • 1

      • +

    • 1

      • +

    • 1

      • +

    +
      +

    • 100

      • +

    • 100

      • +

    • 100

      • +

    • 100

      • +

    • 100

      • +

    • 100

      • +

    +
      +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    +
      +

    • 10

      • +

    • 11

      • +

    • 11

      • +

    • 16

      • +

    • 22

      • +

    • 25

      • +

    +
      +

    • 17

      • +

    • 19

      • +

    • 22

      • +

    • 19

      • +

    • 20

      • +

    • 20

      • +

    Publishing metadata contains access groups

    Number of access groups

    +
      +

    • 0

      • +

    • 0

      • +

    • 0

      • +

    • 0

      • +

    +
      +

    • 1

      • +

    • 10

      • +

    • 20

      • +

    • 40

      • +

    +
      +

    • 100

      • +

    • 100

      • +

    • 100

      • +

    • 100

      • +

    +
      +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    +
      +

    • 10

      • +

    • 43

      • +

    • 153

      • +

    • 535

      • +

    +
      +

    • 17

      • +

    • 26

      • +

    • 24

      • +

    • 24

      • +
    + +  + +The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6. + +Using a geographically distributed deployment, where the management server & publishing servers utilize a slow link network between them, the round trip response time on the publishing servers is within acceptable time limits (<5 seconds), even for 100 simultaneous requests on a single management server. + + ++++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ScenarioVariationNumber of connection groupsNumber of access groupsNumber of publishing serversNetwork connection type publishing server / management serverRound trip response time on the publishing server (in seconds)CPU utilization on management server

    Network connection between the publishing server and management server

    1.5 Mbps Slow link Network

    +
      +

    • 0

      • +

    • 0

      • +

    +
      +

    • 1

      • +

    • 1

      • +

    +
      +

    • 50

      • +

    • 100

      • +

    +
      +

    • 1.5Mbps Cable DSL

      • +

    • 1.5Mbps Cable DSL

      • +

    +
      +

    • 4

      • +

    • 5

      • +

    +
      +

    • 1

      • +

    • 2

      • +

    Network connection between the publishing server and management server

    LAN / WIFI Network

    +
      +

    • 0

      • +

    • 0

      • +

    +
      +

    • 1

      • +

    • 1

      • +

    +
      +

    • 100

      • +

    • 200

      • +

    +
      +

    • Wifi

      • +

    • Wifi

      • +

    +
      +

    • 11

      • +

    • 20

      • +

    +
      +

    • 15

      • +

    • 17

      • +
    + +  + +Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes. + +## App-V Reporting Server Capacity Planning Recommendations + + +App-V clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V client. For more information about App-V Reporting Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md). + +**Note**   +Round trip response time is the time taken by the computer running the App-V client to send the reporting information to the reporting server and receive a successful notification from the reporting server. + +  + + ++++ + + + + + + + + + + + + + + + + + + + + +
    ScenarioSummary

    Multiple App-V clients send reporting information to the reporting server simultaneously.

    +
      +

    • Round trip response time from the reporting server is 2.6 seconds for 500 clients.

      • +

    • Round trip response time from the reporting server is 5.65 seconds for 1000 clients.

      • +

    • Round trip response time increases linearly depending on number of clients.

      • +

    Requests per second processed by the reporting server.

    +

    +
      +

    • A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second.

      • +

    • Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second is similar to a single reporting server = ~127, with a max of 278 requests/second.

      • +

    • A single reporting server can process 500 concurrent/active connections.

      • +

    • A single reporting server can process a maximum 1500 concurrent connections.

      • +

    Reporting Database.

    +

    +
      +

    • Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second.

      • +

    • Throughput and response time are independent of database size.

      • +
    + +  + +**Calculating random delay**: + +The random delay specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between **0** and **ReportingRandomDelay** and will wait the specified duration before sending data. + +Random delay = 4 \* number of clients / average requests per second. + +Example: For 500 clients, with 120 requests per second, the Random delay is, 4 \* 500 / 120 = ~17 minutes. + +## App-V Publishing Server Capacity Planning Recommendations + + +Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and to receive a response. Round trip response time is measured on the computer running the App-V client. Processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md). + +**Important**   +The following list displays the main factors to consider when setting up the App-V publishing server: + +- The number of clients connecting simultaneously to a single publishing server. + +- The number of packages in each refresh. + +- The available network bandwidth in your environment between the client and the App-V publishing server. + +  + + ++++ + + + + + + + + + + + + + + + + + + + + +
    ScenarioSummary

    Multiple App-V clients connect to a single publishing server simultaneously.

    +
      +

    • A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously.

      • +

    • For 5000-10000 clients, the publishing server requires a minimum quad core.

      • +

    • For 10000-20000 clients, the publishing server should have dual quad cores for more efficient response times.

      • +

    • A publishing server with a quad core can refresh up to 10000 packages within 3 seconds. (Supporting 10000 simultaneous clients)

      • +

    Number of packages in each refresh.

    +

    +
      +

    • Increasing number of packages will increase response time by ~40% (up to 1000 packages).

      • +

    Network between the App-V client and the publishing server.

    +

    +
      +

    • Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1000 users).

      • +
    + +  + +**Note**   +The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (>90% in most cases). The publishing server can handle ~1500 client requests in 1 second. + +  + + ++++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ScenarioVariationNumber of App-V clientsNumber of packagesProcessor configuration on the publishing serverNetwork connection type publishing server / App-V clientRound trip time on the App-V client (in seconds)CPU utilization on publishing server (in %)

    App-V client sends publishing refresh request & receives response, each request containing 120 packages

    Number of clients

    +
      +

    • 100

      • +

    • 1000

      • +

    • 5000

      • +

    • 10000

      • +

    +
      +

    • 120

      • +

    • 120

      • +

    • 120

      • +

    • 120

      • +

    +
      +

    • Dual Core

      • +

    • Dual Core

      • +

    • Quad Core

      • +

    • Quad Core

      • +

    +
      +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    +
      +

    • 1

      • +

    • 2

      • +

    • 2

      • +

    • 3

      • +

    +
      +

    • 100

      • +

    • 99

      • +

    • 89

      • +

    • 77

      • +

    Multiple packages in each refresh

    Number of packages

    +
      +

    • 1000

      • +

    • 1000

      • +

    +
      +

    • 500

      • +

    • 1000

      • +

    +
      +

    • Quad Core

      • +

    • Quad Core

      • +

    +
      +

    • LAN

      • +

    • LAN

      • +

    +
      +

    • 2

      • +

    • 3

      • +

    +
      +

    • 92

      • +

    • 91

      • +

    Network between client and publishing server

    1.5 Mbps Slow link network

    +
      +

    • 100

      • +

    • 500

      • +

    • 1000

      • +

    +
      +

    • 120

      • +

    • 120

      • +

    • 120

      • +

    +
      +

    • Quad Core

      • +

    • Quad Core

      • +

    • Quad Core

      • +

    +
      +

    • 1.5 Mbps Intra-Continental Network

      • +

    +
      +

    • 3

      • +

    • 10 (with 0.2% failure rate)

      • +

    • 17 (with 1% failure rate)

      • +

    + +  + +## App-V Streaming Capacity Planning Recommendations + + +Computers running the App-V client stream the virtual application package from the streaming server. Round trip response time is measured on the computer running the App-V client, and is the time taken to stream the entire package. + +**Important**   +The following list identifies the main factors to consider when setting up the App-V streaming server: + +- The number of clients streaming application packages simultaneously from a single streaming server. + +- The size of the package being streamed. + +- The available network bandwidth in your environment between the client and the streaming server. + +  + + ++++ + + + + + + + + + + + + + + + + + + + + +
    ScenarioSummary

    Multiple App-V clients stream applications from a single streaming server simultaneously.

    +
      +

    • If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.

      • +

    Size of the package being streamed.

    +

    +
      +

    • The package size has a significant impact on the streaming/download time only for larger packages with a size ~ 1GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.

      • +

    Network between the App-V client and the streaming server.

    +

    +
      +

    • Across a slow network (1.5 Mbps bandwidth), there is a 70-80% increase in response time compared to LAN (up to 100 users).

      • +
    + +  + +The following table displays sample values for each of the factors in the previous list: + + ++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ScenarioVariationNumber of App-V clientsSize of each packageNetwork connection type streaming server / App-V clientRound trip time on the App-V client (in seconds)

    Multiple App-V clients streaming virtual application packages from a streaming server.

    Number of clients.

    +
      +

    • 100

      • +

    • 200

      • +

    • 1000

      • +

      • +

    • 100

      • +

    • 200

      • +

    • 1000

      • +

    +
      +

    • 3.5 MB

      • +

    • 3.5 MB

      • +

    • 3.5 MB

      • +

      • +

    • 5 MB

      • +

    • 5 MB

      • +

    • 5 MB

      • +

    +
      +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

      • +

    • LAN

      • +

    • LAN

      • +

    • LAN

      • +

    +
      +

    • 29

      • +

    • 39

      • +

    • 391

      • +

      • +

    • 35

      • +

    • 68

      • +

    • 461

      • +

    Size of each package being streamed.

    Size of each package.

    +
      +

    • 100

      • +

    • 200

      • +

      • +

    • 100

      • +

    • 200

      • +

    +
      +

    • 21 MB

      • +

    • 21 MB

      • +

      • +

    • 109

      • +

    • 109

      • +

    +
      +

    • LAN

      • +

    • LAN

      • +

      • +

    • LAN

      • +

    • LAN

      • +

    +

    33

    +

    83

    +

    +

    100

    +

    160

    Network connection between client and App-V streaming server.

    1.5 Mbps Slow link network.

    +
      +

    • 100

      • +

      • +

    • 100

      • +

    +
      +

    • 3.5 MB

      • +

      • +

    • 5 MB

      • +

    +
      +

    • 1.5 Mbps Intra-Continental Network

      • +

    +

    102

    +

    +

    121

    + +  + +Each App-V streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications. + +**Note**   +The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions. + +  + +For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers. + +The number of clients a streaming server can support can be significantly increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages. + +## Combining App-V Server Roles + + +Discounting scaling and fault-tolerance requirements, the minimum number of servers needed for a location with connectivity to Active Directory is one. This server will host the management server, management server service, and Microsoft SQL Server roles. Server roles, therefore, can be arranged in any desired combination since they do not conflict with one another. + +Ignoring scaling requirements, the minimum number of servers necessary to provide a fault-tolerant implementation is four. The management server, and Microsoft SQL Server roles support being placed in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure. + +Although there are a number of fault-tolerance strategies and technologies available, not all are applicable to a given service. Additionally, if App-V roles are combined, certain fault-tolerance options may no longer apply due to incompatibilities. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[App-V Supported Configurations](appv-supported-configurations.md) + +[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md) + +[Planning to Deploy App-V](appv-planning-to-deploy-appv.md) + +  + +  + + + + + diff --git a/windows/manage/appv-client-configuration-settings.md b/windows/manage/appv-client-configuration-settings.md new file mode 100644 index 0000000000..93b6745d4e --- /dev/null +++ b/windows/manage/appv-client-configuration-settings.md @@ -0,0 +1,113 @@ +--- +title: About Client Configuration Settings (Windows 10) +description: About Client Configuration Settings +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# About Client Configuration Settings + +The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V Client configuration settings and explains their uses. You can use PowerShell to modify the client configuration settings. For more information about using PowerShell and App-V see [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md). + + + +## App-V Client Configuration Settings: Windows PowerShell + +The following table provides information about App-V client configuration settings that can be configured through Windows PowerShell cmdlets: + +| **Name of option in Windows PowerShell**
    Type | Description | Cmdlet or cmdlets for setting | Disabled Policy State Keys and Values | +|------------|------------|------------|------------| +| **PackageInstallationRoot**
    String | Specifies directory where all new applications and updates will be installed. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **PackageSourceRoot**
    String | Overrides source location for downloading package content. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **AllowHighCostLaunch**
    True (enabled); False (Disabled state) | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | 0 | +| **ReestablishmentRetries**
    Integer (0-99) | Specifies the number of times to retry a dropped session. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **ReestablishmentInterval**
    Integer (0-3600) | Specifies the number of seconds between attempts to reestablish a dropped session. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **LocationProvider**
    String | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **CertFilterForClientSsl**
    String | Specifies the path to a valid certificate in the certificate store. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **VerifyCertificateRevocationList**
    True(enabled); False(Disabled state) | Verifies Server certificate revocation status before steaming using HTTPS. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | 0 | +| **SharedContentStoreMode**
    True(enabled); False(Disabled state) | Specifies that streamed package contents will be not be saved to the local hard disk. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | 0 | +| **Name**
    String | Displays the name of publishing server. | Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **URL**
    String | Displays the URL of publishing server. | Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **GlobalRefreshEnabled**
    True(enabled); False(Disabled state) | Enables global publishing refresh (Boolean) | Set-AppvPublishingServer | False | +| **GlobalRefreshOnLogon**
    True(enabled); False(Disabled state) | Triggers a global publishing refresh on logon. ( Boolean) | Set-AppvPublishingServer | False | +| **GlobalRefreshInterval**
    Integer (0-744) | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | Set-AppvPublishingServer | 0 | +| **GlobalRefreshIntervalUnit**
    0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | Set-AppvPublishingServer | 1 | +| **UserRefreshEnabled**
    True(enabled); False(Disabled state) | Enables user publishing refresh (Boolean) | Set-AppvPublishingServer | False | +| **UserRefreshOnLogon**
    True(enabled); False(Disabled state) | Triggers a user publishing refresh onlogon. ( Boolean)Word count (with spaces): 60 | Set-AppvPublishingServer | False | +| **UserRefreshInterval**
    Word count (with spaces): 85Integer (0-744 Hours) | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | Set-AppvPublishingServer | 0 | +| **UserRefreshIntervalUnit**
    0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | Set-AppvPublishingServer | 1 | +| **MigrationMode**
    True(enabled state); False (disabled state) | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | | +| **EnablePackageScripts**
    True(enabled); False(Disabled state) | Enables scripts defined in the package manifest of configuration files that should run. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | | +| **RoamingFileExclusions**
    String | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | Set-AppvClientConfiguration | | +| **RoamingRegistryExclusions**
    String | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **IntegrationRootUser**
    String | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **IntegrationRootGlobal**
    String | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **VirtualizableExtensions**
    String | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](https://microsoft.sharepoint.com/teams/osg_core_dcp/cpub/partner/Shared%20Documents/APPV&UEV-for-Windows-RS1/App-V/App-V%20updated%20topics%20from%20JAN%20-%20PM%20reviews/appv-running-locally-installed-applications-inside-a-virtual-environment.md). | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written | +| **ReportingEnabled**
    True (enabled); False (Disabled state) | Enables the client to return information to a reporting server. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | False | +| **ReportingServerURL**
    String | Specifies the location on the reporting server where client information is saved. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **ReportingDataCacheLimit**
    Integer \[0-1024\] | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **ReportingDataBlockSize**
    Integer \[1024 - Unlimited\] | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **ReportingStartTime**
    Integer (0 – 23) | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
    **Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **ReportingInterval**
    Integer | Specifies the retry interval that the client will use to resend data to the reporting server. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **ReportingRandomDelay**
    Integer \[0 - ReportingRandomDelay\] | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Policy value not written (same as Not Configured) | +| **EnableDynamicVirtualization
    **1 (Enabled), 0 (Disabled) | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | | +| **EnablePublishingRefreshUI**
    1 (Enabled), 0 (Disabled) | Enables the publishing refresh progress bar for the computer running the App-V Client. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | | +| **HidePublishingRefreshUI**
    1 (Enabled), 0 (Disabled) | Hides the publishing refresh progress bar. | Sync-AppvPublishingServer | | +| **ProcessesUsingVirtualComponents**
    String | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | Set-AppvClientConfiguration,
    Set-AppvPublishingServer | Empty string. | + +## App-V Client Configuration Settings: Setup Flags and Registry Keys + +The following table provides information about App-V client configuration settings that can be configured through setup flags or in the registry: + +| **Setting name**
    Type | Setup Flag | Registry Key Value | Disabled Policy State Keys and Values | +|--------------------------------------------------------------------------------|---------------------------|-------------------------------------------------------------------------|---------------------------------------------------| +| **PackageInstallationRoot**
    String | PACKAGEINSTALLATIONROOT | Streaming\\PackageInstallationRoot | Policy value not written (same as Not Configured) | +| **PackageSourceRoot**
    String | PACKAGESOURCEROOT | Streaming\\PackageSourceRoot | Policy value not written (same as Not Configured) | +| **AllowHighCostLaunch**
    True (enabled); False (Disabled state) | Not available. | Streaming\\AllowHighCostLaunch | 0 | +| **ReestablishmentRetries**
    Integer (0-99) | Not available. | Streaming\\ReestablishmentRetries | Policy value not written (same as Not Configured) | +| **ReestablishmentInterval**
    Integer (0-3600) | Not available. | Streaming\\ReestablishmentInterval | Policy value not written (same as Not Configured) | +| **LocationProvider**
    String | Not available. | Streaming\\LocationProvider | Policy value not written (same as Not Configured) | +| **CertFilterForClientSsl**
    String | Not available. | Streaming\\CertFilterForClientSsl | Policy value not written (same as Not Configured) | +| **VerifyCertificateRevocationList**
    True(enabled); False(Disabled state) | Not available. | Streaming\\VerifyCertificateRevocationList | 0 | +| **SharedContentStoreMode**
    True(enabled); False(Disabled state) | SHAREDCONTENTSTOREMODE | Streaming\\SharedContentStoreMode | 0 | +| **Name**
    String | PUBLISHINGSERVERNAME | Publishing\\Servers{serverId}\\FriendlyName | Policy value not written (same as Not Configured) | +| **URL**
    String | PUBLISHINGSERVERURL | Publishing\\Servers{serverId}\\URL | Policy value not written (same as Not Configured) | +| **GlobalRefreshEnabled**
    True(enabled); False(Disabled state) | GLOBALREFRESHENABLED | Publishing\\Servers{serverId}\\GlobalEnabled | False | +| **GlobalRefreshOnLogon**
    True(enabled); False(Disabled state) | GLOBALREFRESHONLOGON | Publishing\\Servers{serverId}\\GlobalLogonRefresh | False | +| **GlobalRefreshInterval**
    Integer (0-744) | GLOBALREFRESHINTERVAL | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval | 0 | +| **GlobalRefreshIntervalUnit**
    0 for hour, 1 for day | GLOBALREFRESHINTERVALUNI | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit | 1 | +| **UserRefreshEnabled**
    True(enabled); False(Disabled state) | USERREFRESHENABLED | Publishing\\Servers{serverId}\\UserEnabled | False | +| **UserRefreshOnLogon**
    True(enabled); False(Disabled state) | USERREFRESHONLOGON | Publishing\\Servers{serverId}\\UserLogonRefresh | False | +| **UserRefreshInterval**
    Word count (with spaces): 85Integer (0-744 Hours) | USERREFRESHINTERVAL | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval | 0 | +| **UserRefreshIntervalUnit**
    0 for hour, 1 for day | USERREFRESHINTERVALUNIT | Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit | 1 | +| **MigrationMode**
    True(enabled state); False (disabled state) | MIGRATIONMODE | Coexistence\\MigrationMode | | +| **EnablePackageScripts**
    True(enabled); False(Disabled state) | ENABLEPACKAGESCRIPTS | \\Scripting\\EnablePackageScripts | | +| **RoamingFileExclusions**
    String | ROAMINGFILEEXCLUSIONS | | | +| **RoamingRegistryExclusions**
    String | ROAMINGREGISTRYEXCLUSIONS | Integration\\RoamingReglstryExclusions | Policy value not written (same as Not Configured) | +| **IntegrationRootUser**
    String | Not available. | Integration\\IntegrationRootUser | Policy value not written (same as Not Configured) | +| **IntegrationRootGlobal**
    String | Not available. | Integration\\IntegrationRootGlobal | Policy value not written (same as Not Configured) | +| **VirtualizableExtensions**
    String | Not available. | Integration\\VirtualizableExtensions | Policy value not written | +| **ReportingEnabled**
    True (enabled); False (Disabled state) | Not available. | Reporting\\EnableReporting | False | +| **ReportingServerURL**
    String | Not available. | Reporting\\ReportingServer | Policy value not written (same as Not Configured) | +| **ReportingDataCacheLimit**
    Integer \[0-1024\] | Not available. | Reporting\\DataCacheLimit | Policy value not written (same as Not Configured) | +| **ReportingDataBlockSize**
    Integer \[1024 - Unlimited\] | Not available. | Reporting\\DataBlockSize | Policy value not written (same as Not Configured) | +| **ReportingStartTime**
    Integer (0 – 23) | Not available. | Reporting\\ StartTime | Policy value not written (same as Not Configured) | +| **ReportingInterval**
    Integer | Not available. | Reporting\\RetryInterval | Policy value not written (same as Not Configured) | +| **ReportingRandomDelay**
    Integer \[0 - ReportingRandomDelay\] | Not available. | Reporting\\RandomDelay | Policy value not written (same as Not Configured) | +| **EnableDynamicVirtualization
    **1 (Enabled), 0 (Disabled) | Not available. | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization | | +| **EnablePublishingRefreshUI**
    1 (Enabled), 0 (Disabled) | Not available. | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Publishing | | +| **HidePublishingRefreshUI**
    1 (Enabled), 0 (Disabled) | Not available. | | | +| **ProcessesUsingVirtualComponents**
    String | Not available. | Virtualization\\ProcessesUsingVirtualComponents | Empty string. | + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +[Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md) + +[How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md) diff --git a/windows/manage/appv-configure-access-to-packages-with-the-management-console.md b/windows/manage/appv-configure-access-to-packages-with-the-management-console.md new file mode 100644 index 0000000000..b2c55b2ab7 --- /dev/null +++ b/windows/manage/appv-configure-access-to-packages-with-the-management-console.md @@ -0,0 +1,72 @@ +--- +title: How to Configure Access to Packages by Using the Management Console (Windows 10) +description: How to Configure Access to Packages by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Configure Access to Packages by Using the Management Console + + +Before you deploy an App-V virtualized package, you must configure the Active Directory Domain Services (AD DS) security groups that will be allowed to access and run the applications. The security groups may contain computers or users. Entitling a package to a computer group publishes the package globally to all computers in the group. + +Use the following procedure to configure access to virtualized packages. + +**To grant access to an App-V package** + +1. Find the package you want to configure: + + 1. Open the App-V Management console. + + 2. To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. + +2. Provision a security group for the package: + + 1. Go to the **FIND VALID ACTIVE DIRECTORY NAMES AND GRANT ACCESS** page. + + 2. Using the format **mydomain** \\ **groupname**, type the name or part of the name of an Active Directory group object, and click **Check**. + + **Note**   + Ensure that you provide an associated domain name for the group that you are searching for. + +   + +3. To grant access to the package, select the desired group and click **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane. + +4. + + To accept the default configuration settings and close the **AD ACCESS** page, click **Close**. + + To customize configurations for a specific group, click the **ASSIGNED CONFIGURATIONS** drop-down and select **Custom**. To configure the custom configurations, click **EDIT**. After you grant access, click **Close**. + +**To remove access to an App-V package** + +1. Find the package you want to configure: + + 1. Open the App-V Management console. + + 2. To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. + +2. Select the group you want to remove, and click **DELETE**. + +3. To close the **AD ACCESS** page, click **Close**. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md new file mode 100644 index 0000000000..d05ca6113b --- /dev/null +++ b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md @@ -0,0 +1,104 @@ +--- +title: How to Make a Connection Group Ignore the Package Version (Windows 10) +description: How to Make a Connection Group Ignore the Package Version +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Make a Connection Group Ignore the Package Version + + +Microsoft Application Virtualization (App-V) lets you configure a connection group to use any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create. + +To upgrade a package in some earlier versions of App-V, you had to perform several steps, including disabling the connection group and modifying the connection group’s XML definition file. + + ++++ + + + + + + + + + + + + +
    Task description with App-VHow to perform the task with App-V

    You can configure a connection group to accept any version of a package, which enables you to upgrade the package without having to disable the connection group.

    +

    How the feature works:

    +
      +

    • If the connection group has access to multiple versions of a package, the latest version is used.

      • +

    • If the connection group contains an optional package that has an incorrect version, the package is ignored and won’t block the connection group’s virtual environment from being created.

      • +

    • If the connection group contains a non-optional package that has an incorrect version, the connection group’s virtual environment cannot be created.

      • +
    		 ++++ + + + + + + + + + + + + + + + + +
    MethodSteps

    App-V Server – Management Console

      +

    1. In the Management Console, select CONNECTION GROUPS.

      2. +

    2. Select the correct connection group from the Connection Groups library.

      3. +

    3. Click EDIT in the CONNECTED PACKAGES pane.

      4. +

    4. Select Use Any Version check box next to the package name, and click Apply.

      5. +
    +

    For more about adding or upgrading packages, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md).

    App-V Client on a Stand-alone computer

      +

    1. Create the connection group XML document.

      2. +

    2. For the package to be upgraded, set the Package tag attribute VersionID to an asterisk (*).

      3. +

    3. Use the following cmdlet to add the connection group, and include the path to the connection group XML document:

      +

      Add-AppvClientConnectionGroup

      4. +

    4. When you upgrade a package, use the following cmdlets to remove the old package, add the upgraded package, and publish the upgraded package:

      +
        +

      • RemoveAppvClientPackage

        • +

      • Add-AppvClientPackage

        • +

      • Publish-AppvClientPackage

        • +
      5. +
    +

    For more information, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md).

    +
    +

     

    + +  + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Managing Connection Groups](appv-managing-connection-groups.md) + +  + +  + + + + + diff --git a/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md new file mode 100644 index 0000000000..f3d3469885 --- /dev/null +++ b/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md @@ -0,0 +1,82 @@ +--- +title: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server (Windows 10) +description: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server + + +Deploying packages and connection groups using the App-V publishing server is helpful because it offers single-point management and high scalability. + +Use the following steps to configure the App-V client to receive updates from the publishing server. + +**Note**   +For the following procedures the management server was installed on a computer named **MyMgmtSrv**, and the publishing server was installed on a computer named **MyPubSrv**. + +  + +**To configure the App-V client to receive updates from the publishing server** + +1. Deploy the App-V management and publishing servers, and add the required packages and connection groups. For more information about adding packages and connection groups, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) and [How to Create a Connection Group](appv-create-a-connection-group.md). + +2. To open the management console click the following link, open a browser and type the following: http://MyMgmtSrv/AppvManagement/Console.html in a web browser, and import, publish, and entitle all the packages and connection groups which will be necessary for a particular set of users. + +3. On the computer running the App-V client, open an elevated PowerShell command prompt, run the following command: + + **Add-AppvPublishingServer  -Name  ABC  -URL  http:// MyPubSrv/AppvPublishing** + + This command will configure the specified publishing server. You should see output similar to the following: + + Id                        : 1 + + SetByGroupPolicy          : False + + Name                      : ABC + + URL                       : http:// MyPubSrv/AppvPublishing + + GlobalRefreshEnabled      : False + + GlobalRefreshOnLogon      : False + + GlobalRefreshInterval     : 0 + + GlobalRefreshIntervalUnit : Day + + UserRefreshEnabled        : True + + UserRefreshOnLogon        : True + + UserRefreshInterval       : 0 + + UserRefreshIntervalUnit   : Day + + The returned Id – in this case 1 + +4. On the computer running the App-V client, open a PowerShell command prompt, and type the following command: + + **Sync-AppvPublishingServer  -ServerId  1** + + The command will query the publishing server for the packages and connection groups that need to be added or removed for this particular client based on the entitlements for the packages and connection groups as configured on the management server. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-connect-to-the-management-console.md b/windows/manage/appv-connect-to-the-management-console.md new file mode 100644 index 0000000000..ff0f1cc327 --- /dev/null +++ b/windows/manage/appv-connect-to-the-management-console.md @@ -0,0 +1,27 @@ +--- +title: How to Connect to the Management Console (Windows 10) +description: How to Connect to the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# How to Connect to the Management Console + +Use the following procedure to connect to the App-V Management Console. + +**To connect to the App-V Management Console** + +1. Open Internet Explorer browser and type the address for the App-V. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**. + +2. To view different sections of the console, click the desired section in the navigation pane. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Operations for App-V](appv-operations.md) diff --git a/windows/manage/appv-connection-group-file.md b/windows/manage/appv-connection-group-file.md new file mode 100644 index 0000000000..cf82d7392b --- /dev/null +++ b/windows/manage/appv-connection-group-file.md @@ -0,0 +1,292 @@ +--- +title: About the Connection Group File (Windows 10) +description: About the Connection Group File +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# About the Connection Group File + + +**In this topic:** + +- [Connection group file purpose and location](#bkmk-cg-purpose-loc) + +- [Structure of the connection group XML file](#bkmk-define-cg-5-0sp3) + +- [Configuring the priority of packages in a connection group](#bkmk-config-pkg-priority-incg) + +- [Supported virtual application connection configurations](#bkmk-va-conn-configs) + +## Connection group file purpose and location + + + ++++ + + + + + + + + + + + + + + +

    Connection group purpose

    A connection group is an App-V feature that enables you to group packages together to create a virtual environment in which the applications in those packages can interact with each other.

    +

    Example: You want to use plug-ins with Microsoft Office. You can create a package that contains the plug-ins, and create another package that contains Office, and then add both packages to a connection group to enable Office to use those plug-ins.

    How the connection group file works

    When you apply an App-V connection group file, the packages that are enumerated in the file will be combined at runtime into a single virtual environment. Use the Microsoft Application Virtualization (App-V) connection group file to configure existing App-V connection groups.

    Example file path

    %APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups\{6CCC7575-162E-4152-9407-ED411DA138F4}\{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.

    + +  + +## Structure of the connection group XML file + + +**In this section:** + +- [Parameters that define the connection group](#bkmk-params-define-cg) + +- [Parameters that define the packages in the connection group](#bkmk-params-define-pkgs-incg) + +- [App-V example connection group XML file](#bkmk-50sp3-exp-cg-xml) + +### Parameters that define the connection group + +The following table describes the parameters in the XML file that define the connection group itself, not the packages. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription

    Schema name

    Name of the schema.

    +

    If you want to use the “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:

    +

    xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"

    AppConnectionGroupId

    Unique GUID identifier for this connection group. The connection group state is associated with this identifier. Specify this identifier only when you create the connection group.

    +

    You can create a new GUID by typing: [Guid]::NewGuid().

    VersionId

    Version GUID identifier for this version of the connection group.

    +

    When you update a connection group (for example, by adding or updating a new package), you must update the version GUID to reflect the new version.

    DisplayName

    Display name of the connection group.

    Priority

    Optional priority field for the connection group.

    +

    “0” - indicates the highest priority.

    +

    If a priority is required, but has not been configured, the package will fail because the correct connection group to use cannot be determined.

    + +  + +### Parameters that define the packages in the connection group + +In the <Packages> section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence. + + ++++ + + + + + + + + + + + + + + + + + + + + +
    FieldDescription

    PackageId

    Unique GUID identifier for this package. This GUID doesn’t change when newer versions of the package are published.

    VersionId

    Unique GUID identifier for the version of the package.

    +

    If you specify “*” for the package version, the GUID of the latest available package version is dynamically inserted.

    IsOptional

    Parameter that enables you to make a package optional within the connection group. Valid entries are:

    +
      +

    • “true” – package is optional in the connection group

      • +

    • “false” – package is required in the connection group

      • +
    +
    + +  + +### App-V example connection group XML file + +The following example connection group XML file shows examples of the fields in the previous tables. + +``` + + + + + + +``` + +## Configuring the priority of packages in a connection group + + +Package precedence is configured using the package list order. The first package in the document has the highest precedence. Subsequent packages in the list have descending priority. + +Package precedence is the resolution for otherwise inevitable resource collisions during virtual environment initialization. For example, if two packages that are opening in the same virtual environment define the same registry DWORD value, the package with the highest precedence determines the value that is set. + +You can use the connection group file to configure each connection group by using the following methods: + +- Specify runtime priorities for connection groups. To edit priority by using the App-V Management Console, click the connection group and then click **Edit**. + + **Note**   + Priority is required only if the package is associated with more than one connection group. + +   + +- Specify package precedence within the connection group. + +The priority field is required when a running virtual application initiates from a native application request, for example, Microsoft Windows Explorer. The App-V client uses the priority to determine which connection group virtual environment the application should run in. This situation occurs if a virtual application is part of multiple connection groups. + +If a virtual application is opened using another virtual application the virtual environment of the original virtual application will be used. The priority field is not used in this case. + +**Example:** + +The virtual application Microsoft Outlook is running in virtual environment **XYZ**. When you open an attached Microsoft Word document, a virtualized version Microsoft Word opens in the virtual environment **XYZ**, regardless of the virtualized Microsoft Word’s associated connection groups or runtime priorities. + +## Supported virtual application connection configurations + + + ++++ + + + + + + + + + + + + + + + + + + + + +
    ConfigurationExample scenario

    An. exe file and plug-in (.dll)

      +

    • You want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.

      • +

    • Enable the connection group for the appropriate users.

      • +

    • Update each package individually as required.

      • +

    An. exe file and a middleware application

      +

    • You have an application requires a middleware application, or several applications that all depend on the same middleware runtime version.

      • +

    • All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime.

      • +

    • You can optionally combine multiple middleware applications into a single connection group.

      + ++++ + + + + + + + + + + + + + + + + +
      ExampleExample description

      Virtual application connection group for the financial division

        +

      • Middleware application 1

        • +

      • Middleware application 2

        • +

      • Middleware application 3

        • +

      • Middleware application runtime

        • +

      Virtual application connection group for HR division

        +

      • Middleware application 5

        • +

      • Middleware application 6

        • +

      • Middleware application runtime

        • +
      +

       

      • +

    An. exe file and an .exe file

    You have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.

    +

    Example:

    +

    If you are deploying Microsoft Lync 2010, you can use three packages:

    +
      +

    • Microsoft Office 2010

      • +

    • Microsoft Communicator 2007

      • +

    • Microsoft Lync 2010

      • +
    +

    You can manage the deployment using the following connection groups:

    +
      +

    • Microsoft Office 2010 and Microsoft Communicator 2007

      • +

    • Microsoft Office 2010 and Microsoft Lync 2010

      • +
    +

    When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.

    + + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +[Managing Connection Groups](appv-managing-connection-groups.md) diff --git a/windows/manage/appv-connection-group-virtual-environment.md b/windows/manage/appv-connection-group-virtual-environment.md new file mode 100644 index 0000000000..8b3a5e00fc --- /dev/null +++ b/windows/manage/appv-connection-group-virtual-environment.md @@ -0,0 +1,109 @@ +--- +title: About the Connection Group Virtual Environment (Windows 10) +description: About the Connection Group Virtual Environment +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# About the Connection Group Virtual Environment + + +**In this topic:** + +- [How package priority is determined](#bkmk-pkg-priority-deter) + +- [Merging identical package paths into one virtual directory in connection groups](#bkmk-merged-root-ve-exp) + +## How package priority is determined + + +The virtual environment and its current state are associated with the connection group, not with the individual packages. If an App-V package is removed from the connection group, the state that existed as part of the connection group will not migrate with the package. + +If the same package is a part of two different connection groups, you have to indicate which connection group App-V should use. For example, you might have two packages in a connection group that each define the same registry DWORD value. + +The connection group that is used is based on the order in which a package appears inside the **AppConnectionGroup** XML document: + +- The first package has the highest precedence. + +- The second package has the second highest precedence. + +Consider the following example section: + +``` syntax + +``` + +Assume that same DWORD value ABC (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region) is defined in the first and third package, such as: + +- Package 1 (A8731008-4523-4713-83A4-CD1363907160): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5 + +- Package 3 (04220DCA-EE77-42BE-A9F5-96FD8E8593F2): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=10 + +Since Package 1 appears first, the AppConnectionGroup's virtual environment will have the single DWORD value of 5 (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5). This means that the virtual applications in Package 1, Package 2, and Package 3 will all see the value 5 when they query for HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region. + +Other virtual environment resources are resolved similarly, but the usual case is that the collisions occur in the registry. + +## Merging identical package paths into one virtual directory in connection groups + + +If two or more packages in a connection group contain identical directory paths, the paths are merged into a single virtual directory inside the connection group virtual environment. This merging of paths allows an application in one package to access files that are in a different package. + +When you remove a package from a connection group, the applications in that removed package are no longer able to access files in the remaining packages in the connection group. + +The order in which App-V looks up a file’s name in the connection group is specified by the order in which the App-V packages are listed in the connection group manifest file. + +The following example shows the order and relationship of a file name lookup in a connection group for **Package A** and **Package B**. + + ++++ + + + + + + + + + + + + + + + + +
    Package APackage B

    C:\Windows\System32

    C:\Windows\System32

    C:\AppTest

    C:\AppTest

    + +  + +In the example above, when a virtualized application tries to find a specific file, Package A is searched first for a matching file path. If a matching path is not found, Package B is searched, using the following mapping rules: + +- If a file named **test.txt** exists in the same virtual folder hierarchy in both application packages, the first matching file is used. + +- If a file named **bar.txt** exists in the virtual folder hierarchy of one application package, but not in the other, the first matching file is used. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Managing Connection Groups](appv-managing-connection-groups.md) + +  + +  + + + + + diff --git a/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md new file mode 100644 index 0000000000..6ef26859d9 --- /dev/null +++ b/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md @@ -0,0 +1,61 @@ +--- +title: How to Convert a Package Created in a Previous Version of App-V (Windows 10) +description: How to Convert a Package Created in a Previous Version of App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Convert a Package Created in a Previous Version of App-V + +You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V. + +> [!NOTE] +> If you are running a computer with a 64-bit architecture, you must use the x86 version of Windows PowerShell. + +The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or later. Packages that were created using a version prior to App-V 4.5 must be upgraded to at least App-V 4.5 before conversion. + +The following information provides direction for converting existing virtual application packages. + +> [!IMPORTANT] +> You must configure the package converter to always save the package ingredients file to a secure location and directory. A secure location is accessible only by an administrator. Additionally, when you deploy the package, you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion process. + +## App-V 4.6 installation folder is redirected to virtual file system root + +When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for Windows 10 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive letter is Q:\\.) + +**Technical Details:** The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the Filesystem element. When the App-V for Windows 10 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root. + +## Getting started + +1. Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md). + +2. The following cmdlets are available: + + - **Test-AppvLegacyPackage** – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, type `Test-AppvLegacyPackage -?`. + + - **ConvertFrom-AppvLegacyPackage** – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V for Windows 10 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used. + + Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default. + + > [!NOTE] + > Before you specify the output directory, you must create the output directory. + +### Advanced Conversion Tips + +- Piping - Windows PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V client. + +- Batching - The Windows PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`. + +- Other functionality - Windows PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in Windows PowerShell and can help you create advanced scenarios for the Package Converter. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Operations for App-V](appv-operations.md) diff --git a/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md new file mode 100644 index 0000000000..fab3419e83 --- /dev/null +++ b/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md @@ -0,0 +1,82 @@ +--- +title: How to Create a Connection Group with User-Published and Globally Published Packages (Windows 10) +description: How to Create a Connection Group with User-Published and Globally Published Packages +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Create a Connection Group with User-Published and Globally Published Packages + + +You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods: + +- [How to use PowerShell cmdlets to create the user-entitled connection groups](#bkmk-posh-userentitled-cg) + +- [How to use the App-V Server to create the user-entitled connection groups](#bkmk-appvserver-userentitled-cg) + +**What to know before you start:** + + ++++ + + + + + + + + + + + + + + + + +
    Unsupported scenarios and potential issuesResult

    You cannot include user-published packages in globally entitled connection groups.

    The connection group will fail.

    If you publish a package globally and then create a user-published connection group in which you’ve made that package non-optional, you can still run Unpublish-AppvClientPackage <package> -global to unpublish the package, even when that package is being used in another connection group.

    If any other connection groups are using that package, the package will fail in those connection groups.

    +

    To avoid inadvertently unpublishing a non-optional package that is being used in another connection group, we recommend that you track the connection groups in which you’ve used a non-optional package.

    + +  + +**How to use PowerShell cmdlets to create user-entitled connection groups** + +1. Add and publish packages by using the following commands: + + **Add-AppvClientPackage Pacakage1\_AppV\_file\_Path** + + **Add-AppvClientPackage Pacakage2\_AppV\_file\_Path** + + **Publish-AppvClientPackage -PackageId Package1\_ID -VersionId Package1\_Version ID -Global** + + **Publish-AppvClientPackage -PackageId Package2\_ID -VersionId Package2\_ID** + +2. Create the connection group XML file. For more information, see [About the Connection Group File](appv-connection-group-file.md). + +3. Add and publish the connection group by using the following commands: + + **Add-AppvClientConnectionGroup Connection\_Group\_XML\_file\_Path** + + **Enable-AppvClientConnectionGroup  -GroupId CG\_Group\_ID -VersionId CG\_Version\_ID** + +**How to use the App-V Server to create user-entitled connection groups** + +1. Open the App-V Management Console. + +2. Follow the instructions in [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md) to publish packages globally and to the user. + +3. Follow the instructions in [How to Create a Connection Group](appv-create-a-connection-group.md) to create the connection group, and add the user-published and globally published packages. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Managing Connection Groups](appv-managing-connection-groups.md) diff --git a/windows/manage/appv-create-a-connection-group.md b/windows/manage/appv-create-a-connection-group.md new file mode 100644 index 0000000000..1f77e35d5d --- /dev/null +++ b/windows/manage/appv-create-a-connection-group.md @@ -0,0 +1,58 @@ +--- +title: How to Create a Connection Group (Windows 10) +description: How to Create a Connection Group +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Create a Connection Group + + +Use these steps to create a connection group by using the App-V Management Console. To use PowerShell to create connection groups, see [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md). + +When you place packages in a connection group, their package root paths are merged. If you remove packages, only the remaining packages maintain the merged root. + +**To create a connection group** + +1. In the App-V Management Console, select **CONNECTION GROUPS** to display the Connection Groups library. + +2. Select **ADD CONNECTION GROUP** to create a new connection group. + +3. In the **New Connection Group** pane, type a description for the group. + +4. Click **EDIT** in the **CONNECTED PACKAGES** pane to add a new application to the connection group. + +5. In the **PACKAGES Entire Library** pane, select the application to be added, and click the arrow to add the application. + + To remove an application, select the application to be removed in the **PACKAGES IN** pane and click the arrow. + + To reprioritize the applications in your connection group, use the arrows in the **PACKAGES IN** pane. + + **Important**   + By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane. + +   + +6. After adding all the applications and configuring Active Directory access, click **Apply**. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +[Managing Connection Groups](appv-managing-connection-groups.md) + +  + +  + + + + + diff --git a/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md new file mode 100644 index 0000000000..5ae5d599c7 --- /dev/null +++ b/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md @@ -0,0 +1,48 @@ +--- +title: How to Create a Custom Configuration File by Using the App-V Management Console (Windows 10) +description: How to Create a Custom Configuration File by Using the App-V Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Create a Custom Configuration File by Using the App-V Management Console + + +You can use a dynamic configuration to customize an App-V package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see, [About App-V Dynamic Configuration](appv-dynamic-configuration.md). + +Use the following procedure to create a Dynamic User Configuration file by using the App-V Management console. + +**To create a Dynamic User Configuration file** + +1. Right-click the name of the package that you want to view and select **Edit active directory access** to view the configuration that is assigned to a given user group. Alternatively, select the package, and click **Edit**. + +2. Using the list of **AD Entities with Access**, select the AD group that you want to customize. Select **Custom** from the drop-down list, if it is not already selected. A link named **Edit** will be displayed. + +3. Click **Edit**. The Dynamic User Configuration that is assigned to the AD Group will be displayed. + +4. Click **Advanced**, and then click **Export Configuration**. Type in a filename and click **Save**. Now you can edit the file to configure a package for a user. + + **Note**   + To export a configuration while running on Windows Server, you must disable "IE Enhanced Security Configuration". If this is enabled and set to block downloads, you cannot download anything from the App-V Server. + +   + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-create-a-package-accelerator-with-powershell.md b/windows/manage/appv-create-a-package-accelerator-with-powershell.md new file mode 100644 index 0000000000..0694929374 --- /dev/null +++ b/windows/manage/appv-create-a-package-accelerator-with-powershell.md @@ -0,0 +1,55 @@ +--- +title: How to Create a Package Accelerator by Using PowerShell (Windows 10) +description: How to Create a Package Accelerator by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Create a Package Accelerator by Using PowerShell + + +App-V package accelerators automatically sequence large, complex applications. Additionally, when you apply an App-V package accelerator, you are not always required to manually install an application to create the virtualized package. + +**To create a package accelerator** + +1. Install the App-V sequencer. For more information about installing the sequencer see [How to Install the Sequencer](appv-install-the-sequencer.md). + +2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. Use the **New-AppvPackageAccelerator** cmdlet. + +3. To create a package accelerator, make sure that you have the .appv package to create an accelerator from, the installation media or installation files, and optionally a read me file for consumers of the accelerator to use. The following parameters are required to use the package accelerator cmdlet: + + - **InstalledFilesPath** - specifies the application installation path. + + - **Installer** – specifies the path to the application installer media + + - **InputPackagePath** – specifies the path to the .appv package + + - **Path** – specifies the output directory for the package. + + The following example displays how you can create a package accelerator with an .appv package and the installation media: + + **New-AppvPackageAccelerator -InputPackagePath <path to the .appv file> -Installer <path to the installer executable> -Path <directory of the output path>** + + Additional optional parameters that can be used with the **New-AppvPackageAccelerator** cmdlet are displayed in the following list: + + - **AcceleratorDescriptionFile** - specifies the path to user created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be packaged with the package created using the package accelerator. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md) + +  + +  + + + + + diff --git a/windows/manage/appv-create-a-package-accelerator.md b/windows/manage/appv-create-a-package-accelerator.md new file mode 100644 index 0000000000..d9a8f4a96a --- /dev/null +++ b/windows/manage/appv-create-a-package-accelerator.md @@ -0,0 +1,107 @@ +--- +title: How to Create a Package Accelerator (Windows 10) +description: How to Create a Package Accelerator +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Create a Package Accelerator + + +App-V package accelerators automatically generate new virtual application packages. + +**Note**   +You can use PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using PowerShell](appv-create-a-package-accelerator-with-powershell.md). + +  + +Use the following procedure to create a package accelerator. + +**Important**   +Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied. + +  + +**Important**   +Before you begin the following procedure, you should perform the following: + +- Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer. + +- Copy all required installation files associated with the virtual application package to the computer running the sequencer. + +  + +**To create a package accelerator** + +1. **Important**   + The App-V Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V Sequencer. + +   + + To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. + +2. To start the App-V **Create Package Accelerator** wizard, in the App-V sequencer console, click **Tools** / **Create Accelerator**. + +3. On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file). + + **Tip**   + Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer. + +   + + Click **Next**. + +4. On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files. + + **Tip**   + Copy the folder that contains the required installation files to the computer running the Sequencer. + +   + +5. If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location. + +6. On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page. + + **Note**   + You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard. + +   + +7. On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**. + +8. On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package. + + If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**. + +9. On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**. + +10. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory. + +11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**. + + **Important**   + To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator. + +   + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md) + +  + +  + + + + + diff --git a/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md new file mode 100644 index 0000000000..b502103844 --- /dev/null +++ b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md @@ -0,0 +1,101 @@ +--- +title: How to Create a Virtual Application Package Using an App-V Package Accelerator (Windows 10) +description: How to Create a Virtual Application Package Using an App-V Package Accelerator +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Create a Virtual Application Package Using an App-V Package Accelerator + + +**Important**   +The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer. + +  + +Use the following procedure to create a virtual application package with the App-V Package Accelerator. + +**Note**   +Before you start this procedure, copy the required Package Accelerator locally to the computer that runs the App-V Sequencer. You should also copy all required installation files for the package to a local directory on the computer that runs the Sequencer. This is the directory that you have to specify in step 5 of this procedure. + +  + +**To create a virtual application package with an App-V Package Accelerator** + +1. To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. + +2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**. + +3. To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**. + + **Important**   + If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box. + +   + +4. On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**. + +5. On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder. + + Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**. + + **Note**   + You can specify the following types of supported installation files: + + - Windows Installer files (**.msi**) + + - Cabinet files (.cab) + + - Compressed files with a .zip file name extension + + - The actual application files + + The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually. + +   + + If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page. + +6. On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**. + +7. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB. + + To create the package, click **Create**. After the package is created, click **Next**. + +8. On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements. + + If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step: + + - **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package. + + - **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**. + + - **Save Package**. The Sequencer saves the package. + + - **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block. + + If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**. + +9. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**. + + The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md). + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-create-and-use-a-project-template.md b/windows/manage/appv-create-and-use-a-project-template.md new file mode 100644 index 0000000000..fd57dc07d8 --- /dev/null +++ b/windows/manage/appv-create-and-use-a-project-template.md @@ -0,0 +1,70 @@ +--- +title: How to Create and Use a Project Template (Windows 10) +description: How to Create and Use a Project Template +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Create and Use a Project Template + + +You can use an App-V project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages. + +**Note**   +You can, and often should apply an App-V project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application. + +  + +App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications. + +Use the following procedures to create and apply a new template. + +**To create a project template** + +1. To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. + +2. **Note**   + If the virtual application package is currently open in the App-V Sequencer console, skip to step 3 of this procedure. + +   + + To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**. + +3. In the App-V Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V project template. Click Save. + + The new App-V project template is saved in the directory specified in step 3 of this procedure. + +**To apply a project template** + +1. **Important**   + Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported. + +   + + To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. + +2. To create or upgrade a new virtual application package by using an App-V project template, click **File** / **New From Template**. + +3. To select the project template that you want to use, browse to the directory where the project template is saved, select the project template, and then click **Open**. + + Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-creating-and-managing-virtualized-applications.md b/windows/manage/appv-creating-and-managing-virtualized-applications.md new file mode 100644 index 0000000000..e04c94fc76 --- /dev/null +++ b/windows/manage/appv-creating-and-managing-virtualized-applications.md @@ -0,0 +1,211 @@ +--- +title: Creating and Managing App-V Virtualized Applications (Windows 10) +description: Creating and Managing App-V Virtualized Applications +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Creating and Managing App-V Virtualized Applications + + +After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application. + +**Note**   +For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx). + +**Note** +The App-V Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated. + +## Sequencing an application + + +You can use the App-V Sequencer to perform the following tasks: + +- Create virtual packages that can be deployed to computers running the App-V client. + +- Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version. + +- Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association. + + **Note**   + You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V client. +  +- Convert existing virtual packages. + +The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing. + +When you use the sequencer to create a new virtual application, the following listed files are created. These files comprise the App-V package. + +- .msi file. This Windows Installer (.msi) file is created by the sequencer and is used to install the virtual package on target computers. + +- Report.xml file. In this file, the sequencer saves all issues, warnings, and errors that were discovered during sequencing. It displays the information after the package has been created. You can us this report for diagnosing and troubleshooting. + +- .appv file. This is the virtual application file. + +- Deployment configuration file. The deployment configuration file determines how the virtual application will be deployed to target computers. + +- User configuration file. The user configuration file determines how the virtual application will run on target computers. + +**Important**   +You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process.  + +The **Options** dialog box in the sequencer console contains the following tabs: + +- **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization. + + **Important**   + Package Accelerators created using App-V 4.6 are not supported by App-V.   + +- **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**. + +- **Exclusion Items**. Use this tab to specify which folders and directories should not be monitored during sequencing. To add local application data that is saved in the Local App Data folder in the package, click **New** and specify the location and the associated **Mapping Type**. This option is required for some packages. + +App-V supports applications that include Microsoft Windows Services. If an application includes a Windows service, the Service will be included in the sequenced virtual package as long as it is installed while being monitored by the sequencer. If a virtual application creates a Windows service when it initially runs, then later, after installation, the application must be run while the sequencer is monitoring so that the Windows Service will be added to the package. Only Services that run under the Local System account are supported. Services that are configured for AutoStart or Delayed AutoStart are started before the first virtual application in a package runs inside the package’s Virtual Environment. Windows Services that are configured to be started on demand by an application are started when the virtual application inside the package starts the Service via API call. + +[How to Sequence a New Application with App-V](appv-sequence-a-new-application.md) + +## App-V shell extension support + + +App-V supports shell extensions. Shell extensions will be detected and embedded in the package during sequencing. + +Shell extensions are embedded in the package automatically during the sequencing process. When the package is published, the shell extension gives users the same functionality as if the application were locally installed. + +**Requirements for using shell extensions:** + +- Packages that contain embedded shell extensions must be published globally. The application requires no additional setup or configuration on the client to enable the shell extension functionality. + +- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: + + - The version of the application is 64-bit. + + - The Sequencer is running on a 64-bit computer. + + - The package is being delivered to a 64-bit App-V client computer. + +The following table lists the supported shell extensions: + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    HandlerDescription

    Context menu handler

    Adds menu items to the context menu. It is called before the context menu is displayed.

    Drag-and-drop handler

    Controls the action where right-click, drag and drop and modifies the context menu that appears.

    Drop target handler

    Controls the action after a data object is dragged and dropped over a drop target such as a file.

    Data object handler

    Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.

    Property sheet handler

    Replaces or adds pages to the property sheet dialog box of an object.

    Infotip handler

    Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.

    Column handler

    Allows creating and displaying custom columns in Windows Explorer Details view. It can be used to extend sorting and grouping.

    Preview handler

    Enables a preview of a file to be displayed in the Windows Explorer Preview pane.

    + +## Copy on Write (CoW) file extension support + +Copy on write (CoW) file extensions allow App-V to dynamically write to specific locations contained in the virtual package while it is being used. + +The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V client. All other files and directories can be modified. + +| File Type | | | | | | +|------------ |------------- |------------- |------------ |------------ |------------ | +| .acm | .asa | .asp | .aspx | .ax | .bat | +| .cer | .chm | .clb | .cmd | .cnt | .cnv | +| .com | .cpl | .cpx | .crt | .dll | .drv | +| .esc | .exe | .fon | .grp | .hlp | .hta | +| .ime | .inf | .ins | .isp | .its | .js | +| .jse | .lnk | .msc | .msi | .msp | .mst | +| .mui | .nls | .ocx | .pal | .pcd | .pif | +| .reg | .scf | .scr | .sct | .shb | .shs | +| .sys | .tlb | .tsp | .url | .vb | .vbe | +| .vbs | .vsmacros | .ws | .wsf | .wsh | | + + +## Modifying an existing virtual application package + + +You can use the sequencer to modify an existing package. The computer on which you do this should match the chip architecture of the computer you used to create the application. For example, if you initially sequenced a package using a computer running a 64-bit operating system, you should modify the package using a computer running a 64-bit operating system. + +[How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md) + +## Creating a project template + + +A .appvt file is a project template that can be used to save commonly applied, customized settings. You can then more easily use these settings for future sequencings. + +App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications. Additionally, you cannot use a project template when you use a Package Accelerator to create a virtual application package. The following general settings are saved with an App-V project template: + +A template can specify and store multiple settings as follows: + +- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings + +- **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**. + +- **Exclusion Items.** Contains the Exclusion pattern list. + +[How to Create and Use a Project Template](appv-create-and-use-a-project-template.md) + +## Creating a package accelerator + + +**Note**   +Package accelerators created using a previous version of App-V must be recreated using App-V. + +You can use App-V package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator. + +In some situations, to create the package accelerator, you might have to install the application locally on the computer that runs the sequencer. In such cases, you should first try to create the package accelerator with the installation media. If multiple missing files are required, you should install the application locally to the computer that runs the sequencer, and then create the package accelerator. + +After you have successfully created a Package Accelerator, you can reuse and share the Package Accelerator. Creating App-V Package Accelerators is an advanced task. Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied. + +[How to Create a Package Accelerator](appv-create-a-package-accelerator.md) + +[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md) + +## Sequencer error reporting + + +The App-V Sequencer can detect common sequencing issues during sequencing. The **Installation Report** page at the end of the sequencing wizard displays diagnostic messages categorized into **Errors**, **Warnings**, and **Info** depending on the severity of the issue. + +You can also find additional information about sequencing errors using the Windows Event Viewer. + + +## Other resources for the App-V sequencer + + +- [Operations for App-V](appv-operations.md) + diff --git a/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md new file mode 100644 index 0000000000..3ec5082a93 --- /dev/null +++ b/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md @@ -0,0 +1,45 @@ +--- +title: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console (Windows 10) +description: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console + + +Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group. + +**To customize virtual applications extensions for an AD group** + +1. To view the package that you want to configure, open the App-V Management Console. To view the configuration that is assigned to a given user group, select the package, and right-click the package name and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. + +2. To customize an AD group, you can find the group from the list of **AD Entities with Access**. Then, using the drop-down box in the **Assigned Configuration** pane, select **Custom**, and then click **EDIT**. + +3. To disable all extensions for a given application, clear **ENABLE**. + + To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane, and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane, and select **Remove Shortcut**. To edit an existing shortcut, right-click the application, and select **Edit Shortcut**. + +4. To view any other application extensions, click **Advanced**, and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions that are associated with the package using the configuration file. + +5. To edit additional application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog, click **Overwrite** to complete the process. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-delete-a-connection-group.md b/windows/manage/appv-delete-a-connection-group.md new file mode 100644 index 0000000000..41661c8b51 --- /dev/null +++ b/windows/manage/appv-delete-a-connection-group.md @@ -0,0 +1,39 @@ +--- +title: How to Delete a Connection Group (Windows 10) +description: How to Delete a Connection Group +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Delete a Connection Group + + +Use the following procedure to delete an existing App-V connection group. + +**To delete a connection group** + +1. Open the App-V Management Console and select **CONNECTION GROUPS**. + +2. Right-click the connection group to be removed, and select **delete**. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +[Managing Connection Groups](appv-managing-connection-groups.md) + +  + +  + + + + + diff --git a/windows/manage/appv-delete-a-package-with-the-management-console.md b/windows/manage/appv-delete-a-package-with-the-management-console.md new file mode 100644 index 0000000000..da05ce9efb --- /dev/null +++ b/windows/manage/appv-delete-a-package-with-the-management-console.md @@ -0,0 +1,37 @@ +--- +title: How to Delete a Package in the Management Console (Windows 10) +description: How to Delete a Package in the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Delete a Package in the Management Console + + +Use the following procedure to delete an App-V package. + +**To delete a package in the Management Console** + +1. To view the package you want to delete, open the App-V Management Console and select **Packages**. Select the package to be removed. + +2. Click or right-click the package. Select **Delete** to remove the package. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md b/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md new file mode 100644 index 0000000000..a01fb30d6a --- /dev/null +++ b/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md @@ -0,0 +1,183 @@ +--- +title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10) +description: How to Deploy the App-V Databases by Using SQL Scripts +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Deploy the App-V Databases by Using SQL Scripts + +Use the following instructions to use SQL scripts, rather than the Windows Installer, to: + +- Install the App-V databases + +- Upgrade the App-V databases to a later version + +> [!NOTE] +> If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V. + +## How to install the App-V databases by using SQL scripts + +1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software. + +2. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location. + +3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts. + + Example: appv\_server\_setup.exe /layout c:\\__ + +4. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate readme.txt file for instructions: + + | Database | Location of readme.txt file to use + | - | - | + | Management database | ManagementDatabase subfolder | + | Reporting database | ReportingDatabase subfolder | + +> [!CAUTION] +> The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders. + +> [!IMPORTANT] +> The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3. +> The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3. + +### Updated management database README file content + +``` syntax +*********************************************************************************************************** +Before you install and use the Application Virtualization Database Scripts, you must: + +- Review the license terms. +- Print and retain a copy of the license terms for your records. + +By running the App-V you agree to such license terms. If you do not accept them, do not use the software. +*********************************************************************************************************** + +Steps to install "AppVManagement" schema in SQL SERVER. + +## PREREQUISITES: + + 1. Review the installation package. The following files MUST exist: + + SQL files + --------- + Database.sql + CreateTables.sql + CreateStoredProcs.sql + UpdateTables.sql + Permissions.sql + + 2. Ensure the target SQL Server instance and SQL Server Agent service are running. + + 3. If you are not running the scripts directly on the server, ensure the + necessary SQL Server client software is installed and available from + the specified location. Specifically, the "osql" command must be supported for these scripts to run. + +## PREPARATION: + + 1. Review the database.sql file and modify as necessary. Although the + defaults are likely sufficient, it is suggested that the following + settings be reviewed: + + DATABASE - ensure name is satisfactory - default is "AppVManagement". + + 2. Review the Permissions.sql file and provide all the necessary account information + for setting up read and write access on the database. Note: Default settings in the file will not work. + +## INSTALLATION: + + 1. Run the database.sql against the "master" database. Your user + credential must have the ability to create databases. + This script will create the database. + + 2. Run the following scripts against the "AppVManagement" database using the + same account as above in order. + + CreateTables.sql + CreateStoredProcs.sql + UpdateTables.sql + Permissions.sql + +``` + +### Updated reporting database README file content + +``` syntax +*********************************************************************************************************** +Before you install and use the Application Virtualization Database Scripts, you must: + +- Review the license terms. +- Print and retain a copy of the license terms for your records. + +By running the App-V you agree to such license terms. If you do not accept them, do not use the software. +*********************************************************************************************************** + +Steps to install "AppVReporting" schema in SQL SERVER. + +## PREREQUISITES: + + 1. Review the installation package. The following files MUST exist: + + SQL files + --------- + Database.sql + UpgradeDatabase.sql + CreateTables.sql + CreateReportingStoredProcs.sql + CreateStoredProcs.sql + CreateViews.sql + Permissions.sql + ScheduleReportingJob.sql + + 2. Ensure the target SQL Server instance and SQL Server Agent service are running. + + 3. If you are not running the scripts directly on the server, ensure the + necessary SQL Server client software is installed and executable from + the location you have chosen. Specifically, the "osql" command must be supported for these scripts to run. + +## PREPARATION: + + 1. Review the database.sql file and modify as necessary. Although the + defaults are likely sufficient, it is suggested that the following + settings be reviewed: + + DATABASE - ensure name is satisfactory - default is "AppVReporting". + + 2. Review the Permissions.sql file and provide all the necessary account information + for setting up read and write access on the database. Note: Default settings + in the file will not work. + + 3. Review the ScheduleReportingJob.sql file and make sure that the stored proc schedule + time is acceptable. The default stored proc schedule time is at 12.01 AM (line 84). + If this time is not suitable, you can change this to a more suitable time. The time is in the format HHMMSS. + +## INSTALLATION: + + 1. Run the database.sql against the "master" database. Your user + credential must have the ability to create databases. + This script will create the database. + + 2. If upgrading the database, run UpgradeDatabase.sql This will upgrade database schema. + + 2. Run the following scripts against the "AppVReporting" database using the + same account as above in order. + + CreateTables.sql + CreateReportingStoredProcs.sql + CreateStoredProcs.sql + CreateViews.sql + Permissions.sql + ScheduleReportingJob.sql +``` + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Deploying the App-V Server](appv-deploying-the-appv-server.md) +- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) diff --git a/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md new file mode 100644 index 0000000000..b681e20927 --- /dev/null +++ b/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md @@ -0,0 +1,41 @@ +--- +title: How to deploy App-V Packages Using Electronic Software Distribution (Windows 10) +description: How to deploy App-V Packages Using Electronic Software Distribution +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# How to deploy App-V packages using electronic software distribution + +You can use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients. + +For component requirements and options for using an ESD to deploy App-V packages, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md). + +Use one of the following methods to publish packages to App-V client computers with an ESD: + +| Method | Description | +| - | - | +| Functionality provided by a third-party ESD | Use the functionality in a third-party ESD.| +| Stand-alone Windows Installer | Install the application on the target client computer by using the associated Windows Installer (.msi) file that is created when you initially sequence an application. The Windows Installer file contains the associated App-V package file information used to configure a package and copies the required package files to the client. | +| Windows PowerShell | Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).| + +  + +**To deploy App-V packages by using an ESD** + +1. Install the App-V Sequencer on a computer in your environment. For more information about installing the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md). + +2. Use the App-V Sequencer to create virtual application. For information about creating a virtual application, see [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md). + +3. After you create the virtual application, deploy the package by using your ESD solution. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Operations for App-V](appv-operations.md) diff --git a/windows/manage/appv-deploy-the-appv-server-with-a-script.md b/windows/manage/appv-deploy-the-appv-server-with-a-script.md new file mode 100644 index 0000000000..919248523e --- /dev/null +++ b/windows/manage/appv-deploy-the-appv-server-with-a-script.md @@ -0,0 +1,789 @@ +--- +title: How to Deploy the App-V Server Using a Script (Windows 10) +description: How to Deploy the App-V Server Using a Script +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Deploy the App-V Server Using a Script + + +In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters. + +**To Install the App-V server using a script** + +- Use the following tables for more information about installing the App-V server using the command line. + + **Note**   + The information in the following tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**. + +   + + **Common parameters and Examples** + + + + + + + + + + + + +

    To Install the Management server and Management database on a local machine.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /MANAGEMENT_SERVER

      • +

    • /MANAGEMENT_ADMINACCOUNT

      • +

    • /MANAGEMENT_WEBSITE_NAME

      • +

    • /MANAGEMENT_WEBSITE_PORT

      • +

    • /DB_PREDEPLOY_MANAGEMENT

      • +

    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /MANAGEMENT_DB_NAME

      • +
    +

    To use a custom instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /MANAGEMENT_SERVER

      • +

    • /MANAGEMENT_ADMINACCOUNT

      • +

    • /MANAGEMENT_WEBSITE_NAME

      • +

    • /MANAGEMENT_WEBSITE_PORT

      • +

    • /DB_PREDEPLOY_MANAGEMENT

      • +

    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

      • +

    • /MANAGEMENT_DB_NAME

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /MANAGEMENT_SERVER

    +

    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

    +

    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

    +

    /MANAGEMENT_WEBSITE_PORT=”8080”

    +

    /DB_PREDEPLOY_MANAGEMENT

    +

    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    +

    /MANAGEMENT_DB_NAME=”AppVManagement”

    + +   + + + + + + + + + + + + +

    To Install the Management server using an existing Management database on a local machine.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /MANAGEMENT_SERVER

      • +

    • /MANAGEMENT_ADMINACCOUNT

      • +

    • /MANAGEMENT_WEBSITE_NAME

      • +

    • /MANAGEMENT_WEBSITE_PORT

      • +

    • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

      • +

    • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /EXISTING_MANAGEMENT_DB_NAME

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /MANAGEMENT_SERVER

      • +

    • /MANAGEMENT_ADMINACCOUNT

      • +

    • /MANAGEMENT_WEBSITE_NAME

      • +

    • /MANAGEMENT_WEBSITE_PORT

      • +

    • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

      • +

    • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE

      • +

    • /EXISTING_MANAGEMENT_DB_NAME

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /MANAGEMENT_SERVER

    +

    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

    +

    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

    +

    /MANAGEMENT_WEBSITE_PORT=”8080”

    +

    /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

    +

    /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”

    +

    /EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”

    + +   + + + + + + + + + + + + +

    To install the Management server using an existing Management database on a remote machine.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /MANAGEMENT_SERVER

      • +

    • /MANAGEMENT_ADMINACCOUNT

      • +

    • /MANAGEMENT_WEBSITE_NAME

      • +

    • /MANAGEMENT_WEBSITE_PORT

      • +

    • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

      • +

    • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /EXISTING_MANAGEMENT_DB_NAME

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /MANAGEMENT_SERVER

      • +

    • /MANAGEMENT_ADMINACCOUNT

      • +

    • /MANAGEMENT_WEBSITE_NAME

      • +

    • /MANAGEMENT_WEBSITE_PORT

      • +

    • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

      • +

    • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE

      • +

    • /EXISTING_MANAGEMENT_DB_NAME

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /MANAGEMENT_SERVER

    +

    /MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

    +

    /MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

    +

    /MANAGEMENT_WEBSITE_PORT=”8080”

    +

    /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME=”SqlServermachine.domainName”

    +

    /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”

    +

    /EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”

    + +   + + + + + + + + + + + + +

    To Install the Management database and the Management Server on the same computer.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /DB_PREDEPLOY_MANAGEMENT

      • +

    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /MANAGEMENT_DB_NAME

      • +

    • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL

      • +

    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /DB_PREDEPLOY_MANAGEMENT

      • +

    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

      • +

    • /MANAGEMENT_DB_NAME

      • +

    • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL

      • +

    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /DB_PREDEPLOY_MANAGEMENT

    +

    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    +

    /MANAGEMENT_DB_NAME=”AppVManagement”

    +

    /MANAGEMENT_SERVER_MACHINE_USE_LOCAL

    +

    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

    + +   + + + + + + + + + + + + +

    To install the Management database on a different computer than the Management server.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /DB_PREDEPLOY_MANAGEMENT

      • +

    • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /MANAGEMENT_DB_NAME

      • +

    • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

      • +

    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /DB_PREDEPLOY_MANAGEMENT

      • +

    • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

      • +

    • /MANAGEMENT_DB_NAME

      • +

    • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

      • +

    • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /DB_PREDEPLOY_MANAGEMENT

    +

    /MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    +

    /MANAGEMENT_DB_NAME=”AppVManagement”

    +

    /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”

    +

    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

    + +   + + + + + + + + + + + + +

    To Install the publishing server.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /PUBLISHING_SERVER

      • +

    • /PUBLISHING_MGT_SERVER

      • +

    • /PUBLISHING_WEBSITE_NAME

      • +

    • /PUBLISHING_WEBSITE_PORT

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /PUBLISHING_SERVER

    +

    /PUBLISHING_MGT_SERVER=”http://ManagementServerName:ManagementPort”

    +

    /PUBLISHING_WEBSITE_NAME=”Microsoft AppV Publishing Service”

    +

    /PUBLISHING_WEBSITE_PORT=”8081”

    + +   + + + + + + + + + + + + +

    To Install the Reporting server and Reporting database on a local machine.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /REPORTING _SERVER

      • +

    • /REPORTING _WEBSITE_NAME

      • +

    • /REPORTING _WEBSITE_PORT

      • +

    • /DB_PREDEPLOY_REPORTING

      • +

    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /REPORTING _DB_NAME

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /REPORTING _SERVER

      • +

    • /REPORTING _ADMINACCOUNT

      • +

    • /REPORTING _WEBSITE_NAME

      • +

    • /REPORTING _WEBSITE_PORT

      • +

    • /DB_PREDEPLOY_REPORTING

      • +

    • /REPORTING _DB_CUSTOM_SQLINSTANCE

      • +

    • /REPORTING _DB_NAME

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +
      +

    • /appv_server_setup.exe /QUIET

      • +

    • /REPORTING_SERVER

      • +

    • /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

      • +

    • /REPORTING_WEBSITE_PORT=”8082”

      • +

    • /DB_PREDEPLOY_REPORTING

      • +

    • /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

      • +

    • /REPORTING_DB_NAME=”AppVReporting”

      • +
    + +   + + + + + + + + + + + + +

    To Install the Reporting server and using an existing Reporting database on a local machine.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /REPORTING _SERVER

      • +

    • /REPORTING _WEBSITE_NAME

      • +

    • /REPORTING _WEBSITE_PORT

      • +

    • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

      • +

    • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /EXISTING_REPORTING _DB_NAME

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /REPORTING _SERVER

      • +

    • /REPORTING _ADMINACCOUNT

      • +

    • /REPORTING _WEBSITE_NAME

      • +

    • /REPORTING _WEBSITE_PORT

      • +

    • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

      • +

    • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE

      • +

    • /EXISTING_REPORTING _DB_NAME

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /REPORTING_SERVER

    +

    /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

    +

    /REPORTING_WEBSITE_PORT=”8082”

    +

    /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

    +

    /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    +

    /EXITING_REPORTING_DB_NAME=”AppVReporting”

    + +   + + + + + + + + + + + + +

    To Install the Reporting server using an existing Reporting database on a remote machine.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /REPORTING _SERVER

      • +

    • /REPORTING _WEBSITE_NAME

      • +

    • /REPORTING _WEBSITE_PORT

      • +

    • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

      • +

    • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /EXISTING_REPORTING _DB_NAME

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /REPORTING _SERVER

      • +

    • /REPORTING _ADMINACCOUNT

      • +

    • /REPORTING _WEBSITE_NAME

      • +

    • /REPORTING _WEBSITE_PORT

      • +

    • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

      • +

    • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE

      • +

    • /EXISTING_REPORTING _DB_NAME

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /REPORTING_SERVER

    +

    /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

    +

    /REPORTING_WEBSITE_PORT=”8082”

    +

    /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME=”SqlServerMachine.DomainName”

    +

    /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    +

    /EXITING_REPORTING_DB_NAME=”AppVReporting”

    + +   + + + + + + + + + + + + +

    To install the Reporting database on the same computer as the Reporting server.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /DB_PREDEPLOY_REPORTING

      • +

    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /REPORTING _DB_NAME

      • +

    • /REPORTING_SERVER_MACHINE_USE_LOCAL

      • +

    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /DB_PREDEPLOY_REPORTING

      • +

    • /REPORTING _DB_CUSTOM_SQLINSTANCE

      • +

    • /REPORTING _DB_NAME

      • +

    • /REPORTING_SERVER_MACHINE_USE_LOCAL

      • +

    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /DB_PREDEPLOY_REPORTING

    +

    /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    +

    /REPORTING_DB_NAME=”AppVReporting”

    +

    /REPORTING_SERVER_MACHINE_USE_LOCAL

    +

    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

    + +   + + + + + + + + + + + + +

    To install the Reporting database on a different computer than the Reporting server.

    To use the default instance of Microsoft SQL Server, use the following parameters:

    +
      +

    • /DB_PREDEPLOY_REPORTING

      • +

    • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

      • +

    • /REPORTING _DB_NAME

      • +

    • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

      • +

    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

      • +
    +

    To use a custom instance of Microsoft SQL Server, use these parameters:

    +
      +

    • /DB_PREDEPLOY_REPORTING

      • +

    • /REPORTING _DB_CUSTOM_SQLINSTANCE

      • +

    • /REPORTING _DB_NAME

      • +

    • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

      • +

    • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

      • +
    +

    Using a custom instance of Microsoft SQL Server example:

    +

    /appv_server_setup.exe /QUIET

    +

    /DB_PREDEPLOY_REPORTING

    +

    /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    +

    /REPORTING_DB_NAME=”AppVReporting”

    +

    /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”

    +

    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

    + +   + + **Parameter Definitions** + + **General Parameters** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterInformation

    /QUIET

    Specifies silent install.

    /UNINSTALL

    Specifies an uninstall.

    /LAYOUT

    Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected.

    /LAYOUTDIR

    Specifies the layout directory. Takes a string. For example, /LAYOUTDIR=”C:\Application Virtualization Server”

    /INSTALLDIR

    Specifies the installation directory. Takes a string. E.g. /INSTALLDIR=”C:\Program Files\Application Virtualization\Server”

    /MUOPTIN

    Enables Microsoft Update. No value is expected

    /ACCEPTEULA

    Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.

    + +   + + **Management Server Installation Parameters** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterInformation

    /MANAGEMENT_SERVER

    Specifies that the management server will be installed. No value is expected

    /MANAGEMENT_ADMINACCOUNT

    Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: /MANAGEMENT_ADMINACCOUNT=”mydomain\admin”. If /MANAGEMENT_SERVER is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, /MANAGEMENT_ADMINACCOUNT="mydomain\admin".

    /MANAGEMENT_WEBSITE_NAME

    Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME=”Microsoft App-V Management Service”

    MANAGEMENT_WEBSITE_PORT

    Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82.

    + +   + + **Parameters for the Management Server Database** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterInformation

    /DB_PREDEPLOY_MANAGEMENT

    Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected

    /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    Indicates that the default SQL instance should be used. No value is expected.

    /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE

    Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”MYSQLSERVER”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.

    /MANAGEMENT_DB_NAME

    Specifies the name of the new management database that should be created. Example usage: /MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.

    /MANAGEMENT_SERVER_MACHINE_USE_LOCAL

    Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.

    /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

    Specifies the machine account of the remote machine that the management server will be installed on. Example usage: /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”domain\computername”

    /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    Indicates the Administrator account that will be used to install the management server. Example usage: /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT =”domain\alias”

    + +   + + **Parameters for Installing Publishing Server** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterInformation

    /PUBLISHING_SERVER

    Specifies that the Publishing Server will be installed. No value is expected

    /PUBLISHING_MGT_SERVER

    Specifies the URL to Management Service the Publishing server will connect to. Example usage: http://<management server name>:<Management server port number>. If /PUBLISHING_SERVER is not used, this parameter will be ignored

    /PUBLISHING_WEBSITE_NAME

    Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME=”Microsoft App-V Publishing Service”

    /PUBLISHING_WEBSITE_PORT

    Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83

    + +   + + **Parameters for Reporting Server** + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterInformation

    /REPORTING_SERVER

    Specifies that the Reporting Server will be installed. No value is expected

    /REPORTING_WEBSITE_NAME

    Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService"

    /REPORTING_WEBSITE_PORT

    Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82

    + +   + + **Parameters for using an Existing Reporting Server Database** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterInformation

    /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

    Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected.

    /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

    Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"

    /EXISTING_ REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    Indicates that the default SQL instance is to be used. Switch parameter so no value is expected.

    /EXISTING_ REPORTING_DB_CUSTOM_SQLINSTANCE

    Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"

    /EXISTING_ REPORTING _DB_NAME

    Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISITING_REPORTING_DB_NAME="AppVReporting"

    + +   + + **Parameters for installing Reporting Server Database** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterInformation

    /DB_PREDEPLOY_REPORTING

    Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected

    /REPORTING_DB_SQLINSTANCE_USE_DEFAULT

    Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"

    /REPORTING_DB_NAME

    Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB"

    /REPORTING_SERVER_MACHINE_USE_LOCAL

    Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.

    /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

    Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername"

    /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias"

    + +   + + **Parameters for using an existing Management Server Database** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterInformation

    /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

    Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

    /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

    Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"

    /EXISTING_ MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

    /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE

    Specifies the name of the custom SQL instance that will be used. Example usage /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”AppVManagement”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

    /EXISTING_MANAGEMENT_DB_NAME

    Specifies the name of the existing management database that should be used. Example usage: /EXISITING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

    +

    +

    Have a suggestion for App-V? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). Got an App-V issue? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).

    + +   + +## Related topics + + +[Deploying the App-V Server](appv-deploying-the-appv-server.md) + +  + +  + + + + + diff --git a/windows/manage/appv-deploy-the-appv-server.md b/windows/manage/appv-deploy-the-appv-server.md new file mode 100644 index 0000000000..3838c1812c --- /dev/null +++ b/windows/manage/appv-deploy-the-appv-server.md @@ -0,0 +1,116 @@ +--- +title: How to Deploy the App-V Server (Windows 10) +description: How to Deploy the App-V Server +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# How to Deploy the App-V server + +Use the following procedure to install the App-V server.. + +**Before you start:** + +- Ensure that you’ve installed prerequisite software. See [App-V Prerequisites](appv-prerequisites.md). + +- Review the server section of [App-V security considerations](appv-security-considerations.md). + +- Specify a port where each component will be hosted. + +- Add firewall rules to allow incoming requests to access the specified ports. + +- If you use SQL scripts, instead of the Windows Installer, to set up the Management database or Reporting database, you must run the SQL scripts before installing the Management Server or Reporting Server. See [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md). + +**To install the App-V server** + +1. Copy the App-V server installation files to the computer on which you want to install it. + +2. Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**. + +3. Review and accept the license terms, and choose whether to enable Microsoft updates. + +4. On the **Feature Selection** page, select all of the following components. + + | Component | Description | + | - | - | + | Management server | Provides overall management functionality for the App-V infrastructure. | + | Management database | Facilitates database predeployments for App-V management. | + | Publishing server | Provides hosting and streaming functionality for virtual applications. | + | Reporting server | Provides App-V reporting services. | + | Reporting database | Facilitates database predeployments for App-V reporting. | + +5. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line. + +6. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below. + + | Method | What you need to do | + | - | - | + | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.
    Use the format **INSTANCENAME**. The assumed installation location is the local computer.
    Not supported: A server name using the format **ServerName**\\**INSTANCE**.| + | You are using a custom database name. | Select **Custom configuration** and type the database name.
    The database name must be unique, or the installation will fail.| + +7. On the **Configure** page, accept the default value **Use this local computer**. + + > [!NOTE] + > If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed. + +8. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below. + + | Method | What you need to do | + | - | - | + | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.
    Use the format **INSTANCENAME**. The assumed installation location is the local computer.
    Not supported: A server name using the format **ServerName**\\**INSTANCE**.| + | You are using a custom database name. | Select **Custom configuration** and type the database name.
    The database name must be unique, or the installation will fail.| + + +9. On the **Configure** page, accept the default value: **Use this local computer**. + + > [!NOTE] + > If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed. + + +10. On the **Configure** (Management Server Configuration) page, specify the following: + + | Item to configure | Description and examples | + | - | - | + Type the AD group with sufficient permissions to manage the App-V environment. | Example: MyDomain\MyUser
    After installation, you can add additional users or groups by using the Management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use Domain local or Universal groups are required to perform this action.| + | **Website name**: Specify the custom name that will be used to run the publishing service.
    If you do not have a custom name, do not make any changes.| + |**Port binding**: Specify a unique port number that will be used by App-V. | Example: **12345**
    Ensure that the port specified is not being used by another website. | + +11. On the **Configure Publishing Server Configuration** page, specify the following: + + | Item to configure | Description and examples | + | - | - | + | Specify the URL for the management service. | Example: http://localhost:12345 | + | **Website name**: Specify the custom name that will be used to run the publishing service.| If you do not have a custom name, do not make any changes. | + | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 54321
    Ensure that the port specified is not being used by another website. | + +12. On the **Reporting Server** page, specify the following: + + | Item to configure | Description and examples | + | - | - | + | **Website name**: Specify the custom name that will be used to run the Reporting Service. | If you do not have a custom name, do not make any changes. | + | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 55555
    Ensure that the port specified is not being used by another website. | + +13. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page. + +14. To verify that the setup completed successfully, open a web browser, and type the following URL: + + **http://\<_Management server machine name_\>:\<_Management service port number_\>/console.html**. + + Example: **http://localhost:12345/console.html**. If the installation succeeded, the App-V Management console is displayed with no errors. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Deploying App-V](appv-deploying-appv.md) + +- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md) + +- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md) + +- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md) diff --git a/windows/manage/appv-deploying-appv.md b/windows/manage/appv-deploying-appv.md new file mode 100644 index 0000000000..4afd68b171 --- /dev/null +++ b/windows/manage/appv-deploying-appv.md @@ -0,0 +1,47 @@ +--- +title: Deploying App-V (Windows 10) +description: Deploying App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Deploying App-V + +App-V supports a number of different deployment options. This section of the App-V Administrator’s Guide includes information you should consider about the deployment of App-V and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. + +## App-V Deployment Information + + +- [Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md) + + This section describes how to install the App-V sequencer which is used to virtualize applications, and the App-V client which runs on target computers to facilitate virtualized packages. + +- [Deploying the App-V Server](appv-deploying-the-appv-server.md) + + This section provides information about installing the App-V management, publishing, database and reporting severs. + +- [App-V Deployment Checklist](appv-deployment-checklist.md) + + This section provides a deployment checklist that can be used to assist with installing App-V. + +## Other Resources for Deploying App-V + + +- [Application Virtualization (App-V) overview](appv-for-windows.md) + +- [Getting Started with App-V](appv-getting-started.md) + +- [Planning for App-V](appv-planning-for-appv.md) + +- [Operations for App-V](appv-operations.md) + +- [Troubleshooting App-V](appv-troubleshooting.md) + +- [Technical Reference for App-V](appv-technical-reference.md) + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md new file mode 100644 index 0000000000..694046b16c --- /dev/null +++ b/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md @@ -0,0 +1,293 @@ +--- +title: Deploying Microsoft Office 2010 by Using App-V (Windows 10) +description: Deploying Microsoft Office 2010 by Using App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Deploying Microsoft Office 2010 by Using App-V + + +You can create Office 2010 packages for Microsoft Application Virtualization (App-V) using one of the following methods: + +- Application Virtualization (App-V) Sequencer + +- Application Virtualization (App-V) Package Accelerator + +## App-V support for Office 2010 + + +The following table shows the App-V versions, methods of Office package creation, supported licensing, and supported deployments for Office 2010. + + ++++ + + + + + + + + + + + + + + + + + + + + +
    Supported itemLevel of support

    Package creation

      +

    • Sequencing

      • +

    • Package Accelerator

      • +

    • Office Deployment Kit

      • +

    Supported licensing

    Volume Licensing

    Supported deployments

      +

    • Desktop

      • +

    • Personal VDI

      • +

    • RDS

      • +
    + +  + +## Creating Office 2010 App-V using the sequencer + + +Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V, refer to the following link for detailed instructions: + +[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676) + +## Creating Office 2010 App-V packages using package accelerators + + +Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator: + +- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](http://go.microsoft.com/fwlink/p/?LinkId=330677) + +- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=330678) + +For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md). + +## Deploying the Microsoft Office package for App-V + + +You can deploy Office 2010 packages by using any of the following App-V deployment methods: + +- System Center Configuration Manager + +- App-V server + +- Stand-alone through PowerShell commands + +## Office App-V package management and customization + + +Office 2010 packages can be managed like any other App-V packages through known package management mechanisms. No special instructions are needed, for example, to add, publish, unpublish, or remove Office packages. + +## Microsoft Office integration with Windows + + +The following table provides a full list of supported integration points for Office 2010. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Extension PointDescriptionOffice 2010

    Lync meeting Join Plug-in for Firefox and Chrome

    User can join Lync meetings from Firefox and Chrome

    Sent to OneNote Print Driver

    User can print to OneNote

    Yes

    OneNote Linked Notes

    OneNote Linked Notes

    Send to OneNote Internet Explorer Add-In

    User can send to OneNote from IE

    Firewall Exception for Lync and Outlook

    Firewall Exception for Lync and Outlook

    MAPI Client

    Native apps and add-ins can interact with virtual Outlook through MAPI

    SharePoint Plugin for Firefox

    User can use SharePoint features in Firefox

    Mail Control Panel Applet

    User gets the mail control panel applet in Outlook

    Yes

    Primary Interop Assemblies

    Support managed add-ins

    Office Document Cache Handler

    Allows Document Cache for Office applications

    Outlook Protocol Search handler

    User can search in outlook

    Yes

    Active X Controls:

    For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).

       Groove.SiteClient

    Active X Control

       PortalConnect.PersonalSite

    Active X Control

       SharePoint.openDocuments

    Active X Control

       SharePoint.ExportDatabase

    Active X Control

       SharePoint.SpreadSheetLauncher

    Active X Control

       SharePoint.StssyncHander

    Active X Control

       SharePoint.DragUploadCtl

    Active X Control

       SharePoint.DragDownloadCtl

    Active X Control

       Sharpoint.OpenXMLDocuments

    Active X Control

       Sharepoint.ClipboardCtl

    Active X control

       WinProj.Activator

    Active X Control

       Name.NameCtrl

    Active X Control

       STSUPld.CopyCtl

    Active X Control

       CommunicatorMeetingJoinAx.JoinManager

    Active X Control

       LISTNET.Listnet

    Active X Control

       OneDrive Pro Browser Helper

    Active X Control]

    OneDrive Pro Icon Overlays

    Windows explorer shell icon overlays when users look at folders OneDrive Pro folders

    + +  + +## Additional resources + + +**Office 2013 App-V Packages Additional Resources** + +[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680) + +**Office 2010 App-V Packages** + +[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681) + +[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682) + +[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676) + +**Connection Groups** + +[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683) + +[Managing Connection Groups](appv-managing-connection-groups.md) + +**Dynamic Configuration** + +[About App-V Dynamic Configuration](appv-dynamic-configuration.md) + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md b/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md new file mode 100644 index 0000000000..b092b860ba --- /dev/null +++ b/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md @@ -0,0 +1,895 @@ +--- +title: Deploying Microsoft Office 2013 by Using App-V (Windows 10) +description: Deploying Microsoft Office 2013 by Using App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Deploying Microsoft Office 2013 by Using App-V + + +Use the information in this article to use Microsoft Application Virtualization (App-V), or later versions, to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V. + +This topic contains the following sections: + +- [What to know before you start](#bkmk-before-you-start) + +- [Creating an Office 2013 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg) + +- [Publishing the Office package for App-V](#bkmk-pub-pkg-office) + +- [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs) + +## What to know before you start + + +Before you deploy Office 2013 by using App-V, review the following planning information. + +### Supported Office versions and Office coexistence + +Use the following table to get information about supported versions of Office and about running coexisting versions of Office. + + ++++ + + + + + + + + + + + + + + + + +
    Information to reviewDescription

    [Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)

      +

    • Supported versions of Office

      • +

    • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)

      • +

    • Office licensing options

      • +

    [Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting)

    Considerations for installing different versions of Office on the same computer

    + +  + +### Packaging, publishing, and deployment requirements + +Before you deploy Office by using App-V, review the following requirements. + + ++++ + + + + + + + + + + + + + + + + + + + + +
    TaskRequirement

    Packaging

      +

    • All of the Office applications that you want to deploy to users must be in a single package.

      • +

    • In App-V and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.

      • +

    • If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).

      • +

    Publishing

      +

    • You can publish only one Office package to each client computer.

      • +

    • You must publish the Office package globally. You cannot publish to the user.

      • +

    Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:

    +
      +

    • Office 365 ProPlus

      • +

    • Visio Pro for Office 365

      • +

    • Project Pro for Office 365

      • +

    You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).

    +

    You don’t use shared computer activation if you’re deploying a volume licensed product, such as:

    +
      +

    • Office Professional Plus 2013

      • +

    • Visio Professional 2013

      • +

    • Project Professional 2013

      • +
    + +  + +### Excluding Office applications from a package + +The following table describes the recommended methods for excluding specific Office applications from a package. + + ++++ + + + + + + + + + + + + + + + + +
    TaskDetails

    Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

      +

    • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

      • +

    • For more information, see [ExcludeApp element](http://technet.microsoft.com/library/jj219426.aspx#bkmk-excludeappelement).

      • +

    Modify the DeploymentConfig.xml file

      +

    • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.

      • +

    • For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).

      • +
    + +  + +## Creating an Office 2013 package for App-V with the Office Deployment Tool + + +Complete the following steps to create an Office 2013 package for App-V or later. + +**Important**   +In App-V and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages. + +  + +### Review prerequisites for using the Office Deployment Tool + +The computer on which you are installing the Office Deployment Tool must have: + + ++++ + + + + + + + + + + + + + + + + +
    PrerequisiteDescription

    Prerequisite software

    .Net Framework 4

    Supported operating systems

      +

    • 64-bit version of Windows 8 or later

      • +

    • 64-bit version of Windows 7

      • +
    + +  + +**Note**   +In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing. + +  + +### Create Office 2013 App-V Packages Using Office Deployment Tool + +You create Office 2013 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing. + +Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers. + +### Download the Office Deployment Tool + +Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation: + +1. Download the [Office Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778). + +2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved. + + Example: \\\\Server\\Office2013 + +3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified. + +### Download Office 2013 applications + +After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. After getting the Office applications, you create the Office 2013 App-V package. + +The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included. + +1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications: + + 1. Open the sample XML file in Notepad or your favorite text editor. + + 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file: + + ``` syntax + + + + + + + + + + + ``` + + **Note**   + The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. + +   + + The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    InputDescriptionExample

    Add element

    Specifies the products and languages to include in the package.

    N/A

    OfficeClientEdition (attribute of Add element)

    Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.

    OfficeClientEdition="32"

    +

    OfficeClientEdition="64"

    Product element

    Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.

    Product ID ="O365ProPlusRetail "

    +

    Product ID ="VisioProRetail"

    +

    Product ID ="ProjectProRetail"

    +

    Product ID ="ProPlusVolume"

    +

    Product ID ="VisioProVolume"

    +

    Product ID = "ProjectProVolume"

    Language element

    Specifies the language supported in the applications

    Language ID="en-us"

    Version (attribute of Add element)

    Optional. Specifies a build to use for the package

    +

    Defaults to latest advertised build (as defined in v32.CAB at the Office source).

    15.1.2.3

    SourcePath (attribute of Add element)

    Specifies the location in which the applications will be saved to.

    Sourcepath = "\\Server\Office2013”

    + +   + + After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml. + +2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details: + + ``` syntax + \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml + ``` + + In the example: + + + + + + + + + + + + + + + + + + + + + + + + +

    \\server\Office2013

    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

    Setup.exe

    is the Office Deployment Tool.

    /download

    downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.

    \\server\Office2013\Customconfig.xml

    passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2013.

    + +   + +### Convert the Office applications into an App-V package + +After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. Complete the steps that correspond to your licensing model. + +**Summary of what you’ll need to do:** + +- Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers. + +- Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file. + + The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    Product IDVolume LicensingSubscription Licensing

    Office 2013

    ProPlusVolume

    O365ProPlusRetail

    Office 2013 with Visio 2013

    ProPlusVolume

    +

    VisioProVolume

    O365ProPlusRetail

    +

    VisioProRetail

    Office 2013 with Visio 2013 and Project 2013

    ProPlusVolume

    +

    VisioProVolume

    +

    ProjectProVolume

    O365ProPlusRetail

    +

    VisioProRetail

    +

    ProjectProRetail

    + +  + +**How to convert the Office applications into an App-V package** + +1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterWhat to change the value to

    SourcePath

    Point to the Office applications downloaded earlier.

    ProductID

    Specify the type of licensing, as shown in the following examples:

    +
      +

    • Subscription Licensing

      + 
      <Configuration>
+       <Add SourcePath= "\\server\Office 2013" OfficeClientEdition="32" >
+        <Product ID="O365ProPlusRetail">
+          <Language ID="en-us" />
+        </Product>
+        <Product ID="VisioProRetail">
+          <Language ID="en-us" />
+        </Product>
+      </Add>  
+    </Configuration>
      +

      In this example, the following changes were made to create a package with Subscription licensing:

      + + + + + + + + + + + + + + + + + + + +

      SourcePath

      is the path, which was changed to point to the Office applications that were downloaded earlier.

      Product ID

      for Office was changed to O365ProPlusRetail.

      Product ID

      for Visio was changed to VisioProRetail.

      +

       

      +

      • +

    • Volume Licensing

      + 
      <Configuration>
+       <Add SourcePath= "\\Server\Office2013" OfficeClientEdition="32" >
+        <Product ID="ProPlusVolume">
+          <Language ID="en-us" />
+        </Product>
+        <Product ID="VisioProVolume">
+          <Language ID="en-us" />
+        </Product>
+      </Add>  
+    </Configuration>
      +

      In this example, the following changes were made to create a package with Volume licensing:

      + + + + + + + + + + + + + + + + + + + +

      SourcePath

      is the path, which was changed to point to the Office applications that were downloaded earlier.

      Product ID

      for Office was changed to ProPlusVolume.

      Product ID

      for Visio was changed to VisioProVolume.

      +

       

      +

      • +

    ExcludeApp (optional)

    Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.

    PACKAGEGUID (optional)

    By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.

    +

    An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.

    +
    + Note   +

    Even if you use unique package IDs, you can still deploy only one App-V package to a single device.

    +
    +
    +   +
    + +   + +2. Use the /packager command to convert the Office applications to an Office 2013 App-V package. + + For example: + + ``` syntax + \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml \\server\share\Office2013AppV + ``` + + In the example: + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    \\server\Office2013

    is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

    Setup.exe

    is the Office Deployment Tool.

    /packager

    creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.

    \\server\Office2013\Customconfig.xml

    passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.

    \\server\share\Office 2013AppV

    specifies the location of the newly created Office App-V package.

    + +   + + After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved: + + - **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files. + + - **WorkingDir** + + **Note**   + To troubleshoot any issues, see the log files in the %temp% directory (default). + +   + +3. Verify that the Office 2013 App-V package works correctly: + + 1. Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear. + + 2. Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected. + +## Publishing the Office package for App-V + + +Use the following information to publish an Office package. + +### Methods for publishing Office App-V packages + +Deploy the App-V package for Office 2013 by using the same methods you use for any other package: + +- System Center Configuration Manager + +- App-V Server + +- Stand-alone through PowerShell commands + +### Publishing prerequisites and requirements + + ++++ + + + + + + + + + + + + + + + + +
    Prerequisite or requirementDetails

    Enable PowerShell scripting on the App-V clients

    To publish Office 2013 packages, you must run a script.

    +

    Package scripts are disabled by default on App-V clients. To enable scripting, run the following PowerShell command:

    +
    Set-AppvClientConfiguration –EnablePackageScripts 1

    Publish the Office 2013 package globally

    Extension points in the Office App-V package require installation at the computer level.

    +

    When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.

    + +  + +### How to publish an Office package + +Run the following command to publish an Office package globally: + +- `Add-AppvClientPackage | Publish-AppvClientPackage –global` + +- From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group. + +## Customizing and managing Office App-V packages + + +To manage your Office App-V packages, use the same operations as you would for any other package, but there are a few exceptions, as outlined in the following sections. + +- [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins) + +- [Disabling Office 2013 applications](#bkmk-disable-office-apps) + +- [Disabling Office 2013 shortcuts](#bkmk-disable-shortcuts) + +- [Managing Office 2013 package upgrades](#bkmk-manage-office-pkg-upgrd) + +- [Managing Office 2013 licensing upgrades](#bkmk-manage-office-lic-upgrd) + +- [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project) + +### Enabling Office plug-ins by using connection groups + +Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps. + +**To enable plug-ins for Office App-V packages** + +1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet. + +2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins. + +3. Create an App-V package that includes the desired plug-ins. + +4. Add a Connection Group through App-V server, System Center Configuration Manager, or a PowerShell cmdlet. + +5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created. + + **Important**   + The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package. + +   + +6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package. + +7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2013 App-V package has. + + Since the Office 2013 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2013 App-V package you published. + +8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**. + +9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file. + +10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2013 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group. + +11. After you successfully publish both packages and enable the Connection Group, start the target Office 2013 application and verify that the plug-in you published and added to the connection group works as expected. + +### Disabling Office 2013 applications + +You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. + +**Note**   +To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](http://technet.microsoft.com/library/jj219426.aspx). + +  + +**To disable an Office 2013 application** + +1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications." + +2. Search for the Office application you want to disable, for example, Access 2013. + +3. Change the value of "Enabled" from "true" to "false." + +4. Save the Deployment Configuration File. + +5. Add the Office 2013 App-V Package with the new Deployment Configuration File. + + ``` syntax + + + InfoPath Filler 2013 + + + + + + + Lync 2013 + + + + + + + Access 2013 + + + + + ``` + +6. Re-add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. + +### Disabling Office 2013 shortcuts + +You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access. + +**To disable shortcuts for Office 2013 applications** + +1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”. + +2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. + + ``` syntax + Shortcuts + + --> + + + + + [{Common Programs}]\Microsoft Office 2013\Access 2013.lnk + [{AppvPackageRoot}])office15\MSACCESS.EXE + [{Windows}]\Installer\{90150000-000F-0000-0000-000000FF1CE)\accicons.exe.Ø.ico + + + Microsoft.Office.MSACCESS.EXE.15 + true + Build a professional app quickly to manage data. + l + [{AppVPackageRoot}]\officel5\MSACCESS.EXE + + ``` + +3. Save the Deployment Configuration File. + +4. Republish Office 2013 App-V Package with new Deployment Configuration File. + +Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document. + +### Managing Office 2013 package upgrades + +To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2013 package, perform the following steps. + +**How to upgrade a previously deployed Office 2013 package** + +1. Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage. + + **Note**   + Office App-V packages have two Version IDs: + + - An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool. + + - A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package. + +   + +2. Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast. + +3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted. + +### Managing Office 2013 licensing upgrades + +If a new Office 2013 App-V Package has a different license than the Office 2013 App-V Package currently deployed. For instance, the Office 2013 package deployed is a subscription based Office 2013 and the new Office 2013 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade: + +**How to upgrade an Office 2013 License** + +1. Unpublish the already deployed Office 2013 Subscription Licensing App-V package. + +2. Remove the unpublished Office 2013 Subscription Licensing App-V package. + +3. Restart the computer. + +4. Add the new Office 2013 App-V Package Volume Licensing. + +5. Publish the added Office 2013 App-V Package with Volume Licensing. + +An Office 2013 App-V Package with your chosen licensing will be successfully deployed. + +### Deploying Visio 2013 and Project 2013 with Office + +The following table describes the requirements and options for deploying Visio 2013 and Project 2013 with Office. + + ++++ + + + + + + + + + + + + + + + + +
    TaskDetails

    How do I package and publish Visio 2013 and Project 2013 with Office?

    You must include Visio 2013 and Project 2013 in the same package with Office.

    +

    If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the [Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0](https://technet.microsoft.com/en-us/itpro/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions#bkmk-pkg-pub-reqs).

    How can I deploy Visio 2013 and Project 2013 to specific users?

    Use one of the following methods:

    + ++++ + + + + + + + + + + + + + + + + +
    If you want to......then use this method

    Create two different packages and deploy each one to a different group of users

    Create and deploy the following packages:

    +
      +

    • A package that contains only Office - deploy to computers whose users need only Office.

      • +

    • A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.

      • +

    If you want only one package for the whole organization, or if you have users who share computers:

    Follows these steps:

    +
      +

    1. Create a package that contains Office, Visio, and Project.

      2. +

    2. Deploy the package to all users.

      3. +

    3. Use [Microsoft AppLocker](http://technet.microsoft.com/library/dd723678.aspx) to prevent specific users from using Visio and Project.

      4. +
    +

     

    + +  + +## Additional resources + + +**Office 2013 App-V Packages Additional Resources** + +[Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672) + +[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680) + +**Office 2010 App-V Packages** + +[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681) + +[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682) + +[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676) + +**Connection Groups** + +[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683) + +[Managing Connection Groups](appv-managing-connection-groups.md) + +**Dynamic Configuration** + +[About App-V Dynamic Configuration](appv-dynamic-configuration.md) + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +  + +  + + + + + diff --git a/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md new file mode 100644 index 0000000000..40d840f195 --- /dev/null +++ b/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md @@ -0,0 +1,52 @@ +--- +title: Deploying App-V Packages by Using Electronic Software Distribution (ESD) +description: Deploying App-V Packages by Using Electronic Software Distribution (ESD) +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Deploying App-V Packages by Using Electronic Software Distribution (ESD) + + +You can deploy App-V packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md). + +To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816) + +## How to deploy virtualized packages using an ESD + + +Describes the methods you can use to deploy App-V packages by using an ESD + +[How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) + +## How to Enable Only Administrators to Publish Packages by Using an ESD + + +Explains how to configure the App-V client to enable only administrators to publish and unpublish packages when you’re using an ESD. + +[How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other resources for using an ESD and App-V + + +Use the following link for more information about [App-V and Citrix Integration](http://go.microsoft.com/fwlink/?LinkId=330294 ) (http://go.microsoft.com/fwlink/?LinkId=330294). + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-deploying-the-appv-sequencer-and-client.md b/windows/manage/appv-deploying-the-appv-sequencer-and-client.md new file mode 100644 index 0000000000..19cb04b5f4 --- /dev/null +++ b/windows/manage/appv-deploying-the-appv-sequencer-and-client.md @@ -0,0 +1,97 @@ +--- +title: Deploy the App-V Sequencer and Client (Windows 10) +description: Deploying the App-V Sequencer and Client +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Deploying the App-V Sequencer and Client + +The App-V Sequencer and client enable administrators to virtualize and run virtualized applications. + +## Enable the client + + +The App-V client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and to double-click file types, so that they can start a virtualized application. The client can also obtain the virtual application content from the management server. + +> [!NOTE] +> In Windows 10, version 1607, App-V is included with the OS. You only need to enable it. + +[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) + +## Client Configuration Settings + + +The App-V client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. + +[About Client Configuration Settings](appv-client-configuration-settings.md) + +## Configure the client by using the ADMX template and Group Policy + +You can use Group Policy to configure the client settings for the App-V client and the Remote Desktop Services client. + + +Perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller. + +1. Save the **.admx** file to the following directory: **Windows \\ PolicyDefinitions** + +2. Save the **.adml** file to the following directory: **Windows \\ PolicyDefinitions \\ ** + +After you have completed the preceding steps, you can manage the App-V client configuration settings with the **Group Policy Management** console. + +The App-V client also stores its configuration in the registry. You can gather some useful information about the client if you understand the format of the data in the registry. You can also configure many client actions by changing registry entries. + +[How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md) + +## Deploy the client by using the Shared Content Store mode + +The App-V Shared Content Store (SCS) mode enables the SCS App-V clients to run virtualized applications without saving any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use the SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V client are supported with SCS mode. + +> [!IMPORTANT] +> If the App-V client is configured to run in the SCS mode, the location where the App-V packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V client in the SCS mode across the internet. + +Additionally, the SCS is not a physical location that contains virtualized packages. It is a mode that allows the App-V client to stream the required virtualized package data across the network. + +The SCS mode is helpful in the following scenarios: + +- Virtual desktop infrastructure (VDI) deployments + +- Remote Desktop Services deployments + +To use SCS in your environment, you must enable the App-V client to run in SCS mode. This setting should be specified during installation. By default, the client is not configured to use SCS mode. You should install the client by using the suggested procedure if you plan to use SCS. However, you can configure an existing App-V client to run in SCS mode by entering the following Windows PowerShell command on the computer that runs the App-V client: + +``` +set-AppvClientConfiguration -SharedContentStoreMode 1 +``` + +There might be cases when the administrator pre-loads some virtual applications on the computer that runs the App-V client in SCS mode. This can be accomplished with Windows PowerShell commands to add, publish, and mount the package. For example, if a package is pre-loaded on all computers, the administrator could add, publish, and mount the package by using Windows PowerShell commands. The package would not stream across the network because it would be locally stored. + +[How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md) + +## Deploy the Sequencer + +The Sequencer is a tool that is used to convert standard applications into virtual packages for deployment to computers that run the App-V client. The Sequencer helps provide a simple and predictable conversion process with minimal changes to prior sequencing workflows. In addition, the Sequencer allows users to more easily configure applications to enable connections of virtualized applications. + +For a list of changes in the App-V Sequencer, see [About App-V](appv-about-appv.md). + +[How to Install the Sequencer](appv-install-the-sequencer.md) + +## App-V Client and Sequencer logs + + +You can use the App-V Sequencer log information to help troubleshoot the Sequencer installation and operational events while using App-V. The Sequencer-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Sequencer-related events: + +**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**. Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**. + +## Other resources for deploying the Sequencer and client + +- [Deploying App-V](appv-deploying-appv.md) +- [Planning for App-V](appv-planning-for-appv.md) + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-deploying-the-appv-server.md b/windows/manage/appv-deploying-the-appv-server.md new file mode 100644 index 0000000000..38fa2690b4 --- /dev/null +++ b/windows/manage/appv-deploying-the-appv-server.md @@ -0,0 +1,104 @@ +--- +title: Deploying the App-V Server (Windows 10) +description: Deploying the App-V Server +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Deploying the App-V Server + +You can install the App-V server features by using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V Security Considerations](appv-security-considerations.md). + +For information about deploying the App-V Server, see [About App-V](appv-about-appv.md). + +> [!IMPORTANT] +> Before you install and configure the App-V servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings. + +## Download and install App-V Server components + +App-V offers the following five server components, each of which serves a specific purpose in an App-V environment. All five server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from the [Microsoft Developer Network (MSDN) subscription site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download MDOP. + +- **Management server**. Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server. + + **Note**: If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you can still take advantage of the reporting and streaming capabilities in App-V. + +- **Management database**. Use the App-V management database to facilitate database pre-deployments for App-V management. See [How to deploy the App-V server components](appv-deploy-the-appv-server.md) for more information about the management database. + +- **Publishing server**. Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. See [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md) for more information about configuring the publishing server. + +- **Reporting server**. Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. See [About App-V reporting](appv-reporting.md) for more information about the reporting capabilities in App-V. + +- **Reporting database**. Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. See [How to deploy the App-V server](appv-deploy-the-appv-server.md) for more information about the reporting database. + +In large organizations, you might want to install more than one instance of the server components to get: + +- Fault tolerance for situations when one of the servers is unavailable. + +- High availability to balance server requests. We recommend using a network load balancer to achieve this. + +- Scalability to support a high load. For example, you can install additional servers behind a network load balancer. + +## App-V standalone deployment + + +The App-V standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are deployed to a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. Therefore, you should not use this topology for larger deployments. + +- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) +- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md) + +## App-V Server distributed deployment + +The distributed deployment topology can support a large App-V client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V Server components are deployed across multiple computers, based on the structure and requirements of the organization. + +- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md) +- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md) +- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md) +- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md) +- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md) + +## Using an Enterprise Software Distribution (ESD) solution and App-V + +You can also deploy the App-V clients and packages by using an ESD without having to deploy App-V. The full capabilities for integration will vary depending on the ESD that you use. + +> [!NOTE] +> The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality. + +[Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md) + +## App-V Server logs + +You can use App-V server log information to help troubleshoot the server installation and operational events while using App-V. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events: + +**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V** + +Associated setup logs are saved in the following directory: + +**%temp%** + +## App-V reporting + +App-V reporting allows App-V clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V client collects: + +- Information about the computer that runs the App-V client. + +- Information about virtualized packages on a specific computer that runs the App-V client. + +- Information about package open and shutdown for a specific user. + +The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports. + +If you want to retrieve report information, you must use Microsoft SQL Server Reporting Services (SSRS) which is available with Microsoft SQL. SSRS is not installed when you install the App-V reporting server and it must be deployed separately to generate the associated reports. + + +For more information, see [About App-V Reporting](appv-reporting.md) and [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md). + +## Other resources for the App-V server + +- [Deploying App-V](appv-deploying-appv.md) + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-deployment-checklist.md b/windows/manage/appv-deployment-checklist.md new file mode 100644 index 0000000000..2def234fd2 --- /dev/null +++ b/windows/manage/appv-deployment-checklist.md @@ -0,0 +1,76 @@ +--- +title: App-V Deployment Checklist (Windows 10) +description: App-V Deployment Checklist +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# App-V Deployment Checklist + + +This checklist can be used to help you during an App-V deployment. + +> [!NOTE] +> This checklist outlines the recommended steps and a high-level list of items to consider when deploying App-V features. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TaskReferencesNotes
    Checklist box

    Complete the planning phase to prepare the computing environment for App-V deployment.

    [App-V Planning Checklist](appv-planning-checklist.md)

    Checklist box

    Review the App-V supported configurations information to make sure selected client and server computers are supported for App-V feature installation.

    [App-V Supported Configurations](appv-supported-configurations.md)

    Checklist box

    Run App-V Setup to deploy the required App-V features for your environment.

    +
    +Note   +

    Keep track of the names of the servers and associated URLs created during installation. This information will be used throughout the installation process.

    +
    +
    +  +

    +
      +

    • [How to Install the Sequencer](appv-install-the-sequencer.md)

      • +

    • [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)

      • +

    • [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)

      • +

    + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +[Deploying App-V](appv-deploying-appv.md) diff --git a/windows/manage/appv-dynamic-configuration.md b/windows/manage/appv-dynamic-configuration.md new file mode 100644 index 0000000000..9f39eb5a86 --- /dev/null +++ b/windows/manage/appv-dynamic-configuration.md @@ -0,0 +1,742 @@ +--- +title: About App-V Dynamic Configuration (Windows 10) +description: About App-V Dynamic Configuration +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# About App-V Dynamic Configuration + +You can use the dynamic configuration to customize an App-V package for a user. Use the following information to create or edit an existing dynamic configuration file. + +When you edit the dynamic configuration file it customizes how an App-V package will run for a user or group. This helps to provide a more convenient method for package customization by removing the need to re-sequence packages using the desired settings, and provides a way to keep package content and custom settings independent. + +## Advanced: Dynamic Configuration + + +Virtual application packages contain a manifest that provides all the core information for the package. This information includes the defaults for the package settings and determines settings in the most basic form (with no additional customization). If you want to adjust these defaults for a particular user or group, you can create and edit the following files: + +- User Configuration file + +- Deployment configuration file + +The previous .xml files specify package settings and allow for packages to be customized without directly affecting the packages. When a package is created, the sequencer automatically generates default deployment and user configuration .xml files using the package manifest data. Therefore, these automatically generated configuration files simply reflect the default settings that the package innately as from how things were configured during sequencing. If you apply these configuration files to a package in the form generated by the sequencer, the packages will have the same default settings that came from their manifest. This provides you with a package-specific template to get started if any of the defaults must be changed. + +**Note**   +The following information can only be used to modify sequencer generated configuration files to customize packages to meet specific user or group requirements. + +  + +### Dynamic Configuration file contents + +All of the additions, deletions, and updates in the configuration files need to be made in relation to the default values specified by the package's manifest information. Review the following table: + + +++ + + + + + + + + + + + +

    User Configuration .xml file

    Deployment Configuration .xml file

    Package Manifest

    + +  + +The previous table represents how the files will be read. The first entry represents what will be read last, therefore, its content takes precedence. Therefore, all packages inherently contain and provide default settings from the package manifest. If a deployment configuration .xml file with customized settings is applied, it will override the package manifest defaults. If a user configuration .xml file with customized settings is applied prior to that, it will override both the deployment configuration and the package manifest defaults. + +The following list displays more information about the two file types: + +- **User Configuration File (UserConfig)** – Allows you to specify or modify custom settings for a package. These settings will be applied for a specific user when the package is deployed to a computer running the App-V client. + +- **Deployment Configuration File (DeploymentConfig)** – Allows you to specify or modify the default settings for a package. These settings will be applied for all users when a package is deployed to a computer running the App-V client. + +To customize the settings for a package for a specific set of users on a computer or to make changes that will be applied to local user locations such as HKCU, the UserConfig file should be used. To modify the default settings of a package for all users on a machine or to make changes that will be applied to global locations such as HKEY\_LOCAL\_MACHINE and the all users folder, the DeploymentConfig file should be used. + +The UserConfig file provides configuration settings that can be applied to a single user without affecting any other users on a client: + +- Extensions that will be integrated into the native system per user:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM + +- Virtual Subsystems:- Application Objects, Environment variables, Registry modifications, Services and Fonts + +- Scripts (User context only) + +The DeploymentConfig file provides configuration settings in two sections, one relative to the machine context and one relative to the user context providing the same capabilities listed in the UserConfig list above: + +- All UserConfig settings above + +- Extensions that can only be applied globally for all users + +- Virtual Subsystems that can be configured for global machine locations e.g. registry + +- Product Source URL + +- Scripts (Machine context only) + +- Controls to Terminate Child Processes + +### File structure + +The structure of the App-V Dynamic Configuration file is explained in the following section. + +### Dynamic User Configuration file + +**Header** - the header of a dynamic user configuration file is as follows: + +``` + + +``` + +The **PackageId** is the same value as exists in the Manifest file. + +**Body** - the body of the Dynamic User Configuration file can include all the app extension points that are defined in the Manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body: + +**Applications** - All app-extensions that are contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored. + +``` + + + + + + + … + +``` + +**Subsystems** - AppExtensions and other subsystems are arranged as subnodes under the : + +``` + + + .. + + .. + +``` + +Each subsystem can be enabled/disabled using the “**Enabled**” attribute. Below are the various subsystems and usage samples. + +**Extensions:** + +Some subsystems (Extension Subsystems) control Extensions. Those subsystems are:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM + +Extension Subsystems can be enabled and disabled independently of the content.  Thus if Shortcuts are enabled, The client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file. + +Example using the shortcuts subsystem: + +**Example 1**
    If the user defined this in either the dynamic or deployment config file: + +``` +                               +                                           +                                   +``` + +Content in the manifest will be ignored.    + +**Example 2**
    If the user defined only the following: + +                             `` + +Then the content in the Manifest will be integrated during publishing. + +**Example 3**
    If the user defines the following + +``` +                            +                                           +                               +``` + +Then all the shortcuts within the manifest will still be ignored. There will be no shortcuts integrated. + +The supported Extension Subsystems are: + +**Shortcuts:** This controls shortcuts that will be integrated into the local system. Below is a sample with 2 shortcuts: + +``` + + +   +     +       +         \[{Common Programs}\]\\Microsoft Contoso\\Microsoft ContosoApp Filler 2010.lnk +         \[{PackageRoot}\]\\Contoso\\ContosoApp.EXE +         \[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\inficon.exe +          +          +         ContosoApp.Filler.3 +         Fill out dynamic forms to gather and reuse information throughout the organization using Microsoft ContosoApp. +         0 +         1 +         \[{PackageRoot}\]\\Contoso\\ContosoApp.EXE +        +   +   +      +       \[{AppData}\]\\Microsoft\\Contoso\\Recent\\Templates.LNK +       \[{AppData}\]\\Microsoft\\Templates +        +        +        +        +        +       0 +       1 +        +      +   +   + +``` + +**File-Type Associations:** Associates File-types with programs to open by default as well as setup the context menu. (MIME types can also be setup using this susbsystem). Sample File-type Association is below: + +``` + + + + + + .docm + contosowordpad.DocumentMacroEnabled.12 + document + application/vnd.ms-contosowordpad.document.macroEnabled.12 + + wincontosowordpad.exe + + + contosowordpad.8 + + + + + + + true + + + + + + + + contosowordpad.DocumentMacroEnabled.12 + \[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\contosowordpadicon.exe,15 + Blah Blah Blah + \[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,9182 + \[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,1424 + 0 + + Open + + {e56fa627-c35f-4a01-9e79-7d36aed8225a} + Edit + &Edit + "\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /vu "%1" + + + {e56fa627-c35f-4a01-9e79-7d36aed8225a} + Open + &Open + "\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /n "%1" + + + mscontosowordpad + ShellSystem + \[SHELLNOOP\] + \[SetForeground\]\[ShellNewDatabase "%1"\] + + + + + + + + +``` + +**URL Protocols**: This controls the URL Protocols that are integrated into the local registry of the client machine e.g. “mailto:”. + +``` + + + + +   mailto +    +   \[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE,-9403 +   2 +   +   +   +   + +   +   +   2 +   +    +   open +    +   \[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE +   open +   \[{ProgramFilesX86}\\Microsoft Contoso\\Contoso\\contosomail.EXE" -c OEP.Note /m "%1" +   +   +   0 +   0 +   2 +     +   +   contosomail +   ShellSystem +   \[SHELLNOOP\] +   \[SetForeground\]\[ShellNewDatabase "%1"\] +   +   +   +   +   +   +   +   +``` + +**Software Clients**: Allows the app to register as an Email client, news reader, media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client. + +``` + +   + +``` + +**AppPaths**: If an application for example contoso.exe is registered with an apppath name of “myapp”, it allows you type “myapp” under the run menu and it will open contoso.exe. + +``` + + + + +   \[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE +   contosomail.exe +   \[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE +   +   false +   + + + + +``` + +**COM**: Allows an Application register Local COM servers. Mode can be Integration, Isolated or Off. When Isol. + +` ` + +**Other Settings**: + +In addition to Extensions, other subsystems can be enabled/disabled and edited: + +**Virtual Kernel Objects**: + +` ` + +**Virtual Registry**: Used if you want to set a registry in the Virtual Registry within HKCU + +``` + + + + +   +   +   + +   +``` + +**Virtual File System** + +`       ` + +**Virtual Fonts** + +`       ` + +**Virtual Environment Variables** + +``` + + +         +         +         +        +         +          +          +``` + +**Virtual services** + +`       ` + +**UserScripts** – Scripts can be used to setup or alter the virtual environment as well as execute scripts at time of deployment or removal, before an application executes, or they can be used to “clean up” the environment after the application terminates. Please reference a sample User configuration file that is output by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used. + +### Dynamic Deployment Configuration file + +**Header** - The header of a Deployment Configuration file is as follows: + +``` + +``` + +The **PackageId** is the same value as exists in the manifest file. + +**Body** - The body of the deployment configuration file includes two sections: + +- User Configuration section –allows the same content as the User Configuration file described in the previous section. When the package is published to a user, any appextensions configuration settings in this section will override corresponding settings in the Manifest within the package unless a user configuration file is also provided. If a UserConfig file is also provided, it will be used instead of the User settings in the deployment configuration file. If the package is published globally, then only the contents of the deployment configuration file will be used in combination with the manifest. + +- Machine Configuration section–contains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS. + +``` + + +  .. + + +.. + +.. +     + +``` + +**User Configuration** - use the previous **Dynamic User Configuration file** section for information on settings that are provided in the user configuration section of the Deployment Configuration file. + +Machine Configuration - the Machine configuration section of the Deployment Configuration File is used to configure information that can be set only for an entire machine, not for a specific user on the computer. For example, HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. There are four subsections allowed in under this element + +1. **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under : + +``` + +   +   .. +   + .. + +``` + +The following section displays the various subsystems and usage samples. + +**Extensions**: + +Some subsystems (Extension Subsystems) control Extensions which can only apply to all users. The subsystem is application capabilities. Because this can only apply to all users, the package must be published globally in order for this type of extension to be integrated into the local system. The same rules for controls and settings that apply to the Extensions in the User Configuration also apply to those in the MachineConfiguration section. + +**Application Capabilities**: Used by default programs in windows operating system Interface. Allows an application to register itself as capable of opening certain file extensions, as a contender for the start menu internet browser slot, as capable of opening certain windows MIME types.  This extension also makes the virtual application visible in the Set Default Programs UI.: + +``` + +   +     +      +      \[{PackageRoot}\]\\LitView\\LitViewBrowser.exe +       +       LitView Browser +       SOFTWARE\\LitView\\Browser\\Capabilities +       +     +      +      @\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12345 +      @\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12346 +      0 +      Lit View E-Mail Client +       +        +        +        +       +       +        +        +       +      +        +       +       +    +     +   + + +``` + +**Other Settings**: + +In addition to Extensions, other subsystems can be edited: + +**Machine Wide Virtual Registry**: Used when you want to set a registry key in the virtual registry within HKEY\_Local\_Machine + +``` + + +   +      +     +   +   + + +``` + +**Machine Wide Virtual Kernel Objects** + +``` + + +     +   + +``` + +**ProductSourceURLOptOut**: Indicates whether the URL for the package can be modified globally through PackageSourceRoot (to support branch office scenarios). Default is false and the setting change takes effect on the next launch. + +``` + +   ..  +    +   .. + +``` + +**MachineScripts** – Package can be configured to execute scripts at time of deployment, publishing or removal. Please reference a sample deployment configuration file that is generated by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used + +**TerminateChildProcess**:- An application executable can be specified, whose child processes will be terminated when the application exe process is terminated. + +``` + +   ..    +    +      +      +      +    +   .. + +``` + +### Scripts + +The following table describes the various script events and the context under which they can be run. + + ++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Script Execution TimeCan be specified in Deployment ConfigurationCan be specified in User ConfigurationCan run in the Virtual Environment of the packageCan be run in the context of a specific applicationRuns in system/user context: (Deployment Configuration, User Configuration)

    AddPackage

    X

    (SYSTEM, N/A)

    PublishPackage

    X

    X

    (SYSTEM, User)

    UnpublishPackage

    X

    X

    (SYSTEM, User)

    RemovePackage

    X

    (SYSTEM, N/A)

    StartProcess

    X

    X

    X

    X

    (User, User)

    ExitProcess

    X

    X

    X

    (User, User)

    StartVirtualEnvironment

    X

    X

    X

    (User, User)

    TerminateVirtualEnvironment

    X

    X

    (User, User)

    + +  + +### Using multiple scripts on a single event trigger + +App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V for Windows 10. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is installed as part of the App-V client installation. + +**How to use multiple scripts on a single event trigger:** + +For each script that you want to run, pass that script as an argument to the ScriptRunner.exe application. The application then runs each script separately, along with the arguments that you specify for each script. Use only one script (ScriptRunner.exe) per trigger. + +**Note**   +We recommended that you run the multi-script line from a command prompt first to make sure that all arguments are built correctly before adding them to the deployment configuration file. + +  + +**Example script and parameter descriptions** + +Using the following example file and table, modify the deployment or user configuration file to add the scripts that you want to run. + +``` syntax + + + ScriptRunner.exe + + -appvscript script1.exe arg1 arg2 –appvscriptrunnerparameters –wait –timeout=10 + -appvscript script2.vbs arg1 arg2 + -appvscript script3.bat arg1 arg2 –appvscriptrunnerparameters –wait –timeout=30 –rollbackonerror + + + + +``` + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    Parameter in the example fileDescription

    Name of the event trigger for which you are running a script, such as adding a package or publishing a package.

    ScriptRunner.exe

    The script launcher application that is installed as part of the App-V client installation.

    +
    +Note   +

    Although ScriptRunner.exe is installed as part of the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.

    +
    +
    +  +
    
+-appvscript script1.exe arg1 arg2 –appvscriptrunnerparameters –wait –timeout=10
+
+-appvscript script2.vbs arg1 arg2
+
+-appvscript script3.bat arg1 arg2 –appvscriptrunnerparameters –wait –timeout=30 -rollbackonerror
+

    -appvscript - Token that represents the actual script that you want to run.

    +

    script1.exe – Name of the script that you want to run.

    +

    arg1 arg2 – Arguments for the script that you want to run.

    +

    -appvscriptrunnerparameters – Token that represents the execution options for script1.exe

    +

    -wait – Token that informs ScriptRunner to wait for execution of script1.exe to complete before proceeding to the next script.

    +

    -timeout=x – Token that informs ScriptRunner to stop running the current script after x number of seconds. All other specified scripts will still run.

    +

    -rollbackonerror – Token that informs ScriptRunner to stop running all scripts that haven't yet run and to roll back an error to the App-V client.

    Waits for overall completion of ScriptRunner.exe.

    +

    Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts.

    +

    If any individual script reported an error and rollbackonerror was set to true, then ScriptRunner would report the error to App-V client.

    + +  + +ScriptRunner will run any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the script’s file type is not associated with any application on the computer, the script will not run. + +### Create a Dynamic Configuration file using an App-V Manifest file + +You can create the Dynamic Configuration file using one of three methods: either manually, using the App-V Management Console or sequencing a package, which will be generated with 2 sample files. + +For more information about how to create the file using the App-V Management Console see, [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md). + +To create the file manually, the information above in previous sections can be combined into a single file. We recommend you use files generated by the sequencer. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +[How to Apply the Deployment Configuration File by Using PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md) + +[How to Apply the User Configuration File by Using PowerShell](appv-apply-the-user-configuration-file-with-powershell.md) + +[Operations for App-V](appv-operations.md) diff --git a/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md new file mode 100644 index 0000000000..bf8851078f --- /dev/null +++ b/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md @@ -0,0 +1,36 @@ +--- +title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10) +description: How to Enable Only Administrators to Publish Packages by Using an ESD +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Enable Only Administrators to Publish Packages by Using an ESD + + +Starting in App-V 5.0 SP3, you can configure the App-V client so that only administrators (not end users) can publish or unpublish packages. In earlier versions of App-V, you could not prevent end users from performing these tasks. + +**To enable only administrators to publish or unpublish packages** + +1. Navigate to the following Group Policy Object node: + + **Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing**. + +2. Enable the **Require publish as administrator** Group Policy setting. + + To alternatively use PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs). + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +  + +  + + + + + diff --git a/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md new file mode 100644 index 0000000000..7451d59112 --- /dev/null +++ b/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md @@ -0,0 +1,87 @@ +--- +title: How to Enable Reporting on the App-V Client by Using PowerShell (Windows 10) +description: How to Enable Reporting on the App-V Client by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Enable Reporting on the App-V Client by Using PowerShell + + +Use the following procedure to configure the App-V for reporting. + +**To configure the computer running the App-V client for reporting** + +1. Enable the App-V client. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). + +2. After you have enabled the App-V client, use the **Set-AppvClientConfiguration** PowerShell to configure appropriate Reporting Configuration settings: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    SettingDescription

    ReportingEnabled

    Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.

    ReportingServerURL

    Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>.

    +
    + Note   +

    This is the port number that was assigned during the Reporting Server setup

    +
    +
    +   +

    Reporting Start Time

    This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.

    ReportingRandomDelay

    Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.

    ReportingInterval

    Specifies the retry interval that the client will use to resend data to the reporting server.

    ReportingDataCacheLimit

    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.

    ReportingDataBlockSize

    Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.

    + +   + +3. After the appropriate settings have been configured, the computer running the App-V client will automatically collect data and will send the data back to the reporting server. + + Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet. + + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md) diff --git a/windows/manage/appv-enable-the-app-v-desktop-client.md b/windows/manage/appv-enable-the-app-v-desktop-client.md new file mode 100644 index 0000000000..fe8bc4ffdc --- /dev/null +++ b/windows/manage/appv-enable-the-app-v-desktop-client.md @@ -0,0 +1,41 @@ +--- +title: Enable the App-V desktop client (Windows 10) +description: Enable the App-V desktop client +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Enable the App-V desktop client + +The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server. + +With Windows 10, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell. + +**To enable the App-V client with Group Policy:** + +1. Open the device’s **Local Group Policy Editor**. + +2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**. + +3. Run **Enables App-V Client** and then select **Enabled** on the screen that appears. + +4. Restart the device. + +**To enable the App-V client with Windows PowerShell:** + +1. Open Windows PowerShell. + +2. Type `Enable-Appv` and press Enter. + +3. Restart the device. + +4. To verify that the App-V client is enabled on the device, enter **AppvClientEnabled** or **Get-AppvStatus** in Windows PowerShell. + +See [Using the client management console](appv-using-the-client-management-console.md) for information about configuring the App-V client. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). \ No newline at end of file diff --git a/windows/manage/appv-evaluating-appv.md b/windows/manage/appv-evaluating-appv.md new file mode 100644 index 0000000000..20d2eba290 --- /dev/null +++ b/windows/manage/appv-evaluating-appv.md @@ -0,0 +1,51 @@ +--- +title: Evaluating App-V (Windows 10) +description: Evaluating App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Evaluating App-V + + +Before you deploy pp-V into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up App-V in a lab environment for evaluation purposes only. + +## Configure lab computers for App-V Evaluation + +Use the following link for information about setting up the App-V sequencer on a computer in your lab environment. + +### Installing the App-V Sequencer and Creating Packages + +Use the following links for information about setting up the App-V sequencer and creating packages in your lab environment. + +- [How to Install the Sequencer](appv-install-the-sequencer.md) + +- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md) + +### Configuring the App-V Server + +Use the following links for information about setting up the App-V server in your lab environment. + +- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) + +- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md) + +### Installing the App-V Client + +Use the following link for more information about creating and managing virtualized packages in your lab environment. + +- [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) + +- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Getting Started with App-V](appv-getting-started.md) diff --git a/windows/manage/appv-for-windows.md b/windows/manage/appv-for-windows.md new file mode 100644 index 0000000000..d127094cb6 --- /dev/null +++ b/windows/manage/appv-for-windows.md @@ -0,0 +1,62 @@ +--- +title: Application Virtualization (App-V) (Windows 10) +description: Application Virtualization (App-V) +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Application Virtualization (App-V) for Windows 10 overview + + +The topics in this section provides information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users. + +[Getting Started with App-V](appv-getting-started.md) + +- [About App-V](appv-about-appv.md) +- [Evaluating App-V](appv-evaluating-appv.md) +- [High Level Architecture for App-V](appv-high-level-architecture.md) +- [Accessibility for App-V](appv-accessibility.md) + +[Planning for App-V](appv-planning-for-appv.md) + +- [Preparing Your Environment for App-V](appv-preparing-your-environment.md) +- [App-V Prerequisites](appv-prerequisites.md) +- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md) +- [App-V Supported Configurations](appv-supported-configurations.md) +- [App-V Planning Checklist](appv-planning-checklist.md) + +[Deploying App-V](appv-deploying-appv.md) + +- [Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md) +- [Deploying the App-V Server](appv-deploying-the-appv-server.md) +- [App-V Deployment Checklist](appv-deployment-checklist.md) +- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md) +- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md) + +[Operations for App-V](appv-operations.md) + +- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md) +- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md) +- [Managing Connection Groups](appv-managing-connection-groups.md) +- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md) +- [Using the App-V Client Management Console](appv-using-the-client-management-console.md) +- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) +- [Maintaining App-V](appv-maintaining-appv.md) +- [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md) + +[Troubleshooting App-V](appv-troubleshooting.md) + +[Technical Reference for App-V](appv-technical-reference.md) + +- [Performance Guidance for Application Virtualization](appv-performance-guidance.md) +- [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) +- [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md) +- [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md) + +### Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-getting-started.md b/windows/manage/appv-getting-started.md new file mode 100644 index 0000000000..d7914a115d --- /dev/null +++ b/windows/manage/appv-getting-started.md @@ -0,0 +1,77 @@ +--- +title: Getting Started with App-V (Windows 10) +description: Getting Started with App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Getting Started with App-V + +Microsoft Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally. + +With the release of Windows 10, version 1607, App-V is included with the [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md). + +If you’re already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md). + +Important: You can migrate your existing App-V installation to Windows 10 from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade to Windows 10. + +For information about previous versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index). + +## Getting started with App-V for Windows 10 (new installations) + +To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table provides information about the App-V for Windows 10 components and where to find them. + + + +| Component | What it does | Where to find it | +|------------|--|------| +| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For information about the server components, see [Deploying the App-V Server](#_Deploying_the_App-V). | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215).
    You must have a MSDN subscription to download the MDOP ISO package.
    See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components. | +| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10.
    For information about enabling the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). | +| App-V Sequencer | Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must be running the App-V client to allow users to interact with virtual applications. | Installed with the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK). | + +For more information about these elements, see [High Level Architecture for App-V](appv-high-level-architecture.md). + +If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For information about Microsoft training opportunities, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx). + +## Getting started with App-V + + +- [About App-V](appv-about-appv.md) + + Provides a high-level overview of App-V and how it can be used in your organization. + +- [Evaluating App-V](appv-evaluating-appv.md) + + Provides information about how you can best evaluate App-V for use in your organization. + +- [High Level Architecture for App-V](appv-high-level-architecture.md) + + Provides a description of the App-V features and how they work together. + +- [Accessibility for App-V](appv-accessibility.md) + + Provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. + +## Other resources for this product + + +- [Application Virtualization (App-V) overview](appv-for-windows.md) + +- [Planning for App-V](appv-planning-for-appv.md) + +- [Deploying App-V](appv-deploying-appv.md) + +- [Operations for App-V](appv-operations.md) + +- [Troubleshooting App-V](appv-troubleshooting.md) + +- [Technical Reference for App-V](appv-technical-reference.md) + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + diff --git a/windows/manage/appv-high-level-architecture.md b/windows/manage/appv-high-level-architecture.md new file mode 100644 index 0000000000..396b92d811 --- /dev/null +++ b/windows/manage/appv-high-level-architecture.md @@ -0,0 +1,82 @@ +--- +title: High Level Architecture for App-V (Windows 10) +description: High Level Architecture for App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# High Level Architecture for App-V + + +Use the following information to help you simplify you Microsoft Application Virtualization (App-V) deployment. + +## Architecture Overview + + +A typical App-V implementation consists of the following elements. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    ElementMore information

    App-V Management Server

    The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:

    +
      +

    • Fault Tolerance and High Availability – Installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline.

      +

      You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, a network load balancer should also be considered so that server requests are balanced.

      • +

    • Scalability – You can add additional management servers as necessary to support a high load, for example you can install multiple servers behind a load balancer.

      • +

    App-V Publishing Server

    The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports the following protocols:

    +
      +

    • HTTP, and HTTPS

      • +
    +

    You can also help increase App-V availability by installing the Publishing server on multiple computers. A network load balancer should also be considered so that server requests are balanced.

    App-V Reporting Server

    The App-V Reporting server enables authorized users to run and view existing App-V reports and ad hoc reports that can help them manage the App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. A network load balancer should also be considered so that server requests are balanced.

    App-V Client

    The App-V client enables packages created using App-V to run on target computers.

    + + +**Note**   +If you are using App-V with Electronic Software Distribution (ESD) you are not required to use the App-V Management server. However, you can still utilize the reporting and streaming functionality of App-V. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Getting Started with App-V](appv-getting-started.md) + +  + +  + + + + + diff --git a/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md b/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md new file mode 100644 index 0000000000..fb6da496d4 --- /dev/null +++ b/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md @@ -0,0 +1,29 @@ +--- +title: How to Install the App-V Client for Shared Content Store Mode (Windows 10) +description: How to Install the App-V Client for Shared Content Store Mode +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Install the App-V Client for Shared Content Store Mode + + +Use the following procedure to install the Microsoft Application Virtualization (App-V) client so that it uses the App-V Shared Content Store (SCS) mode. You should ensure that all required prerequisites are installed on the computer you plan to install to. Use the following link to see [App-V Prerequisites](appv-prerequisites.md). + +**Enable the App-V client for SCS mode** + +1. In the Group Policy Management Console, navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Streaming**. + +2. Enable the **Set the Shared Content Mode (SCS) mode** setting. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Deploying the App-V Sequencer and Client](appv-deploying-the-appv-sequencer-and-client.md) diff --git a/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md new file mode 100644 index 0000000000..7bb1ffa822 --- /dev/null +++ b/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md @@ -0,0 +1,390 @@ +--- +title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell (Windows 10) +description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell + + +Use the following PowerShell procedure to convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by Microsoft SQL Server when running SQL scripts. + +Before attempting this procedure, you should read and understand the information and examples displayed in the following list: + +- **.INPUTS** – The account or accounts used to convert to SID format. This can be a single account name or an array of account names. + +- **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats. + +- **Examples** - + + **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List**. + + **$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")** + + **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200** + + \#> + +**To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)** + +1. Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**. + +2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. + + ``` syntax + <# + ``` + + ``` syntax + .SYNOPSIS + ``` + + ``` syntax + This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats. + ``` + + ``` syntax + .DESCRIPTION + ``` + + ``` syntax + This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts. + ``` + + ``` syntax + .INPUTS + ``` + + ``` syntax + The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below. + ``` + + ``` syntax + .OUTPUTS + ``` + + ``` syntax + A list of account names with the corresponding SID in standard and hexadecimal formats + ``` + + ``` syntax + .EXAMPLE + ``` + + ``` syntax + .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List + ``` + + ``` syntax + .EXAMPLE + ``` + + ``` syntax + $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2") + ``` + + ``` syntax + .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200 + ``` + + ``` syntax +#> + ``` + + ``` syntax + ``` + + []() + + []() + + ``` syntax + function ConvertSIDToHexFormat + ``` + + { + +    param(\[System.Security.Principal.SecurityIdentifier\]$sidToConvert) + + ``` syntax + ``` + + ``` syntax +    $sb = New-Object System.Text.StringBuilder + ``` + + ``` syntax +     [int] $binLength = $sidToConvert.BinaryLength + ``` + + ``` syntax +     [Byte[]] $byteArray = New-Object Byte[] $binLength + ``` + + ``` syntax +    $sidToConvert.GetBinaryForm($byteArray, 0) + ``` + + ``` syntax +    foreach($byte in $byteArray) + ``` + + ``` syntax +    { + ``` + + ``` syntax +    $sb.Append($byte.ToString("X2")) |Out-Null + ``` + + ``` syntax +    } + ``` + + ``` syntax +    return $sb.ToString() + ``` + + ``` syntax + } + ``` + + ``` syntax + [string[]]$myArgs = $args + ``` + + ``` syntax + if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0)) + ``` + + { + + ``` syntax + [string]::Format("{0}====== Description ======{0}{0}" + + ``` + + ``` syntax + "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" + + ``` + + ``` syntax +                "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" + + ``` + + ``` syntax +                "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" + + ``` + + ``` syntax +                "  And can be written out to a file using standard PowerShell redirection{0}" + + ``` + + ``` syntax +                "  Please specify user accounts in the format 'DOMAIN\username'{0}" + + ``` + + ``` syntax +                "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" + + ``` + + ``` syntax +                "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + + ``` + + ``` syntax +                "{0}====== Arguments ======{0}" + + ``` + + ``` syntax +                "{0}  /?    Show this help message", [Environment]::NewLine) + ``` + + ``` syntax + { + ``` + + ``` syntax + else + ``` + + ``` syntax + {  +     #If an array was passed in, try to split it + ``` + + ``` syntax +     if($myArgs.Length -eq 1) + ``` + + ``` syntax +     { + ``` + + ``` syntax +         $myArgs = $myArgs.Split(' ') + ``` + + ``` syntax +     } + ``` + + ``` syntax + +     #Parse the arguments for account names + ``` + + ``` syntax +     foreach($accountName in $myArgs) + ``` + + ``` syntax +     {    + ``` + + ``` syntax +         [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject + ``` + + ``` syntax +         if($splitString.Length -ne 2) + ``` + + ``` syntax +         { + ``` + + ``` syntax +             $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName) + ``` + + ``` syntax +             Write-Error -Message $message + ``` + + ``` syntax +             continue + ``` + + ``` syntax +         } + ``` + + ``` syntax +         + ``` + + ``` syntax +         #Convert any account names to SIDs + ``` + + ``` syntax +         try + ``` + + ``` syntax +         { + ``` + + ``` syntax +             [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1]) + ``` + + ``` syntax +             [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier])) + ``` + + ``` syntax +         } + ``` + + ``` syntax +         catch [System.Security.Principal.IdentityNotMappedException] + ``` + + ``` syntax +         { + ``` + + ``` syntax +             $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString()) + ``` + + ``` syntax +             Write-Error -Message $message + ``` + + ``` syntax +             continue + ``` + + ``` syntax +         } + ``` + + ``` syntax + +         #Convert regular SID to binary format used by SQL + ``` + + ``` syntax +         $hexSIDString = ConvertSIDToHexFormat $SID + ``` + + ``` syntax +         +         $SIDs = New-Object PSObject + ``` + + ``` syntax +         $SIDs | Add-Member NoteProperty Account $accountName + ``` + + ``` syntax +         $SIDs | Add-Member NoteProperty SID $SID.ToString() + ``` + + ``` syntax +         $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString + ``` + + ``` syntax + +         Write-Output $SIDs + ``` + + ``` syntax +     } + ``` + + ``` syntax + } + ``` + +3. Run the script you saved in step one of this procedure passing the accounts to convert as arguments. + + For example, + + **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")** + + **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”** + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md) + +  + +  + + + + + diff --git a/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md new file mode 100644 index 0000000000..f9978a7b46 --- /dev/null +++ b/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md @@ -0,0 +1,117 @@ +--- +title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services (Windows 10) +description: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services + + +Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail. + +**Note**   +After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases. + +  + +**To install the management database and the management server on separate computers** + +1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. + +2. On the **Getting Started** page, review and accept the license terms, and click **Next**. + +3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. + +4. On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**. + +5. On the **Installation Location** page, accept the default location and click **Next**. + +6. On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**. + + If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance. + + If you are using a custom database name, then select **Custom configuration** and type the database name. + +7. On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**. + + **Note**   + If you plan to deploy the management server on the same computer you must select **Use this local computer**. + +   + + Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**. + +8. To start the installation, click **Install**. + +**To install the reporting database and the reporting server on separate computers** + +1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. + +2. On the **Getting Started** page, review and accept the license terms, and click **Next**. + +3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. + +4. On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**. + +5. On the **Installation Location** page, accept the default location and click **Next**. + +6. On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**. + + If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance. + + If you are using a custom database name, then select **Custom configuration** and type the database name. + +7. On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**. + + **Note**   + If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. + +   + + Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**. + +8. To start the installation, click **Install**. + +**To install the management and reporting databases using App-V database scripts** + +1. Copy the App-V server installation files to the computer on which you want to install it on. + +2. To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command: + + **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**. + +3. After the extraction has been completed, to access the App-V database scripts and instructions readme file: + + - The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**. + + - The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**. + +4. For each database, copy the scripts to a share and modify them following the instructions in the readme file. + + **Note**   + For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md). + +   + +5. Run the scripts on the computer running Microsoft SQL Server. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Deploying App-V](appv-deploying-appv.md) + +  + +  + + + + + diff --git a/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md b/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md new file mode 100644 index 0000000000..de8e7c0416 --- /dev/null +++ b/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md @@ -0,0 +1,62 @@ +--- +title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10) +description: How to install the Management Server on a Standalone Computer and Connect it to the Database +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to install the Management Server on a Standalone Computer and Connect it to the Database + + +Use the following procedure to install the management server on a standalone computer and connect it to the database. + +**To install the management server on a standalone computer and connect it to the database** + +1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. + +2. On the **Getting Started** page, review and accept the license terms, and click **Next**. + +3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. + +4. On the **Feature Selection** page, select the **Management Server** checkbox and click **Next**. + +5. On the **Installation Location** page, accept the default location and click **Next**. + +6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**. + + **Note**   + If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. + +   + + For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. + + Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**. + +7. On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation + + Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**. + +8. Click **Install**. + +9. To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Deploying App-V](appv-deploying-appv.md) + +  + +  + + + + + diff --git a/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md new file mode 100644 index 0000000000..f9f66a2120 --- /dev/null +++ b/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md @@ -0,0 +1,79 @@ +--- +title: How to Install the Publishing Server on a Remote Computer (Windows 10) +description: How to Install the Publishing Server on a Remote Computer +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Install the Publishing Server on a Remote Computer + + +Use the following procedure to install the publishing server on a separate computer. Before you perform the following procedure, ensure the database and management server are available. + +**To install the publishing server on a separate computer** + +1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. + +2. On the **Getting Started** page, review and accept the license terms, and click **Next**. + +3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. + +4. On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**. + +5. On the **Installation Location** page, accept the default location and click **Next**. + +6. On the **Configure Publishing Server Configuration** page, specify the following items: + + - The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**. + + - Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name. + + - For the **Port Binding**, specify a unique port number that will be used by App-V, for example **54321**. + +7. On the **Ready to Install** page, click **Install**. + +8. After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server: + + 1. Open the App-V management server console. + + 2. In the left pane, select **Servers**, and then select **Register New Server**. + + 3. Type the name of this server and a description (if required) and click **Add**. + +9. To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed: + + `` + + ` ` + + ` ` + + ` ` + + ` ` + + ` ` + + ` ` + + `` + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Deploying App-V](appv-deploying-appv.md) + +  + +  + + + + + diff --git a/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md new file mode 100644 index 0000000000..5fbc775cc8 --- /dev/null +++ b/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md @@ -0,0 +1,71 @@ +--- +title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database (Windows 10) +description: How to install the Reporting Server on a Standalone Computer and Connect it to the Database +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to install the Reporting Server on a Standalone Computer and Connect it to the Database + + +Use the following procedure to install the reporting server on a standalone computer and connect it to the database. + +**Important**   +Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md). + +  + +**To install the reporting server on a standalone computer and connect it to the database** + +1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. + +2. On the **Getting Started** page, review and accept the license terms, and click **Next**. + +3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. + +4. On the **Feature Selection** page, select the **Reporting Server** checkbox and click **Next**. + +5. On the **Installation Location** page, accept the default location and click **Next**. + +6. On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**. + + **Note**   + If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. + +   + + For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. + + Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**. + +7. On the **Configure Reporting Server Configuration** page. + + - Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name. + + - For the **Port binding**, specify a unique port number that will be used by App-V, for example **55555**. You should also ensure that the port specified is not being used by another website. + +8. Click **Install**. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[About App-V Reporting](appv-reporting.md) + +[Deploying App-V](appv-deploying-appv.md) + +[How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md) + +  + +  + + + + + diff --git a/windows/manage/appv-install-the-sequencer.md b/windows/manage/appv-install-the-sequencer.md new file mode 100644 index 0000000000..19d09c9a09 --- /dev/null +++ b/windows/manage/appv-install-the-sequencer.md @@ -0,0 +1,58 @@ +--- +title: Install the App-V Sequencer (Windows 10) +description: Install the App-V Sequencer +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Install the App-V Sequencer + +Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications. + +The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit (Windows ADK). + +> [!NOTE] +> The computer that will run the sequencer must not have the App-V client enabled on it. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. + +To install the App-V Sequencer: + +1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). + +2. Click or press the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation. + + ![Selecting APP-V features in ADK](images/app-v-in-adk.png) + +3. To open the Sequencer, from the **Start** menu, select **Microsoft Application Virtualization (App-V) Sequencer** . + +See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer. + +## Command-line options for installing the sequencer + +You can also use the command line to install the App-V sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**: + +| **Command** | **Description** | +|-------------------|------------------| +| /INSTALLDIR | Specifies the installation directory. | +| /Log | Specifies where the installation log will be saved, the default location is **%Temp%**. For example, **C:\\Logs\\ log.log**. | +| /q | Specifies a quiet or silent installation. | +| /Uninstall | Specifies the removal of the sequencer. | +| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. | +| /LAYOUT | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V. No value is expected. | +| /LAYOUTDIR | Specifies the layout directory. Requires a string value. Example usage:**/LAYOUTDIR=”C:\\Application Virtualization Client”**. | +| /? Or /h or /help | Displays associated help. | + +## To troubleshoot the App-V sequencer installation + +For more information regarding the sequencer installation, you can view the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv\_ log**. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md) diff --git a/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md new file mode 100644 index 0000000000..110f5d08a1 --- /dev/null +++ b/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md @@ -0,0 +1,223 @@ +--- +title: How to Load the PowerShell Cmdlets and Get Cmdlet Help (Windows 10) +description: How to Load the PowerShell Cmdlets and Get Cmdlet Help +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Load the PowerShell Cmdlets and Get Cmdlet Help + + +What this topic covers: + +- [Requirements for using PowerShell cmdlets](#bkmk-reqs-using-posh) + +- [Loading the PowerShell cmdlets](#bkmk-load-cmdlets) + +- [Getting help for the PowerShell cmdlets](#bkmk-get-cmdlet-help) + +- [Displaying the help for a PowerShell cmdlet](#bkmk-display-help-cmdlet) + +## Requirements for using PowerShell cmdlets + + +Review the following requirements for using the App-V PowerShell cmdlets: + + ++++ + + + + + + + + + + + + + + + + + + + + +
    RequirementDetails

    Users can run App-V Server cmdlets only if you grant them access by using one of the following methods:

      +

    • When you are deploying and configuring the App-V Server:

      +

      Specify an Active Directory group or individual user that has permissions to manage the App-V environment. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).

      • +

    • After you’ve deployed the App-V Server:

      +

      Use the App-V Management console to add an additional Active Directory group or user. See [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md).

      • +

    Cmdlets that require an elevated command prompt

      +

    • Add-AppvClientPackage

      • +

    • Remove-AppvClientPackage

      • +

    • Set-AppvClientConfiguration

      • +

    • Add-AppvClientConnectionGroup

      • +

    • Remove-AppvClientConnectionGroup

      • +

    • Add-AppvPublishingServer

      • +

    • Remove-AppvPublishingServer

      • +

    • Send-AppvClientReport

      • +

    • Set-AppvClientMode

      • +

    • Set-AppvClientPackage

      • +

    • Set-AppvPublishingServer

      • +

    Cmdlets that end users can run, unless you configure them to require an elevated command prompt

      +

    • Publish-AppvClientPackage

      • +

    • Unpublish-AppvClientPackage

      • +
    +

    To configure these cmdlets to require an elevated command prompt, use one of the following methods:

    + ++++ + + + + + + + + + + + + + + + + +
    MethodMore resources

    Run the Set-AppvClientConfiguration cmdlet with the -RequirePublishAsAdmin parameter.

      +

    • [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md#bkmk-admin-only-posh-topic-cg)

      • +

    • [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs)

      • +

    Enable the “Require publish as administrator” Group Policy setting for App-V Clients.

    [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md#bkmk-admin-pub-pkg-only-posh)

    +

     

    + +  + +## Loading the PowerShell cmdlets + + +To load the PowerShell cmdlet modules: + +1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). + +2. Type one of the following commands to load the cmdlets for the module you want: + + ++++ + + + + + + + + + + + + + + + + + + + + +
    App-V componentCommand to type

    App-V Server

    Import-Module AppvServer

    App-V Sequencer

    Import-Module AppvSequencer

    App-V Client

    Import-Module AppvClient

    + +  + +## Getting help for the PowerShell cmdlets + + +Starting in App-V 5.0 SP3, cmdlet help is available in two formats: + + ++++ + + + + + + + + + + + + + + + + +
    FormatDescription

    As a downloadable module

    To download the latest help after downloading the cmdlet module:

    +
      +

    1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).

      2. +

    2. Type one of the following commands to load the cmdlets for the module you want:

      3. +
    + ++++ + + + + + + + + + + + + + + + + + + + + +
    App-V componentCommand to type

    App-V Server

    Update-Help -Module AppvServer

    App-V Sequencer

    Update-Help -Module AppvSequencer

    App-V Client

    Update-Help -Module AppvClient

    +

     

    On TechNet as web pages

    See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).

    + +  + +## Displaying the help for a PowerShell cmdlet + + +To display help for a specific PowerShell cmdlet: + +1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). + +2. Type **Get-Help** <*cmdlet*>, for example, **Get-Help Publish-AppvClientPackage**. + +**Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +  + +  + + + + + diff --git a/windows/manage/appv-maintaining-appv.md b/windows/manage/appv-maintaining-appv.md new file mode 100644 index 0000000000..6cf35b1731 --- /dev/null +++ b/windows/manage/appv-maintaining-appv.md @@ -0,0 +1,48 @@ +--- +title: Maintaining App-V (Windows 10) +description: Maintaining App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Maintaining App-V + + +After you have completed all the necessary planning, and then deployment of App-V, you can use the following information to maintain the App-V infrastructure. + +## Move the App-V Server + + +The App-V server connects to the App-V database. Therefore you can install the management component to any computer on the network and then connect it to the App-V database. + +[How to Move the App-V Server to Another Computer](appv-move-the-appv-server-to-another-computer.md) + +## Determine if an App-V Application is Running Virtualized + + +Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V or above, should open a named object called **AppVVirtual-<PID>** in the default namespace. For example, Windows API **GetCurrentProcessId()** can be used to obtain the current process's ID, for example 4052, and then if a named Event object called **AppVVirtual-4052** can be successfully opened using **OpenEvent()** in the default namespace for read access, then the application is virtual. If the **OpenEvent()** call fails, the application is not virtual. + +Additionally, ISV’s who want to explicitly virtualize or not virtualize calls on specific API’s with App-V and above, can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module. These provide a way of hinting at a downstream component that the call should or should not be virtualized. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other resources for maintaining App-V + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md new file mode 100644 index 0000000000..9386a9d9b2 --- /dev/null +++ b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md @@ -0,0 +1,294 @@ +--- +title: How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell (Windows 10) +description: How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell + + +The following sections explain how to perform various management tasks on a stand-alone client computer by using PowerShell: + +- [To return a list of packages](#bkmk-return-pkgs-standalone-posh) + +- [To add a package](#bkmk-add-pkgs-standalone-posh) + +- [To publish a package](#bkmk-pub-pkg-standalone-posh) + +- [To publish a package to a specific user](#bkmk-pub-pkg-a-user-standalone-posh) + +- [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh) + +- [To unpublish an existing package](#bkmk-unpub-pkg-standalone-posh) + +- [To unpublish a package for a specific user](#bkmk-unpub-pkg-specfc-use) + +- [To remove an existing package](#bkmk-remove-pkg-standalone-posh) + +- [To enable only administrators to publish or unpublish packages](#bkmk-admins-pub-pkgs) + +- [Understanding pending packages (UserPending and GlobalPending)](#bkmk-understd-pend-pkgs) + +## To return a list of packages + + +Use the following information to return a list of packages that are entitled to a specific user: + +**Cmdlet**: Get-AppvClientPackage + +**Parameters**: -Name -Version -PackageID -VersionID + +**Example**: Get-AppvClientPackage –Name “ContosoApplication” -Version 2 + +## To add a package + + +Use the following information to add a package to a computer. + +**Important**   +This example only adds a package. It does not publish the package to the user or the computer. + +  + +**Cmdlet**: Add-AppvClientPackage + +**Example**: $Contoso = Add-AppvClientPackage \\\\path\\to\\appv\\package.appv + +## To publish a package + + +Use the following information to publish a package that has been added to a specific user or globally to any user on the computer. + + ++++ + + + + + + + + + + + + + + + + +
    Publishing methodCmdlet and example

    Publishing to the user

    Cmdlet: Publish-AppvClientPackage

    +

    Example: Publish-AppvClientPackage “ContosoApplication”

    Publishing globally

    Cmdlet: Publish-AppvClientPackage

    +

    Example: Publish-AppvClientPackage “ContosoApplication” -Global

    + +  + +## To publish a package to a specific user + + +**Note**   +You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. + +  + +An administrator can publish a package to a specific user by specifying the optional **–UserSID** parameter with the **Publish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID). + +To use this parameter: + +- You can run this cmdlet from the user or administrator session. + +- You must be logged in with administrative credentials to use the parameter. + +- The end user must be logged in. + +- You must provide the end user’s security identifier (SID). + +**Cmdlet**: Publish-AppvClientPackage + +**Example**: Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 + +## To add and publish a package + + +Use the following information to add a package to a computer and publish it to the user. + +**Cmdlet**: Add-AppvClientPackage + +**Example**: Add-AppvClientPackage \\\\path\\to\\appv\\package.appv | Publish-AppvClientPackage + +## To unpublish an existing package + + +Use the following information to unpublish a package which has been entitled to a user but not remove the package from the computer. + +**Cmdlet**: Unpublish-AppvClientPackage + +**Example**: Unpublish-AppvClientPackage “ContosoApplication” + +## To unpublish a package for a specific user + + +**Note**   +You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. + +  + +An administrator can unpublish a package for a specific user by using the optional **–UserSID** parameter with the **Unpublish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID). + +To use this parameter: + +- You can run this cmdlet from the user or administrator session. + +- You must be logged in with administrative credentials to use the parameter. + +- The end user must be logged in. + +- You must provide the end user’s security identifier (SID). + +**Cmdlet**: Unpublish-AppvClientPackage + +**Example**: Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 + +## To remove an existing package + + +Use the following information to remove a package from the computer. + +**Cmdlet**: Remove-AppvClientPackage + +**Example**: Remove-AppvClientPackage “ContosoApplication” + +**Note**   +App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](http://go.microsoft.com/fwlink/?LinkId=324466). + +  + +## To enable only administrators to publish or unpublish packages + + +**Note**   +**This feature is supported starting in App-V 5.0 SP3.** + +  + +Use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages: + + ++++ + + + + + + + + + + +

    Cmdlet

    Set-AppvClientConfiguration

    Parameter

    -RequirePublishAsAdmin

    +

    Parameter values:

    +
      +

    • 0 - False

      • +

    • 1 - True

      • +
    +

    Example:: Set-AppvClientConfiguration –RequirePublishAsAdmin1

    + +  + +To use the App-V Management console to set this configuration, see [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md). + +## Understanding pending packages (UserPending and GlobalPending) + + +**Starting in App-V 5.0 SP2**: If you run a PowerShell cmdlet that affects a package that is currently in use, the task that you are trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows: + + ++++ + + + + + + + + + + + + + + + + +
    Cmdlet output itemDescription

    UserPending

    Indicates whether the listed package has a pending task that is being applied to the user:

    +
      +

    • True

      • +

    • False

      • +

    GlobalPending

    Indicates whether the listed package has a pending task that is being applied globally to the computer:

    +
      +

    • True

      • +

    • False

      • +
    + +  + +The pending task will run later, according to the following rules: + + ++++ + + + + + + + + + + + + + + + + +
    Task typeApplicable rule

    User-based task, e.g., publishing a package to a user

    The pending task will be performed after the user logs off and then logs back on.

    Globally based task, e.g., enabling a connection group globally

    The pending task will be performed when the computer is shut down and then restarted.

    + +  + +For more information about pending tasks, see [About App-V 5.0 SP2](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/about-app-v-50-sp2.md#bkmk-pkg-upgr-pendg-tasks). + +**Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md) + +  + +  + + + + + diff --git a/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md new file mode 100644 index 0000000000..b54a3e959a --- /dev/null +++ b/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md @@ -0,0 +1,146 @@ +--- +title: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell (Windows 10) +description: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell + + +An App-V connection group allows you to run all the virtual applications as a defined set of packages in a single virtual environment. For example, you can virtualize an application and its plug-ins by using separate packages, but run them together in a single connection group. + +A connection group XML file defines the connection group that runs on the computer where you’ve installed the App-V client. For information about the connection group XML file and how to configure it, see [About the Connection Group File](appv-connection-group-file.md). + +This topic explains the following procedures: + +- [To add and publish the App-V packages in the connection group](#bkmk-add-pub-pkgs-in-cg) + +- [To add and enable the connection group on the App-V client](#bkmk-add-enable-cg-on-clt) + +- [To enable or disable a connection group for a specific user](#bkmk-enable-cg-for-user-poshtopic) + +- [To allow only administrators to enable connection groups](#bkmk-admin-only-posh-topic-cg) + +**To add and publish the App-V packages in the connection group** + +1. To add and publish the App-V packages to the computer running the App-V client, type the following command: + + Add-AppvClientPackage –path c:\\tmpstore\\quartfin.appv | Publish-AppvClientPackage + +2. Repeat **step 1** of this procedure for each package in the connection group. + +**To add and enable the connection group on the App-V client** + +1. Add the connection group by typing the following command: + + Add-AppvClientConnectionGroup –path c:\\tmpstore\\financ.xml + +2. Enable the connection group by typing the following command: + + Enable-AppvClientConnectionGroup –name “Financial Applications” + + When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group. + +**To enable or disable a connection group for a specific user** + +1. Review the parameter description and requirements: + + - The parameter enables an administrator to enable or disable a connection group for a specific user. + + - You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. + + - You can run this cmdlet from the user or administrator session. + + - You must be logged in with administrative credentials to use the parameter. + + - The end user must be logged in. + + - You must provide the end user’s security identifier (SID). + +2. Use the following cmdlets, and add the optional **–UserSID** parameter, where **-UserSID** represents the end user’s security identifier (SID): + + + + + + + + + + + + + + + + + + + + + + +
    CmdletExamples

    Enable-AppVClientConnectionGroup

    Enable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

    Disable -AppVClientConnectionGroup

    Disable -AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

    + +   + +**To allow only administrators to enable connection groups** + +1. Review the description and requirement for using this cmdlet: + + - Use this cmdlet and parameter to configure the App-V client to allow only administrators (not end users) to enable or disable connection groups. + + - You must be using at least App-V 5.0 SP3 to use this cmdlet. + +2. Run the following cmdlet and parameter: + + + + + + + + + + + + + + + + + + + + + +
    CmdletParameter and valuesExample

    Set-AppvClientConfiguration

    –RequirePublishAsAdmin

    +
      +

    • 0 - False

      • +

    • 1 - True

      • +

    Set-AppvClientConfiguration –RequirePublishAsAdmin1

    + +   + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +[Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md) + +  + +  + + + + + diff --git a/windows/manage/appv-managing-connection-groups.md b/windows/manage/appv-managing-connection-groups.md new file mode 100644 index 0000000000..f702b6c319 --- /dev/null +++ b/windows/manage/appv-managing-connection-groups.md @@ -0,0 +1,76 @@ +--- +title: Managing Connection Groups (Windows 10) +description: Managing Connection Groups +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Managing Connection Groups + + +Connection groups enable the applications within a package to interact with each other in the virtual environment, while remaining isolated from the rest of the system. By using connection groups, administrators can manage packages independently and can avoid having to add the same application multiple times to a client computer. + +**Note**   +In some previous versions of App-V, connection groups were referred to as Dynamic Suite Composition. + +  + +**In this topic:** + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +

    [About the Connection Group Virtual Environment](appv-connection-group-virtual-environment.md)

    Describes the connection group virtual environment.

    [About the Connection Group File](appv-connection-group-file.md)

    Describes the connection group file.

    [How to Create a Connection Group](appv-create-a-connection-group.md)

    Explains how to create a new connection group.

    [How to Create a Connection Group with User-Published and Globally Published Packages](appv-create-a-connection-group-with-user-published-and-globally-published-packages.md)

    Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.

    [How to Delete a Connection Group](appv-delete-a-connection-group.md)

    Explains how to delete a connection group.

    [How to Publish a Connection Group](appv-publish-a-connection-group.md)

    Explains how to publish a connection group.

    + +  + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other resources for App-V connection groups + + +- [Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-migrating-to-appv-from-a-previous-version.md b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md new file mode 100644 index 0000000000..87958fb0dd --- /dev/null +++ b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md @@ -0,0 +1,300 @@ +--- +title: Migrating to App-V from a Previous Version (Windows 10) +description: Migrating to App-V from a Previous Version +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Migrating to App-V from a Previous Version + + +With Microsoft Application Virtualization (App-V), you can migrate your existing App-V 4.6 or App-V 5.0 infrastructure to the more flexible, integrated, and easier to manage App-V infrastructure. +However, you cannot migrate directly from App-V 4.x to App-V, you must migrate to App-V 5.0 first. For more information on migrating from App-V 4.x to App-V 5.0, see [Migrating from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) + +**Note**   +App-V packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and therefore, there is no need to convert App-V 5.0 packages to App-V packages. + +For more information about the differences between App-V 4.6 and App-V, see the **Differences between App-4.6 and App-V 5.0 section** of [About App-V 5.0](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/about-app-v-50). + +  + +## Improvements to the App-V Package Converter + + +You can now use the package converter to convert App-V 4.6 packages that contain scripts, and registry information and scripts from source .osd files are now included in package converter output. + +You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom-AppvLegacyPackage` cmdlet to specify which .osd files’ information is converted and placed within the new package. + + ++++ + + + + + + + + + + + + +
    New in App-VPrior to App-V

    New .xml files are created corresponding to the .osd files associated with a package; these files include the following information:

    +
      +

    • environment variables

      • +

    • shortcuts

      • +

    • file type associations

      • +

    • registry information

      • +

    • scripts

      • +
    +

    You can now choose to add information from a subset of the .osd files in the source directory to the package using the -OSDsToIncludeInPackage parameter.

    Registry information and scripts included in .osd files associated with a package were not included in package converter output.

    +

    The package converter would populate the new package with information from all of the .osd files in the source directory.

    + +  + +### Example conversion statement + +To understand the new process, review the following example `ConvertFrom-AppvLegacyPackage` package converter statement. + +**If the source directory (\\\\OldPkgStore\\ContosoApp) includes the following:** + +- ContosoApp.sft + +- ContosoApp.msi + +- ContosoApp.sprj + +- ContosoApp\_manifest.xml + +- X.osd + +- Y.osd + +- Z.osd + +**And you run this command:** + +``` syntax +ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\ +-DestinationPath \\NewPkgStore\ContosoApp\ +-OSDsToIncludeInPackage X.osd,Y.osd +``` + +**The following is created in the destination directory (\\\\NewPkgStore\\ContosoApp):** + +- ContosoApp.appv + +- ContosoApp.msi + +- ContosoApp\_DeploymentConfig.xml + +- ContosoApp\_UserConfig.xml + +- X\_Config.xml + +- Y\_Config.xml + +- Z\_Config.xml + +**In the above example:** + + ++++++ + + + + + + + + + + + + + + + + + + + + + + +
    These Source directory files……are converted to these Destination directory files……and will contain these itemsDescription
      +

    • X.osd

      • +

    • Y.osd

      • +

    • Z.osd

      • +
      +

    • X_Config.xml

      • +

    • Y_Config.xml

      • +

    • Z_Config.xml

      • +
      +

    • Environment variables

      • +

    • Shortcuts

      • +

    • File type associations

      • +

    • Registry information

      • +

    • Scripts

      • +

    Each .osd file is converted to a separate, corresponding .xml file that contains the items listed here in App-V deployment configuration format. These items can then be copied from these .xml files and placed in the deployment configuration or user configuration files as desired.

    +

    In this example, there are three .xml files, corresponding with the three .osd files in the source directory. Each .xml file contains the environment variables, shortcuts, file type associations, registry information, and scripts in its corresponding .osd file.

      +

    • X.osd

      • +

    • Y.osd

      • +
      +

    • ContosoApp.appv

      • +

    • ContosoApp_DeploymentConfig.xml

      • +

    • ContosoApp_UserConfig.xml

      • +
      +

    • Environment variables

      • +

    • Shortcuts

      • +

    • File type associations

      • +

    The information from the .osd files specified in the -OSDsToIncludeInPackage parameter are converted and placed inside the package. The converter then populates the deployment configuration file and the user configuration file with the contents of the package, just as App-V Sequencer does when sequencing a new package.

    +

    In this example, environment variables, shortcuts, and file type associations included in X.osd and Y.osd were converted and placed in the App-V package, and some of this information was also included in the deployment configuration and user configuration files. X.osd and Y.osd were used because they were included as arguments to the -OSDsToIncludeInPackage parameter. No information from Z.osd was included in the package, because it was not included as one of these arguments.

    + +  + +## Converting packages created using a prior version of App-V + + +Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion. + +**Important**   +After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful. + +  + +**What to know before you convert existing packages** + + ++++ + + + + + + + + + + + + + + + + + + + + +
    IssueWorkaround

    Virtual packages using DSC are not linked after conversion.

    Link the packages using connection groups. See [Managing Connection Groups](appv-managing-connection-groups.md).

    Environment variable conflicts are detected during conversion.

    Resolve any conflicts in the associated .osd file.

    Hard-coded paths are detected during conversion.

    Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it is recommended to re-sequence the package.

    + +  + +When converting a package check for failing files or shortcuts. Locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path. + +**Note**   +It is recommended that you use the App-V sequencer for converting critical applications or applications that need to take advantage of features. See, [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md). + +If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V sequencer. + +  + +[How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md) + +## Migrating Clients + + +The following table displays the recommended method for upgrading clients. + + ++++ + + + + + + + + + + + + + + + + +
    TaskMore Information

    Upgrade your environment to the latest version of App-V 4.6

    [Application Virtualization Deployment and Upgrade Considerations](https://technet.microsoft.com/en-us/itpro/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy).

    Sequence and roll out App-V packages. As needed, unpublish App-V 4.6 packages.

    [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).

    + +  + +**Important**   +You must be running the latest version of App-V 4.6 to use coexistence mode. Additionally, when you sequence a package, you must configure the Managing Authority setting, which is in the **User Configuration** is located in the **User Configuration** section. + +  + +## Migrating the App-V Server Full Infrastructure + + +There is no direct method to upgrade to a full App-V infrastructure. Use the information in the following section for information about upgrading the App-V server. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    TaskMore Information

    Upgrade your environment to the latest version of App-V 4.6.

    [Application Virtualization Deployment and Upgrade Considerations](https://technet.microsoft.com/en-us/itpro/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy).

    Deploy App-V version of the client.

    [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).

    Install App-V server.

    [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).

    Migrate existing packages.

    See the Converting packages created using a prior version of App-V section of this article.

    + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other resources for performing App-V migration tasks + +- [Operations for App-V](appv-operations.md) + +- [A simplified Microsoft App-V Management Server upgrade procedure](http://go.microsoft.com/fwlink/p/?LinkId=786330) diff --git a/windows/manage/appv-modify-an-existing-virtual-application-package.md b/windows/manage/appv-modify-an-existing-virtual-application-package.md new file mode 100644 index 0000000000..b3b9a5bea2 --- /dev/null +++ b/windows/manage/appv-modify-an-existing-virtual-application-package.md @@ -0,0 +1,178 @@ +--- +title: How to Modify an Existing Virtual Application Package (Windows 10) +description: How to Modify an Existing Virtual Application Package +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Modify an Existing Virtual Application Package + + +This topic explains how to: + +- [Update an application in an existing virtual application package](#bkmk-update-app-in-pkg) + +- [Modify the properties associated with an existing virtual application package](#bkmk-chg-props-in-pkg) + +- [Add a new application to an existing virtual application package](#bkmk-add-app-to-pkg) + +**Before you update a package:** + +- Ensure that you’ve installed the Microsoft Application Virtualization (App-V) Sequencer, which is required for modifying a virtual application package. To install the App-V Sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md). + +- Save the .appv file in a secure location and always trust the source before trying to open the package for editing. + +- The Managing Authority section is erroneously removed from the deployment configuration file when you update a package. Before starting the update, copy the Managing Authority section from the existing deployment configuration file, and then paste the copied section into the new configuration file after the conversion is complete. + +- If you click **Modify an Existing Virtual Application Package** in the Sequencer in order to edit a package, but then make no changes and close the package, the streaming behavior of the package is changed. The primary feature block is removed from the StreamMap.xml file, and any files that were listed in the publishing feature block are removed. Users who receive the edited package experience that package as if it were stream-faulted, regardless of how the original package was configured. + +**Update an application in an existing virtual application package** + +1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. + +2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. + +3. On the **Select Task** page, click **Update Application in Existing Package** > **Next**. + +4. On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application to update, and then click **Next**. + +5. On the **Prepare Computer** page, review the issues that could cause the application update to fail or cause the updated application to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**. + + **Important**   + If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files are added to the package. + +   + +6. On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update does not have an associated installer file, and if you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. + +7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and then locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. + + **Note**   + The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard. + +   + +8. On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information. To proceed, click **Next**. + +9. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all of the applications to run. After all applications have run, close each of the applications, and then click **Next**. + + **Note**   + You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop**, and then select either **Stop all applications** or **Stop this application only**. + +   + +10. On the **Create Package** page, to modify the package without saving it, select the check box for **Continue to modify package without saving using the package editor**. When you select this option, the package opens in the App-V Sequencer console, where you can modify the package before it is saved. Click **Next**. + + To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful to identify the application version and provide other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. Click **Create**. + +11. On the **Completion** page, click **Close** to close the wizard. The package is now available in the sequencer. + +**Modify the properties associated with an existing virtual application package** + +1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. + +2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. + +3. On the **Select Task** page, click **Edit Package** > **Next**. + +4. On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application properties to modify, and then click **Edit**. + +5. In the App-V Sequencer console, perform any of the following tasks as needed: + + - Import and export the manifest file. + + - Enable or disable Browser Helper Objects. + + - Import or export a VFS file. + + - Import a directory into the virtual file system. + + - Import and export virtual registry keys. + + - View package properties. + + - View associated package files. + + - Edit registry settings. + + - Review additional package settings (except operating system file properties). + + - Set virtualized registry key state (override or merge). + + - Set virtualized folder state. + + - Add or edit shortcuts and file type associations. + + **Note**   + To edit shortcuts or file type associations, you must first open the package for upgrade to add a new application, and then proceed to the final editing page. + +   + +6. When you finish changing the package properties, click **File** > **Save** to save the package. + +**Add a new application to an existing virtual application package** + +1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. + +2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. + +3. On the **Select Task** page, click **Add New Application** > **Next**. + +4. On the **Select Package** page, click **Browse** to locate the virtual application package to which you will add the application, and then click **Next**. + +5. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or cause the revised package to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**. + + **Important**   + If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files can be added to the package. + +   + +6. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. + +7. On the **Installation** page, when the sequencer and application installer are ready, install the application so that the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and locate and run the additional installation files. When you finish the installation, select **I am finished installing** > **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. Ensure that this is a new location so that you don’t overwrite the existing version of the virtual application package. + + **Note**   + The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard. + +   + +8. On the **Configure Software** page, optionally run the programs contained in the package. This step completes any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at the same time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**. + +9. On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information, and then click **Next** to open the **Customize** page. + +10. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 13 of this procedure. If you want to perform the following described customization, click **Customize**. + + If you are customizing, prepare the virtual package for streaming, and then click **Next**. Streaming improves the experience when the virtual application package is run on target computers. + +11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. + + **Note**   + You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and then select either **Stop all applications** or **Stop this application only**. + +   + +12. On the **Create Package** page, to modify the package without saving it, select the **Continue to modify package without saving using the package editor** check box. Selecting this option opens the package in the App-V Sequencer console, where you can modify the package before saving it. Click **Next**. + + To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful for providing application versions and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. Click **Create**. + +13. On the **Completion** page, click **Close**. The package is now available in the sequencer. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-modify-client-configuration-with-powershell.md b/windows/manage/appv-modify-client-configuration-with-powershell.md new file mode 100644 index 0000000000..0d76bd1169 --- /dev/null +++ b/windows/manage/appv-modify-client-configuration-with-powershell.md @@ -0,0 +1,43 @@ +--- +title: How to Modify Client Configuration by Using PowerShell (Windows 10) +description: How to Modify Client Configuration by Using PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Modify Client Configuration by Using PowerShell + + +Use the following procedure to configure the App-V client configuration. + +**To modify App-V client configuration using PowerShell** + +1. To configure the client settings using PowerShell, use the **Set-AppvClientConfiguration** cmdlet. For more information about installing PowerShell, and a list of cmdlets see, [How to Load the PowerShell Cmdlets and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md). + +2. To modify the client configuration, open a PowerShell Command prompt and run the following cmdlet **Set-AppvClientConfiguration** with any required parameters. For example: + + `$config = Get-AppvClientConfiguration` + + `Set-AppcClientConfiguration $config` + + `Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”` + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md b/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md new file mode 100644 index 0000000000..a71950444f --- /dev/null +++ b/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md @@ -0,0 +1,23 @@ +--- +title: How to Modify App-V Client Configuration Using the ADMX Template and Group Policy (Windows 10) +description: How to Modify App-V Client Configuration Using the ADMX Template and Group Policy +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# How to Modify App-V client configuration using the ADMX template and Group Policy + +You can use Group Policy to configure App-V client settings by using the Group Policy Management Console under **Computer Configuration** > **Policies** > **Administrative Templates** > **System** > **App-V**. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Deploying App-V](appv-deploying-appv.md) + +- [About Client Configuration Settings](appv-client-configuration-settings.md) diff --git a/windows/manage/appv-move-the-appv-server-to-another-computer.md b/windows/manage/appv-move-the-appv-server-to-another-computer.md new file mode 100644 index 0000000000..dbbb6a80a6 --- /dev/null +++ b/windows/manage/appv-move-the-appv-server-to-another-computer.md @@ -0,0 +1,40 @@ +--- +title: How to Move the App-V Server to Another Computer (Windows 10) +description: How to Move the App-V Server to Another Computer +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Move the App-V Server to Another Computer + + +Use the following information to create a new management server console in your environment. + +## To create a new management server console + + +The following list displays the steps necessary to create a new management server console: + +1. Install the management server on a computer in your environment. For more information about installing the management server see [Deploying the App-V Server](appv-deploying-the-appv-server.md). + +2. After you have completed the installation, use the following link to connect it to the App-V database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md). + +**Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-operations.md b/windows/manage/appv-operations.md new file mode 100644 index 0000000000..96cdf448fb --- /dev/null +++ b/windows/manage/appv-operations.md @@ -0,0 +1,75 @@ +--- +title: Operations for App-V (Windows 10) +description: Operations for App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Operations for App-V + + +This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks. + +## Operations Information + + +- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md) + + Describes how to create, modify, and convert virtualized packages. + +- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md) + + Describes how to use the App-V Management console to perform tasks such as sequencing an application, changing a package, using a project template, and using a package accelerator. + +- [Managing Connection Groups](appv-managing-connection-groups.md) + + Describes how connection groups enable virtualized applications to communicate with each other in the virtual environment; explains how to create, publish, and delete them; and describes how connection groups can help you better manage your virtualized applications. + +- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md) + + Describes how to deploy App-V packages by using an ESD. + +- [Using the App-V Client Management Console](appv-using-the-client-management-console.md) + + Describes how perform client configuration tasks using the client management console. + +- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) + + Provides instructions for migrating to App-V from a previous version. + +- [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md) + + Describes the set of Windows PowerShell cmdlets available for administrators performing various App-V server tasks. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other Resources for App-V Operations + + +- [Application Virtualization (App-V) overview](appv-for-windows.md) + +- [Getting Started with App-V](appv-getting-started.md) + +- [Planning for App-V](appv-planning-for-appv.md) + +- [Deploying App-V](appv-deploying-appv.md) + +- [Troubleshooting App-V](appv-troubleshooting.md) + +- [Technical Reference for App-V](appv-technical-reference.md) + +  + +  + + + + + diff --git a/windows/manage/appv-performance-guidance.md b/windows/manage/appv-performance-guidance.md new file mode 100644 index 0000000000..d5e0a70918 --- /dev/null +++ b/windows/manage/appv-performance-guidance.md @@ -0,0 +1,761 @@ +--- +title: Performance Guidance for Application Virtualization (Windows 10) +description: Performance Guidance for Application Virtualization +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Performance Guidance for Application Virtualization + + +Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI. + +Implementing multiple methods can help you improve the end-user experience. However, your environment may not support all methods. + +You should read and understand the following information before reading this document. + +- [Application Virtualization (App-V) overview](appv-for-windows.md) + +- [App-V 5 SP2 Application Publishing and Client Interaction](http://go.microsoft.com/fwlink/?LinkId=395206) + +- [Microsoft Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkId=269953) + +**Note**   +Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. + +  + +Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI). + +To help determine what information is relevant to your environment you should review each section’s brief overview and applicability checklist. + +## App-V in stateful\* non-persistent deployments + + +This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience. + +Use the information in the following section for more information: + +[Usage Scenarios](#bkmk-us) - As you review the two scenarios, keep in mind that these are the approach extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users and/or virtual applications packages. + +- Optimized for Performance – To provide the optimal experience, you can expect the base image to include some of the App-V virtual application package. This and other requirements are discussed. + +- Optimized for Storage – If you are concerned with the storage impact, following this scenario will help address those concerns. + +[Preparing your Environment](#bkmk-pe) + +- Steps to Prepare the Base Image – Whether in a non-persistent VDI or RDSH environment, only a few steps must be completed in the base image to enable this approach. + +- Use UE-V 2.1 as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution. + +[User Experience Walk-through](#bkmk-uewt) + +- Walk-through – This is a step-by-step walk-through of the App-V and UE-V operations and the expectations users should have. + +- Outcome – This describes the expected results. + +[Impact to Package Lifecycle](#bkmk-plc) + +[Enhancing the VDI Experience through Performance Optimization/Tuning](#bkmk-evdi) + +### Applicability Checklist + +Deployment Environment + + ++++ + + + + + + + + + + +
    Checklist box

    Non-Persistent VDI or RDSH.

    Checklist box

    User Experience Virtualization (UE-V), other UPM solutions or User Profile Disks (UPD).

    + +  + +Expected Configuration + + ++++ + + + + + + + + + + +
    Checklist box

    User Experience Virtualization (UE-V) with the App-V user state template enabled or User Profile Management (UPM) software. Non-UE-V UPM software must be capable of triggering on Login or Process/Application Start and Logoff.

    Checklist box

    App-V Shared Content Store (SCS) is configured or can be configured.

    + +  + +IT Administration + + ++++ + + + + + + +
    Checklist box

    Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.

    + +  + +### Usage Scenario + +As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both. + + ++++ + + + + + + + + + + + + +
    Optimized for PerformanceOptimized for Storage

    To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.

    +

    The following describes many performance improvements in stateful non-persistent deployments. For more information, see the Sequencing Steps to Optimize Packages for Publishing Performance and reference to App-V Sequencing Guide in the See Also section of this document.

    The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

    +

    The impact of this alteration is detailed in the User Experience Walkthrough section of this document.

    + +  + +### Preparing your Environment + +The following table displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach. + +**Prepare the Base Image** + + ++++ + + + + + + + + + + + + +
    Optimized for PerformanceOptimized for Storage

    +
      +

    • Install the App-V client version of the client.

      • +

    • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.

      • +

    • Configure for Shared Content Store (SCS) mode. For more information see [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md).

      • +

    • Configure Preserve User Integrations on Login Registry DWORD.

      • +

    • Pre-configure all user- and global-targeted packages for example, Add-AppvClientPackage.

      • +

    • Pre-configure all user- and global-targeted connection groups for example, Add-AppvClientConnectionGroup.

      • +

    • Pre-publish all global-targeted packages.

      +

      +

      Alternatively,

      +
        +

      • Perform a global publishing/refresh.

        • +

      • Perform a user publishing/refresh.

        • +

      • Un-publish all user-targeted packages.

        • +

      • Delete the following user-Virtual File System (VFS) entries.

        • +
      +

      AppData\Local\Microsoft\AppV\Client\VFS

      +

      AppData\Roaming\Microsoft\AppV\Client\VFS

      • +

    +
      +

    • Install the App-V client version of the client.

      • +

    • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.

      • +

    • Configure for Shared Content Store (SCS) mode. For more information see [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md).

      • +

    • Configure Preserve User Integrations on Login Registry DWORD.

      • +

    • Pre-configure all global-targeted packages for example, Add-AppvClientPackage.

      • +

    • Pre-configure all global-targeted connection groups for example, Add-AppvClientConnectionGroup.

      • +

    • Pre-publish all global-targeted packages.

      +

      • +
    + +  + +**Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information: + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    Configuration SettingWhat does this do?How should I use it?

    Shared Content Store (SCS) Mode

    +
      +

    • Configurable in PowerShell using Set- AppvClientConfigurationSharedContentStoreMode, or

      • +

    • During installation of the App-V client.

      • +

    When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).

    +

    This helps to conserve local storage and minimize disk I/O per second (IOPS).

    This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.

    PreserveUserIntegrationsOnLogin

    +
      +

    • Configure in the Registry under HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration.

      • +

    • Create the DWORD value PreserveUserIntegrationsOnLogin with a value of 1.

      • +

    • Restart the App-V client service or restart the computer running the App-V Client.

      • +

    If you have not pre-configured (Add-AppvClientPackage) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then re-integrate*.

    +

    For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.

    If you don’t plan to pre-configure every available user package in the base image, use this setting.

    MaxConcurrentPublishingRefresh

    +
      +

    • Configure in the Registry under HKEY_LOCAL_MACHINE \Software \ Microsoft \ AppV \Client \ Publishing.

      • +

    • Create the DWORD value MaxConcurrentPublishingrefresh with the desired maximum number of concurrent publishing refreshes.

      • +

    • The App-V client service and computer do not need to be restarted.

      • +

    This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.

    Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.

    +

    If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.

    + +  + +### Configure UE-V solution for App-V Approach + +We recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. UE-V is optimized for RDS and VDI scenarios. + +For more information see [Getting Started With User Experience Virtualization 2.0](https://technet.microsoft.com/library/dn458926.aspx) + +In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458926.aspx). + +**Note**   +Without performing an additional configuration step, the Microsoft User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default. + +UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following 2 scenarios, because the net result will be that the shortcut will be valid on one but not all devices. + +- If a user has an application installed on one device with .lnk files enabled and the same native application installed on another device to a different installation root with .lnk files enabled. + +- If a user has an application installed on one device but not another with .lnk files enabled. + +  + +**Important**   +This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. + +  + +Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types. + +**Configure other User Profile Management (UPM) solution for App-V Approach** + +The expectation in a stateful environment is that a UPM solution is implemented and can support persistence of user data across sessions and between logins. + +The requirements for the UPM solution are as follows. + +To enable an optimized login experience, for example the App-V approach for the user, the solution must be capable of: + +- Persisting the below user integrations as part of the user profile/persona. + +- Triggering a user profile sync on login (or application start), which can guarantee that all user integrations are applied before publishing/refresh begin, or, + +- Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations. + + **Note**   + App-V is supported when using UPD only when the entire profile is stored on the user profile disk. + + App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders. + +   + +- Capturing changes to the locations, which constitute the user integrations, prior to session logoff. + +With App-V when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during log on and/or after a specified refresh interval. In both cases a scheduled task is created. + +In previous versions of App-V, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. With Hotfix Package 4 for Application Virtualization 5.0 SP2 the user refresh on log on was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete. + +**User Integrations** + +Registry – HKEY\_CURRENT\_USER + +- Path - Software\\Classes + + Exclude: Local Settings, ActivatableClasses, AppX\* + +- Path - Software\\Microsoft\\AppV + +- Path- Software\\Microsoft\\Windows\\CurrentVersion\\App Paths + +**File Locations** + +- Root – “Environment Variable” APPDATA + + Path – Microsoft\\AppV\\Client\\Catalog + +- Root – “Environment Variable” APPDATA + + Path – Microsoft\\AppV\\Client\\Integration + +- Root – “Environment Variable” APPDATA + + Path - Microsoft\\Windows\\Start Menu\\Programs + +- (To persist all desktop shortcuts, virtual and non-virtual) + + Root - “KnownFolder” {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}FileMask - \*.lnk + +**Microsoft User Experience Virtualization (UE-V)** + +Additionally, we recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. + +For more information see [Getting Started With User Experience Virtualization 1.0](http://technet.microsoft.com/library/jj680015.aspx) and [Sharing Settings Location Templates with the UE-V Template Gallery](http://technet.microsoft.com/library/jj679972.aspx). + +### User Experience Walk-through + +This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect. + + ++++ + + + + + + + + + + + + +
    Optimized for PerformanceOptimized for Storage

    After implementing this approach in the VDI/RDSH environment, on first login,

    +
      +

    • (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.

      • +

    • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.

      • +
    +

    On subsequent logins:

    +
      +

    • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.

      +

      (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.

      • +

    • (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications

      • +

    • (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous.

      • +
    +

    ¹ The publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.

    After implementing this approach in the VDI/RDSH environment, on first login,

    +
      +

    • (Operation) A user-publishing/refresh is initiated. (Expectation)

      +
        +

      • If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.

        • +

      • First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).

        +

        • +
      • +

    • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state

      • +
    +

    On subsequent logins:

    +
      +

    • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.

      • +

    • (Operation) Add/refresh must pre-configure all user targeted applications. (Expectation)

      +
        +

      • This may increase the time to application availability significantly (on the order of 10’s of seconds).

        • +

      • This will increase the publishing refresh time relative to the number and complexity* of virtual applications.

        +

        • +
      • +

    • (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.

      • +
    + +  + + ++++ + + + + + + + + + + + + +
    OutcomeOutcome

    +
      +

    • Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.

      • +

    • The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.

      • +

    Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.

    + +  + +### Impact to Package Life Cycle + +Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section: + +App-V 5.0 SP2 introduced the concept of pending states. In the past, + +- If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the un-publish or publish operation, respectively, would fail. + +- Now, if a package is in-use the operation will be pended. The un-publish and publish-pend operations will be processed on service restart or if another publish or un-publish command is issued. In the latter case, if the virtual application is in-use otherwise, the virtual application will remain in a pending state. For globally published packages, a restart (or service restart) often needed. + +In a non-persistent environment, it is unlikely these pended operations will be processed. The pended operations, for example tasks are captured under **HKEY\_CURRENT\_USER** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **PendingTasks**. Although this location is persisted by the UPM solution, if it is not applied to the environment prior to log on, it will not be processed. + +### Enhancing the VDI Experience through Performance Optimization Tuning + +The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance. + +**.NET NGEN Blog and Script (Highly Recommended)** + +About NGEN technology + +- [How to speed up NGEN optimaztion](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) + +- [Script](http://aka.ms/DrainNGenQueue) + +**Windows Server and Server Roles** + +Server Performance Tuning Guidelines for + +- [Microsoft Windows Server 2012 R2](http://msdn.microsoft.com/library/windows/hardware/dn529133.aspx) + +- [Microsoft Windows Server 2012](http://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx) + +- [Microsoft Windows Server 2008 R2](http://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx) + +**Server Roles** + +- [Remote Desktop Virtualization Host](http://msdn.microsoft.com/library/windows/hardware/dn567643.aspx) + +- [Remote Desktop Session Host](http://msdn.microsoft.com/library/windows/hardware/dn567648.aspx) + +- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](http://msdn.microsoft.com/library/windows/hardware/dn567678.aspx) + +- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](http://technet.microsoft.com/library/jj134210.aspx) + +**Windows Client (Guest OS) Performance Tuning Guidance** + +- [Microsoft Windows 7](http://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx) + +- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx) + +- [Microsoft Windows 8](http://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf) + +- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx) + +## Sequencing Steps to Optimize Packages for Publishing Performance + + +Several App-V features facilitate new scenarios or enable new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations. + + ++++++ + + + + + + + + + + + + + + + + +
    StepConsiderationBenefitsTradeoffs

    No Feature Block 1 (FB1, also known as Primary FB)

    No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch.If there are network limitations, FB1 will:

    +
      +

    • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.

      • +

    • Delay launch until the entire FB1 has been streamed.

      • +

    Stream faulting decreases the launch time.

    Virtual application packages with FB1 configured will need to be re-sequenced.

    + +  + +### Removing FB1 + +Removing FB1 does not require the original application installer. After completing the following steps, it is suggested that you revert the computer running the sequencer to a clean snapshot. + +**Sequencer UI** - Create a New Virtual Application Package. + +1. Complete the sequencing steps up to Customize -> Streaming. + +2. At the Streaming step, do not select **Optimize the package for deployment over slow or unreliable network**. + +3. If desired, move on to **Target OS**. + +**Modify an Existing Virtual Application Package** + +1. Complete the sequencing steps up to Streaming. + +2. Do not select **Optimize the package for deployment over a slow or unreliable network**. + +3. Move to **Create Package**. + +**PowerShell** - Update an Existing Virtual Application Package. + +1. Open an elevated PowerShell session. + +2. Import-module **appvsequencer**. + +3. **Update-AppvSequencerPackage** - **AppvPackageFilePath** + + "C:\\Packages\\MyPackage.appv" -Installer + + "C:\\PackageInstall\\PackageUpgrade.exe empty.exe" -OutputPath + + "C:\\UpgradedPackages" + + **Note**   + This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. + +   + + ++++++ + + + + + + + + + + + + + + + + +
    StepConsiderationsBenefitsTradeoffs

    No SXS Install at Publish (Pre-Install SxS assemblies)

    Virtual Application packages do not need to be re-sequenced. SxS Assemblies can remain in the virtual application package.

    The SxS Assembly dependencies will not install at publishing time.

    SxS Assembly dependencies must be pre-installed.

    + +  + +### Creating a new virtual application package on the sequencer + +If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is installed as part of an application’s installation, SxS Assembly will be automatically detected and included in the package. The administrator will be notified and will have the option to exclude the SxS Assembly. + +**Client Side**: + +When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Insataller (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur. + + ++++++ + + + + + + + + + + + + + + + + +
    StepConsiderationsBenefitsTradeoffs

    Selectively Employ Dynamic Configuration files

    The App-V client must parse and process these Dynamic Configuration files.

    +

    Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.

    +

    Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.

    Publishing times will improve if these files are used selectively or not at all.

    Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.

    + +  + +### Disabling a Dynamic Configuration using Powershell + +- For already published packages, you can use `Set-AppVClientPackage –Name Myapp –Path c:\Packages\Apps\MyApp.appv` without + + **-DynamicDeploymentConfiguration** parameter + +- Similarly, when adding new packages using `Add-AppVClientPackage –Path c:\Packages\Apps\MyApp.appv`, do not use the + + **-DynamicDeploymentConfiguration** parameter. + +For documentation on How to Apply a Dynamic Configuration, see: + +- [How to Apply the User Configuration File by Using PowerShell](appv-apply-the-user-configuration-file-with-powershell.md) + +- [How to Apply the Deployment Configuration File by Using PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md) + + ++++++ + + + + + + + + + + + + + + + + + + + + + + +
    StepConsiderationsBenefitsTradeoffs

    Account for Synchronous Script Execution during Package Lifecycle.

    If script collateral is embedded in the package, Add (Powershell) may be significantly slower.

    +

    Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.

    Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.

    This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.

    Remove Extraneous Virtual Fonts from Package.

    The majority of applications investigated by the App-V product team contained a small number of fonts, typically fewer than 20.

    Virtual Fonts impact publishing refresh performance.

    Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.

    + +  + +### Determining what virtual fonts exist in the package + +- Make a copy of the package. + +- Rename Package\_copy.appv to Package\_copy.zip + +- Open AppxManifest.xml and locate the following: + + <appv:Extension Category="AppV.Fonts"> + + <appv:Fonts> + + <appv:Font Path="\[{Fonts}\]\\private\\CalibriL.ttf" DelayLoad="true"></appv:Font> + + **Note**   + If there are fonts marked as **DelayLoad**, those will not impact first launch. + +   + + </appv:Fonts> + +### Excluding virtual fonts from the package + +Use the dynamic configuration file that best suits the user scope – deployment configuration for all users on computer, user configuration for specific user or users. + +- Disable fonts with the deployment or user configuration. + +Fonts + +--> + +<Fonts Enabled="false" /> + +<!-- + +## App-V Performance Guidance Terminology + + +The following terms are used when describing concepts and actions related to App-V performance optimization. + +- **Complexity** – Refers to the one or more package characteristics that may impact performance during pre-configure (**Add-AppvClientPackage**) or integration (**Publish-AppvClientPackage**). Some example characteristics are: manifest size, number of virtual fonts, number of files. + +- **De-Integrate** – Removes the user integrations + +- **Re-Integrate** – Applies the user integrations. + +- **Non-Persistent, Pooled** – Creates a computer running a virtual environment each time they log in. + +- **Persistent, Personal** – A computer running a virtual environment that remains the same for every login. + +- **Stateful** - For this document, implies that user integrations are persisted between sessions and a user environment management technology is used in conjunction with non-persistent RDSH or VDI. + +- **Stateless** – Represents a scenario when no user state is persisted between sessions. + +- **Trigger** – (or Native Action Triggers). UPM uses these types of triggers to initiate monitoring or synchronization operations. + +- **User Experience** - In the context of App-V, the user experience, quantitatively, is the sum of the following parts: + + - From the point that users initiate a log-in to when they are able to manipulate the desktop. + + - From the point where the desktop can be interacted with to the point a publishing refresh begins (in PowerShell terms, sync) when using the App-V full server infrastructure. In standalone instances, it is when the **Add-AppVClientPackage** and **Publish-AppVClientPackage Powershell** commands are initiated. + + - From start to completion of the publishing refresh. In standalone instances, this is the first to last virtual application published. + + - From the point where the virtual application is available to launch from a shortcut. Alternatively, it is from the point at which the file type association is registered and will launch a specified virtual application. + +- **User Profile Management** – The controlled and structured approach to managing user components associated with the environment. For example, user profiles, preference and policy management, application control and application deployment. You can use scripting or third-party solutions configure the environment as needed. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Application Virtualization (App-V) overview](appv-for-windows.md) + +  + +  + + + + + diff --git a/windows/manage/appv-planning-checklist.md b/windows/manage/appv-planning-checklist.md new file mode 100644 index 0000000000..91d7f0fe4e --- /dev/null +++ b/windows/manage/appv-planning-checklist.md @@ -0,0 +1,81 @@ +--- +title: App-V Planning Checklist (Windows 10) +description: App-V Planning Checklist +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# App-V Planning Checklist + + +This checklist can be used to help you plan for preparing your organization for an App-V deployment. + +> [!NOTE]    +> This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V deployment. It is recommended that you copy this checklist and customize it for your use. + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TaskReferencesNotes
    Checklist box

    Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.

    [Getting Started with App-V](appv-getting-started.md)

    Checklist box

    Plan for App-V 1.0 Deployment Prerequisites and prepare your computing environment.

    [App-V Prerequisites](appv-prerequisites.md)

    Checklist box

    If you plan to use the App-V management server, plan for the required roles.

    [Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)

    Checklist box

    Plan for the App-V sequencer and client so you to create and run virtualized applications.

    [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)

    Checklist box

    If applicable, review the options and steps for migrating from a previous version of App-V.

    [Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)

    Checklist box

    Plan for running App-V clients using in shared content store mode.

    [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md)

    + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +[Planning for App-V](appv-planning-for-appv.md) diff --git a/windows/manage/appv-planning-folder-redirection-with-appv.md b/windows/manage/appv-planning-folder-redirection-with-appv.md new file mode 100644 index 0000000000..ed2d892f9f --- /dev/null +++ b/windows/manage/appv-planning-folder-redirection-with-appv.md @@ -0,0 +1,146 @@ +--- +title: Planning to Use Folder Redirection with App-V (Windows 10) +description: Planning to Use Folder Redirection with App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Planning to Use Folder Redirection with App-V + +Microsoft Application Virtualization (App-V) supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location. + +This topic contains the following sections: + +- [Requirements for using folder redirection](#bkmk-folder-redir-reqs) + +- [How to configure folder redirection for use with App-V](#bkmk-folder-redir-cfg) + +- [How folder redirection works with App-V](#bkmk-folder-redir-works) + +- [Overview of folder redirection](#bkmk-folder-redir-overview) + +## Requirements and unsupported scenarios for using folder redirection + + + ++++ + + + + + + + + + + +

    Requirements

    To use %AppData% folder redirection, you must:

    +
      +

    • Have an App-V package that has an AppData virtual file system (VFS) folder.

      • +

    • Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.

      • +

    • Roam both or neither of the following:

      +
        +

      • Files under %appdata%\Microsoft\AppV\Client\Catalog

        • +

      • Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages

        +

        For more detail, see [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).

        • +
      • +

    • Ensure that the following folders are available to each user who logs into the computer that is running the App-V client:

      +
        +

      • %AppData% is configured to the desired network location (with or without [Offline Files](http://technet.microsoft.com/library/cc780552.aspx) support).

        • +

      • %LocalAppData% is configured to the desired local folder.

        • +
      • +

    Unsupported scenarios

      +

    • Configuring %LocalAppData% as a network drive.

      • +

    • Redirecting the Start menu to a single folder for multiple users.

      • +

    • If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch, unless the unavailable network share has been enabled for Offline Files.

      • +
    + +  + +## How to configure folder redirection for use with App-V + + +Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, etc. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V. + +## How folder redirection works with App-V + + +The following table describes how folder redirection works when %AppData% is redirected to a network and when you have met the requirements listed earlier in this article. + + ++++ + + + + + + + + + + + + + + + + +
    Virtual environment stateAction that occurs

    When the virtual environment starts

    The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).

    +
      +

    • LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under:

      +

      %LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData

      • +

    • The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.

      • +

    • While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.

      • +

    • Entries to the AppData folder are made using the user context, not the system context.

      • +
    +

    When the virtual environment shuts down

    The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under:

    +

    HKCU\Software\Microsoft\AppV\Client\Packages\<PACKAGE_GUID>\AppDataTime

    +

    To provide redundancy, App-V keeps the three most recent copies of the compressed data under %AppData%.

    + +  + +## Overview of folder redirection + + + ++++ + + + + + + + + + + + + + + + + + + +

    Purpose

    Enables end users to work with files, which have been redirected to another folder, as if the files still existed on the local drive.

    Description

    Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.

    +
      +

    • Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.

      • +

    • The new location can be a folder on the local computer or a folder on a shared network.

      • +

    • Folder redirection updates the files immediately, whereas roaming data is typically synchronized when the user logs in or logs off.

      • +

    Usage example

    You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.

    More resources

    [Folder redirection overview](http://technet.microsoft.com/library/cc778976.aspx)

    + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-planning-for-appv-server-deployment.md b/windows/manage/appv-planning-for-appv-server-deployment.md new file mode 100644 index 0000000000..982d10f933 --- /dev/null +++ b/windows/manage/appv-planning-for-appv-server-deployment.md @@ -0,0 +1,116 @@ +--- +title: Planning for the App-V Server Deployment (Windows 10) +description: Planning for the App-V Server Deployment +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Planning for the App-V Server Deployment + + +The Microsoft Application Virtualization (App-V) server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise. + +## Planning for App-V Server Deployment + + +The App-V server consists of the following features: + +- Management Server – provides overall management functionality for the App-V infrastructure. + +- Management Database – facilitates database predeployments for App-V management. + +- Publishing Server – provides hosting and streaming functionality for virtual applications. + +- Reporting Server – provides App-V reporting services. + +- Reporting Database – facilitates database predeployments for App-V reporting. + +The following list displays the recommended methods for installing the App-V server infrastructure: + +- Install the App-V server. For more information, see [How to Deploy the App-V Server](appv-deploy-the-appv-server.md). + +- Install the database, reporting, and management features on separate computers. For more information, see [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md). + +- Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md). + +- Install all server features on a single computer. + +## App-V Server Interaction + + +This section contains information about how the various App-V server roles interact with each other. + +The App-V Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V Client. App-V publishing servers managed by a single management server can be serving different clients and can have different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other. + +**Note**   +The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests. + +  + +## Server-Related Protocols and External Features + + +The following displays information about server-related protocols used by the App-V servers. The table also includes the reporting mechanism for each server type. + + +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + +
    Server TypeProtocolsExternal Features NeededReporting

    IIS server

    HTTP

    +

    HTTPS

    This server-protocol combination requires a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.

    Internal

    File

    SMB

    This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer with file sharing or streaming capability.

    Internal

    + +  + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Planning to Deploy App-V](appv-planning-to-deploy-appv.md) + +[Deploying the App-V Server](appv-deploying-the-appv-server.md) + +  + +  + + + + + diff --git a/windows/manage/appv-planning-for-appv.md b/windows/manage/appv-planning-for-appv.md new file mode 100644 index 0000000000..3ffee286de --- /dev/null +++ b/windows/manage/appv-planning-for-appv.md @@ -0,0 +1,46 @@ +--- +title: Planning for App-V (Windows 10) +description: Planning for App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Planning for App-V + +Use this information to plan how to deploy App-V so that it does not disrupt your users or the network. + +## Planning information + +- [Preparing Your Environment for App-V](appv-preparing-your-environment.md) + + This section describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V setup. + +- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md) + + This section describes the minimum hardware and software requirements necessary for App-V client, sequencer and server feature installations. Additionally, associated feature planning information is also displayed. + +- [App-V Planning Checklist](appv-planning-checklist.md) + + Planning checklist that can be used to assist in App-V deployment planning. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other resources for App-V planning + +- [Application Virtualization (App-V) overview](appv-for-windows.md) + +- [Getting started with App-V](appv-getting-started.md) + +- [Deploying App-V](appv-deploying-appv.md) + +- [Operations for App-V](appv-operations.md) + +- [Troubleshooting App-V](appv-troubleshooting.md) + +- [Technical reference for App-V](appv-technical-reference.md) diff --git a/windows/manage/appv-planning-for-high-availability-with-appv.md b/windows/manage/appv-planning-for-high-availability-with-appv.md new file mode 100644 index 0000000000..9b84aeeb88 --- /dev/null +++ b/windows/manage/appv-planning-for-high-availability-with-appv.md @@ -0,0 +1,134 @@ +--- +title: Planning for High Availability with App-V Server (Windows 10) +description: Planning for High Availability with App-V Server +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Planning for High Availability with App-V Server + +Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high level of available service. + +Use the information in the following sections to help you understand the options to deploy App-V in a highly available configuration. + +- [Support for Microsoft SQL Server clustering](#bkmk-sqlcluster) + +- [Support for IIS Network Load Balancing](#bkmk-iisloadbal) + +- [Support for clustered file servers when running (SCS) mode](#bkmk-clusterscsmode) + +- [Support for Microsoft SQL Server Mirroring](#bkmk-sqlmirroring) + +- [Support for Microsoft SQL Server Always On](#bkmk-sqlalwayson) + +## Support for Microsoft SQL Server clustering + + +You can run the App-V Management database and Reporting database on computers that are running Microsoft SQL Server clusters. However, you must install the databases using scripts. + +For instructions, see [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md). + +## Support for IIS Network Load Balancing + + +You can use Internet Information Services (IIS) Network Load Balancing to configure a highly available environment for computers running the App-V Management, Publishing, and Reporting services which are deployed through IIS. + +Review the following for more information about configuring IIS and Network Load Balancing for computers running Windows Server operating systems: + +- Provides information about configuring Internet Information Services (IIS) 7.0. + + [Achieving High Availability and Scalability - ARR and NLB](http://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb) + +- Configuring Microsoft Windows Server + + [Network Load Balancing Overview](https://technet.microsoft.com/library/hh831698(v=ws.11).aspx). + + This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012. + + **Note**   + The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows](https://technet.microsoft.com/library/hh831491.aspx). + +## Support for clustered file servers when running SCS mode + +Running App-V Server in Share Content Store (SCS) mode with clustered file servers is supported. + +The following steps can be used to enable this configuration: + +- Configure App-V to run in client SCS mode. For more information about configuring App-V SCS mode, see [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md). + +- Configure the file server cluster, configured in either the scale out mode (which started with Windows Server 2012) or the earlier clustering mode, with a virtual SAN. + +The following steps can be used to validate the configuration: + +1. Add a package on the publishing server. For more information about adding a package, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md). + +2. Perform a publishing refresh on the computer running the App-V client and open an application. + +3. Switch cluster nodes mid-publishing refresh and mid-streaming to ensure failover works correctly. + +Review the following for more information about configuring Windows Server Failover clusters: + +- [Create a Failover Cluster](https://technet.microsoft.com/library/dn505754(v=ws.11).aspx). + +- [Use Cluster Shared Volumes in a Failover Cluster](https://technet.microsoft.com/library/jj612868(v=ws.11).aspx). + +## Support for Microsoft SQL Server Mirroring + +Using Microsoft SQL Server mirroring, where the App-V management server database is mirrored utilizing two SQL Server instances, for App-V management server databases is supported. + +Review the following for more information about configuring Microsoft SQL Server Mirroring: + +- [Prepare a Mirror Database for Mirroring (SQL Server)](https://technet.microsoft.com/library/ms189053.aspx) + +- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://msdn.microsoft.com/library/ms188712.aspx) + +The following steps can be used to validate the configuration: + +1. Initiate a Microsoft SQL Server Mirroring session. + +2. Select **Failover** to designate a new master Microsoft SQL Server instance. + +3. Verify that the App-V management server continues to function as expected after the failover. + +The connection string on the management server can be modified to include **failover partner = <server2>**. This will only help when the primary on the mirror has failed over to the secondary and the computer running the App-V client is doing a fresh connection (say after reboot). + +Use the following steps to modify the connection string to include **failover partner = <server2>**: + +**Important**   +This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. + + +1. Login to the management server and open **regedit**. + +2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**. + +3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the **failover partner = <server2>**. + +4. Restart management service using the IIS console. + + **Note**   + Database Mirroring is on the list of Deprecated Database Engine Features for Microsoft SQL Server 2012 due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012. + +Click any of the following links for more information: + +- [Prepare a Mirror Database for Mirroring (SQL Server)](https://technet.microsoft.com/library/ms189053.aspx). + +- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://technet.microsoft.com/library/ms188712(v=sql.130).aspx). + +- [Deprecated Database Engine Features in SQL Server 2012](https://msdn.microsoft.com/library/ms143729(v=sql.110).aspx). + +## Support for Microsoft SQL Server Always On configuration + +The App-V management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. For more information, see [Always On Availability Groups (SQL Server)](https://technet.microsoft.com/library/hh510230.aspx). + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +[Planning to Deploy App-V](appv-planning-to-deploy-appv.md) diff --git a/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md b/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md new file mode 100644 index 0000000000..1b58aa37ae --- /dev/null +++ b/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md @@ -0,0 +1,154 @@ +--- +title: Planning for Migrating from a Previous Version of App-V (Windows 10) +description: Planning for Migrating from a Previous Version of App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Planning for Migrating from a Previous Version of App-V + + +Use the following information to plan how to migrate to Microsoft Application Virtualization (App-V) from previous versions of App-V. + +## Migration requirements + + +Before you start any upgrades, review the following requirements: + +- If you are upgrading from a version earlier than 4.6 SP2, upgrade to version 4.6 SP2 or version 4.6 SP3 first before upgrading to App-V or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components. + +- App-V supports only packages that are created using App-V 5.0 or App-V, or packages that have been converted to the **.appv** format. + +- If you are upgrading the App-V Server from App-V 5.0 SP1, see [About App-V](appv-about-appv.md#bkmk-migrate-to-51) for instructions. + +## Running the App-V client concurrently with App-V 4.6 SP2 or later + + +You can run the App-V client concurrently on the same computer with the App-V 4.6 SP2 client or App-V 4.6 SP3 client. + +When you run coexisting App-V clients, you can: + +- Convert an App-V 4.6 SP2 or 4.6 SP3 package to the App-V format and publish both packages, when you have both clients running. + +- Define the migration policy for the converted package, which allows the converted App-V package to assume the file type associations and shortcuts from the App-V 4.6 SP2 package. + +### Supported coexistence scenarios + +The following table shows the supported App-V coexistence scenarios. We recommend that you install the latest available updates of a given release when you are running coexisting clients. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    App-V 4.6.x client typeApp-V client type

    App-V 4.6 SP2

    App-V

    App-V 4.6 SP2 RDS

    App-V RDS

    App-V 4.6 SP3

    App-V

    App-V 4.6 SP3 RDS

    App-V RDS

    + +  + +### Requirements for running coexisting clients + +To run coexisting clients, you must: + +- Install the App-V 4.6 SP2 or App-V 4.6 SP3 client before you install the App-V client. + +- Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** > **Client Coexistence** node. To deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](http://technet.microsoft.com/library/dn659707.aspx). + +**Note**   +App-V packages can run side by side with App-V 4.X packages if you have coexisting installations of App-V and 4.X. However, App-V packages cannot interact with App-V 4.X packages in the same virtual environment. + +  + +### Client downloads and documentation + +The following table provides links to the App-V 4.6.x client downloads and to the TechNet documentation about the releases. The downloads include the App-V “regular” and RDS clients. The TechNet documentation about the App-V client applies to both clients, unless stated otherwise. + + +++++ + + + + + + + + + + + + + + + + + + + +
    App-V versionLink to download the clientLink to TechNet documentation

    App-V 4.6 SP2

    [Microsoft Application Virtualization 4.6 Service Pack 2](http://www.microsoft.com/download/details.aspx?id=35513)

    [About Microsoft Application Virtualization 4.6 SP2](http://technet.microsoft.com/library/jj680847.aspx)

    App-V 4.6 SP3

    [Microsoft Application Virtualization 4.6 Service Pack 3](http://www.microsoft.com/download/details.aspx?id=41187)

    [About Microsoft Application Virtualization 4.6 SP3](http://technet.microsoft.com/library/dn511019.aspx)

    + +  + +For more information about how to configure App-V client coexistence, see: + +- [App-V 5.0 Coexistence and Migration](http://technet.microsoft.com/windows/jj835811.aspx) + +## Converting “previous-version” packages using the package converter + + +Before migrating a package, created using App- 4.6 SP2 or earlier, to App-V, review the following requirements: + +- You must convert the package to the **.appv** file format. + +- The Package Converter supports only the direct conversion of packages that were created by using App-V 4.5 and later. To use the package converter on a package that was created using a previous version, you must use an App-V 4.5 or later version of the sequencer to upgrade the package, and then you can perform the package conversion. + +For more information about using the package converter to convert a package, see [How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md). After you convert the file, you can deploy it to target computers that run the App-V client. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Planning to Deploy App-V](appv-planning-to-deploy-appv.md) + +  + +  + + + + + diff --git a/windows/manage/appv-planning-for-sequencer-and-client-deployment.md b/windows/manage/appv-planning-for-sequencer-and-client-deployment.md new file mode 100644 index 0000000000..7da2d52c61 --- /dev/null +++ b/windows/manage/appv-planning-for-sequencer-and-client-deployment.md @@ -0,0 +1,72 @@ +--- +title: Planning for the App-V Sequencer and Client Deployment (Windows 10) +description: Planning for the App-V Sequencer and Client Deployment +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Planning for the App-V Sequencer and Client Deployment + + +Before you can use App-V, you must install the App-V Sequencer, enable the App-V client, and optionally the App-V shared content store. The following sections address planning for these installations. + +## Planning for App-V Sequencer deployment + + +App-V uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V Sequencer. + +> [!NOTE] +> For information about the new functionality of App-V sequencer, see the **Sequencer Improvements** section of [About App-V](appv-about-appv.md). + + +The computer that runs the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V Supported Configurations](appv-supported-configurations.md). + +Ideally, you should install the sequencer on a computer running as a virtual machine. This enables you to more easily revert the computer running the sequencer to a “clean” state before sequencing another application. When you install the sequencer using a virtual machine, you should perform the following steps: + +1. Install all associated sequencer prerequisites. + +2. Install the sequencer. + +3. Take a “snapshot” of the environment. + +> [!IMPORTANT] +>You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns. + + +## Planning for App-V client deployment + +In Windows 10, version 1607, the App-V client is included with the operating system. For more info, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). + +For a list of the client minimum requirements see [App-V Prerequisites](appv-prerequisites.md). + + +## Planning for the App-V Shared Content Store (SCS) + +The App-V Shared Content Store mode allows the computer running the App-V client to run virtualized applications and none of the package contents is saved on the computer running the App-V client. Virtual applications are streamed to target computers only when requested by the client. + +The following list displays some of the benefits of using the App-V Shared Content Store: + +- Reduced app-to-app and multi-user application conflicts and hence a reduced need for regression testing + +- Accelerated application deployment by reduction of deployment risk + +- Simplified profile management + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other resources for the App-V deployment + +- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md) + +## Related topics + +- [How to Install the Sequencer](appv-install-the-sequencer.md) + +- [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) + +- [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md) diff --git a/windows/manage/appv-planning-for-using-appv-with-office.md b/windows/manage/appv-planning-for-using-appv-with-office.md new file mode 100644 index 0000000000..c272ff6893 --- /dev/null +++ b/windows/manage/appv-planning-for-using-appv-with-office.md @@ -0,0 +1,303 @@ +--- +title: Planning for Using App-V with Office (Windows 10) +description: Planning for Using App-V with Office +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Planning for Using App-V with Office + +Use the following information to plan how to deploy Office by using Microsoft Application Virtualization (App-V). This article includes: + +- [App-V support for Language Packs](#bkmk-lang-pack) + +- [Supported versions of Microsoft Office](#bkmk-office-vers-supp-appv) + +- [Planning for using App-V with coexisting versions of Office](#bkmk-plan-coexisting) + +- [How Office integrates with Windows when you deploy use App-V to deploy Office](#bkmk-office-integration-win) + +## App-V support for Language Packs + +You can use the App-V Sequencer to create plug-in packages for Language Packs, Language Interface Packs, Proofing Tools and ScreenTip Languages. You can then include the plug-in packages in a Connection Group, along with the Office 2013 package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in Language Packs interact seamlessly in the same connection group, just like any other packages that are grouped together in a connection group. + +**Note**   +Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack. + +  + +## Supported versions of Microsoft Office + + +The following table lists the versions of Microsoft Office that App-V supports, methods of Office package creation, supported licensing, and supported deployments. + + ++++++ + + + + + + + + + + + + + + + + + + + + + + +
    Supported Office VersionPackage CreationSupported LicensingSupported Deployments

    Office 365 ProPlus

    +

    Also supported:

    +
      +

    • Visio Pro for Office 365

      • +

    • Project Pro for Office 365

      • +

    Office Deployment Tool

    Subscription

      +

    • Desktop

      • +

    • Personal VDI

      • +

    • Pooled VDI

      • +

    • RDS

      • +

    Office Professional Plus 2013

    +

    Also supported:

    +
      +

    • Visio Professional 2013

      • +

    • Project Professional 2013

      • +

    Office Deployment Tool

    Volume Licensing

      +

    • Desktop

      • +

    • Personal VDI

      • +

    • Pooled VDI

      • +

    • RDS

      • +
    + +  + +## Planning for using App-V with coexisting versions of Office + + +You can install more than one version of Microsoft Office side by side on the same computer by using “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSi) version of Office, Click-to-Run, and App-V. However, using Office coexistence is not recommended by Microsoft. + +Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, when you are migrating to a newer version of Office, issues occasionally arise that can’t be resolved immediately, so you can temporarily implement coexistence to help facilitate a faster migration to the latest product version. Using Office coexistence on a long-term basis is never recommended, and your organization should have a plan to fully transition in the immediate future. + +### Before you implement Office coexistence + +Before implementing Office coexistence, review the following Office documentation. Choose the article that corresponds to the newest version of Office for which you plan to implement coexistence. + + ++++ + + + + + + + + + + + + + + + + +
    Office versionLink to guidance

    Office 2013

    [Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](http://support.microsoft.com/kb/2784668)

    Office 2010

    [Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](http://support.microsoft.com/kb/2121447)

    + +  + +The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSi) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments. + +### Supported Office coexistence scenarios + +The following tables summarize the supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience. + +**Note**   +Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service. + +  + +### Windows integrations & Office coexistence + +The Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows operating system. When you use coexistence, common operating system integrations between two Office versions can conflict, causing compatibility and user experience issues. With App-V, you can sequence certain versions of Office to exclude integrations, thereby “isolating” them from the operating system. + + ++++ + + + + + + + + + + + + + + + + + + + + +
    Mode in which App-V can sequence this version of Office

    Office 2007

    Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.

    Office 2010

    Integrated and non-integrated mode.

    Office 2013

    Always integrated. Windows operating system integrations cannot be disabled.

    + +  + +Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://support.microsoft.com/kb/2830069). + +### Known limitations of Office coexistence scenarios + +The following sections describe some issues that you might encounter when using App-V to implement coexistence with Office. + +### Limitations common to Windows Installer-based/Click-to-Run and App-V Office coexistence scenarios + +The following limitations can occur when you install the following versions of Office on the same computer: + +- Office 2010 by using the Windows Installer-based version + +- Office 2013 by using App-V + +After you publish Office 2013 by using App-V side by side with an earlier version of the Windows Installer-based Office 2010 might also cause the Windows Installer to start. This is because the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer. + +To bypass the auto-registration operation for native Word 2010, follow these steps: + +1. Exit Word 2010. + +2. Start the Registry Editor by doing the following: + + - In Windows 7: Click **Start**, type **regedit** in the Start Search box, and then press Enter. + + - In Windows 8.1 or Windows 10, type **regedit** press Enter on the Start page and then press Enter. + + If you are prompted for an administrator password or for a confirmation, type the password, or click **Continue**. + +3. Locate and then select the following registry subkey: + + ``` syntax + HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options + ``` + +4. On the **Edit** menu, click **New**, and then click **DWORD Value**. + +5. Type **NoReReg**, and then press Enter. + +6. Right-click **NoReReg** and then click **Modify**. + +7. In the **Valuedata** box, type **1**, and then click **OK**. + +8. On the File menu, click **Exit** to close Registry Editor. + +## How Office integrates with Windows when you use App-V to deploy Office + + +When you deploy Office 2013 by using App-V, Office is fully integrated with the operating system, which provides end users with the same features and functionality as Office has when it is deployed without App-V. + +The Office 2013 App-V package supports the following integration points with the Windows operating system: + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Extension PointDescription

    Lync meeting Join Plug-in for Firefox and Chrome

    User can join Lync meetings from Firefox and Chrome

    Sent to OneNote Print Driver

    User can print to OneNote

    OneNote Linked Notes

    OneNote Linked Notes

    Send to OneNote Internet Explorer Add-In

    User can send to OneNote from IE

    Firewall Exception for Lync and Outlook

    Firewall Exception for Lync and Outlook

    MAPI Client

    Native apps and add-ins can interact with virtual Outlook through MAPI

    SharePoint Plug-in for Firefox

    User can use SharePoint features in Firefox

    Mail Control Panel Applet

    User gets the mail control panel applet in Outlook

    Primary Interop Assemblies

    Support managed add-ins

    Office Document Cache Handler

    Allows Document Cache for Office applications

    Outlook Protocol Search handler

    User can search in outlook

    Active X Controls

    For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/vs/alm/ms440037(v=office.14).aspx).

    OneDrive Pro Icon Overlays

    Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders

    Shell extensions

    Shortcuts

    Windows Search

    + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md new file mode 100644 index 0000000000..f323d22bfb --- /dev/null +++ b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md @@ -0,0 +1,28 @@ +--- +title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10) +description: Planning to Deploy App-V with an Electronic Software Distribution System +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Planning to Deploy App-V with an electronic software distribution system + +If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816). + +Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages: + +| Deployment requirement or option | Description | +| - | - | +| The App-V Management server, Management database, and Publishing server are not required. | These functions are handled by the implemented ESD solution. | +| You can deploy the App-V Reporting server and Reporting database side by side with the ESD. | The side-by-side deployment lets you to collect data and generate reports.
    If you enable the App-V client to send report information, and you are not using the App-V Reporting server, the reporting data is stored in associated .xml files. | + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Planning to deploy App-V](appv-planning-to-deploy-appv.md) diff --git a/windows/manage/appv-planning-to-deploy-appv.md b/windows/manage/appv-planning-to-deploy-appv.md new file mode 100644 index 0000000000..a18db4a671 --- /dev/null +++ b/windows/manage/appv-planning-to-deploy-appv.md @@ -0,0 +1,74 @@ +--- +title: Planning to Deploy App-V (Windows 10) +description: Planning to Deploy App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Planning to Deploy App-V + +You should consider a number of different deployment configurations and prerequisites before you create your deployment plan for App-V. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. + +## App-V supported configurations + +Describes the minimum hardware and operating system requirements for each App-V components. For information about software prerequisites that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md). + +[App-V Supported Configurations](appv-supported-configurations.md) + +## App-V capacity planning + +Describes the available options for scaling your App-V deployment. + +[App-V Capacity Planning](appv-capacity-planning.md) + +## Planning for high availability with App-V + +Describes the available options for ensuring high availability of App-V databases and services. + +[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md) + +## Planning to Deploy App-V with an Electronic Software Distribution System + +Describes the options and requirements for deploying App-V with an electronic software distribution system. + +[Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) + +## Planning for the App-V Server deployment + +Describes the planning considerations for the App-V Server components and their functions. + +[Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md) + +## Planning for the App-V Sequencer and Client deployment + +Describes the planning considerations for the App-V Client and for the Sequencer software, which you use to create virtual applications and application packages. + +[Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md) + +## Planning for migrating from a previous version of App-V + +Describes the recommended path for migrating from previous versions of App-V, while ensuring that existing server configurations, packages and clients continue to work in your new App-V environment. + +[Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md) + +## Planning for using App-V with Office + +Describes the requirements for using App-V with Office and explains the supported scenarios, including information about coexisting versions of Office. + +[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md) + +## Planning to use folder redirection with App-V + +Explains how folder redirection works with App-V. + +[Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md) + +## Other Resources for App-V Planning + +- [Planning for App-V](appv-planning-for-appv.md) + +- [Performance Guidance for Application Virtualization](appv-performance-guidance.md) diff --git a/windows/manage/appv-preparing-your-environment.md b/windows/manage/appv-preparing-your-environment.md new file mode 100644 index 0000000000..1af564cc9d --- /dev/null +++ b/windows/manage/appv-preparing-your-environment.md @@ -0,0 +1,33 @@ +--- +title: Preparing Your Environment for App-V (Windows 10) +description: Preparing Your Environment for App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Preparing Your Environment for App-V + +There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan for Microsoft Application Virtualization (App-V). This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. + +## App-V prerequisites + +- [App-V Prerequisites](appv-prerequisites.md) + + Lists the prerequisite software that you must install before installing App-V. + +## App-V security considerations + +- [App-V Security Considerations](appv-security-considerations.md) + + Describes accounts, groups, log files, and other considerations for securing your App-V environment. + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Other resources for App-V planning + +- [Planning for App-V](appv-planning-for-appv.md) diff --git a/windows/manage/appv-prerequisites.md b/windows/manage/appv-prerequisites.md new file mode 100644 index 0000000000..b8b112eea4 --- /dev/null +++ b/windows/manage/appv-prerequisites.md @@ -0,0 +1,658 @@ +--- +title: App-V Prerequisites (Windows 10) +description: App-V Prerequisites +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# App-V Prerequisites + + +Before installing App-V, ensure that you have installed all of the following required prerequisite software. + +For a list of supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client, see [App-V Supported Configurations](appv-supported-configurations.md). + +## Summary of software preinstalled on each operating system + + +The following table indicates the software that is already installed for different operating systems. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    Operating systemPrerequisite description

    Windows 10

    All of the prerequisite software is already installed.

    Windows 8.1

    All of the prerequisite software is already installed.

    +
    +Note   +

    If you are running Windows 8, upgrade to Windows 8.1 before using App-V.

    +
    +
    +  +

    Windows Server 2012

    The following prerequisite software is already installed:

    +
      +

    • Microsoft .NET Framework 4.5

      • +

    • Windows PowerShell 3.0

      +
      +Note   +

      Installing Windows PowerShell 3.0 requires a restart.

      +
      +
      +  +
      • +

    Windows 7

    The prerequisite software is not already installed. You must install it before you can install App-V.

    + +  + +## App-V Server prerequisite software + + +Install the required prerequisite software for the App-V Server components. + +### What to know before you start + + ++++ + + + + + + + + + + + + + + + + + + + + + + +

    Account for installing the App-V Server

    The account that you use to install the App-V Server components must have:

    +
      +

    • Administrative rights on the computer on which you are installing the components.

      • +

    • The ability to query Active Directory Domain Services.

      • +

    Port and firewall

      +

    • Specify a port where each component will be hosted.

      • +

    • Add the associated firewall rules to allow incoming requests to the specified ports.

      • +
    +

    Web Distributed Authoring and Versioning (WebDAV)

    WebDAV is automatically disabled for the Management Service.

    Supported deployment scenarios

      +

    • A stand-alone deployment, where all components are deployed on the same server.

      • +

    • A distributed deployment.

      • +

    Unsupported deployment scenarios

      +

    • Installing side-by-side instances of multiple App-V Server versions on the same server.

      • +

    • Installing the App-V server components on a computer that runs server core or domain controller.

      • +
    + +  + +### Management server prerequisite software + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Prerequisites and required settingsDetails

    Supported version of SQL Server

    For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md).

    [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

    [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

    Installing Windows PowerShell 3.0 requires a restart.

    Download and install [KB2533623](http://support.microsoft.com/kb/2533623)

    Applies to Windows 7 only.

    [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

    64-bit ASP.NET registration

    Windows Server Web Server Role

    This role must be added to a server operating system that is supported for the Management server.

    Web Server (IIS) Management Tools

    Click IIS Management Scripts and Tools.

    Web Server Role Services

    Common HTTP Features:

    +
      +

    • Static Content

      • +

    • Default Document

      • +
    +

    Application Development:

    +
      +

    • ASP.NET

      • +

    • .NET Extensibility

      • +

    • ISAPI Extensions

      • +

    • ISAPI Filters

      • +
    +

    Security:

    +
      +

    • Windows Authentication

      • +

    • Request Filtering

      • +
    +

    Management Tools:

    +
      +

    • IIS Management Console

      • +

    Default installation location

    %PROGRAMFILES%\Microsoft Application Virtualization Server

    Location of the Management database

    SQL Server database name, SQL Server database instance name, and database name.

    Management console and Management database permissions

    A user or group that can access the Management console and database after the deployment is complete. Only these users or groups will have access to the Management console and database unless additional administrators are added by using the Management console.

    Management service website name

    Name for the Management console website.

    Management service port binding

    Unique port number for the Management service. This port cannot be used by another process on the computer.

    + +> [!IMPORTANT] +> JavaScript must be enabled on the browser that opens the Web Management Console. + +### Management server database prerequisite software + +The Management database is required only if you are using the App-V Management server. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Prerequisites and required settingsDetails

    [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

    [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

    Default installation location

    %PROGRAMFILES%\Microsoft Application Virtualization Server

    Custom SQL Server instance name (if applicable)

    Format to use: INSTANCENAME

    +

    This format is based on the assumption that the installation is on the local computer.

    +

    If you specify the name with the format SVR\INSTANCE, the installation will fail.

    Custom database name (if applicable)

    Unique database name.

    +

    Default: AppVManagement

    Management server location

    Machine account on which the Management server is deployed.

    +

    Format to use: Domain\MachineAccount

    Management server installation administrator

    Account used to install the Management server.

    +

    Format to use: Domain\AdministratorLoginName

    Microsoft SQL Server Service Agent

    Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](http://technet.microsoft.com/magazine/gg313742.aspx).

    + +  + +### Publishing server prerequisite software + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Prerequisites and required settingsDetails

    [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

    [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

    64-bit ASP.NET registration

    Web Server Role

    This role must be added to a server operating system that is supported for the Management server.

    Web Server (IIS) Management Tools

    Click IIS Management Scripts and Tools.

    Web Server Role Services

    Common HTTP Features:

    +
      +

    • Static Content

      • +

    • Default Document

      • +
    +

    Application Development:

    +
      +

    • ASP.NET

      • +

    • .NET Extensibility

      • +

    • ISAPI Extensions

      • +

    • ISAPI Filters

      • +
    +

    Security:

    +
      +

    • Windows Authentication

      • +

    • Request Filtering

      • +
    +

    Management Tools:

    +
      +

    • IIS Management Console

      • +

    Default installation location

    %PROGRAMFILES%\Microsoft Application Virtualization Server

    Management service URL

    URL of the App-V Management service. This is the port with which the Publishing server communicates.

    + ++++ + + + + + + + + + + + + + + + + +
    Installation architectureFormat to use for the URL

    Management server and Publishing server are installed on the same server

    http://localhost:12345

    Management server and Publishing server are installed on different servers

    http://MyAppvServer.MyDomain.com

    +

     

    +

    Publishing service website name

    Name for the Publishing website.

    Publishing service port binding

    Unique port number for the Publishing service. This port cannot be used by another process on the computer.

    + +  + +### Reporting server prerequisite software + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Prerequisites and required settingsDetails

    Supported version of SQL Server

    For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md).

    [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

    [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

    64-bit ASP.NET registration

    Windows Server Web Server Role

    This role must be added to a server operating system that is supported for the Management server.

    Web Server (IIS) Management Tools

    Click IIS Management Scripts and Tools.

    Web Server Role Services

    To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.

    +

    Common HTTP Features:

    +
      +

    • Static Content

      • +

    • Default Document

      • +
    +

    Application Development:

    +
      +

    • ASP.NET

      • +

    • .NET Extensibility

      • +

    • ISAPI Extensions

      • +

    • ISAPI Filters

      • +
    +

    Security:

    +
      +

    • Windows Authentication

      • +

    • Request Filtering

      • +
    +

    Management Tools:

    +
      +

    • IIS Management Console

      • +

    Default installation location

    %PROGRAMFILES%\Microsoft Application Virtualization Server

    Reporting service website name

    Name for the Reporting website.

    Reporting service port binding

    Unique port number for the Reporting service. This port cannot be used by another process on the computer.

    + +  + +### Reporting database prerequisite software + +The Reporting database is required only if you are using the App-V Reporting server. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Prerequisites and required settingsDetails

    [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

    [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

    Default installation location

    %PROGRAMFILES%\Microsoft Application Virtualization Server

    Custom SQL Server instance name (if applicable)

    Format to use: INSTANCENAME

    +

    This format is based on the assumption that the installation is on the local computer.

    +

    If you specify the name with the format SVR\INSTANCE, the installation will fail.

    Custom database name (if applicable)

    Unique database name.

    +

    Default: AppVReporting

    Reporting server location

    Machine account on which the Reporting server is deployed.

    +

    Format to use: Domain\MachineAccount

    Reporting server installation administrator

    Account used to install the Reporting server.

    +

    Format to use: Domain\AdministratorLoginName

    Microsoft SQL Server Service and Microsoft SQL Server Service Agent

    Configure these services to be associated with user accounts that have access to query AD DS.

    + +  + +## App-V client prerequisite software + + +Install the following prerequisite software for the App-V client. + +> [!NOTE] +> This is not required on Windows 10, version 1607. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    PrerequisiteDetails

    [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

    [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

    +

    Installing PowerShell 3.0 requires a restart.

    [KB2533623](http://support.microsoft.com/kb/2533623)

    Applies to Windows 7 only: Download and install the KB.

    [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

    + +  + +## Remote Desktop Services client prerequisite software + + +Install the following prerequisite software for the App-V Remote Desktop Services client. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    PrerequisiteDetails

    [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

    [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

    +

    Installing PowerShell 3.0 requires a restart.

    [KB2533623](http://support.microsoft.com/kb/2533623)

    Applies to Windows 7 only: Download and install the KB.

    [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)

    + +  + +## Sequencer prerequisite software + + +**What to know before installing the prerequisites:** + +- Best practice: The computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications. + +- The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications cannot exceed those of the Sequencer. For more information, see [App-V Supported Configurations](appv-supported-configurations.md). + + ++++ + + + + + + + + + + + + + + + + + + + + +
    PrerequisiteDetails

    [Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)

    [Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)

    +

    Installing Windows PowerShell 3.0 requires a restart.

    [KB2533623](http://support.microsoft.com/kb/2533623)

    Applies to Windows 7 only: Download and install the KB.

    + + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Planning for App-V](appv-planning-for-appv.md) +- [App-V Supported Configurations](appv-supported-configurations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-publish-a-connection-group.md b/windows/manage/appv-publish-a-connection-group.md new file mode 100644 index 0000000000..9f4e344c77 --- /dev/null +++ b/windows/manage/appv-publish-a-connection-group.md @@ -0,0 +1,39 @@ +--- +title: How to Publish a Connection Group (Windows 10) +description: How to Publish a Connection Group +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Publish a Connection Group + + +After you create a connection group, you must publish it to computers that run the App-V client. + +**To publish a connection group** + +1. Open the App-V Management Console, and select **CONNECTION GROUPS**. + +2. Right-click the connection group to be published, and select **publish**. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +[Managing Connection Groups](appv-managing-connection-groups.md) + +  + +  + + + + + diff --git a/windows/manage/appv-publish-a-packages-with-the-management-console.md b/windows/manage/appv-publish-a-packages-with-the-management-console.md new file mode 100644 index 0000000000..d66b07c352 --- /dev/null +++ b/windows/manage/appv-publish-a-packages-with-the-management-console.md @@ -0,0 +1,56 @@ +--- +title: How to Publish a Package by Using the Management Console (Windows 10) +description: How to Publish a Package by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Publish a Package by Using the Management Console + + +Use the following procedure to publish an App-V package. Once you publish a package, computers that are running the App-V client can access and run the applications in that package. + +**Note**   +The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3. + +  + +**To publish an App-V package** + +1. In the App-V Management console. Click or right-click the name of the package to be published. Select **Publish**. + +2. Review the **Status** column to verify that the package has been published and is now available. If the package is available, the status **published** is displayed. + + If the package is not published successfully, the status **unpublished** is displayed, along with error text that explains why the package is not available. + +**To enable only administrators to publish or unpublish packages** + +1. Navigate to the following Group Policy Object node: + + **Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing**. + +2. Enable the **Require publish as administrator** Group Policy setting. + + To alternatively use PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs). + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +[How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md) + +  + +  + + + + + diff --git a/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md new file mode 100644 index 0000000000..9b3b9d8b15 --- /dev/null +++ b/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md @@ -0,0 +1,51 @@ +--- +title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10) +description: How to Register and Unregister a Publishing Server by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Register and Unregister a Publishing Server by Using the Management Console + + +You can register and unregister publishing servers that will synchronize with the App-V management server. You can also see the last attempt that the publishing server made to synchronize the information with the management server. + +Use the following procedure to register or unregister a publishing server. + +**To register a publishing server using the Management Console** + +1. Connect to the Management Console and select **Servers**. For more information about how to connect to the Management Console, see [How to Connect to the Management Console](appv-connect-to-the-management-console.md). + +2. A list of publishing servers that already synchronize with the management server is displayed. Click Register New Server to register a new server. + +3. Type a computer name of a domain joined computer on the **Server Name** line, to specify a name for the server. You should also include a domain name, for example, **MyDomain\\TestServer**. Click **Check**. + +4. Select the computer and click **Add** to add the computer to the list of servers. The new server will be displayed in the list. + +**To unregister a publishing server using the Management Console** + +1. Connect to the Management Console and select **Servers**. For more information about how to connect to the Management Console, see [How to Connect to the Management Console](appv-connect-to-the-management-console.md). + +2. A list of publishing servers that synchronize with the management server is displayed. + +3. To unregister the server, right-click the computer name and select the computer name and select **unregister server**. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-release-notes-for-appv-for-windows.md b/windows/manage/appv-release-notes-for-appv-for-windows.md new file mode 100644 index 0000000000..4d1302f4f2 --- /dev/null +++ b/windows/manage/appv-release-notes-for-appv-for-windows.md @@ -0,0 +1,162 @@ +--- +title: Release Notes for App-V (Windows 10) +description: Release Notes for App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Release Notes for App-V + + +The following are known issues in Microsoft Application Virtualization (App-V). + +## Error occurs during publishing refresh between App-V 5.0 SP3 Management Server and App-V Client on Windows 10 + + +An error is generated during publishing refresh when synchronizing packages from the App-V 5.0 SP3 management server to an App-V client on Windows 10 . This error occurs because the App-V 5.0 SP3 server does not understand the Windows 10 operating system that is specified in the publishing URL. The issue is fixed for App-V publishing server, but is not backported to versions of App-V 5.0 SP3 or earlier. + +**Workaround**: Upgrade the App-V 5.0 Management server to the App-V Management server for Windows 10 Clients. + +## Custom configurations do not get applied for packages that will be published globally if they are set using the App-V Server + + +If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration will not be applied to those machines. The App-V Client will publish packages assigned to a machine account globally. However, it stores custom configuration files per user in each user’s profile. Globally published packages will not have access to this custom configuration. + +**Workaround**: Do one of the following: + +- Assign the package to groups containing only user accounts. This will ensure that the package’s custom configuration will be stored in each user’s profile and will be applied correctly. + +- Create a custom deployment configuration file and apply it to the package on the client using the Add-AppvClientPackage cmdlet with the –DynamicDeploymentConfiguration parameter. See [About App-V Dynamic Configuration](appv-dynamic-configuration.md) for more information. + +- Create a new package with the custom configuration using the App-V Sequencer. + +## Server files not deleted after new App-V Server installation + + +If you uninstall the App-V 5.0 SP1 Server and then install the App-V Server, the installation fails, the wrong version of the Management server is installed, and an error message is returned. The issue occurs because the Server files are not being deleted when you uninstall App-V 5.0 SP1, so the installation process does an upgrade instead of a new installation. + +**Workaround**: Delete this registry key before you start installing App-V: + +Under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall, locate and delete the installation GUID key that contains the DWORD value "DisplayName" with value data "Microsoft Application Virtualization (App-V) Server". This is the only key that should be deleted. + +## File type associations added manually are not saved correctly + + +File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard are not saved correctly. They will not be available to the App-V Client or to the Sequencer when updating the saved package again. + +**Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer will detect the new association in the system registry and add it to the package’s virtual registry, where it will be available to the client. + +## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, additional data is written to the local disk. + + +To decrease the amount of data written to a client’s local disk, you can enable SCS mode on the App-V Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the client’s local disk that would not otherwise be written. + +**Workaround**: None + +## In the Management Console Add Package dialog box, the Browse button is not available when using Chrome or Firefox + + +On the Packages page of the Management Console, if you click **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you are accessing the Management Console using Chrome or Firefox as your browser, you will not be able to browse to the location of the package. + +**Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you will be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps: + +1. While pressing **Shift**, right-click on the package file + +2. Select **Copy as path** + +3. Paste the path into the **Add Package** dialog box input field + +## Upgrading App-V Management Server to 5.1 sometimes fails with the message “A database error occurred” + + +If you install the App-V 5.0 SP1 Management Server, and then try to upgrade to App-V Server when multiple connection groups are configured and enabled, the following error is displayed: “A database error occurred. Reason: 'Invalid column name 'PackageOptional'. Invalid column name 'VersionOptional'.” + +**Workaround**: Run this command on your SQL database: + +`ALTER TABLE AppVManagement.dbo.PackageGroupMembers ADD PackageOptional bit NOT NULL DEFAULT 0, VersionOptional bit NOT NULL DEFAULT 0` + +where “AppVManagement” is the name of the database. + +## Users cannot open a package in a user-published connection group if you add or remove an optional package + + +In environments that are running the RDS Client or that have multiple concurrent users per computer, logged-in users cannot open applications in packages that are in a user-published connection group if an optional package is added to or removed from the connection group. + +**Workaround**: Have users log out and then log back in. + +## Error message is erroneously displayed when the connection group is published only to the user + + +When you run Repair-AppvClientConnectionGroup, the following error is displayed, even when the connection group is published only to the user: “Internal App-V Integration error: Package not integrated for the user. Please ensure that the package is added to the machine and published to the user.” + +**Workaround**: Do one of the following: + +- Publish all packages in a connection group. + + The problem arises when the connection group being repaired has packages that are missing or not available to the user (that is, not published globally or to the user). However, the repair will work if all of the connection group’s packages are available, so ensure that all packages are published. + +- Repair packages individually using the Repair-AppvClientPackage command rather than the Repair-AppvClientConnectionGroup command. + + Determine which packages are available to users and then run the Repair-AppvClientPackage command once for each package. Use PowerShell cmdlets to do the following: + + 1. Get all the packages in a connection group. + + 2. Check to see if each package is currently published. + + 3. If the package is currently published, run Repair-AppvClientPackage on that package. + +## Icons not displayed properly in Sequencer + + +Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons are not 16x16 or 32x32. + +**Workaround**: Only use icons that are 16x16 or 32x32. + +## InsertVersionInfo.sql script no longer required for the Management Database + + +The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3. + +The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). + +**Important**   +**Step 1** is not required for versions of App-V later than App-V 5.0 SP3. + +  + +## Microsoft Visual Studio 2012 not supported + + +App-V does not support Visual Studio 2012. + +**Workaround**: None + +## Application filename restrictions for App-V Sequencer + + +The App-V Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated. + +**Workaround**: Use a different filename + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[About App-V](appv-about-appv.md) + +  + +  + + + + + diff --git a/windows/manage/appv-reporting.md b/windows/manage/appv-reporting.md new file mode 100644 index 0000000000..a23ad9f73a --- /dev/null +++ b/windows/manage/appv-reporting.md @@ -0,0 +1,322 @@ +--- +title: About App-V Reporting (Windows 10) +description: About App-V Reporting +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# About App-V Reporting + + +Microsoft Application Virtualization (App-V) includes a built-in reporting feature that helps you collect information about computers running the App-V client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database. + +## App-V Reporting Overview + + +The following list displays the end–to-end high-level workflow for reporting in App-V. + +1. The App-V Reporting server has the following prerequisites: + + - Internet Information Service (IIS) web server role + + - Windows Authentication role (under **IIS / Security**) + + - SQL Server installed and running with SQL Server Reporting Services (SSRS) + + To confirm SQL Server Reporting Services is running, view `http://localhost/Reports` in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should display. + +2. Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server. + +3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at . + + **Note**   + If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V. + +   + +4. After importing the App-V PowerShell module using `Import-Module AppvClient` as administrator, enable the App-V client. This sample PowerShell cmdlet enables App-V reporting: + + ``` syntax + Set-AppvClientConfiguration –reportingserverurl : -reportingenabled 1 – ReportingStartTime <0-23> - ReportingRandomDelay <#min> + ``` + + To immediately send App-V report data, run `Send-AppvClientReport` on the App-V client. + + For more information about installing the App-V client with reporting enabled see [About Client Configuration Settings](appv-client-configuration-settings.md). To administer App-V Reporting with Windows PowerShell, see [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md). + +5. After the reporting server receives the data from the App-V client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server and then a notification is sent to the App-V client. + +6. When the App-V client receives the success notification, it empties the data cache to conserve space. + + **Note**   + By default the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache. + +   + + If the App-V client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache. + +### App-V reporting server frequently asked questions + +The following table displays answers to common questions about App-V reporting + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    QuestionMore Information

    What is the frequency that reporting information is sent to the reporting database?

    The frequency depends on how the reporting task is configured on the computer running the App-V client. You must configure the frequency / interval for sending the reporting data. App-V Reporting is not enabled by default.

    What information is stored in the reporting server database?

    The following list displays what is stored in the reporting database:

    +
      +

    • The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.

      • +

    • App-V Client information: version.

      • +

    • Published package list: GUID, version GUID, name.

      • +

    • Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.

      • +

    What is the average volume of information that is sent to the reporting server?

    It depends. The following list displays the three sets of the data sent to the reporting server:

    +
      +

    1. Operating system, and App-V client information. ~150 Bytes, every time this data is sent.

      2. +

    2. Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.

      3. +

    3. Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is DeleteOnSuccess.

      +

      +

      So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user

      4. +

    Can reporting be scheduled?

    Yes. Besides manually sending reporting using PowerShell Cmdlets (Send-AppvClientReport), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:

    +
      +

    1. Using PowerShell cmdlets - Set-AppvClientConfiguration. For example:

      +

      Set-AppvClientConfiguration -ReportingEnabled 1 - ReportingServerURL http://any.com/appv-reporting

      +

      +

      For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md) and look for the following entries: ReportingEnabled, ReportingServerURL, ReportingDataCacheLimit, ReportingDataBlockSize, ReportingStartTime, ReportingRandomDelay, ReportingInterval.

      +

      2. +

    2. By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.

      +
      +Note   +

      Group Policy settings override local settings configured using PowerShell.

      +
      +
      +  +
      3. +
    + +  + +## App-V Client Reporting + + +To use App-V reporting you must install and configure the App-V client. After the client has been installed, use the **Set-AppVClientConfiguration** PowerShell cmdlet or the **ADMX Template** to configure reporting. The reporting feature cmdlets are available by using the following link and are prefaced by **Reporting**. For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md). The following section provides examples of App-V client reporting configuration using PowerShell. + +### Configuring App-V Client reporting using PowerShell + +The following examples show how PowerShell parameters can configure the reporting features of the App-V client. + +**Note**   +The following configuration task can also be configured using Group Policy settings in the App-V ADMX template. For more information about using the ADMX template, see [How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md). + +  + +**To enable reporting and to initiate data collection on the computer running the App-V client**: + +`Set-AppVClientConfiguration –ReportingEnabled 1` + +**To configure the client to automatically send data to a specific reporting server**: + +``` syntax +Set-AppVClientConfiguration –ReportingServerURL http://MyReportingServer:MyPort/ -ReportingStartTime 20 -ReportingInterval 1 -ReportingRandomDelay 30 +``` + +`-ReportingInterval 1 -ReportingRandomDelay 30` + +This example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session. + +**To limit the size of the data cache on the client**: + +`Set-AppvClientConfiguration –ReportingDataCacheLimit 100` + +Configures the maximum size of the reporting cache on the computer running the App-V client to 100 MB. If the cache limit is reached before the data is sent to the server, then the log rolls over and data will be overwritten as necessary. + +**To configure the data block size transmitted across the network between the client and the server**: + +`Set-AppvClientConfiguration –ReportingDataBlockSize 10240` + +Specifies the maximum data block that the client sends to 10240 MB. + +### Types of data collected + +The following table displays the types of information you can collect by using App-V reporting. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Client InformationPackage InformationApplication Usage

    Host Name

    Package Name

    Start and End Times

    App-V Client Version

    Package Version

    Run Status

    Processor Architecture

    Package Source

    Shutdown State

    Operating System Version

    Percent Cached

    Application Name

    Service Pack Level

    Application Version

    Operating System Type

    Username

    Connection Group

    + +  + +The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file. + +### Sending data to the server + +You can configure the computer that is running the App-V client to automatically send data to the specified reporting server. To specify the server use the **Set-AppvClientConfiguration** cmdlet with the following settings: + +- ReportingEnabled + +- ReportingServerURL + +- ReportingStartTime + +- ReportingInterval + +- ReportingRandomDelay + +After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following PowerShell cmdlet: + +`Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess` + +If the reporting server has been previously configured, then the **–URL** parameter can be omitted. Alternatively, if the data should be sent to an alternate location, specify a different URL to override the configured **ReportingServerURL** for this data collection. + +The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache is cleared. If this is not specified, then the cache will not be cleared. + +### Manual Data Collection + +You can also use the **Send-AppVClientReport** cmdlet to manually collect data. This solution is helpful with or without an existing reporting server. The following list displays information about collecting data with or without a reporting server. + + ++++ + + + + + + + + + + + + +
    With a Reporting ServerWithout a Reporting Server

    If you have an existing App-V reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency.

    If you do not have an existing App-V reporting Server, use the –URL parameter to send the data to a specified share. For example:

    +

    Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess

    +

    The previous example will send the reporting data to \\MyShare\MyData\ location indicated by the -URL parameter. After the data has been sent, the cache is cleared.

    +
    +Note   +

    If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing.

    +
    +
    +  +
    + +  + +### Creating Reports + +To retrieve report information and create reports using App-V you must use one of the following methods: + +- **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. + + Use the following link for more information about using [Microsoft SQL Server Reporting Services](http://go.microsoft.com/fwlink/?LinkId=285596). + +- **Scripting** – You can generate reports by scripting directly against the App-V reporting database. For example: + + **Stored Procedure:** + + **spProcessClientReport** is scheduled to run at midnight or 12:00 AM. + + To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=287045). + + The stored procedure is also created when using the App-V database scripts. + +You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server will be able to manage without impacting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Deploying the App-V Server](appv-deploying-the-appv-server.md) + +[How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md) + +  + +  + + + + + diff --git a/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md new file mode 100644 index 0000000000..cdd905e166 --- /dev/null +++ b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md @@ -0,0 +1,190 @@ +--- +title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications (Windows 10) +description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications + + +You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you: + +- Want to install and run an application locally on client computers, but want to virtualize and run specific plug-ins that work with that local application. + +- Are troubleshooting an App-V client package and want to open a local application within the App-V virtual environment. + +Use any of the following methods to open a local application inside the App-V virtual environment: + +- [RunVirtual registry key](#bkmk-runvirtual-regkey) + +- [Get-AppvClientPackage PowerShell cmdlet](#bkmk-get-appvclientpackage-posh) + +- [Command line switch /appvpid:<PID>](#bkmk-cl-switch-appvpid) + +- [Command line hook switch /appvve:<GUID>](#bkmk-cl-hook-switch-appvve) + +Each method accomplishes essentially the same task, but some methods may be better suited for some applications than others, depending on whether the virtualized application is already running. + +## RunVirtual registry key + + +To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections. + +There is no Group Policy setting available to manage this registry key, so you have to use System Center Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry. + +### Supported methods of publishing packages when using RunVirtual + + ++++ + + + + + + + + + + + + + + + + +
    App-V versionSupported publishing methods

    App-V 5.0 SP3 and App-V

    Published globally or to the user

    App-V 5.0 through App-V 5.0 SP2

    Published globally only

    + +  + +### Steps to create the subkey + +1. Using the information in the following table, create a new registry key using the name of the executable file, for example, **MyApp.exe**. + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Package publishing methodWhere to create the registry key

    Published globally

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual

    +

    Example: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe

    Published to the user

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual

    +

    Example: HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe

    Connection group can contain:

    +
      +

    • Packages that are published just globally or just to the user

      • +

    • Packages that are published globally and to the user

      • +

    Either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER key, but all of the following must be true:

    +
      +

    • If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.

      • +

    • Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.

      • +

    • The key under which you create the subkey must match the publishing method you used for the package.

      +

      For example, if you published the package to the user, you must create the subkey under HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual.

      • +
    + +   + +2. Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore. + + **Syntax**: <PackageId>\_<VersionId> + + **Example**: 4c909996-afc9-4352-b606-0b74542a09c1\_be463724-Oct1-48f1-8604-c4bd7ca92fa + + The application in the previous example would produce a registry export file (.reg file) like the following: + + ``` syntax + Windows Registry Editor Version 5.00 + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual] + @="" + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe] + @="aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-555555555 + ``` + +## Get-AppvClientPackage PowerShell cmdlet + + +You can use the **Start-AppVVirtualProcess** cmdlet to retrieve the package name and then start a process within the specified package's virtual environment. This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. + +Use the following example syntax, and substitute the name of your package for **<Package>**: + +`$AppVName = Get-AppvClientPackage ` + +`Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe` + +If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*. + +## Command line switch /appvpid:<PID> + + +You can apply the **/appvpid:<PID>** switch to any command, which enables that command to run within a virtual process that you select by specifying its process ID (PID). Using this method launches the new executable in the same App-V environment as an executable that is already running. + +Example: `cmd.exe /appvpid:8108` + +To find the process ID (PID) of your App-V process, run the command **tasklist.exe** from an elevated command prompt. + +## Command line hook switch /appvve:<GUID> + + +This switch lets you run a local command within the virtual environment of an App-V package. Unlike the **/appvid** switch, where the virtual environment must already be running, this switch enables you to start the virtual environment. + +Syntax: `cmd.exe /appvve:` + +Example: `cmd.exe /appvve:aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-55555555` + +To get the package GUID and version GUID of your application, run the **Get-AppvClientPackage** cmdlet. Concatenate the **/appvve** switch with the following: + +- A colon + +- Package GUID of the desired package + +- An underscore + +- Version ID of the desired package + +If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*. + +This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Technical Reference for App-V](appv-technical-reference.md) + +  + +  + + + + + diff --git a/windows/manage/appv-security-considerations.md b/windows/manage/appv-security-considerations.md new file mode 100644 index 0000000000..79d71d971a --- /dev/null +++ b/windows/manage/appv-security-considerations.md @@ -0,0 +1,145 @@ +--- +title: App-V Security Considerations (Windows 10) +description: App-V Security Considerations +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# App-V Security Considerations + + +This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V). + +**Important**   +App-V is not a security product and does not provide any guarantees for a secure environment. + +  + +## PackageStoreAccessControl (PSAC) feature has been deprecated + + +Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments. + +## General security considerations + + +**Understand the security risks.** The most serious risk to App-V is that its functionality could be hijacked by an unauthorized user who could then reconfigure key data on App-V clients. The loss of App-V functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact. + +**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver. + +**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, subscribe to the Security Notification service (). + +**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (). + +## Accounts and groups in App-V + + +A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V local groups on the App-V servers. + +**Note**   +App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group. + +  + +### App-V server security + +No groups are created automatically during App-V Setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    Group nameDetails

    App-V Management Admin group

    Used to manage the App-V management server. This group is created during the App-V Management Server installation.

    +
    +Important   +

    There is no method to create the group using the management console after you have completed the installation.

    +
    +
    +  +

    Database read/write for Management Service account

    Provides read/write access to the management database. This account should be created during the App-V management database installation.

    App-V Management Service install admin account

    +
    +Note   +

    This is only required if management database is being installed separately from the service.

    +
    +
    +  +

    Provides public access to schema-version table in management database. This account should be created during the App-V management database installation.

    App-V Reporting Service install admin account

    +
    +Note   +

    This is only required if reporting database is being installed separately from the service.

    +
    +
    +  +

    Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.

    + +  + +Consider the following additional information: + +- Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share. + + **Note**   + In previous versions of App-V, package share was referred to as content share. + +   + +- Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API. + +### App-V package security + +The following will help you plan how to ensure that virtualized packages are secure. + +- If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. When the package is deployed, if the file or directory is modified by a user it will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former case occurs if the file or directory does not exist in a virtual file system location; the latter case occurs if the file or directory exists in a virtual file system location, for example **%windir%**. + +## App-V log files + + +During App-V Setup, setup log files are created in the **%temp%** folder of the installing user. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Preparing Your Environment for App-V](appv-preparing-your-environment.md) + +  + +  + + + + + diff --git a/windows/manage/appv-sequence-a-new-application.md b/windows/manage/appv-sequence-a-new-application.md new file mode 100644 index 0000000000..dbae0de06b --- /dev/null +++ b/windows/manage/appv-sequence-a-new-application.md @@ -0,0 +1,240 @@ +--- +title: How to Sequence a New Application with App-V (Windows 10) +description: How to Sequence a New Application with App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Sequence a New Application with App-V + +In Windows 10, version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md). + +**To review or do before you start sequencing** + +1. Determine the type of virtualized application package you want to create: + + | Application type | Description | + | - | - | + | Standard | Creates a package that contains an application or a suite of applications. This is the preferred option for most application types. | + | Add-on or plug-in | Creates a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or for another package that is linked by using connection groups. | + | Middleware | Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages by using connection groups. | + +2. Copy all required installation files to the computer that is running the sequencer. + +3. Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application. + +4. Review the following items: + + - If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package. + + - If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume. + +> [!NOTE] +> The App-V Sequencer cannot sequence applications with filenames matching "CO_<_x_>" where x is any numeral. Error 0x8007139F will be generated. + +**To sequence a new standard application** + +1. On the computer that runs the sequencer, click **All Programs**, and then click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. + +2. In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**. + +3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. + + > [!IMPORTANT] + > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package. + +4. On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**. + +5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. + + > [!NOTE] + > If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package. + + + If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then click **Next**. + + +6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console. + + Click **Next**. + +7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. + + > [!IMPORTANT] + > You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring. + + + Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. + +8. On the **Installation** page, wait while the sequencer configures the virtualized application package. + +9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run. + + > [!NOTE] + > To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step. + + + Click **Next**. + +10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**. + +11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**. + + - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. + + - Specify the operating systems that can run this package. + + Click **Next**. + +12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. + + > [!NOTE] + > If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application. + +   + +13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**. + + > [!IMPORTANT] + > Make sure that the operating systems you specify here are supported by the application you are sequencing. + + +14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. + + To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package. + + > [!IMPORTANT] + > The system does not support non-printable characters in **Comments** and **Descriptions**. + +   + + The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. + +15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created. + + The package is now available in the sequencer. + + > [!IMPORTANT] + > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer. + +   + +**To sequence an add-on or plug-in application** + +> [!NOTE] +>Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer. + +>For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package. + +1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. + +2. In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**. + +3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. + + > [!IMPORTANT] + > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package. + + +4. On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**. + +5. On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. + +6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**. + + Click **Next**. + +7. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V 5.0 Management Console. + + Click **Next**. + +8. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**. + +9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**. + +10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**. + + - Optimize how the package will run across a slow or unreliable network. + + - Specify the operating systems that can run this package. + + Click **Next**. + +11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**. + + > [!NOTE]    + > If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**. + +   + +12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**. + +13. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. + + To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package. + + > [!IMPORTANT]    + > The system does not support non-printable characters in Comments and Descriptions. + +   + + The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. + +**To sequence a middleware application** + +1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. + +2. In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**. + +3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. + + > [!IMPORTANT] + > If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package. + + +4. On the **Type of Application** page, select **Middleware**, and then click **Next**. + +5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. + +6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console. + + Click **Next**. + +7. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**. + +8. On the **Installation** page, wait while the sequencer configures the virtual application package. + +9. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**. + +10. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**. + +11. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. + + To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package. + + > [!IMPORTANT]    + > The system does not support non-printable characters in Comments and Descriptions. +  + + The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. + +12. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure. + + The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**. + + > [!IMPORTANT]    + > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer. + +   + +## Have a suggestion for App-V? +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Install the App-V Sequencer](appv-install-the-sequencer.md) +- [Operations for App-V](appv-operations.md) diff --git a/windows/manage/appv-sequence-a-package-with-powershell.md b/windows/manage/appv-sequence-a-package-with-powershell.md new file mode 100644 index 0000000000..f35388deed --- /dev/null +++ b/windows/manage/appv-sequence-a-package-with-powershell.md @@ -0,0 +1,64 @@ +--- +title: How to sequence a package by using Windows PowerShell (Windows 10) +description: How to sequence a package by using Windows PowerShell +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Sequence a Package by using Windows PowerShell + +Use the following procedure to create a new App-V package using Windows PowerShell. + +> [!NOTE]   +> Before you use this procedure you must copy the associated installer files to the computer running the sequencer and you have read and understand the sequencer section of [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). + +  +**To create a new virtual application by using Windows PowerShell** + +1. Install the App-V sequencer. For more information about installing the sequencer see [How to Install the Sequencer](appv-install-the-sequencer.md). + +2. Click **Start** and type **Windows PowerShell**. Right-click **Windows PowerShell**, and select **Run as Administrator**. + +3. Using the Windows PowerShell console, type the following: **import-module appvsequencer**. + +4. To create a package, use the **New-AppvSequencerPackage** cmdlet. The following parameters are required to create a package: + + - **Name** - specifies the name of the package. + + - **PrimaryVirtualApplicationDirectory** - specifies the path to the directory that will be used to install the application. This path must exist. + + - **Installer** - specifies the path to the associated application installer. + + - **Path** - specifies the output directory for the package. + + For example: + + ``` + New-AppvSequencerPackage –Name -PrimaryVirtualApplicationDirectory -Installer -OutputPath + ``` + + +Wait for the sequencer to create the package. Creating a package by using Windows PowerShell can take time. If the package was not created successfully, an error will be returned. + +The following list displays additional optional parameters that can be used with **New-AppvSequencerPackage** cmdlet: + +- AcceleratorFilePath – specifies the path to the accelerator .cab file to generate a package. + +- InstalledFilesPath - specifies the path to where the local installed files of the application are saved. + +- InstallMediaPath - specifies the path of the installation media + +- TemplateFilePath - specifies the path to a template file if you want to customize the sequencing process. + +- FullLoad - specifies that the package must be fully downloaded to the computer running the App-V before it can be opened. + +## Have a suggestion for App-V? +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md) diff --git a/windows/manage/appv-supported-configurations.md b/windows/manage/appv-supported-configurations.md new file mode 100644 index 0000000000..67662f89bd --- /dev/null +++ b/windows/manage/appv-supported-configurations.md @@ -0,0 +1,657 @@ +--- +title: App-V Supported Configurations (Windows 10) +description: App-V Supported Configurations +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# App-V Supported Configurations + + +This topic specifies the requirements to install and run App-V in your environment. + +## App-V Server system requirements + +This section lists the operating system and hardware requirements for all of the App-V Server components. + +### Unsupported App-V Server scenarios + +The App-V Server does not support the following scenarios: + +- Deployment to a computer that runs the Server Core installation option. + +- Deployment to a computer that runs a previous version of App-V Server components. You can install App-V side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the App-V 4.5 Application Virtualization Management Service (HWS) server is not supported. + +- Deployment to a computer that runs Microsoft SQL Server Express edition. + +- Deployment to a domain controller. + +- Short paths. If you plan to use a short path, you must create a new volume. + +### Management server operating system requirements + +The following table lists the operating systems that are supported for the App-V Management server installation. + + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Operating systemService PackSystem architecture

    Microsoft Windows Server 2016

    64-bit

    Microsoft Windows Server 2012 R2

    64-bit

    Microsoft Windows Server 2012

    64-bit

    Microsoft Windows Server 2008 R2

    SP1

    64-bit

    + +  + +> [!IMPORTANT] +> Deployment of the Management server role to a computer with Remote Desktop Services enabled is not supported. + +  + +### Management server hardware requirements + +- Processor—1.4 GHz or faster, 64-bit (x64) processor + +- RAM—1 GB RAM (64-bit) + +- Disk space—200 MB available hard disk space, not including the content directory + +### Management server database requirements + +The following table lists the SQL Server versions that are supported for the App-V Management database installation. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    SQL Server versionService packSystem architecture

    Microsoft SQL Server 2014

    32-bit or 64-bit

    Microsoft SQL Server 2012

    SP2

    32-bit or 64-bit

    Microsoft SQL Server 2008 R2

    SP3

    32-bit or 64-bit

    + +  + +### Publishing server operating system requirements + +The following table lists the operating systems that are supported for the App-V Publishing server installation. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Operating systemService PackSystem architecture

    Microsoft Windows Server 2016

    64-bit

    Microsoft Windows Server 2012 R2

    64-bit

    Microsoft Windows Server 2012

    64-bit

    Microsoft Windows Server 2008 R2

    SP1

    64-bit

    + +  + +### Publishing server hardware requirements + +App-V adds no additional requirements beyond those of Windows Server. + +- Processor—1.4 GHz or faster, 64-bit (x64) processor + +- RAM—2 GB RAM (64-bit) + +- Disk space—200 MB available hard disk space, not including the content directory + +### Reporting server operating system requirements + +The following table lists the operating systems that are supported for the App-V Reporting server installation. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Operating systemService PackSystem architecture

    Microsoft Windows Server 2016

    64-bit

    Microsoft Windows Server 2012 R2

    64-bit

    Microsoft Windows Server 2012

    64-bit

    Microsoft Windows Server 2008 R2

    SP1

    64-bit

    + +  + +### Reporting server hardware requirements + +App-V adds no additional requirements beyond those of Windows Server. + +- Processor—1.4 GHz or faster, 64-bit (x64) processor + +- RAM—2 GB RAM (64-bit) + +- Disk space—200 MB available hard disk space + +### Reporting server database requirements + +The following table lists the SQL Server versions that are supported for the App-V Reporting database installation. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    SQL Server versionService packSystem architecture

    Microsoft SQL Server 2014

    32-bit or 64-bit

    Microsoft SQL Server 2012

    SP2

    32-bit or 64-bit

    Microsoft SQL Server 2008 R2

    SP3

    32-bit or 64-bit

    + +  + +## App-V client system requirements + + +The following table lists the operating systems that are supported for the App-V client installation. + +> [!NOTE] +> App-V is included with Windows 10, version 1607 and later. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Operating systemService packSystem architecture

    Windows 10, version 1511

    32-bit or 64-bit

    Windows 10, version 1507

    32-bit or 64-bit

    Windows 8.1

    32-bit or 64-bit

    Windows 8

    32-bit or 64-bit

    Windows /p>

    SP1

    32-bit or 64-bit

    + +  + +The following App-V client installation scenarios are not supported, except as noted: + +- Computers that run Windows Server + +- Computers that run App-V 4.6 SP1 or earlier versions + +- The App-V Remote Desktop services client is supported only for RDS-enabled servers + +### App-V client hardware requirements + +The following list displays the supported hardware configuration for the App-V client installation. + +- Processor— 1.4 GHz or faster 32-bit (x86) or 64-bit (x64) processor + +- RAM— 1 GB (32-bit) or 2 GB (64-bit) + +- Disk— 100 MB for installation, not including the disk space that is used by virtualized applications. + +## Remote Desktop Services client system requirements + + +The following table lists the operating systems that are supported for App-V Remote Desktop Services (RDS) client installation. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Operating systemService PackSystem architecture

    Microsoft Windows Server 2016

    64-bit

    Microsoft Windows Server 2012 R2

    64-bit

    Microsoft Windows Server 2012

    64-bit

    Microsoft Windows Server 2008 R2

    SP1

    64-bit

    + +  + +### Remote Desktop Services client hardware requirements + +App-V adds no additional requirements beyond those of Windows Server. + +- Processor—1.4 GHz or faster, 64-bit (x64) processor + +- RAM—2 GB RAM (64-bit) + +- Disk space—200 MB available hard disk space + +## Sequencer system requirements + + +The following table lists the operating systems that are supported for the App-V Sequencer installation. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Operating systemService packSystem architecture

    Microsoft Windows Server 2012 R2

    64-bit

    Microsoft Windows Server 2012

    64-bit

    Microsoft Windows Server 2008 R2

    SP1

    64-bit

    Microsoft Windows 10

    32-bit and 64-bit

    Microsoft Windows 8.1

    32-bit and 64-bit

    Microsoft Windows 8

    32-bit and 64-bit

    Microsoft Windows 7

    SP1

    32-bit and 64-bit

    + +  + +### Sequencer hardware requirements + +See the Windows or Windows Server documentation for the hardware requirements. App-V adds no additional hardware requirements. + +## Supported versions of System Center Configuration Manager + + +The App-V client supports the following versions of System Center Configuration Manager: + +- Microsoft System Center 2012 Configuration Manager + +- System Center 2012 R2 Configuration Manager + +- System Center 2012 R2 Configuration Manager SP1 + +The following App-V and System Center Configuration Manager version matrix shows all officially supported combinations of App-V and Configuration Manager. + + ++++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    App-V VersionSystem Center Configuration Manager 2007System Center 2012 Configuration ManagerSystem Center 2012 Configuration Manager SP1System Center 2012 R2 Configuration ManagerSystem Center 2012 R2 Configuration Manager SP1System Center 2012 Configuration Manager SP2System Center Configuration Manager Version 1511

    App-V 4.5

    R2

    No

    No

    No

    No

    No

    No

    App-V 4.5 CU1

    R2

    No

    No

    No

    No

    No

    No

    App-V 4.5 SP1

    R2

    No

    No

    No

    No

    No

    No

    App-V 4.5 SP2

    R2

    No

    No

    No

    No

    No

    No

    App-V 4.6

    R2, SP1

    No

    No

    No

    No

    No

    No

    App-V 4.6 SP1

    R2, R3, SP2

    Yes

    Yes

    Yes

    No

    No

    No

    App-V 4.6 SP2

    R2, R3, SP2

    Yes

    Yes

    Yes

    No

    No

    No

    App-V 4.6 SP3

    R2, R3, SP2

    No

    Yes

    Yes

    No

    Yes

    Yes

    App-V 5.0

    MSI-Wrapper-Only

    No

    Yes

    Yes

    Yes

    Yes

    Yes

    App-V 5.0 SP1

    MSI-Wrapper Only

    No

    Yes

    Yes

    Yes

    Yes

    Yes

    App-V 5.0 SP2

    MSI-Wrapper Only

    No

    2012 SP1 CU4

    +

    App-V 5.0 HF5 or later

    2012 R2 CU1

    +

    App-V 5.0 HF5 or later

    Yes

    With App-V 5.0 SP2 HF5 or later

    With App-V 5.0 SP2 HF5 or later

    App-V 5.0 SP2 HF4

    MSI-Wrapper Only

    No

    2012 SP1 CU4

    +

    App-V 5.0 HF5 or later

    2012 R2 CU1

    +

    App-V 5.0 HF5 or later

    Yes

    Requires HF5 or later

    Requires HF5 or later

    App-V 5.0 SP3

    MSI-Wrapper Only

    No

    2012 SP1 CU4

    2012 R2 CU1

    Yes

    Yes

    Yes

    App-V

    MSI-Wrapper Only

    No

    2012 SP1 CU4

    2012 R2 CU1

    Yes

    Yes

    Yes

    + +  + +For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](http://technet.microsoft.com/library/jj822982.aspx). + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md) +- [App-V Prerequisites](appv-prerequisites.md) diff --git a/windows/manage/appv-technical-reference.md b/windows/manage/appv-technical-reference.md new file mode 100644 index 0000000000..713d772993 --- /dev/null +++ b/windows/manage/appv-technical-reference.md @@ -0,0 +1,45 @@ +--- +title: Technical Reference for App-V (Windows 10) +description: Technical Reference for App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Technical Reference for App-V + + +This section provides reference information related to managing App-V. + +## In This Section + + +- [Performance Guidance for Application Virtualization](appv-performance-guidance.md) + + Provides strategy and context for a number of performance optimization practices. Not all practices will be applicable although they are supported and have been tested. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience. + +- [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) + + Describes how the following App-V client operations affect the local operating system: App-V files and data storage locations, package registry, package store behavior, roaming registry and data, client application lifecycle management, integration of App-V packages, dynamic configuration, side-by-side assemblies, and client logging. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Creating App-V 4.5 Databases Using SQL Scripting](https://technet.microsoft.com/en-us/itpro/mdop/solutions/creating-app-v-45-databases-using-sql-scripting) + +  + +  + + + + + diff --git a/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md new file mode 100644 index 0000000000..a39449b055 --- /dev/null +++ b/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md @@ -0,0 +1,41 @@ +--- +title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console (Windows 10) +description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console + + +Use the following procedure to transfer the access and default package configurations to another version of a package by using the management console. + +**To transfer access and configurations to another version of a package** + +1. To view the package that you want to configure, open the App-V Management Console. Select the package to which you will transfer the new configuration, right-click the package and select **transfer default configuration from** or **transfer access and configurations from**, depending on the configuration that you want to transfer. + +2. To transfer the configuration, in the **Select Previous Version** dialog box, select the package that contains the settings that you want to transfer, and then click **OK**. + + If you select **transfer default configuration from**, then only the underlying dynamic deployment configuration will be transferred. + + If you select **transfer access and configurations from**, then all access permissions, as well as the configuration settings, will be copied. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-troubleshooting.md b/windows/manage/appv-troubleshooting.md new file mode 100644 index 0000000000..7a8e67b35c --- /dev/null +++ b/windows/manage/appv-troubleshooting.md @@ -0,0 +1,92 @@ +--- +title: Troubleshooting App-V (Windows 10) +description: Troubleshooting App-V +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Troubleshooting App-V + + +Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905). + +## How to Find Troubleshooting Content + + +You can use the following information to find troubleshooting or additional technical content for this product. + +### Search the MDOP Documentation + +The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. + +After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. + +**To search the MDOP product documentation** + +1. Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. + +2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. + +3. Review the search results for assistance. + +**To search the TechNet Wiki** + +1. Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page. + +2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. + +3. Review the search results for assistance. + +## How to Create a Troubleshooting Article + + +If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. + +**To create a TechNet Wiki troubleshooting or best practices article** + +1. Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page. + +2. Log in with your Windows Live ID. + +3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. + +4. Select **Post an article >>** at the bottom of the **Getting Started** section. + +5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. + +6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. + +7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. + +8. Click **Save** to publish the article to the TechNet Wiki. + +## Other resources for troubleshooting App-V + + +- [Application Virtualization (App-V) overview](appv-for-windows.md) + +- [Getting Started with App-V](appv-getting-started.md) + +- [Planning for App-V](appv-planning-for-appv.md) + +- [Deploying App-V](appv-deploying-appv.md) + +- [Operations for App-V](appv-operations.md) + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +  + +  + + + + + diff --git a/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md new file mode 100644 index 0000000000..f544dffb06 --- /dev/null +++ b/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md @@ -0,0 +1,105 @@ +--- +title: Upgrading to App-V for Windows 10 from an existing installation (Windows 10) +description: Upgrading to App-V for Windows 10 from an existing installation +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Upgrading to App-V for Windows 10 from an existing installation + +If you’re already using App-V and you’re planning to upgrade user devices to Windows 10, you need to make only the following few adjustments to your existing environment to start using App-V for Windows 10. + +1. [Upgrade user devices to Windows 10](#upgrade-user-devices-to-windows-10). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings. + +2. [Verify that App-V applications and settings were migrated correctly](#verify-that-app-v-applications-and-settings-were-migrated-correctly). + +3. [Enable the in-box App-V client](#enable-the-in-box-app-v-client). + +4. [Configure the in-box App-V client to point to previously installed App-V server components](#configure-the-in-box-app-v-client-to-point-to-previously-installed-app-v-server-components). + +5. [Verify that the in-box App-V client can receive and launch .appv packages](#verify-that-the-in-box-app-v-client-can-receive-and-launch-appv-packages). + +These steps are explained in more detail below. + +## Upgrade user devices to Windows 10 + +Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings. See the [Windows 10 and Windows 10 Mobile document set](https://technet.microsoft.com/itpro/windows/index) for information about upgrading user devices to Windows 10. + +## Verify that App-V applications and settings were migrated correctly + +After upgrading a user device to Windows 10, it’s important to verify that App-V applications and settings were migrated correctly during the upgrade. + +To verify that the user’s App-V application packages were migrated correctly, type `Get-AppvClientPackage` in Windows PowerShell. + +To verify that the user’s App-V settings were migrated correctly, type `Get-AppvClientConfiguration` in Windows PowerShell. + +## Enable the in-box App-V client + +With Windows 10, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell. + +**To enable the App-V client with Group Policy**: + +1. Open the device’s **Local Group Policy Editor**. + +2. Navigate to **Computer Configuration > Administrative Templates > System > App-V**. + +3. Run **Enables App-V Client** and then select **Enabled** on the screen that appears. + +4. Restart the device. + +**To enable the App-V client with Windows PowerShell**: + +1. Open Windows PowerShell. + +2. Type `Enable-Appv` and press enter. + +3. Restart the device. + +4. To verify that the App-V client is enabled on the device, enter `AppvClientEnabled` or `Get-AppvStatus` in Windows PowerShell. + +## Configure the in-box App-V client to point to previously installed App-V server components + +Once you’ve enabled the in-box App-V client, you need to configure it to point to your existing App-V server components. You can configure the App-V client with Windows PowerShell cmdlets or with the device’s local Group Policy editor. + +**To modify client settings to point to an existing App-V publishing server with Windows PowerShell** + +Type the following cmdlet in a Windows PowerShell window: + +`Add-AppvPublishingServer -Name AppVServer -URL http:// appvserver:2222` + +**To modify client settings to point to an existing App-V publishing server with Group Policy** + +1. Open the device’s **Local Group Policy Editor**. + +2. Navigate to **Computer Configuration > Administrative Templates > System > App-V > Publishing**. + +3. Enter your existing App-V publishing server’s details in **Options** and then click or press **Apply**. + + + +Ensure newly added machine/ user is entitled to receive packages from the server configure in step #2. + +Sync and verify packages and/or connection groups pushed by the App-V server function correctly. + +Validate other package management commands (unpublish, remove etc.). + + + +## Verify that the in-box App-V client can receive and launch .appv packages + +1. Add and publish a package using the following Windows PowerShell cmdlets: + + `Add-AppvClientPackage \\path\to\appv\package.appv | Publish-AppvClientPackage` + +2. Launch the published package. + +3. Unpublish an existing package use the following cmdlet: + + `Unpublish-AppvClientPackage "ContosoApplication"` + +## Have a suggestion for App-V? + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). \ No newline at end of file diff --git a/windows/manage/appv-using-the-client-management-console.md b/windows/manage/appv-using-the-client-management-console.md new file mode 100644 index 0000000000..64affa5f4b --- /dev/null +++ b/windows/manage/appv-using-the-client-management-console.md @@ -0,0 +1,91 @@ +--- +title: Using the App-V Client Management Console (Windows 10) +description: Using the App-V Client Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Using the App-V Client Management Console + + +This topic provides information about how you can configure and manage the Microsoft Application Virtualization (App-V) client. + +## Modify App-V client configuration + + +The App-V client has associated settings that can be configured to determine how the client will run in your environment. You can manage these settings on the computer that runs the client or by using PowerShell or Group Policy. For more information about how to modify the client using PowerShell or Group Policy configuration see, [How to Modify Client Configuration by Using PowerShell](appv-modify-client-configuration-with-powershell.md). + +## The App-V client management console + + +You can obtain information about the App-V client or perform specific tasks by using the App-V client management console. Many of the tasks that you can perform in the client management console you can also perform by using PowerShell. The associated PowerShell cmdlets for each action are also displayed in the following table. For more information about how to use PowerShell, see [Administering App-V by Using PowerShell](appv-administering-appv-with-powershell.md). + +The client management console contains the following described main tabs. + + ++++ + + + + + + + + + + + + + + + + + + + + +
    TabDescription

    Overview

    The Overview tab contains the following elements:

    +
      +

    • Update – Use the Update tile to refresh a virtualized application or to receive a new virtualized package.

      +

      The Last Refresh displays the current version of the virtualized package.

      • +

    • Download all virtual applications – Use the Download tile to download all of the packages provisioned to the current user.

      +

      (Associated PowerShell cmdlet: Mount-AppvClientPackage)

      +

      • +

    • Work Offline – Use this tile to disallow all automatic and manual virtual application updates.

      +

      (Associated PowerShell cmdlet: Set-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled)

      • +

    Virtual Apps

    The VIRTUAL APPS tab displays all of the packages that have been published to the user. You can also click a specific package and see all of the applications that are part of that package. This displays information about packages that are currently in use and how much of each package has been downloaded to the computer. You can also start and stop package downloads. Additionally, you can repair the user state. A repair will delete all user data that is associated with a package.

    +

    App Connection Groups

    The APP CONNECTION GROUPS tab displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group.

    +

    (Associated PowerShell cmdlets: Download - Mount-AppvClientConnectionGroup. Repair -AppvClientConnectionGroup.)

    +

    + +  + +[How to Access the Client Management Console](appv-accessing-the-client-management-console.md) + +[How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md new file mode 100644 index 0000000000..5a89f2304c --- /dev/null +++ b/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md @@ -0,0 +1,45 @@ +--- +title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console (Windows 10) +description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console + + +Use the following procedure to view and configure default package extensions. + +**To view and configure default virtual application extensions** + +1. To view the package that you want to configure, open the App-V Management Console. Select the package that you want to configure, right-click the package name and select **edit default configuration**. + +2. To view the applications contained in the specified package, in the **Default Configuration** pane, click **Applications**. To view the shortcuts for that package, click **Shortcuts**. To view the file type associations for that package, click **File Types**. + +3. To enable the application extensions, select **ENABLE**. + + To enable shortcuts, select **ENABLE SHORTCUTS**. To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane and select **Remove Shortcut**. To edit an existing shortcut, right-click the application and select **Edit Shortcut**. + +4. To view any other application extensions, click **Advanced** and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions associated with the package using the configuration file. + +5. To edit other application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog box, click **Overwrite** to complete the process. + + **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Operations for App-V](appv-operations.md) + +  + +  + + + + + diff --git a/windows/manage/appv-viewing-appv-server-publishing-metadata.md b/windows/manage/appv-viewing-appv-server-publishing-metadata.md new file mode 100644 index 0000000000..abfc25f877 --- /dev/null +++ b/windows/manage/appv-viewing-appv-server-publishing-metadata.md @@ -0,0 +1,264 @@ +--- +title: Viewing App-V Server Publishing Metadata (Windows 10) +description: Viewing App-V Server Publishing Metadata +author: MaggiePucciEvans +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Viewing App-V Server Publishing Metadata + + +Use this procedure to view publishing metadata, which can help you resolve publishing-related issues. You must be using the App-V Management server to use this procedure. + +This article contains the following information: + +- [App-V requirements for viewing publishing metadata](#bkmk-51-reqs-pub-meta) + +- [Syntax to use for viewing publishing metadata](#bkmk-syntax-view-pub-meta) + +- [Query values for client operating system and version](#bkmk-values-query-pub-meta) + +- [Definition of publishing metadata](#bkmk-whatis-pub-metadata) + +## App-V requirements for viewing publishing metadata + + +In App-V, you must provide the following values in the address when you query the App-V Publishing server for metadata: + + ++++ + + + + + + + + + + + + + + + + +
    ValueAdditional details

    ClientVersion

    If you omit the ClientVersion parameter from the query, the metadata excludes the features that were new in App-V 5.0 SP3.

    ClientOS

    You have to provide this value only if you select specific client operating systems when you sequence the package. If you select the default (all operating systems), do not specify this value in the query.

    +

    If you omit the ClientOS parameter from the query, only the packages that were sequenced to support any operating system appear in the metadata.

    + +  + +## Query syntax for viewing publishing metadata + + +The following table provides the syntax and query examples. + + ++++++ + + + + + + + + + + + + + + + + + + + + + + +
    Version of App-VQuery syntaxParameter descriptionsExample

    App-V 5.0 SP3 and App-V

    http://<PubServer>:<Publishing Port#>/?ClientVersion=<AppvClientVersion>&ClientOS=<OSStringValue>

    		 ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterDescription

    <PubServer>

    Name of the App-V Publishing server.

    <Publishing Port#>

    Port to the App-V Publishing server, which you defined when you configured the Publishing server.

    ClientVersion=<AppvClientVersion>

    Version of the App-V client. Refer to the following table for the correct value to use.

    ClientOS=<OSStringValue>

    Operating system of the computer that is running the App-V client. Refer to the following table for the correct value to use.

    +

     

    +

    To get the name of the Publishing server and the port number (http://<PubServer>:<Publishing Port#>) from the App-V Client, look at the URL configuration of the Get-AppvPublishingServer PowerShell cmdlet.

    http://pubsvr01:2718/?clientversion=5.0.10066.0&clientos=WindowsClient_6.2_x64

    +

    In the example:

    +
      +

    • A Windows Server 2012 R2 named “pubsvr01” hosts the Publishing service.

      • +

    • The Windows client is Windows 8.1 64-bit.

      • +

    App-V 5.0 through App-V 5.0 SP2

    http://<PubServer>:<Publishing Port#>/

    +
    +Note   +

    ClientVersion and ClientOS are supported only in App-V 5.0 SP3 and App-V.

    +
    +
    +  +

    See the information for App-V 5.0 SP3 and App-V.

    http://pubsvr01:2718

    +

    In the example, A Windows Server 2012 R2 named “pubsvr01” hosts the Management and Publishing services.

    + +  + +## Query values for client operating system and version + + +In your publishing metadata query, enter the string values that correspond to the client operating system and version that you’re using. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Operating systemArchitectureOperating string string value

    Windows 10

    64-bit

    WindowsClient_10.0_x64

    Windows 10

    32-bit

    WindowsClient_10.0_x86

    Windows 8.1

    64-bit

    WindowsClient_6.2_x64

    Windows 8.1

    32-bit

    WindowsClient_6.2_x86

    Windows 8

    64-bit

    WindowsClient_6.2_x64

    Windows 8

    32-bit

    WindowsClient_6.2_x86

    Windows Server 2012 R2

    64-bit

    WindowsServer_6.2_x64

    Windows Server 2012 R2

    32-bit

    WindowsServer_6.2_x86

    Windows Server 2012

    64-bit

    WindowsServer_6.2_x64

    Windows Server 2012

    32-bit

    WindowsServer_6.2_x86

    Windows 7

    64-bit

    WindowsClient_6.1_x64

    Windows 7

    32-bit

    WindowsClient_6.1_x86

    Windows Server 2008 R2

    64-bit

    WindowsServer_6.1_x64

    Windows Server 2008 R2

    32-bit

    WindowsServer_6.1_x86

    + +  + +## Definition of publishing metadata + + +When packages are published to a computer that is running the App-V client, metadata is sent to that computer indicating which packages and connection groups are being published. The App-V Client makes two separate requests for the following: + +- Packages and connection groups that are entitled to the client computer. + +- Packages and connection groups that are entitled to the current user. + +The Publishing server communicates with the Management server to determine which packages and connection groups are available to the requester. The Publishing server must be registered with the Management server in order for the metadata to be generated. + +You can view the metadata for each request in an Internet browser by using a query that is in the context of the specific user or computer. + +## Have a suggestion for App-V? + + +Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + + +[Technical Reference for App-V](appv-technical-reference.md) + +  + +  + + + + + diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md index f1ea30ec04..60d0c5fc89 100644 --- a/windows/manage/change-history-for-manage-and-update-windows-10.md +++ b/windows/manage/change-history-for-manage-and-update-windows-10.md @@ -21,6 +21,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also - [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) - [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) - [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) +- [Application Virtualization (App-V) for Windows 10](appv-for-windows.md) +- [User Experience Virtualization (UE-V) for Windows 10](uev-for-windows.md) ## July 2016 diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md index 2642bdeb9e..9965ade8d5 100644 --- a/windows/manage/configure-windows-telemetry-in-your-organization.md +++ b/windows/manage/configure-windows-telemetry-in-your-organization.md @@ -16,7 +16,7 @@ author: brianlic-msft - Windows 10 - Windows 10 Mobile -- Windows Server 2016 Technical Preview +- Windows Server 2016 At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating system’s development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how. @@ -36,7 +36,7 @@ Use this article to make informed decisions about how you might configure teleme ## Overview -In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016 Technical Preview, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM. +In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM. For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization. @@ -159,7 +159,7 @@ Microsoft believes in and practices information minimization. We strive to gathe ## Telemetry levels -This section explains the different telemetry levels in Windows 10, Windows Server 2016 Technical Preview, and System Center. These levels are available on all desktop and mobile editions of Windows 10, with the exception of the **Security** level which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016 Technical Preview. +This section explains the different telemetry levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, with the exception of the **Security** level which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. The telemetry data is categorized into four levels: @@ -171,7 +171,7 @@ The telemetry data is categorized into four levels: - **Full**. All data necessary to identify and help to fix problems, plus data from the **Security**, **Basic**, and **Enhanced** levels. -The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016 Technical Preview. +The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016. ![breakdown of telemetry levels and types of administrative controls](images/priv-telemetry-levels.png) @@ -216,7 +216,7 @@ The Basic level gathers a limited set of data that’s critical for understandin The data gathered at this level includes: -- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 Technical Preview in the ecosystem. Examples include: +- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 in the ecosystem. Examples include: - Device attributes, such as camera resolution and display type @@ -306,7 +306,7 @@ We do not recommend that you turn off telemetry in your organization as valuable You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on. -The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 Technical Preview is **Enhanced**. +The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 is **Enhanced**. ### Configure the operating system telemetry level diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md index 90eaa4a016..37005acc03 100644 --- a/windows/manage/group-policies-for-enterprise-and-education-editions.md +++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md @@ -26,7 +26,8 @@ In Windows 10, version 1607, the following Group Policies apply only to Windows | **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md | | **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) | | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md) | -| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

    User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). | +| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

    User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). | +| **Only display the private store within the Windows Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app

    User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app | For more info, see [Manage access to private store](manage-access-to-private-store.md) | | **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) | diff --git a/windows/manage/images/app-v-in-adk.png b/windows/manage/images/app-v-in-adk.png new file mode 100644 index 0000000000..a36ef9f00f Binary files /dev/null and b/windows/manage/images/app-v-in-adk.png differ diff --git a/windows/manage/images/checklistbox.gif b/windows/manage/images/checklistbox.gif new file mode 100644 index 0000000000..8af13c51d1 Binary files /dev/null and b/windows/manage/images/checklistbox.gif differ diff --git a/windows/manage/images/deploymentworkflow.png b/windows/manage/images/deploymentworkflow.png new file mode 100644 index 0000000000..b665a0bfea Binary files /dev/null and b/windows/manage/images/deploymentworkflow.png differ diff --git a/windows/manage/images/packageaddfileandregistrydata-global.png b/windows/manage/images/packageaddfileandregistrydata-global.png new file mode 100644 index 0000000000..775e290a36 Binary files /dev/null and b/windows/manage/images/packageaddfileandregistrydata-global.png differ diff --git a/windows/manage/images/packageaddfileandregistrydata-stream.png b/windows/manage/images/packageaddfileandregistrydata-stream.png new file mode 100644 index 0000000000..0e1205c62b Binary files /dev/null and b/windows/manage/images/packageaddfileandregistrydata-stream.png differ diff --git a/windows/manage/images/packageaddfileandregistrydata.png b/windows/manage/images/packageaddfileandregistrydata.png new file mode 100644 index 0000000000..603420e627 Binary files /dev/null and b/windows/manage/images/packageaddfileandregistrydata.png differ diff --git a/windows/manage/images/uev-adk-select-uev-feature.png b/windows/manage/images/uev-adk-select-uev-feature.png new file mode 100644 index 0000000000..1556f115c0 Binary files /dev/null and b/windows/manage/images/uev-adk-select-uev-feature.png differ diff --git a/windows/manage/images/uev-archdiagram.png b/windows/manage/images/uev-archdiagram.png new file mode 100644 index 0000000000..eae098e666 Binary files /dev/null and b/windows/manage/images/uev-archdiagram.png differ diff --git a/windows/manage/images/uev-checklist-box.gif b/windows/manage/images/uev-checklist-box.gif new file mode 100644 index 0000000000..8af13c51d1 Binary files /dev/null and b/windows/manage/images/uev-checklist-box.gif differ diff --git a/windows/manage/images/uev-deployment-preparation.png b/windows/manage/images/uev-deployment-preparation.png new file mode 100644 index 0000000000..b665a0bfea Binary files /dev/null and b/windows/manage/images/uev-deployment-preparation.png differ diff --git a/windows/manage/images/uev-generator-process.png b/windows/manage/images/uev-generator-process.png new file mode 100644 index 0000000000..e16cedd0a7 Binary files /dev/null and b/windows/manage/images/uev-generator-process.png differ diff --git a/windows/manage/index.md b/windows/manage/index.md index 4d01c0d616..eba6dd0e9c 100644 --- a/windows/manage/index.md +++ b/windows/manage/index.md @@ -40,34 +40,43 @@ Learn about managing and updating Windows 10.

    [Windows Spotlight on the lock screen](windows-spotlight.md)

    Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen.

    - +

    [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md)

    Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Enterprise or Windows 10 Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes.

    - +

    [Lock down Windows 10](lock-down-windows-10.md)

    Enterprises often need to manage how people use corporate devices. Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.

    - +

    [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)

    Devices running Windows 10 Mobile can join Azure Active Directory (Azure AD) when the device is configured during the out-of-box experience (OOBE).

    - +

    [Configure devices without MDM](configure-devices-without-mdm.md)

    Create a runtime provisioning package to apply settings, profiles, and file assets to a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise.

    - +

    [Windows 10 servicing options](introduction-to-windows-10-servicing.md)

    This article describes the new servicing options available in Windows 10, Windows 10 Mobile, and Windows 10 IoT Core (IoT Core) and how they enable enterprises to keep their devices current with the latest feature upgrades. It also covers related topics, such as how enterprises can make better use of Windows Update, and what the new servicing options mean for support lifecycles.

    - +

    [Application development for Windows as a service](application-development-for-windows-as-a-service.md)

    In today’s environment, where user expectations frequently are set by device-centric experiences, complete product cycles need to be measured in months, not years. Additionally, new releases must be made available on a continual basis, and must be deployable with minimal impact on users. Microsoft designed Windows 10 to meet these requirements by implementing a new approach to innovation, development, and delivery called [Windows as a service (WaaS)](introduction-to-windows-10-servicing.md). The key to enabling significantly shorter product cycles while maintaining high quality levels is an innovative community-centric approach to testing that Microsoft has implemented for Windows 10. The community, known as Windows Insiders, is comprised of millions of users around the world. When Windows Insiders opt in to the community, they test many builds over the course of a product cycle and provide feedback to Microsoft through an iterative methodology called flighting.

    + +

    [Application Virtualization for Windows (App-V)](appv-for-windows.md)

    +

    When you deploy Application Virtualization (App-V) in your orgnazation, you can deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.

    + +

    [User Experience Virtualization for Windows (UE-V)](uev-for-windows.md)

    +

    When you deploy User Experience Virtualization (UE-V) in your organization, you can synchronize users' personalized application and operating system settings across all the devices they work from. UE-V allows you to capture user-customized application and Windows settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.

    + +

    [Windows Store for Business](windows-store-for-business.md)

    Welcome to the Windows Store for Business! You can use the Store for Business, to find, acquire, distribute, and manage apps for your organization.

    - + +

    [Change history for Manage and update Windows 10](change-history-for-manage-and-update-windows-10.md)

    This topic lists new and updated topics in the Manage and update Windows 10 documentation for [Windows 10 and Windows 10 Mobile](../index.md).

    @@ -76,5 +85,6 @@ Learn about managing and updating Windows 10.   ## Related topics [Windows 10 and Windows 10 Mobile](../index.md) +   - [Learn how Microsoft does IT at the IT Showcase](https://www.microsoft.com/itshowcase) +[Learn how Microsoft does IT at the IT Showcase](https://www.microsoft.com/itshowcase) diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 7ee54e402b..d1bedc3492 100644 --- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1181,7 +1181,10 @@ If you're not running Windows 10, version 1607 or later, you can use the other o - Configure the following in **Settings**: - - **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Show me tips, tricks, and more on the lock screen**. + - **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen**. + + > [!NOTE] + > In Windows 10, version 1507 and Windows 10, version 1511, this setting was called **Show me tips, tricks, and more on the lock screen**. - **Personalization** > **Start** > **Occasionally show suggestions in Start**. diff --git a/windows/manage/manage-tips-and-suggestions.md b/windows/manage/manage-tips-and-suggestions.md index f9e05fc19e..f64642592b 100644 --- a/windows/manage/manage-tips-and-suggestions.md +++ b/windows/manage/manage-tips-and-suggestions.md @@ -30,7 +30,8 @@ Since its inception, Windows 10 has included a number of user experience feature * **Microsoft account notifications**. For users who have a connected Microsoft account, toast notifications about their account like parental control notifications or subscription expiration. -Windows 10 tips, tricks, and suggestions and Windows Store suggestions can be turned on or off by users. For example, users are able to select personal photos for the lock screen as opposed to the images provided by Microsoft, or turn off tips, tricks, or suggestions as they use Windows. +>[!TIP] +> On all Windows desktop editions, users can directly enable and disable Windows 10 tips, tricks, and suggestions and Windows Store suggestions. For example, users are able to select personal photos for the lock screen as opposed to the images provided by Microsoft, or turn off tips, tricks, or suggestions as they use Windows. Windows 10, version 1607 (also known as the Anniversary Update), provides organizations the ability to centrally manage the type of content provided by these features through Group Policy or mobile device management (MDM). The following table describes how administrators can manage suggestions and tips in Windows 10 commercial and education editions. diff --git a/windows/manage/uev-accessibility.md b/windows/manage/uev-accessibility.md new file mode 100644 index 0000000000..e54c168813 --- /dev/null +++ b/windows/manage/uev-accessibility.md @@ -0,0 +1,88 @@ +--- +title: Accessibility for UE-V +description: Accessibility for UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Accessibility for UE-V + + +Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. + +## Access any command with a few keystrokes + + +You can access most commands by using two keystrokes. To use an access key: + +1. Press Alt. + + The keyboard shortcuts are displayed over each feature that is available in the current view. + +2. Press the letter that is shown in the keyboard shortcut over the feature that you want to use. + +### Documentation in alternative formats + +If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally, formerly known as Recording for the Blind & Dyslexic, Inc. Learning Ally distributes these documents to registered, eligible members of their distribution service. + +For information about the availability of Microsoft product documentation and books from Microsoft Press, use the following contact. + + ++++ + + + + + + + + + + + + + + + + + + + + + + +

    Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

    +

    20 Roszel Road

    +

    Princeton, NJ 08540

    Telephone number from within the United States:

    (800) 221-4792

    Telephone number from outside the United States and Canada:

    (609) 452-0606

    Fax:

    (609) 987-8116

    [http://www.learningally.org/](http://go.microsoft.com/fwlink/p/?linkid=239)

    Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.

    + +  + +### Customer service for people with hearing impairments + +If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: + +- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. + +- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. + +Microsoft Support Services are subject to the prices, terms, and conditions in place at the time that the service is used. + +## For more information + + +For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://www.microsoft.com/enable/default.aspx). + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Technical Reference for UE-V](uev-technical-reference.md) diff --git a/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md new file mode 100644 index 0000000000..081924a8c9 --- /dev/null +++ b/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md @@ -0,0 +1,39 @@ +--- +title: Administering UE-V with Windows PowerShell and WMI +description: Administering UE-V with Windows PowerShell and WMI +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Administering UE-V with Windows PowerShell and WMI + + +User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks. The following sections provide more information about using Windows PowerShell in UE-V. + +**Note**   +Administering UE-V with Windows PowerShell requires PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V Cmdlet Reference](http://go.microsoft.com/fwlink/p/?LinkId=393495). + +## Managing the UE-V service and packages by using Windows PowerShell and WMI + +You can use Windows PowerShell and Windows Management Instrumentation (WMI) to manage UE-V service configuration and synchronization behavior. The following topic describes how to manage configuration and synchronization. + +[Managing the UE-V Service and Packages with Windows PowerShell and WMI](uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md) + +## Managing UE-V settings location templates by using Windows PowerShell and WMI + + +After you create and deploy UE-V settings location templates, you can manage those templates by using Windows PowerShell or WMI. The following topic describes how to manage the settings location templates by using Windows PowerShell and WMI. + +[Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md) + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Administering UE-V](uev-administering-uev.md) diff --git a/windows/manage/uev-administering-uev.md b/windows/manage/uev-administering-uev.md new file mode 100644 index 0000000000..83f4e99a1b --- /dev/null +++ b/windows/manage/uev-administering-uev.md @@ -0,0 +1,73 @@ +--- +title: Administering UE-V +description: Administering UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Administering UE-V + +After you finish deploying User Experience Virtualization (UE-V), you'll perform ongoing administrative tasks, such as managing the configuration of the UE-V service and recovering lost settings. These tasks are explained in the following sections. + +## Managing UE-V configurations + + +In the course of the UE-V lifecycle, you'll manage the configuration of the UE-V service and also manage storage locations for resources such as settings package files. + +[Manage Configurations for UE-V](uev-manage-configurations.md) + +## Working with custom UE-V templates and the UE-V template generator + + +This topic explains how to use the UE-V template generator and manage custom settings location templates. + +[Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md) + +## Back up and restore application and Windows settings that are synchronized with UE-V + + +Windows Management Instrumentation (WMI) and Windows PowerShell features of UE-V allow you to restore settings packages. By using WMI and Windows PowerShell commands, you can restore application and Windows settings to their original state and restore additional settings when a user adopts a new device. + +[Manage Administrative Backup and Restore in UE-V](uev-manage-administrative-backup-and-restore.md) + +## Changing the frequency of UE-V scheduled tasks + + +You can configure the scheduled tasks that manage when UE-V checks for new or updated settings or for updated custom settings location templates in the settings template catalog. + +[Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md) + +## Migrating UE-V settings packages + + +You can relocate the user settings packages either when they migrate to a new server or for backup purposes. + +[Migrating UE-V Settings Packages](uev-migrating-settings-packages.md) + +## Using UE-V with Application Virtualization applications + + +You can use UE-V with Microsoft Application Virtualization (App-V) to share settings between virtual applications and installed applications across multiple computers. + +[Using UE-V with Application Virtualization Applications](uev-using-uev-with-application-virtualization-applications.md) + +## Other resources for this feature + + +- [User Experience Virtualization for Windows overview](uev-for-windows.md) + +- [Get Started with UE-V](uev-getting-started.md) + +- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) + +- [Troubleshooting UE-V](uev-troubleshooting.md) + +- [Technical Reference for UE-V](uev-technical-reference.md) + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). diff --git a/windows/manage/uev-application-template-schema-reference.md b/windows/manage/uev-application-template-schema-reference.md new file mode 100644 index 0000000000..c5c7a98379 --- /dev/null +++ b/windows/manage/uev-application-template-schema-reference.md @@ -0,0 +1,964 @@ +--- +title: Application Template Schema Reference for UE-V +description: Application Template Schema Reference for UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Application Template Schema Reference for UE-V + + +User Experience Virtualization (UE-V) uses XML settings location templates to define the desktop application settings and Windows settings that are captured and applied by UE-V. UE-V includes a set of default settings location templates. You can also create custom settings location templates with the UE-V template generator. + +An advanced user can customize the XML file for a settings location template. This topic details the XML structure of the UE-V settings location templates and provides guidance for editing these files. + +## UE-V Application Template Schema Reference + + +This section details the XML structure of the UE-V settings location template and provides guidance for editing this file. + +### In This Section + +- [XML Declaration and Encoding Attribute](#xml21) + +- [Namespace and Root Element](#namespace21) + +- [Data types](#data21) + +- [Name Element](#name21) + +- [ID Element](#id21) + +- [Version Element](#version21) + +- [Author Element](#author21) + +- [Processes and Process Element](#processes21) + +- [Application Element](#application21) + +- [Common Element](#common21) + +- [SettingsLocationTemplate Element](#settingslocationtemplate21) + +- [Appendix: SettingsLocationTemplate.xsd](#appendix21) + +### XML Declaration and Encoding Attribute + +**Mandatory: True** + +**Type: String** + +The XML declaration must specify the XML version 1.0 attribute (<?xml version="1.0">). Settings location templates created by the UE-V template generator are saved in UTF-8 encoding, although the encoding is not explicitly specified. We recommend that you include the encoding="UTF-8" attribute in this element as a best practice. All templates included with the product specify this tag as well (see the documents in %ProgramFiles%\\Microsoft User Experience Virtualization\\Templates for reference). For example: + +`` + +### Namespace and Root Element + +**Mandatory: True** + +**Type: String** + +UE-V uses the http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag: + +`` + +### Data types + +These are the data types for the UE-V application template schema. + +**GUID** +GUID describes a standard globally unique identifier regular expression in the form "\\{\[a-fA-F0-9\]{8}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{12}\\}". This is used in the Filesetting\\Root\\KnownFolder element to verify the formatting of well-known folders. + +**FilenameString** +FilenameString refers to the file name of a process to be monitored. Its values are restricted by the regex \[^\\\\\\?\\\*\\|<>/:\]+, (that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon characters). + +**IDString** +IDString refers to the ID value of Application elements, SettingsLocationTemplate, and Common elements (used to describe application suites that share common settings). It is restricted by the same regex as FilenameString (\[^\\\\\\?\\\*\\|<>/:\]+). + +**TemplateVersion** +TemplateVersion is an integer value used to describe the revision of the settings location template. Its value may range from 0 to 2147483647. + +**Empty** +Empty refers to a null value. This is used in Process\\ShellProcess to indicate that there is no process to monitor. This value should not be used in any application templates. + +**Author** +The Author data type is a complex type that identifies the author of a template. It contains two child elements: **Name** and **Email**. Within the Author data type, the Name element is mandatory while the Email element is optional. This type is described in more detail under the SettingsLocationTemplate element. + +**Range** +Range defines an integer class consisting of two child elements: **Minimum** and **Maximum**. This data type is implemented in the ProcessVersion data type. If specified, both Minimum and Maximum values must be included. + +**ProcessVersion** +ProcessVersion defines a type with four child elements: **Major**, **Minor**, **Build**, and **Patch**. This data type is used by the Process element to populate its ProductVersion and FileVersion values. The data for this type is a Range value. The Major child element is mandatory and the others are optional. + +**Architecture** +Architecture enumerates two possible values: **Win32** and **Win64**. These values are used to specify process architecture. + +**Process** +The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type: + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    Element

    Data Type

    Mandatory

    Filename

    FilenameString

    True

    Architecture

    Architecture

    False

    ProductName

    String

    False

    FileDescription

    String

    False

    ProductVersion

    ProcessVersion

    False

    FileVersion

    ProcessVersion

    False

    + +  + +**Processes** +The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence. + +**Path** +Path is consumed by RegistrySetting and FileSetting to refer to registry and file paths. This element supports two optional attributes: **Recursive** and **DeleteIfNotFound**. Both values are set to default=”False”. + +Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders are not included. For registry paths, all values in the current path are captured but child registry keys are not captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items. + +The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server. + +**FileMask** +FileMask specifies only certain file types for the folder that is defined by Path. For example, Path might be `C:\users\username\files` and FileMask could be `*.txt` to include only text files. + +**RegistrySetting** +RegistrySetting represents a container for registry keys and values and the associated desired behavior on the part of the UE-V service. Four child elements are defined within this type: **Path**, **Name**, **Exclude**, and a sequence of the values **Path** and **Name**. + +**FileSetting** +FileSetting contains parameters associated with files and files paths. Four child elements are defined: **Root**, **Path**, **FileMask**, and **Exclude**. Root is mandatory and the others are optional. + +**Settings** +Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described: + + ++++ + + + + + + + + + + + + + + + + + + +

    Element

    Description

    Asynchronous

    Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.

    PreventOverlappingSynchronization

    By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.

    AlwaysApplySettings

    This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.

    + +  + +### Name Element + +**Mandatory: True** + +**Type: String** + +Name specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this can be objected from the ProductVersion element. For example, specify `My Application` rather than `My Application 1.1`. + +**Note**   +UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document. + +See for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V template generator converts character entities to their Unicode representations automatically. + +  + +### ID Element + +**Mandatory: True** + +**Type: String** + +ID populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime (for example, see the output of the Get-UevTemplate and Get-UevTemplateProgram PowerShell cmdlets). By convention, this tag should not contain any spaces, which simplifies scripting. Version numbers of applications should be specified in this element to allow for easy identification of the template, such as `MicrosoftOffice2016Win64`. + +### Version Element + +**Mandatory: True** + +**Type: Integer** + +**Minimum Value: 0** + +**Maximum Value: 2147483647** + +Version identifies the version of the settings location template for administrative tracking of changes. The UE-V template generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `2.5` are not allowed. + +**Hint:** You can save notes about version changes using XML comment tags ``, for example: + +``` syntax + + 4 +``` + +**Important**   +This value is queried to determine if a new version of a template should be applied to an existing template in these instances: + +- When the scheduled Template Auto Update task executes + +- When the Update-UevTemplate PowerShell cmdlet is executed + +- When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI + +  + +### Author Element + +**Mandatory: False** + +**Type: String** + +Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V). + +### Processes and Process Element + +**Mandatory: True** + +**Type: Element** + +Processes contains at least one `` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example: + +``` syntax + + MyApplication.exe + Win64 + MyApplication + MyApplication.exe + + + + + + + + + + + + + +``` + +### Filename + +**Mandatory: True** + +**Type: String** + +Filename refers to the actual file name of the executable as it appears in the file system. This element specifies the primary criterion that UE-V uses to evaluate whether a template applies to a process or not. This element must be specified in the settings location template XML. + +Valid filenames must not match the regular expression \[^\\\\\\?\\\*\\|<>/:\]+, that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon (the \\ ? \* | < > / or : characters.). + +**Hint:** To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**: + +`"YourFileName.exe" -match "[\\\?\*\|<>/:]+"` + +A value of **True** indicates that the string contains illegal characters. Here are some examples of illegal values: + +- \\\\server\\share\\program.exe + +- Program\*.exe + +- Pro?ram.exe + +- Program<1>.exe + +**Note**   +The UE-V template generator encodes the greater than and less than characters as > and < respectively. + +  + +In rare circumstances, the FileName value will not necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplication.exe` should be specified instead of `MyApplication`. The second example will not apply the template to the process if the actual name of the executable file is “MyApplication.exe”. + +### Architecture + +**Mandatory: False** + +**Type: Architecture (String)** + +Architecture refers to the processor architecture for which the target executable was compiled. Valid values are Win32 for 32-bit applications or Win64 for 64-bit applications. If present, this tag limits the applicability of the settings location template to a particular application architecture. For an example of this, compare the %ProgramFiles%\\Microsoft User Experience Virtualization\\templates\\ MicrosoftOffice2016Win32.xml and MicrosoftOffice2016Win64.xml files included with UE-V. This is useful when relative paths change between different versions of an executable or if settings have been added or removed when moving from one processor architecture to another. + +If this element is absent, the settings location template ignores the process’ architecture and applies to both 32 and 64-bit processes if the file name and other attributes apply. + +**Note**   +UE-V does not support ARM processors in this version. + +  + +### ProductName + +**Mandatory: False** + +**Type: String** + +ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example: + +``` syntax + + MyApplication.exe + My Application 6.x by Contoso.com + + + + +``` + +### FileDescription + +**Mandatory: False** + +**Type: String** + +FileDescription is an optional tag that allows for an administrative description of the executable file. This is a free text field and can be useful in distinguishing multiple executables within a software package where there is a need to identify the function of the executable. + +For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here: + +``` syntax + + + + MyApplication.exe + My Application Main Engine + + + + + + MyApplicationHelper.exe + My Application Background Process Executable + + + + + +``` + +### ProductVersion + +**Mandatory: False** + +**Type: String** + +ProductVersion refers to the major and minor product versions of a file, as well as a build and patch level. ProductVersion is an optional element, but if specified, it must contain at least the Major child element. The value must express a range in the form Minimum="X" Maximum="Y" where X and Y are integers. The Minimum and Maximum values can be identical. + +The product and file version elements may be left unspecified. Doing so makes the template “version agnostic”, meaning that the template will apply to all versions of the specified executable. + +**Example 1:** + +Product version: 1.0 specified in the UE-V template generator produces the following XML: + +``` syntax + + + + +``` + +**Example 2:** + +File version: 5.0.2.1000 specified in the UE-V template generator produces the following XML: + +``` syntax + + + + + + +``` + +**Incorrect Example 1 – incomplete range:** + +Only the Minimum attribute is present. Maximum must be included in a range as well. + +``` syntax + + + +``` + +**Incorrect Example 2 – Minor specified without Major element:** + +Only the Minor element is present. Major must be included as well. + +``` syntax + + + +``` + +### FileVersion + +**Mandatory: False** + +**Type: String** + +FileVersion differentiates between the release version of a published application and the internal build details of a component executable. For the majority of commercial applications, these numbers are identical. Where they vary, the product version of a file indicates a generic version identification of a file, while file version indicates a specific build of a file (as in the case of a hotfix or update). This uniquely identifies files without breaking detection logic. + +To determine the product version and file version of a particular executable, right-click on the file in Windows Explorer, select Properties, then click on the Details tab. + +Including a FileVersion element for an application allows for more granular fine-tuning detection logic, but is not necessary for most applications. The ProductVersion element settings are checked first, and then FileVersion is checked. The more restrictive setting will apply. + +The child elements and syntax rules for FileVersion are identical to those of ProductVersion. + +``` syntax + + MSACCESS.EXE + Win32 + + + + + + + + + +``` + +### Application Element + +Application is a container for settings that apply to a particular application. It is a collection of the following fields/types. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    Version

    Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).

    DeferToMSAccount

    Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

    DeferToOffice365

    Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

    FixedProfile

    Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.

    Processes

    A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).

    Settings

    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in [Data types](#data21).

    + +  + +### Common Element + +Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    Version

    Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).

    DeferToMSAccount

    Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

    DeferToOffice365

    Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

    FixedProfile

    Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.

    Settings

    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in [Data types](#data21).

    + +  + +### SettingsLocationTemplate Element + +This element defines the settings for a single application or a suite of applications. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    + +  + +### Appendix: SettingsLocationTemplate.xsd + +Here is the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters: + +``` syntax + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md) + +[Technical Reference for UE-V](uev-technical-reference.md) diff --git a/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md new file mode 100644 index 0000000000..e05fa13e99 --- /dev/null +++ b/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md @@ -0,0 +1,247 @@ +--- +title: Changing the Frequency of UE-V Scheduled Tasks +description: Changing the Frequency of UE-V Scheduled Tasks +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Changing the Frequency of UE-V Scheduled Tasks + + +When the User Experience Virtualization (UE-V) service is enabled, it creates the following scheduled tasks: + +- **Monitor Application Settings** + +- **Sync Controller Application** + +- **Synchronize Settings at Logoff** + +- **Template Auto Update** + +**Note**   +These tasks must remain enabled as UE-V cannot function without them. + +These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options. + +For more information about Schtasks.exe, see [Schtasks](https://technet.microsoft.com/library/cc725744(v=ws.11).aspx). + +## UE-V Scheduled Tasks + +The following scheduled tasks are included in UE-V with sample scheduled task configuration commands. + +### Monitor Application Settings + +The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory. + + ++++ + + + + + + + + + + + + +
    Task nameDefault event

    \Microsoft\UE-V\Monitor Application Status

    Logon

    + +  + +### Sync Controller Application + +The **Sync Controller Application** task is used to start the Sync Controller to synchronize settings from the computer to the settings storage location. By default, the task runs every 30 minutes. At that time, local settings are synchronized to the settings storage location, and updated settings on the settings storage location are synchronized to the computer. The Sync Controller application runs the Microsoft.Uev.SyncController.exe, which is located in the UE-V Agent installation directory. + + ++++ + + + + + + + + + + + + +
    Task nameDefault event

    \Microsoft\UE-V\Sync Controller Application

    Logon, and every 30 minutes thereafter

    + +  + +For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes. + +``` syntax +Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15 +``` + +### Synchronize Settings at Logoff + +The **Synchronize Settings at Logoff** task is used to start an application at logon that controls the synchronization of applications at logoff for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory. + + ++++ + + + + + + + + + + + + +
    Task nameDefault event

    \Microsoft\UE-V\Synchronize Settings at Logoff

    Logon

    + +  + +### Template Auto Update + +The **Template Auto Update** task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The **Template Auto Update** task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent installation directory. + + ++++ + + + + + + + + + + + + +
    Task nameDefault event

    \Microsoft\UE-V\Template Auto Update

    System startup and at 3:30 AM every day, at a random time within a 1-hour window

    + +  + +**Example:** The following command configures the UE-V service to check the settings template catalog store every hour. + +``` syntax +schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60 +``` + + +## UE-V Scheduled Task Details + + +The following chart provides additional information about scheduled tasks for UE-V 2: + + ++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    Task Name (file name)

    Default Frequency

    Power Toggle

    Idle Only

    Network Connection

    Description

    Monitor Application Settings (UevAppMonitor.exe)

    Starts 30 seconds after logon and continues until logoff.

    No

    Yes

    N/A

    Synchronizes settings for Windows (AppX) apps.

    Sync Controller Application (Microsoft.Uev.SyncController.exe)

    At logon and every 30 min thereafter.

    Yes

    Yes

    Only if Network is connected

    Starts the Sync Controller which synchronizes local settings with the settings storage location.

    Synchronize Settings at Logoff (Microsoft.Uev.SyncController.exe)

    Runs at logon and then waits for Logoff to Synchronize settings.

    No

    Yes

    N/A

    Start an application at logon that controls the synchronization of applications at logoff.

    Template Auto Update (ApplySettingsCatalog.exe)

    Runs at initial logon and at 3:30 AM every day thereafter.

    Yes

    No

    N/A

    Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.

    + +  + +**Legend** + +- **Power Toggle** – Task Scheduler will optimize power consumption when not connected to AC power. The task might stop running if the computer switches to battery power. + +- **Idle Only** – The task will stop running if the computer ceases to be idle. By default the task will not restart when the computer is idle again. Instead the task will begin again on the next task trigger. + +- **Network Connection** – Tasks marked “Yes” only run if the computer has a network connection available. Tasks marked “N/A” run regardless of network connectivity. + +### How to Manage Scheduled Tasks + +To find Scheduled Tasks, perform the following: + +1. Open “Schedule Tasks” on the user computer. + +2. Navigate to: Task Scheduler -> Task Scheduler Library -> Microsoft -> UE-V + +3. Select the scheduled task you wish to manage and configure in the details pane. + +### Additional information + +The following additional information applies to UE-V scheduled tasks: + +- All task sequence programs are located in the UE-V Agent installation folder, `%programFiles%\Microsoft User Experience Virtualization\Agent\[architecture]\`, by default. + +- The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to “SyncProvider” (UE-V default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings do not synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute.  You can also increase the 30 min default to a higher amount if necessary. + +- You do not need to disable the Template Auto Update scheduled task if you use another method to keep the clients’ templates in sync (i.e. Group Policy or Configuration Manager Baselines). Leaving the SettingsTemplateCatalog property value blank prevents UE-V from checking the settings catalog for custom templates. This scheduled task runs ApplySettingsCatalog.exe and will essentially return immediately. + +- The Monitor Application Settings scheduled task will update Windows app (AppX) settings in real time, based on Windows app program setting triggers built into each app. + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Administering UE-V](uev-administering-uev.md) + +[Deploy UE-V for Custom Applications](uev-deploy-uev-for-custom-applications.md#deploycatalogue) diff --git a/windows/manage/uev-configuring-uev-with-group-policy-objects.md b/windows/manage/uev-configuring-uev-with-group-policy-objects.md new file mode 100644 index 0000000000..9bb13f98c6 --- /dev/null +++ b/windows/manage/uev-configuring-uev-with-group-policy-objects.md @@ -0,0 +1,199 @@ +--- +title: Configuring UE-V with Group Policy Objects +description: Configuring UE-V with Group Policy Objects +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Configuring UE-V with Group Policy Objects + + +Some User Experience Virtualization (UE-V) Group Policy settings can be defined for computers, and other Group Policy settings can be defined for users. The Group Policy administrative templates for these settings are included in Windows 10, version 1607. + + +The following policy settings can be configured for UE-V. + +**Group Policy settings** + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options

    Do not use the sync provider

    Computers and Users

    By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.

    Enable this setting to configure the UE-V service not to use the sync provider.

    First Use Notification

    Computers Only

    This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.

    The default is enabled.

    Roam Windows settings

    Computers and Users

    This Group Policy setting configures the synchronization of Windows settings.

    Select which Windows settings synchronize between computers.

    +

    By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.

    Settings package size warning threshold

    Computers and Users

    This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.

    Specify the preferred threshold for settings package sizes in kilobytes (KB).

    +

    By default, the UE-V service does not have a package file size threshold.

    Settings storage path

    Computers and Users

    This Group Policy setting configures where the user settings are to be stored.

    Enter a Universal Naming Convention (UNC) path and variables such as \\Server\SettingsShare\%username%.

    Settings template catalog path

    Computers Only

    This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.

    Enter a Universal Naming Convention (UNC) path such as \\Server\TemplateShare or a folder location on the computer.

    +

    Select the check box to replace the default Microsoft templates.

    Sync settings over metered connections

    Computers and Users

    This Group Policy setting defines whether UE-V synchronizes settings over metered connections.

    By default, the UE-V service does not synchronize settings over a metered connection.

    Sync settings over metered connections even when roaming

    Computers and Users

    This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.

    By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.

    Synchronization timeout

    Computers and Users

    This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.

    Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.

    Tray Icon

    Computers Only

    This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.

    This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.

    Use User Experience Virtualization (UE-V)

    Computers and Users

    This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).

    This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.

    Enable UE-V

    Computers and Users

    This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.

    This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.

    + +  + +**Note**   +In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. + +  + +**Windows App Group Policy settings** + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options

    Do not synchronize Windows Apps

    Computers and Users

    This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.

    The default is to synchronize Windows apps.

    Windows App List

    Computer and User

    This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.

    You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.

    Sync Unlisted Windows Apps

    Computer and User

    This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.

    By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.

    + +  + +For more information about synchronizing Windows apps, see [Windows App List](http://technet.microsoft.com/library/dn458925.aspx#win8applist). + +**To configure computer-targeted Group Policy settings** + +1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) on the computer that acts as a domain controller to manage Group Policy settings for UE-V computers. Navigate to **Computer configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**. + +2. Select the Group Policy setting to be edited. + +**To configure user-targeted Group Policy settings** + +1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) tool in Microsoft Desktop Optimization Pack (MDOP) on the domain controller computer to manage Group Policy settings for UE-V. Navigate to **User configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**. + +2. Select the edited Group Policy setting. + +The UE-V service uses the following order of precedence to determine synchronization. + +**Order of precedence for UE-V settings** + +1. User-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_CURRENT_USER\Software\Policies\Microsoft\Uev\Agent\Configuration`. + +2. Computer-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Uev\Agent\Configuration`. + +3. Configuration settings that are defined by the current user by using Windows PowerShell or Windows management Instrumentation (WMI) - These configuration settings are stored by the UE-V service under this registry location: `HKEY_CURRENT_USER\Software\Microsoft\Uev\Agent\Configuration`. + +4. Configuration settings that are defined for the computer by using Windows PowerShell or WMI. These configuration settings are stored by the UE-V service under this registry location: `HKEY_LOCAL_MACHINE\Software\Microsoft\Uev\Agent\Configuration`. + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + + +[Administering UE-V](uev-administering-uev.md) + +[Manage Configurations for UE-V](uev-manage-configurations.md) diff --git a/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md new file mode 100644 index 0000000000..f6f6eb97fc --- /dev/null +++ b/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md @@ -0,0 +1,247 @@ +--- +title: Configuring UE-V with System Center Configuration Manager +description: Configuring UE-V with System Center Configuration Manager +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Configuring UE-V with System Center Configuration Manager + + +After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of System Center Configuration Manager (2012 SP1 or later) to apply consistent configurations across sites where UE-V and Configuration Manager are installed. + +## UE-V Configuration Pack supported features + + +The UE-V Configuration Pack includes tools to: + +- Create or update UE-V settings location template distribution baselines + + - Define UE-V templates to be registered or unregistered + + - Update UE-V template configuration items and baselines as templates are added or updated + + - Distribute and register UE-V templates using standard Configuration Item remediation + +- Create or update a UE-V Agent policy configuration item to set or clear these settings + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    Max package size

    Enable/disable Windows app sync

    Wait for sync on application start

    Setting import delay

    Sync unlisted Windows apps

    Wait for sync on logon

    Settings import notification

    IT contact URL

    Wait for sync timeout

    Settings storage path

    IT contact descriptive text

    Settings template catalog path

    Sync enablement

    Tray icon enabled

    Start/Stop UE-V agent service

    Sync method

    First use notification

    Define which Windows apps will roam settings

    Sync timeout

    + +   + +- Verify compliance by confirming that UE-V is running. + +## Generate a UE-V service policy configuration item + + +All UE-V service policy and configuration is distributed through a single configuration item that is generated using the UevAgentPolicyGenerator.exe tool. This tool reads the desired configuration from an XML configuration file and creates a CI containing the discovery and remediation settings needed to bring the machine into compliance. + +The UE-V service policy configuration item CAB file is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters: + +- Site <site code> + +- PolicyName <name> Optional: Defaults to “UE-V Agent Policy” if not present + +- PolicyDescription <description> Optional: A description is provided if not present + +- CabFilePath <full path to configuration item .CAB file> + +- ConfigurationFile <full path to agent configuration XML file> + +**Note**   +It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console: + +1. Select **Administration > Client Settings > Properties** + +2. In the **User Agent** tab, set the **PowerShell Execution Policy** to **Bypass** + +  + +**Create the first UE-V policy configuration item** + +1. Copy the default settings configuration file from the UE-V Config Pack installation directory to a location visible to your ConfigMgr Admin Console: + + ``` syntax + C:\Program Files (x86)\Windows Kits\10\Microsoft User Experience Virtualization\Management\AgentConfiguration.xml + ``` + + The default configuration file contains five sections: + + **Computer Policy** + All UE-V machine level settings. The DesiredState attribute can be + + - **Set** to have the value assigned in the registry + + - **Clear** to remove the setting + + - **Unmanaged** to have the configuration item left at its current state + + Do not remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you do not want Configuration Manager to alter current or default values. + + **CurrentComputerUserPolicy** + All UE-V user level settings. These entries override the machine settings for a user. The DesiredState attribute can be + + - **Set** to have the value assigned in the registry + + - **Clear** to remove the setting + + - **Unmanaged** to have the configuration item left at its current state + + Do not remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you do not want Configuration Manager to alter current or default values. + + **Services** + Entries in this section control service operation. The default configuration file contains a single entry for the UevAgentService. The DesiredState attribute can be set to **Running** or **Stopped**. + + **Windows8AppsComputerPolicy** + All machine level Windows app synchronization settings. Each PackageFamilyName listed in this section can be assigned a DesiredState of + + - **Enabled** to have settings roam + + - **Disabled** to prevent settings from roaming + + - **Cleared** to have the entry removed from UE-V control + + Additional lines can be added to this section based on the list of installed Windows apps that can be viewed using the PowerShell cmdlet GetAppxPackage. + + **Windows8AppsCurrentComputerUserPolicy** + Identical to the Windows8AppsComputerPolicy with settings that override machine settings for an individual user. + +2. Edit the configuration file by changing the desired state and value fields. + +3. Run this command on a machine running the ConfigMgr Admin Console: + + ``` syntax + C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath “C:\MyCabFiles\UevPolicyItem.cab” –ConfigurationFile “c:\AgentConfiguration.xml” + ``` + +4. Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem + +**Update a UE-V Policy Configuration Item** + +1. Edit the configuration file by changing the desired state and value fields. + +2. Run the command from Step 3 in [Create the First UE-V Policy Configuration Item](#create). If you changed the name with the PolicyName parameter, make sure you enter the same name. + +3. Reimport the CAB file. The version in ConfigMgr will be updated. + +## Generate a UE-V Template Baseline + + +UE-V templates are distributed using a baseline containing multiple configuration items. Each configuration item contains the discovery and remediation scripts needed to install one UE-V template. The actual UE-V template is embedded within the remediation script for distribution using standard Configuration Item functionality. + +The UE-V template baseline is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters: + +- Site <site code> + +- BaselineName <name> (Optional: defaults to “UE-V Template Distribution Baseline” if not present) + +- BaselineDescription <description> (Optional: a description is provided if not present) + +- TemplateFolder <UE-V template folder> + +- Register <comma separated template file list> + +- Unregister <comma separated template list> + +- CabFilePath <Full path to baseline CAB file to generate> + +The result is a baseline CAB file that is ready for import into Configuration Manager. If at a future date, you update or add a template, you can rerun the command using the same baseline name. Importing the CAB results in CI version updates on the changed templates. + +### Create the First UE-V Template Baseline + +1. Create a “master” set of UE-V templates in a stable folder location visible to the machine running your ConfigMgr Admin Console. As templates are added or updated, this folder is where they are pulled for distribution. The initial list of templates can be copied from a machine with UE-V installed. The default template location is C:\\Program Files\\Microsoft User Experience Virtualization\\Templates. + +2. Create a text.bat file where you can add the template generator command. This is optional, but will make regeneration simpler if you save the command parameters. + +3. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator: + + ``` syntax + C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site “ABC” –TemplateFolder “C:\ProductionUevTemplates” –Register “MicrosoftNotepad.xml, MicrosoftCalculator.xml” –CabFilePath “C:\MyCabFiles\UevTemplateBaseline.cab” + ``` + +4. Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager. + +### Update a UE-V Template Baseline + +The template generator uses the template version to determine if a template should be updated. If you make a template change and update the version, the baseline generator compares the template in your master folder with the template contained in the CI on the ConfigMgr server. If a difference is found, the generated baseline and modified CI versions are updated. + +To distribute a new Notepad template, you would perform these steps: + +1. Update the template and template version located in the <Version> element of the template. + +2. Copy the template to your master template directory. + +3. Run the command in the .bat file that you created in Step 3 in [Create the First UE-V Template Baseline](#create2). + +4. Import the generated CAB file into ConfigMgr using the console or PowerShell Import-CMBaseline. + +## Get the UE-V Configuration Pack + + +The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](http://go.microsoft.com/fwlink/?LinkId=317263). + +## Have a suggestion for UE-V? + + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + + +[Manage Configurations for UE-V](uev-manage-configurations.md) + +  + +  + + + + + diff --git a/windows/manage/uev-deploy-required-features.md b/windows/manage/uev-deploy-required-features.md new file mode 100644 index 0000000000..c3324cab35 --- /dev/null +++ b/windows/manage/uev-deploy-required-features.md @@ -0,0 +1,156 @@ +--- +title: Deploy required UE-V features +description: Deploy required UE-V features +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Deploy required UE-V features + +To get up and running with User Experience Virtualization (UE-V), install and configure the following features. + +- [Deploy a settings storage location](#deploy-a-ue-v-settings-storage-location) that is accessible to end users. + + This is a standard network share that stores and retrieves user settings. + +- [Choose the configuration method for UE-V](#choose-the-configuration-method-for-ue-v) + + You can deploy and configure UE-V with common management tools including group policy, Configuration Manager, or Windows Management Infrastructure and PowerShell. + +- [Enable the UE-V service](#enable-the-ue-v-service) on user devices. + + With Windows 10, version 1607, UE-V is installed automatically. You need to enable the UE-V service on each user device you want to include in your UE-V environment. + +The topics in this section describe how to deploy these features. + +## Deploy a UE-V Settings Storage Location + +UE-V requires a location in which to store user settings in settings package files. You can configure this settings storage location in one of these ways: + +- Create your own settings storage location + +- Use existing Active Directory for your settings storage location + +> **Note**   As a matter of [performance and capacity planning](uev-prepare-for-deployment.md#performance-and-capacity-planning) and to reduce problems with network latency, create settings storage locations on the same local networks where the users’ devices reside. We recommend 20 MB of disk space per user for the settings storage location. + +### Create a UE-V Settings Storage Location + +Before you define the settings storage location, you must create a root directory with read/write permissions for users who store settings on the share. The UE-V service creates user-specific folders under this root directory. + +The settings storage location is defined by setting the SettingsStoragePath configuration option, which you can configure by using one of these methods: + +- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings + +- With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V + +- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md) + + The path must be in a universal naming convention (UNC) path of the server and share. For example, **\\\\Server\\Settingsshare\\**. This configuration option supports the use of variables to enable specific synchronization scenarios. For example, you can use the %username%\\%computername% variables to preserve the end user settings experience in these scenarios: + +- End users that use multiple physical devices in your enterprise + +- Enterprise computers that are used by multiple end users + +The UE-V service dynamically creates a user-specific settings storage path, with a hidden system folder named **SettingsPackages**, based on the configuration setting of **SettingsStoragePath**. The service reads and writes settings to this location as defined by the registered UE-V settings location templates. + +**UE-V settings are determined by a "Last write wins" rule:** If the settings storage location is the same for a user with multiple managed computers, one UE-V service reads and writes to the settings location independently of services running on other computers. The last written settings and values are the ones applied when the service next reads from the settings storage location. + +**Deploy the settings storage location:** Follow these steps to define the settings storage location rather than using your existing Active Directory agent. You should limit access to the settings storage share to those users that require it, as shown in the tables below. + +**To deploy the UE-V network share** + +1. Create a new security group for UE-V users. + +2. Create a new folder on the centrally located computer that stores the UE-V settings packages, and then grant UE-V users access with group permissions to the folder. The administrator who supports UE-V must have permissions to this shared folder. + +3. Set the following share-level Server Message Block (SMB) permissions for the settings storage location folder. + + | **User account** | **Recommended permissions** | + |------------------------------|-----------------------------| + | Everyone | No permissions | + | Security group of UE-V users | Full control | + +4. Set the following NTFS file system permissions for the settings storage location folder. + + | **User account** | **Recommended permissions** | **Folder** | + |------------------------------|---------------------------------------------------|---------------------------| + | Creator/owner | Full control | Subfolders and files only | + | Security group of UE-V users | List folder/read data, create folders/append data | This folder only | + +With this configuration, the UE-V service creates and secures a Settingspackage folder while it runs in the context of the user, and grants each user permission to create folders for settings storage. Users receive full control to their Settingspackage folder while other users cannot access it. + +**Note** +If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor: + +1. Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**. + +2. Set the registry key value to *1*. + +### Use Active Directory with UE-V + +The UE-V service uses Active Directory (AD) by default if you don’t define a settings storage location. In these cases, the UE-V service dynamically creates the settings storage folder under the root of the AD home directory of each user. However, if a custom directory setting is configured in AD, then that directory is used instead. + +## Choose the Configuration Method for UE-V + +You’ll need to decide which configuration method you'll use to manage UE-V after deployment since this will be the configuration method you use to deploy the UE-V Agent. Typically, this is the configuration method that you already use in your environment, such as Windows PowerShell or Configuration Manager. + +You can configure UE-V before, during, or after you enable the UE-V service on user devices, depending on the configuration method that you use. + +- [**Group Policy**](uev-configuring-uev-with-group-policy-objects.md) You can use your existing Group Policy infrastructure to configure UE-V before or after you enable the UE-V service. The UE-V Group Policy ADMX template enables the central management of common UE-V service configuration options and includes settings to configure UE-V synchronization. + + >**Note** Starting with Windows 10, version 1607, UE-V ADMX templates are installed automatically. + + Group Policy ADMX templates configure the synchronization settings for the UE-V service and enable the central management of common UE-V service configuration settings by using an existing Group Policy infrastructure. + + Supported operating systems for the domain controller that deploys the Group Policy Objects include: + + Windows Server 2012 and Windows Server 2012 R2 + +- [**Configuration Manager**](uev-configuring-uev-with-system-center-configuration-manager.md) The UE-V Configuration Pack lets you use the Compliance Settings feature of System Center Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed. + +- [**Windows PowerShell and WMI**](uev-administering-uev-with-windows-powershell-and-wmi.md) You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify the configuration of the UE-V service. + +>**Note** +Registry modification can result in data loss, or the computer becomes unresponsive. We recommend that you use other configuration methods. + +## Enable the UE-V service + +The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location. + +Before enabling the UE-V service, you need to register the UE-V templates for first time use. In a PowerShell window, type **register-<TemplateName>** where **TemplateName** is the name of the UE-V template you want to register, and press ENTER. + +With Windows 10, version 1607 and later, the UE-V service is installed on user devices. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell. + +**To enable the UE-V service with Group Policy** + +1. Open the device’s **Group Policy Editor**. + +2. Navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft** **User Experience Virtualization**. + +3. Run **Enable UEV**. + +4. Restart the device. + +**To enable the UE-V service with Windows PowerShell** + +1. In a PowerShell window, type **Enable-UEV** and press ENTER. + +2. Restart the device. + +3. In a PowerShell window, type **Get-UEVStatus** and press ENTER to verify that the UE-V service was successfully enabled. + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/forums/home?forum=mdopuev). + +## Related topics + +[Prepare a UE-V deployment](uev-prepare-for-deployment.md) + +[Deploy UE-V for use with custom applications](uev-deploy-uev-for-custom-applications.md) + +[Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md) + diff --git a/windows/manage/uev-deploy-uev-for-custom-applications.md b/windows/manage/uev-deploy-uev-for-custom-applications.md new file mode 100644 index 0000000000..120b0b4602 --- /dev/null +++ b/windows/manage/uev-deploy-uev-for-custom-applications.md @@ -0,0 +1,248 @@ +--- +title: Use UE-V with custom applications +description: Use UE-V with custom applications +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Use UE-V with custom applications + +User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator. + +After you’ve reviewed [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) and decided that you want to synchronize settings for custom applications (third-party, line-of-business, e.g.), you’ll need to deploy the features of UE-V described in this topic. + +To start, here are the main steps required to synchronize settings for custom applications: + +- [Install the UE-V template generator](#install-the-uev-template-generator) + + Use the UEV template generator to create custom XML settings location templates. + +- [Configure a UE-V settings template catalog](#deploy-a-settings-template-catalog) + + You can define this path where custom settings location templates are stored. + +- [Create custom settings location templates](#create-custom-settings-location-templates) + + These custom templates let users sync settings for custom applications. + +- [Deploy the custom settings location templates](#deploy-the-custom-settings-location-templates) + + After you test the custom template to ensure that settings are synced correctly, you can deploy these templates in one of these ways: + + - With your existing electronic software distribution solution, such as Configuration Manager + + - With Group Policy preferences + + - With a UE-V settings template catalog + +>**Note** +Templates that are deployed with electronic software distribution methods or Group Policy must be registered with UE-V Windows Management Instrumentation (WMI) or Windows PowerShell. + +## Prepare to deploy UE-V for custom applications + +Before you start deploying the UE-V features that handle custom applications, review the following important information. + +### The UE-V template generator + +Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator does not create settings location templates for the following types of applications: + +- Virtualized applications + +- Applications that are offered through Terminal Services + +- Java applications + +- Windows applications + +>**Note** +UE-V settings location templates cannot be created from virtualized applications or Terminal Services applications. However, settings that are synchronized by using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and Terminal Services applications, open a version of the Windows Installer (.msi) package of the application by using the UE-V template generator. For more information about synchronizing settings for virtual applications, see [Using UE-V with virtual applications](uev-using-uev-with-application-virtualization-applications.md). + +**Excluded Locations:** The discovery process excludes locations that commonly store application software files that do not synchronize settings well between user computers or computing environments. By default, these are excluded: + +- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values + +- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system + +- All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive + +- Files that are located in Program Files directories + +- Files that are located in Users \\ \[User name\] \\ AppData \\ LocalLow + +- Windows operating system files that are located in %Systemroot% + +If registry keys and files that are stored in excluded locations are required to synchronize application settings, you can manually add the locations to the settings location template during the template creation process. + +### Replace the default Microsoft templates + +A default group of settings location templates for common Microsoft applications and Windows settings is included with Windows 10, version 1607. If you customize these templates, or create settings location templates to synchronize settings for custom applications, the UE-V service can be configured to use a settings template catalog to store the templates. In this case, you will need to include the default templates with the custom templates in the settings template catalog. + +>**Important** +After you enable the UE-V service, you’ll need to register the settings location templates using the `Register-UevTemplate` cmdlet in Windows PowerShell. + +When you use Group Policy to configure the settings template catalog path, you can choose to replace the default Microsoft templates. If you configure the policy settings to replace the default Microsoft templates, all of the default Microsoft templates that are installed with Windows 10, version 1607 are deleted and only the templates that are located in the settings template catalog are used. + +**Note** +If there are customized templates in the settings template catalog that use the same ID as the default Microsoft templates, the Microsoft templates are ignored. + +You can replace the default templates by using the UE-V Windows PowerShell features. To replace the default Microsoft template with Windows PowerShell, unregister all of the default Microsoft templates, and then register the customized templates. + +Old settings packages remain in the settings storage location even if you deploy new settings location templates for an application. These packages are not read by the UE-V service, but neither are they automatically deleted. + +### Install the UEV template generator + +Use the UE-V template generator to create custom settings location templates that you can then distribute to user devices. You can also use the template generator to edit an existing template or validate a template that was created with another XML editor. + +The UE-V template generator is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. + +Install the UE-V template generator on a computer that you can use to create a custom settings location template. This computer should have the applications installed for which custom settings location templates need to be generated. + +>**Important** +UE-V for Windows 10, version 1607 includes a new template generator. If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. Templates created with previous versions of the UE-V template generator will continue to work. + +**To install the UE-V template generator** + +1. Go to [Download the Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) to access the ADK. + +2. Select the **Get Windows ADK for Windows 10** button on this page to start the ADK installer. On the window pictured below, select **Microsoft User Experience Virtualization (UE-V) Template Generator** and then select Install. + + + +![Selecting UE-V features in ADK](images/uev-adk-select-uev-feature.png) + +3. To open the generator, select **Microsoft Application Virtualization Generator** from the **Start** menu. + +4. See [Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md) for information about how to use the template generator. + +### Deploy a settings template catalog + +The UE-V settings template catalog is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores all the custom settings location templates. The UE-V service checks this location one time each day and updates its synchronization behavior, based on the templates in this folder. + +The UE-V service checks this folder for templates that were added, updated, or removed. It registers new and changed templates and unregisters removed templates. By default, templates are registered and unregistered one time per day at 3:30 A.M. local time by the Task Scheduler and at system startup. To customize the frequency of this scheduled task, see [Changing the frequency of UE-V scheduled tasks](uev-changing-the-frequency-of-scheduled-tasks.md). + +You can configure the settings template catalog path with command-line options, Group Policy, WMI, or Windows PowerShell. Templates stored at the settings template catalog path are automatically registered and unregistered by a scheduled task. + +**To configure the settings template catalog for UE-V** + +1. Create a new folder on the computer that stores the UE-V settings template catalog. + +2. Set the following share-level (SMB) permissions for the settings template catalog folder. + + | **User account** | **Recommended permissions** | + |------------------|------------------------------| + | Everyone | No Permissions | + | Domain Computers | Read Permission Levels | + | Administrators | Read/Write Permission Levels | + +3. Set the following NTFS file system permissions for the settings template catalog folder. + + | **User account** | **Recommended permissions** | **Apply to** | + |------------------|-------------------------------|-----------------------------------| + | Creator/Owner | Full Control | This Folder, Subfolders and Files | + | Domain Computers | List Folder Contents and Read | This Folder, Subfolders and Files | + | Everyone | No Permissions | No Permissions | + | Administrators | Full Control | This Folder, Subfolders and Files | + +4. Click **OK** to close the dialog boxes. + +At a minimum, the network share must grant permissions for the Domain Computers group. In addition, grant access permissions for the network share folder to administrators who are to manage the stored templates. + +### Create custom settings location templates + +Use the UE-V template generator to create settings location templates for line-of-business applications or other custom applications. After you create the template for an application, deploy it to computers to synchronize settings for that application. + +**To create a UE-V settings location template with the UE-V template generator** + +1. Click **Start** > **All Programs** > **Microsoft User Experience Virtualization** > **Microsoft User Experience Virtualization template generator**. + +2. Click **Create a settings location template**. + +3. Specify the application. Browse to the file path of the application (.exe) or the application shortcut (.lnk) for which you want to create a settings location template. Specify the command-line arguments, if any, and working directory, if any. + +4. Click **Next** to continue. + + >**Note** Before the application is started, the system displays a prompt for **User Account Control**. Permission is required to monitor the registry and file locations that the application uses to store settings. + +5. After the application starts, close the application. The UE-V template generator records the locations where the application stores its settings. + +6. After the process is completed, click **Next** to continue. + +7. Review and select the appropriate registry settings locations and settings file locations to synchronize for this application. The list includes the following two categories for settings locations: + + - **Standard**: Application settings that are stored in the registry under the HKEY\_CURRENT\_USER keys or in the file folders under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**. The UE-V template generator includes these settings by default. + + - **Nonstandard**: Application settings that are stored outside the locations are specified in the best practices for settings data storage (optional). These include files and folders under **Users** \\ \[User name\] \\ **AppData** \\ **Local**. Review these locations to determine whether to include them in the settings location template. Select the locations check boxes to include them. + +8. Click **Next** to continue. + +9. Review and edit any **Properties**, **Registry** locations, and **Files** locations for the settings location template. + + - Edit the following properties on the **Properties** tab: + + - **Application Name**: The application name that is written in the description of the program files properties. + + - **Program name**: The name of the program that is taken from the program file properties. This name usually has the .exe file name extension. + + - **Product version**: The product version number of the .exe file of the application. This property, in conjunction with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the product. + + - **File version**: The file version number of the .exe file of the application. This property, in conjunction with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the program. + + - **template author name** (optional): The name of the settings location template author. + + - **template author email** (optional): The email address of the settings location template author. + + - The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. Edit the registry locations by using the **Tasks** drop-down menu. Tasks enable you to add new keys, edit the name or scope of existing keys, delete keys, and browse the registry where the keys are located. Use the **All Settings** scope to include all the registry settings under the specified key. Use the **All Settings and Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings. + + - The **Files** tab lists the file path and file mask of the file locations that are included in the settings location template. Edit the file locations by use of the **Tasks** drop-down menu. Tasks for file locations enable you to add new files or folder locations, edit the scope of existing files or folders, delete files or folders, and open the selected location in Windows Explorer. Leave the file mask empty to include all files in the specified folder. + +10. Click **Create**, and then click **Save** to save the settings location template on the computer. + +11. Click **Close** to close the settings template wizard. Exit the UE-V template generator application. + +12. After you have created the settings location template for an application, test the template. Deploy the template in a lab environment before you put it into production in the enterprise. + +See [Application template schema reference for UE-V](uev-application-template-schema-reference.md) for details about the XML structure of the UE-V settings location template and for guidance about editing these files. + +### Deploy the Custom Settings Location templates + +After you create a settings location template with the UE-V template generator, you should test it to ensure that the application settings are synchronized correctly. You can then safely deploy the settings location template to user devices in the enterprise. + +You can deploy settings location templates using of these methods: + +- An electronic software distribution (ESD) system such as System Center Configuration Manager + +- Group Policy preferences + +- A UE-V settings template catalog + +Templates that are deployed by using an ESD system or Group Policy objects must be registered using UE-V Windows Management Instrumentation (WMI) or Windows PowerShell. Templates that are stored in the settings template catalog location are automatically registered by the UE-V service. + +**To deploy UE-V settings location templates with a settings template catalog path** + +1. Browse to the network share folder that you defined as the settings template catalog. + +2. Add, remove, or update settings location templates in the settings template catalog to reflect the UE-V service template configuration that you want for UE-V computers. + + >**Note** + Templates on computers are updated daily. The update is based on changes to the settings template catalog. + +3. To manually update templates on a computer that runs the UE-V service, open an elevated command prompt, and browse to **Program Files\\Microsoft User Experience Virtualization \\ Agent \\ <x86 or x64 >**, and then run **ApplySettingstemplateCatalog.exe**. + + >**Note** + This program runs automatically during computer startup and daily at 3:30 A. M. to gather any new templates that were recently added to the catalog. + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) + +- [Deploy Required UE-V Features](uev-deploy-required-features.md) + diff --git a/windows/manage/uev-for-windows.md b/windows/manage/uev-for-windows.md new file mode 100644 index 0000000000..96293f71db --- /dev/null +++ b/windows/manage/uev-for-windows.md @@ -0,0 +1,95 @@ +--- +title: User Experience Virtualization for Windows 10, version 1607 +description: Overview of User Experience Virtualization for Windows 10, version 1607 +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# User Experience Virtualization (UE-V) for Windows 10 overview + +Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. + +With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to. + +**With UE-V you can…** + +- Specify which application and Windows settings synchronize across user devices + +- Deliver the settings anytime and anywhere users work throughout the enterprise + +- Create custom templates for your third-party or line-of-business applications + +- Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state + +With the release of Windows 10, version 1607, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. + +## Components of UE-V + +The diagram below illustrates how UE-V components work together to synchronize user settings. + +UE-V architecture, with server share, desktop, and UE-V service + + + +| **Component** | **Function** | +|--------------------------|------------------| +| **UE-V service** | Enabled on every device that needs to synchronize settings, the **UE-V service** monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices. | +| **Settings packages** | Application settings and Windows settings are stored in **settings packages** created by the UE-V service. Settings packages are built, locally stored, and copied to the settings storage location.
    The setting values for **desktop applications** are stored when the user closes the application.
    Values for **Windows settings** are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer.
    The sync provider determines when the application or operating system settings are read from the **Settings Packages** and synchronized. | +| **Settings storage location** | This is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings. | +| **Settings location templates** | UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#manage-settings-synchronization-for-custom-applications).
    **Note**  Settings location templates are not required for Windows applications. | +| **Universal Windows applications list** | Settings for Windows applications are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
    You can add or remove applications in the Windows app list by following the procedures in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). | + +## Manage settings synchronization for custom applications + +Use these UE-V components to create and manage custom templates for your third-party or line-of-business applications. + +| Component | Description | +|-------------------------------|---------------| +| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor.
    With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
    If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. | +| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.
    If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md#deploycatalogue). | + + + +![UE-V template generator process](images/uev-generator-process.png) + +## Settings synchronized by default + +UE-V synchronizes settings for these applications by default. For a complete list and more detailed information, see [Settings that are automatically synchronized in a UE-V deployment](uev-prepare-for-deployment.md#autosyncsettings). + +- Microsoft Office 2016, 2013, and 2010 + +- Internet Explorer 11 and 10 + +- Many Windows applications, such as Xbox + +- Many Windows desktop applications, such as Notepad + +- Many Windows settings, such as desktop background or wallpaper + +>**Note** +You can also [customize UE-V to synchronize settings](uev-deploy-uev-for-custom-applications.md) for applications other than those synchronized by default. + +## Other resources for this feature + +- [Get Started with UE-V for Windows 10](uev-getting-started.md) + +- [UE-V for Windows 10 Release Notes](uev-release-notes-1607.md) + +- [Prepare to deploy UE-V for Windows 10](uev-prepare-for-deployment.md) + +- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md) + +- [Administer UE-V for Windows 10](uev-administering-uev.md) + +- [Technical Reference for UE-V for Windows 10](uev-technical-reference.md) + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). diff --git a/windows/manage/uev-getting-started.md b/windows/manage/uev-getting-started.md new file mode 100644 index 0000000000..42fdafe047 --- /dev/null +++ b/windows/manage/uev-getting-started.md @@ -0,0 +1,139 @@ +--- +title: Get Started with UE-V +description: Get Started with UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Get Started with UE-V + +Applies to: Windows 10, version 1607 + +Follow the steps in this topic to deploy User Experience Virtualization (UE-V) for the first time in a test environment. Evaluate UE-V to determine whether it’s the right solution to manage user settings across multiple devices within your enterprise. + +>**Note** +The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md). + +The standard installation of UE-V synchronizes the default Microsoft Windows and Office settings and many Windows applications settings. For best results, ensure that your test environment includes two or more user computers that share network access. + +- [Step 1: Confirm prerequisites](#step-1-confirm-prerequisites). Review the supported configurations in this section to verify that your environment is able to run UE-V. + +- [Step 2: Deploy the settings storage location](#step-2-deploy-the-settings-storage-location). Explains how to deploy a settings storage location. All UE-V deployments require a location to store settings packages that contain the synchronized setting values. + +- [Step 3: Enable the UE-V service](#step-3-enable-the-ue-v-service-on-user-devices). Explains how to enable to UE-V service on user devices. To synchronize settings using UE-V, devices must have the UE-V service enabled and running. + +- [Step 4: Test Your UE-V evaluation deployment](#step-4-test-your-ue-v-evaluation-deployment). Run a few tests on two computers with the UE-V service enabled to see how UE-V works and if it meets your organization’s needs. + +- Step 5: Deploy UE-V for custom applications (optional). If you want to evaluate how your third-party and line-of-business applications work with UE-V, follow the steps in [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). Following this link takes you to another topic. Use your browser’s **Back** button to return to this topic. + +## Step 1: Confirm prerequisites + +Before you proceed, ensure that your environment meets the following requirements for running UE-V. + +| **Operating system** | **Edition** | **Service pack** | **System architecture** | **Windows PowerShell** | **Microsoft .NET Framework** | +|-------------------------|-------------|------------------|-------------------------|----------------------------------|------------------------------| +| Windows 10, version 1607 | Windows 10 Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4 or higher | +| Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 | +| Windows Server 2012 or Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 | + +## Step 2: Deploy the settings storage location + +You’ll need to deploy a settings storage location, a standard network share where user settings are stored in a settings package file. When you create the settings storage share, you should limit access to users that require it. [Deploy a settings storage location](https://technet.microsoft.com/library/dn458891.aspx#ssl) provides more detailed information. + +**Create a network share** + +1. Create a new security group and add UE-V users to it. + +2. Create a new folder on the centrally located computer that stores the UE-V settings packages, and then grant the UE-V users access with group permissions to the folder. The administrator who supports UE-V must have permissions to this shared folder. + +3. Assign UE-V users permission to create a directory when they connect. Grant full permission to all subdirectories of that directory, but block access to anything above. + +4. Set the following share-level Server Message Block (SMB) permissions for the settings storage location folder. + + | **User account** | **Recommended permissions** | + |------------------------------|-----------------------------| + | Everyone | No permissions | + | Security group of UE-V users | Full control | + +5. Set the following NTFS file system permissions for the settings storage location folder. + + | **User account** | **Recommended permissions** | **Folder** | + |------------------------------|---------------------------------------------------|---------------------------| + | Creator/owner | Full control | Subfolders and files only | + | Security group of UE-V users | List folder/read data, create folders/append data | This folder only | + +**Security Note**  If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor: + +1. Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**. + +2. Set the registry key value to *1*. + +## Step 3: Enable the UE-V service on user devices + +For evaluation purposes, enable the service on at least two devices that belong to the same user in your test environment. + +The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location. + +Before enabling the UE-V service, you'll need to register the UE-V templates for first use. In a PowerShell window, type `register-TemplateName` where **TemplateName** is the name of the UE-V template you want to register, and press ENTER. + +With Windows 10, version 1607 and later, the UE-V service is installed on user devices when the operating system is installed. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell. + +**To enable the UE-V service with Group Policy** + +1. Open the device’s **Group Policy Editor**. + +2. Navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft** **User Experience Virtualization**. + +3. Run **Enable UEV**. + +4. Restart the device. + +**To enable the UE-V service with Windows PowerShell** + +1. In a PowerShell window, type **Enable-UEV** and press ENTER. + +2. Restart the device. + +3. In a PowerShell window, type **Get-UEVStatus** and press ENTER to verify that the UE-V service was successfully enabled. + +## Step 4: Test your UE-V evaluation deployment + +You’re ready to run a few tests on your UE-V evaluation deployment to see how UE-V works. + +1. On the first device (Computer A), make one or more of these changes: + + - Open Windows Desktop and move the taskbar to a different location in the window. + + - Change the default fonts. + + - Open Notepad and set format -> word wrap **on**. + + - Change the behavior of any Windows application, as detailed in [Managing UE-V settings location templates using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). + + - Disable Microsoft Account settings synchronization and roaming profiles. + +2. Log off Computer A. Settings are saved in a UE-V settings package when users lock, logoff, exit an application, or when the sync provider runs (every 30 minutes by default). + +3. Log in to the second device (Computer B) as the same user as Computer A. + +4. Open Windows Desktop and verify that the taskbar location matches that of Computer A. Verify that the default fonts match and that NotePad is set to **word wrap on**. Also verify the change you made to any Windows applications. + +5. You can change the settings in Computer B back to the original Computer A settings. Then log off Computer B and log in to Computer A to verify the changes. + +Other resources for this feature +-------------------------------- + +- [User Experience Virtualization overview](uev-for-windows.md) + +- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) + +- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md) + +- [Administering UE-V ](uev-administering-uev.md) + +- [Troubleshooting UE-V ](uev-troubleshooting.md) + +- [Technical Reference for UE-V](uev-technical-reference.md) diff --git a/windows/manage/uev-manage-administrative-backup-and-restore.md b/windows/manage/uev-manage-administrative-backup-and-restore.md new file mode 100644 index 0000000000..61f024d919 --- /dev/null +++ b/windows/manage/uev-manage-administrative-backup-and-restore.md @@ -0,0 +1,168 @@ +--- +title: Manage Administrative Backup and Restore in UE-V +description: Manage Administrative Backup and Restore in UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Manage Administrative Backup and Restore in UE-V + +As an administrator of User Experience Virtualization (UE-V), you can restore application and Windows settings to their original state. You can also restore additional settings when a user adopts a new device. + +## Restore Settings in UE-V when a User Adopts a New Device + + +To restore settings when a user adopts a new device, you can put a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To backup settings for a template, use the following cmdlet in Windows PowerShell: + +``` syntax +Set-UevTemplateProfile -ID -Profile +``` + +- <TemplateID> is the UE-V Template ID + +- <backup> can either be Backup or Roaming + +When replacing a user’s device, UE-V automatically restores settings if the user’s domain, username, and device name all match. All synchronized and any backup data is restored on the device automatically. + +You can also use the Windows PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell: + +``` syntax +Restore-UevBackup –Machine +``` + +where <MachineName> is the computer name of the device. + +Templates such as the Office 2013 template that include many applications can either all be included in the roamed (default) or backed up profile. Individual apps in a template suite follow the group. Office 2013 in-box templates include both roaming and backup-only settings. Backup-only settings cannot be included in a roaming profile. + +As part of the Backup/Restore feature, UE-V added **last known good (LKG)** to the options for rolling back to settings. In this release, you can roll back to either the original settings or LKG settings. The LKG settings let users roll back to an intermediate and stable point ahead of the pre-UE-V state of the settings. + +### How to Backup/Restore Templates with UE-V + +These are the key backup and restore components of UE-V: + +- Template profiles + +- Settings packages location within the Settings Storage Location template + +- Backup trigger + +- How settings are restored + +**Template Profiles** + +A UE-V template profile is defined when the template is registered on the device or post registration through the PowerShell/WMI configuration utility. The profile types include: + +- Roaming (default) + +- Backup + +- BackupOnly + +All templates are included in the roaming profile when registered unless otherwise specified. These templates synchronize settings to all UE-V enabled devices with the corresponding template enabled. + +Templates can be added to the Backup Profile with PowerShell or WMI using the Set-UevTemplateProfile cmdlet. Templates in the Backup Profile back up these settings to the Settings Storage Location in a special Device name directory. Specified settings are backed up to this location. + +Templates designated BackupOnly include settings specific to that device that should not be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile. + +**Settings packages location within the Settings Storage Location template** + +Roaming Profile settings are stored on the settings storage location. Templates assigned to the Backup or the BackupOnly profile store their settings to the Settings Storage Location in a special Device name directory. Each device with templates in these profiles has its own device name. UE-V does not clean up these directories. + +**Backup trigger** + +Backup is triggered by the same events that trigger a UE-V synchronization. + +**How settings are restored** + +Restoring a user’s device restores the currently registered Template’s settings from another device’s backup folder and all synchronized settings to the current machine. Settings are restored in these two ways: + +- **Automatic restore** + + If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user logs on to a new device for the first time and these criteria are met, the settings data is applied to that device. + + **Note**   + Accessibility and Windows Desktop settings require the user to re-logon to Windows to be applied. + +   + +- **Manual Restore** + + If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command ensures that the user’s current settings become the current state on the Settings Storage Location. + +## Restore Application and Windows Settings to Original State + + +WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V service was enabled. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user logs on to the operating system. + +**To restore application settings and Windows settings with Windows PowerShell for UE-V** + +1. Open the Windows PowerShell window. + +2. Enter the following Windows PowerShell cmdlet to restore the application settings and Windows settings. + + + + + + + + + + + + + + + + + + +
    Windows PowerShell cmdletDescription

    Restore-UevUserSetting -<TemplateID>

    Restores the user settings for an application or restores a group of Windows settings.

    + +   + +**To restore application settings and Windows settings with WMI** + +1. Open a Windows PowerShell window. + +2. Enter the following WMI command to restore application settings and Windows settings. + + + + + + + + + + + + + + + + + + +
    WMI commandDescription

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList <template_ID>

    Restores the user settings for an application or restores a group of Windows settings.

    + +   + + **Note**   + UE-V does not provide a settings rollback for Windows apps. + +   + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md) + +[Administering UE-V](uev-administering-uev.md) diff --git a/windows/manage/uev-manage-configurations.md b/windows/manage/uev-manage-configurations.md new file mode 100644 index 0000000000..bfcb65c039 --- /dev/null +++ b/windows/manage/uev-manage-configurations.md @@ -0,0 +1,67 @@ +--- +title: Manage Configurations for UE-V +description: Manage Configurations for UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Manage Configurations for UE-V + + +In the course of the User Experience Virtualization (UE-V) lifecycle, you have to manage the configuration of the UE-V service and also manage storage locations for resources such as settings package files. The following topics provide guidance for managing these UE-V resources. + +## Configuring UE-V by using Group Policy Objects + +You can use Group Policy Objects to modify the settings that define how UE-V synchronizes settings on computers. + +[Configuring UE-V with Group Policy Objects](uev-configuring-uev-with-group-policy-objects.md) + +## Configuring UE-V with System Center Configuration Manager + +You can use System Center Configuration Manager to manage the UE-V service by using the UE-V Configuration Pack. + +[Configuring UE-V with System Center Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md) + +## Administering UE-V with PowerShell and WMI + +UE-V provides Windows PowerShell cmdlets, which can help administrators perform various UE-V tasks. + +[Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md) + +## Examples of configuration settings for UE-V + +Here are some examples of UE-V configuration settings: + +- **Settings Storage Path:** Specifies the location of the file share that stores the UE-V settings. + +- **Settings Template Catalog Path:** Specifies the Universal Naming Convention (UNC) path that defines the location that was checked for new settings location templates. + +- **Register Microsoft Templates:** Specifies whether the default Microsoft templates should be registered during installation. + +- **Synchronization Method:** Specifies whether UE-V uses the sync provider or "none". The "SyncProvider" supports computers that are disconnected from the network. "None" applies when the computer is always connected to the network. For more information about the Sync Method, see [Sync Methods for UE-V](uev-sync-methods.md). + +- **Synchronization Timeout:** Specifies the number of milliseconds that the computer waits before time-out when it retrieves the user settings from the settings storage location. + +- **Synchronization Enable:** Specifies whether the UE-V settings synchronization is enabled or disabled. + +- **Maximum Package Size:** Specifies a settings package file threshold size in bytes at which the UE-V service reports a warning. + +- **Don’t Sync Windows App Settings:** Specifies that UE-V should not synchronize Windows apps. + +- **Enable/Disable First Use Notification:** Specifies whether UE-V displays a dialog box the first time that the UE-V service runs on a user’s computer. + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Administering UE-V](uev-administering-uev.md) + +[Deploy Required UE-V Features](uev-deploy-required-features.md) + +[Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md) diff --git a/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md new file mode 100644 index 0000000000..e28ebdbf9e --- /dev/null +++ b/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md @@ -0,0 +1,337 @@ +--- +title: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI +description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Managing UE-V Settings Location Templates Using Windows PowerShell and WMI + + +User Experience Virtualization (UE-V) uses XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V template generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://technet.microsoft.com/library/dn520275.aspx). + +## Manage UE-V settings location templates by using Windows PowerShell + + +The WMI and Windows PowerShell features of UE-V include the ability to enable, disable, register, update, and unregister settings location templates. By using these features, you can automate the process of registering, updating, or unregistering templates with the UE-V service. You can also manually register templates by using WMI and Windows PowerShell commands. By using these features in conjunction with an electronic software distribution solution, Group Policy, or another automated deployment method such as a script, you can further automate that process. + +You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable, disable, or list templates. + +****To manage settings location templates by using Windows PowerShell**** + +1. Use an account with administrator rights to open a Windows PowerShell command prompt. + +2. Use the following Windows PowerShell cmdlets to register and manage the UE-V settings location templates. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Windows PowerShell commandDescription

    Get-UevTemplate

    Lists all the settings location templates that are registered on the computer.

    Get-UevTemplate –Application <string>

    Lists all the settings location templates that are registered on the computer where the application name or template name contains <string>.

    Get-UevTemplate –TemplateID <string>

    Lists all the settings location templates that are registered on the computer where the template ID contains <string>.

    Get-UevTemplate [-ApplicationOrTemplateID] <string>

    Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains <string>.

    Get-UevTemplateProgram [-ID] <template ID>

    Gets the name of the program and version information, which depend on the template ID.

    Get-UevAppXPackage

    Gets the effective list of Windows apps.

    Get-UevAppXPackage -Computer

    Gets the list of Windows apps that are configured for the computer.

    Get-UevAppXPackage -CurrentComputerUser

    Gets the list of Windows apps that are configured for the current user.

    Register-UevTemplate [-Path] <template file path>[,<template file path>]

    Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.

    Register-UevTemplate –LiteralPath <template file path>[,<template file path>]

    Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.

    Unregister-UevTemplate [-ID] <template ID>

    Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

    Unregister-UevTemplate -All

    Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

    Update-UevTemplate [-Path] <template file path>[,<template file path>]

    Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.

    Update-UevTemplate –LiteralPath <template file path>[,<template file path>]

    Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.

    Clear-UevAppXPackage –Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Removes one or more Windows apps from the computer Windows app list.

    Clear-UevAppXPackage -CurrentComputerUser

    Removes Windows app from the current user Windows app list.

    Clear-UevAppXPackage –Computer -All

    Removes all Windows apps from the computer Windows app list.

    Clear-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Removes one or more Windows apps from the current user Windows app list.

    Clear-UevAppXPackage [–CurrentComputerUser] -All

    Removes all Windows apps from the current user Windows app list.

    Disable-UevTemplate [-ID] <template ID>

    Disables a settings location template for the current user of the computer.

    Disable-UevAppXPackage –Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Disables one or more Windows apps in the computer Windows app list.

    Disable-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Disables one or more Windows apps in the current user Windows app list.

    Enable-UevTemplate [-ID] <template ID>

    Enables a settings location template for the current user of the computer.

    Enable-UevAppXPackage –Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Enables one or more Windows apps in the computer Windows app list.

    Enable-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Enables one or more Windows apps in the current user Windows app list.

    Test-UevTemplate [-Path] <template file path>[,<template file path>]

    Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.

    Test-UevTemplate –LiteralPath <template file path>[,<template file path>]

    Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.

    + +   + +The UE-V Windows PowerShell features enable you to manage a group of settings templates that are deployed in your enterprise. Use the following procedure to manage a group of templates by using Windows PowerShell. + +**To manage a group of settings location templates by using Windows PowerShell** + +1. Modify or update the desired settings location templates. + +2. If you want to modify or update the settings location templates, deploy those settings location templates to a folder that is accessible to the local computer. + +3. On the local computer, open a Windows PowerShell window with administrator rights. + +4. Unregister all the previously registered versions of the templates by typing the following command. + + ``` syntax + Unregister-UevTemplate -All + ``` + + This command unregisters all active templates on the computer. + +5. Register the updated templates by typing the following command. + + ``` syntax + Register-UevTemplate \*.xml + ``` + + This command registers all of the settings location templates that are located in the specified template folder. + +### Windows app list + +By listing a Windows app in the Windows app list, you specify whether that app is enabled or disabled for settings synchronization. Apps are identified in the list by their Package Family name and whether settings synchronization should be enabled or disabled for that app. When you use these settings along with the Unlisted Default Sync Behavior setting, you can control whether Windows apps are synchronized. + +To display the Package Family Name of installed Windows apps, at a Windows PowerShell command prompt, enter: + +``` syntax +Get-AppxPackage | Sort-Object PackageFamilyName | Format-Table PackageFamilyName +``` + +To display a list of Windows apps that can synchronize settings on a computer with their package family name, enabled status, and enabled source, at a Windows PowerShell command prompt, enter: `Get-UevAppxPackage` + +**Definitions of Get-UevAppxPackage properties** + +**PackageFamilyName** +The name of the package that is installed for the current user. + +**Enabled** +Defines whether the settings for the app are configured to synchronize. + +**EnabledSource** +The location where the configuration that enables or disables the app is set. Possible values are: *NotSet*, *LocalMachine*, *LocalUser*, *PolicyMachine*, and *PolicyUser*. + +**NotSet** +The policy is not configured to synchronize this app. + +**LocalMachine** +The enabled state is set in the local computer section of the registry. + +**LocalUser** +The enabled state is set in the current user section of the registry. + +**PolicyMachine** +The enabled state is set in the policy section of the local computer section of the registry. + +To get the user-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage –CurrentComputerUser` + +To get the computer-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage –Computer` + +For either parameter, CurrentComputerUser or Computer, the cmdlet returns a list of the Windows apps that are configured at the user or at the computer level. + +**Definitions of properties** + +**PackageFamilyName** +The name of the package that is installed for the current user. + +**Enabled** +Defines whether the settings for the app are configured to synchronize for the specified switch, that is, **user** or **computer**. + +**Installed** +True if the app, that is, the PackageFamilyName is installed for the current user. + +### Manage UE-V settings location templates by using WMI + +User Experience Virtualization provides the following set of WMI commands. Administrators can use these interfaces to manage settings location templates from Windows PowerShell and automate template administrative tasks. + +**To manage settings location templates by using WMI** + +1. Use an account with administrator rights to open a Windows PowerShell window. + +2. Use the following WMI commands to register and manage the UE-V settings location templates. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Windows PowerShell commandDescription

    Get-WmiObject -Namespace root\Microsoft\UEV SettingsLocationTemplate | Select-Object TemplateId,TemplateName, TemplateVersion,Enabled | Format-Table -Autosize

    Lists all the settings location templates that are registered for the computer.

    Invoke-WmiMethod –Namespace root\Microsoft\UEV –Class SettingsLocationTemplate –Name GetProcessInfoByTemplateId <template Id>

    Gets the name of the program and version information, which depends on the template name.

    Get-WmiObject -Namespace root\Microsoft\UEV EffectiveWindows8App

    Gets the effective list of Windows apps.

    Get-WmiObject -Namespace root\Microsoft\UEV MachineConfiguredWindows8App

    Gets the list of Windows apps that are configured for the computer.

    Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguredWindows8App

    Gets the list of Windows apps that are configured for the current user.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Register -ArgumentList <template path >

    Registers a settings location template with UE-V.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name UnregisterByTemplateId -ArgumentList <template ID>

    Unregisters a settings location template with UE-V. As soon as a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Update -ArgumentList <template path>

    Updates a settings location template with UE-V. The new template should be a newer version than the existing one.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name RemoveApp -ArgumentList <package family name | package family name>

    Removes one or more Windows apps from the computer Windows app list.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name RemoveApp -ArgumentList <package family name | package family name>

    Removes one or more Windows apps from the current user Windows app list.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name DisableByTemplateId -ArgumentList <template ID>

    Disables one or more settings location templates with UE-V.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name DisableApp -ArgumentList <package family name | package family name>

    Disables one or more Windows apps in the computer Windows app list.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name DisableApp -ArgumentList <package family name | package family name>

    Disables one or more Windows apps in the current user Windows app list.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name EnableByTemplateId -ArgumentList <template ID>

    Enables a settings location template with UE-V.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name EnableApp -ArgumentList <package family name | package family name>

    Enables Windows apps in the computer Windows app list.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name EnableApp -ArgumentList <package family name | package family name>

    Enables Windows apps in the current user Windows app list.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Validate -ArgumentList <template path>

    Determines whether a given settings location template complies with its XML schema.

    + +**Note**   +Where a list of Package Family Names is called by the WMI command, the list must be in quotes and separated by a pipe symbol, for example, `""`. + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md) + +[Administering UE-V](uev-administering-uev.md) diff --git a/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md new file mode 100644 index 0000000000..fc1134e656 --- /dev/null +++ b/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md @@ -0,0 +1,348 @@ +--- +title: Managing the UE-V Service and Packages with Windows PowerShell and WMI +description: Managing the UE-V service and packages with Windows PowerShell and WMI +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Managing the UE-V service and packages with Windows PowerShell and WMI + +You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage User Experience Virtualization (UE-V) service configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V Cmdlet Reference](https://technet.microsoft.com/library/dn520275.aspx). + + +## To configure the UE-V service with Windows PowerShell + +1. Open a Windows PowerShell window. To manage computer settings that affect all users of the computer by using the *Computer* parameter, open the window with an account that has administrator rights. + +2. Use the following Windows PowerShell commands to configure the service. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Windows PowerShell commandDescription

    Enable-UEV

    +

    Turns on the UE-V service. Requires reboot.

    Disable-UEV

    Turns off the UE-V service. Requires reboot.

    Get-UevStatus

    Displays whether UE-V service is enabled or disabled, using a Boolean value.

    Get-UevConfiguration

    +

    Gets the effective UE-V service settings. User-specific settings have precedence over the computer settings.

    Get-UevConfiguration -CurrentComputerUser

    +

    Gets the UE-V service settings values for the current user only.

    Get-UevConfiguration -Computer

    Gets the UE-V service configuration settings values for all users on the computer.

    Get-UevConfiguration -Details

    Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.

    Set-UevConfiguration -Computer –EnableDontSyncWindows8AppSettings

    Configures the UE-V service to not synchronize any Windows apps for all users on the computer.

    Set-UevConfiguration -CurrentComputerUser – EnableDontSyncWindows8AppSettings

    Configures the UE-V service to not synchronize any Windows apps for the current computer user.

    Set-UevConfiguration -Computer –EnableFirstUseNotification

    Configures the UE-V service to display notification the first time the service runs for all users on the computer.

    Set-UevConfiguration -Computer –DisableFirstUseNotification

    Configures the UE-V service to not display notification the first time that the service runs for all users on the computer.

    Set-UevConfiguration -Computer –EnableSettingsImportNotify

    Configures the UE-V service to notify all users on the computer when settings synchronization is delayed.

    +

    Use the DisableSettingsImportNotify parameter to disable notification.

    Set-UevConfiguration -CurrentComputerUser -EnableSettingsImportNotify

    Configures the UE-V service to notify the current user when settings synchronization is delayed.

    +

    Use the DisableSettingsImportNotify parameter to disable notification.

    Set-UevConfiguration -Computer –EnableSyncUnlistedWindows8Apps

    Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).

    +

    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.

    Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps

    Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).

    +

    Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.

    Set-UevConfiguration –Computer –DisableSync

    Disables UE-V for all the users on the computer.

    +

    Use the EnableSync parameter to enable or re-enable.

    Set-UevConfiguration –CurrentComputerUser -DisableSync

    Disables UE-V for the current user on the computer.

    +

    Use the EnableSync parameter to enable or re-enable.

    Set-UevConfiguration -Computer –EnableTrayIcon

    Enables the UE-V icon in the notification area for all users of the computer.

    +

    Use the DisableTrayIcon parameter to disable the icon.

    Set-UevConfiguration -Computer -MaxPackageSizeInBytes <size in bytes>

    Configures the UE-V service to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.

    Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes <size in bytes>

    Configures the UE-V service to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.

    Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds

    Specifies the time in seconds before the user is notified for all users of the computer

    Set-UevConfiguration -CurrentComputerUser -SettingsImportNotifyDelayInSeconds

    Specifies the time in seconds before notification for the current user is sent.

    Set-UevConfiguration -Computer -SettingsStoragePath <path to _settings_storage_location>

    Defines a per-computer settings storage location for all users of the computer.

    Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath <path to _settings_storage_location>

    Defines a per-user settings storage location.

    Set-UevConfiguration –Computer –SettingsTemplateCatalogPath <path to catalog>

    Sets the settings template catalog path for all users of the computer.

    Set-UevConfiguration -Computer -SyncMethod <sync method>

    Sets the synchronization method for all users of the computer: SyncProvider or None.

    Set-UevConfiguration -CurrentComputerUser -SyncMethod <sync method>

    Sets the synchronization method for the current user: SyncProvider or None.

    Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds <timeout in milliseconds>

    Sets the synchronization time-out in milliseconds for all users of the computer

    Set-UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds <timeout in milliseconds>

    Set the synchronization time-out for the current user.

    Clear-UevConfiguration –Computer -<setting name>

    Clears the specified setting for all users on the computer.

    Clear-UevConfiguration –CurrentComputerUser -<setting name>

    Clears the specified setting for the current user only.

    Export-UevConfiguration <settings migration file>

    Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.

    +

    The Export cmdlet exports all UE-V service settings that are configurable with the Computer parameter.

    Import-UevConfiguration <settings migration file>

    Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.

    + +   + +## To export UE-V package settings and repair UE-V templates with Windows PowerShell + +1. Open a Windows PowerShell window as an administrator. + +2. Use the following Windows PowerShell commands to configure the service. + + + + + + + + + + + + + + + + + + + + +

    Windows PowerShell command

    Description

    Export-UevPackage MicrosoftNotepad.pkgx

    Extracts the settings from a Microsoft Notepad package file and converts them into a human-readable format in XML.

    Repair-UevTemplateIndex

    Repairs the index of the UE-V settings location templates.

    + +## To configure the UE-V service with WMI + +1. User Experience Virtualization provides the following set of WMI commands. Administrators can use this interface to configure the UE-V service at the command line and automate typical configuration tasks. + + Use an account with administrator rights to open a Windows PowerShell window. + +2. Use the following WMI commands to configure the service. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Windows PowerShell commandDescription

    Get-WmiObject -Namespace root\Microsoft\UEV Configuration

    +

    Displays the active UE-V service settings. User-specific settings have precedence over the computer settings.

    Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration

    Displays the UE-V service configuration that is defined for a user.

    Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    Displays the UE-V service configuration that is defined for a computer.

    Get-WmiObject –Namespace root\Microsoft\Uev ConfigurationItem

    Displays the details for each configuration item.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    +

    $config.SettingsStoragePath = <path_to_settings_storage_location>

    +

    $config.Put()

    Defines a per-computer settings storage location.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration

    +

    $config.SettingsStoragePath = <path_to_settings_storage_location>

    +

    $config.Put()

    Defines a per-user settings storage location.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    +

    $config.SyncTimeoutInMilliseconds = <timeout_in_milliseconds>

    +

    $config.Put()

    Sets the synchronization time-out in milliseconds for all users of the computer.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    +

    $config.MaxPackageSizeInBytes = <size_in_bytes>

    +

    $config.Put()

    Configures the UE-V service to report when a settings package file size reaches a defined threshold. Set the threshold package file size in bytes for all users of the computer.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    +

    $config.SyncMethod = <sync_method>

    +

    $config.Put()

    Sets the synchronization method for all users of the computer: SyncProvider or None.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    +

    $config.<setting name> = $true

    +

    $config.Put()

    To enable a specific per-computer setting, clear the setting, and use $null as the setting value. Use UserConfiguration for per-user settings.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    +

    $config.<setting name> = $false

    +

    $config.Put()

    To disable a specific per-computer setting, clear the setting, and use $null as the setting value. Use User Configuration for per-user settings.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    +

    $config.<setting name> = <setting value>

    +

    $config.Put()

    Updates a specific per-computer setting. To clear the setting, use $null as the setting value.

    $config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

    +

    $config.<setting name> = <setting value>

    +

    $config.Put()

    Updates a specific per-user setting for all users of the computer. To clear the setting, use $null as the setting value.

    + +When you are finished configuring the UE-V service with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations. + +`\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration` + +`\HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration` + +## To export UE-V package settings and repair UE-V templates by using WMI + +1. UE-V provides the following set of WMI commands. Administrators can use this interface to export a package or repair UE-V templates. + +2. Use the following WMI commands. + + + + + + + + + + + + + + + + + + + + + + +
    WMI commandDescription

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name ExportPackage -ArgumentList <package name>

    Extracts the settings from a package file and converts them into a human-readable format in XML.

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name RebuildIndex

    Repairs the index of the UE-V settings location templates. Must be run as administrator.

    + +   +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md) + +[Administering UE-V](uev-administering-uev.md) diff --git a/windows/manage/uev-migrating-settings-packages.md b/windows/manage/uev-migrating-settings-packages.md new file mode 100644 index 0000000000..0bf674caeb --- /dev/null +++ b/windows/manage/uev-migrating-settings-packages.md @@ -0,0 +1,51 @@ +--- +title: Migrating UE-V settings packages +description: Migrating UE-V settings packages +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Migrating UE-V settings packages + + +In the lifecycle of a User Experience Virtualization (UE-V) deployment, you might have to relocate the user settings packages either when you migrate to a new server or when you perform backups. Settings packages might have to be migrated in the following scenarios: + +- Upgrade of existing server hardware to a more modern server + +- Migration of a settings storage location share from a test server to a production server + +Simply copying the files and folders does not preserve the security settings and permissions. The following steps describe how to correctly copy the settings package along with their NTFS file system permissions to a new share. + +**To preserve UE-V settings packages when you migrate to a new server** + +1. In a new location on a different server, create a new folder, for example, MySettings. + +2. Disable sharing for the old folder share on the old server. + +3. To copy the existing settings packages to the new server with Robocopy + + ``` syntax + C:\start robocopy "\\servername\E$\MySettings" "\\servername\E$\MySettings" /b /sec /secfix /e /LOG:D:\Robocopylogs\MySettings.txt + ``` + + **Note**   + To monitor the copy progress, open MySettings.txt with a log viewer such as Trace32. + +   + +4. Grant share-level permissions to the new share. Leave the NTFS file system permissions as they were set by Robocopy. + + On computers on which the UE-V service is enabled, update the **SettingsStoragePath** configuration setting to the Universal Naming Convention (UNC) path of the new share. + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Administering UE-V](uev-administering-uev.md) + diff --git a/windows/manage/uev-prepare-for-deployment.md b/windows/manage/uev-prepare-for-deployment.md new file mode 100644 index 0000000000..a7735d20e4 --- /dev/null +++ b/windows/manage/uev-prepare-for-deployment.md @@ -0,0 +1,398 @@ +--- +title: Prepare a UE-V Deployment +description: Prepare a UE-V Deployment +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Prepare a UE-V Deployment + +Applies to: Windows 10, version 1607 + +Before you deploy User Experience Virtualization (UE-V), review this topic for important information about the type of deployment you’re planning and for preparations you can make beforehand so that your deployment is successful. If you leave this page, be sure to come back and read through the planning information in this topic. + +## Plan your UE-V deployment + +With UE-V, you can synchronize user-defined application and operating system settings across all the devices that a user works from. Use UE-V to synchronize settings for Windows applications and custom applications, such as third-party and line of business applications. + +Whether you want to synchronize settings for only default Windows applications or for both Windows and custom applications, you’ll need to first deploy the features required to use UE-V. + +[Deploy required UE-V features](uev-deploy-required-features.md) + +- [Define a settings storage location](uev-deploy-required-features.md#ssl) + +- [Decide how to manage UE-V configurations](#config) + +- [Enable the UE-V service](uev-deploy-required-features.md#enable-the-ue-v-service) on user computers + +If you want to use UE-V to synchronize user-defined settings for custom applications (third-party or line-of-business), you’ll need to install and configure these optional additional UE-V features: + +[Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md) + +- [Install the UE-V template generator](uev-deploy-uev-for-custom-applications.md#install-the-uev-template-generator) so you can create, edit, and validate the custom settings location templates required to synchronize custom application settings + +- [Create custom settings location templates](uev-deploy-uev-for-custom-applications.md#createcustomtemplates) with the UE-V template generator + +- [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md#deploycatalogue) to store your custom settings location templates + +The workflow diagram below illustrates a typical UE-V deployment and the decisions you need to be prepared to make. + +![UE-V deployment preparation](images/uev-deployment-preparation.png) + + + +### Planning a UE-V deployment + +Review the following topics to determine which UE-V components you’ll be deploying. + +- [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications) + + If you want to synchronize settings for custom applications, you’ll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involves the following tasks: + + - Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment). + + - [Determine whether you need settings synchronized for other applications](#determine-whether-you-need-settings-synchronized-for-other-applications). + +- Review [other considerations for deploying UE-V](#other-considerations-when-preparing-a-ue-v-deployment), including high availability and capacity planning. + +- [Confirm prerequisites and supported configurations for UE-V](#confirm-prerequisites-and-supported-configurations-for-ue-v) + +## Decide whether to synchronize settings for custom applications + +In a UE-V deployment, many settings are automatically synchronized. You can also customize UE-V to synchronize settings for other applications, such as line-of-business and third-party apps. + +Deciding if you want UE-V to synchronize settings for custom applications is an essential part of planning your UE-V deployment. The topics in this section will help you make that decision. + +### Settings automatically synchronized in a UE-V deployment + +This section explains which settings are synchronized by default in UE-V, including: + +- Desktop applications that are synchronized by default + +- Windows desktop settings that are synchronized by default + +- A statement of support for Windows applications setting synchronization + +See [Microsoft Authored Office 2016 UE-V Templates](https://www.microsoft.com/download/details.aspx?id=46367) to download a list of the specific Office 2016 settings that are synchronized by UE-V. + +To download a list of the Microsoft Office 2013 and 2010 settings that are synchronized by UE-V, see [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367). + + +### Desktop applications synchronized by default in UE-V + +When you enable the UE-V service on user devices, it registers a default group of settings location templates that capture settings values for these common Microsoft applications. + +| **Application category** | **Description** | +|-----------------------------|-------------------| +| Microsoft Office 2016 applications
    [Download a list of all settings synced](https://gallery.technet.microsoft.com/Authored-Office-2016-32-0dc05cd8) | Microsoft Access 2016
    Microsoft Lync 2016
    Microsoft Excel 2016
    Microsoft OneNote 2016
    Microsoft Outlook 2016
    Microsoft PowerPoint 2016
    Microsoft Project 2016
    Microsoft Publisher 2016
    Microsoft SharePoint Designer 2013 (not updated for 2016)
    Microsoft Visio 2016
    Microsoft Word 2016
    Microsoft Office Upload Manager
    Microsoft Infopath has been removed (deprecated) from the Office 2016 suite | +| Microsoft Office 2013 applications
    [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013
    Microsoft Excel 2013
    Microsoft Outlook 2013
    Microsoft Access 2013
    Microsoft Project 2013
    Microsoft PowerPoint 2013
    Microsoft Publisher 2013
    Microsoft Visio 2013
    Microsoft InfoPath 2013
    Microsoft Lync 2013
    Microsoft OneNote 2013
    Microsoft SharePoint Designer 2013
    Microsoft Office 2013 Upload Center
    Microsoft OneDrive for Business 2013 +| Microsoft Office 2010 applications
    [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010
    Microsoft Excel 2010
    Microsoft Outlook 2010
    Microsoft Access 2010
    Microsoft Project 2010
    Microsoft PowerPoint 2010
    Microsoft Publisher 2010
    Microsoft Visio 2010
    Microsoft SharePoint Workspace 2010
    Microsoft InfoPath 2010
    Microsoft Lync 2010
    Microsoft OneNote 2010
    Microsoft SharePoint Designer 2010 | +| Browser options: Internet Explorer 11 and 10 | Synchronize favorites, home page, tabs, and toolbars.
    **Note**
    UE-V does not roam settings for Internet Explorer cookies. | +| Windows accessories | Microsoft NotePad, WordPad | + +**Notes** +An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization. + +UE-V does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems. + +### Windows settings synchronized by default + +UE-V includes settings location templates that capture settings values for these Windows settings. + +| **Windows settings** | **Description** | **Apply on** | **Export on** | **Default state** | +|----------------------|-----------------|--------------|---------------|-------------------| +| Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled | +| Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled | +| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, additional clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled | + +>**Important** +UE-V roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions. + +| **Settings group** | **Category** | **Capture** | **Apply** | +|--------------------------|----------------|----------------|--------------| +| **Application Settings** | Windows applications | Close appllication
    Windows application settings change event | Start the UE-V App Monitor at startup
    Open app
    Windows application settings change event
    Arrival of a settings package | +| | Desktop applications | Application closes | Application opens and closes | +| **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs | +| | Ease of Access (Common – Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on | +| | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse) | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs | +| | Desktop settings | Lock or log off | Log on | + +### UE-V-support for Windows applications + +For Windows applications, the application developer specifies which user settings are synchronized. You can specify which Windows apps are enabled for settings synchronization. + +To display a list of Windows applications that can synchronize settings with their package family name, enabled status, and enabled source, open a Windows PowerShell window, type Get-UevAppxPackage, and press ENTER. + +>**Note** +Starting in Windows 10, version 1607, you can configure UE-V to not synchronize Windows applications settings if the device is configured to use Enterprise State Roaming. + +### UE-V-support for roaming printers + +Users can print to their saved network printers, including their default network printer, from any network device. + +Printer roaming in UE-V requires one of these scenarios: + +- The print server can download the required driver when it roams to a new device. + +- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer. + +- The printer driver can be imported from Windows Update. + +>**Note** +The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided. + +### Determine whether you need settings synchronized for other applications + +After you have reviewed the settings that are synchronized automatically in a UE-V deployment, you’ll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise. + +As an administrator, when you consider which desktop applications to include in your UE-V solution, consider which settings can be customized by users, and how and where the application stores its settings. Not all desktop applications have settings that can be customized or that are routinely customized by users. In addition, not all desktop applications settings can be synchronized safely across multiple devices or environments. + +In general, you can synchronize settings that meet the following criteria: + +- Settings that are stored in user-accessible locations. For example, do not synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry. + +- Settings that are not specific to the particular device. For example, exclude network shortcuts or hardware configurations. + +- Settings that can be synchronized between computers without risk of corrupted data. For example, do not use settings that are stored in a database file. + +### Checklist for evaluating custom applications + +If you’ve decided that you need to synchronize settings for custom applications, use this checklist to determine which applications you’ll include. + +| | **Description** | +|-------|--------------------------| +| ![Checklist box](images/uev-checklist-box.gif) | Does this application contain settings that the user can customize? | +| ![Checklist box](images/uev-checklist-box.gif) | Is it important for the user that these settings are synchronized? | +| ![Checklist box](images/uev-checklist-box.gif) | Are these user settings already managed by an application management or settings policy solution? UE-V applies application settings at application startup and Windows settings at logon, unlock, or remote connect events. If you use UE-V with other settings sharing solutions, users might experience inconsistency across synchronized settings. | +| ![Checklist box](images/uev-checklist-box.gif) | Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations do not consistently synchronize across sessions and can cause a poor application experience. | +| ![Checklist box](images/uev-checklist-box.gif) | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\\ \[User name\] \\**AppData**\\**LocalLow** directory? Application data that is stored in either of these locations usually should not synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. | +| ![Checklist box](images/uev-checklist-box.gif) | Does the application store any settings in a file that contains other application data that should not synchronize? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this additional data can cause a poor application experience. | +| ![Checklist box](images/uev-checklist-box.gif) | How large are the files that contain the settings? The performance of the settings synchronization can be affected by large files. Including large files can affect the performance of settings synchronization. | + +## Other considerations when preparing a UE-V deployment + +You should also consider these things when you are preparing to deploy UE-V: + +- [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v) + +- [Windows applications settings synchronization](#windows-applications-settings-synchronization) + +- [Custom UE-V settings location templates](#custom-ue-v-settings-location-templates) + +- [Unintentional user settings configurations](#prevent-unintentional-user-settings-configuration) + +- [Performance and capacity](#performance-and-capacity-planning) + +- [High availability](#high-availability-for-ue-v) + +- [Computer clock synchronization](#synchronize-computer-clocks-for-ue-v-settings-synchronization) + +### Managing credentials synchronization in UE-V + +Many enterprise applications, including Microsoft Outlook, Lync, and Skype for Business prompt users for their domain credentials when they log in. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid re-entering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V. + +**Important** +Credentials synchronization is disabled by default. You must explicitly enable credentials synchronization after you enable the UE-V service to implement this feature. + +UE-V can synchronize enterprise credentials, but does not roam credentials intended only for use on the local device. + +Credentials are synchronous settings, meaning that they are applied to users' profiles the first time they log on to their devices after UE-V synchronizes. + +Credentials synchronization is managed by its own settings location template, which is disabled by default. You can enable or disable this template through the same methods used for other templates. The template identifier for this feature is RoamingCredentialSettings. + +>**Important** +If you are using Active Directory Credential Roaming in your environment, we recommend that you do not enable the UE-V credential roaming template. Instead, use PowerShell or Group Policy to enable credentials synchronization. Note that credentials are encrypted during synchronization. + +[PowerShell](uev-administering-uev-with-windows-powershell-and-wmi.md)**:** Enter this PowerShell cmdlet to enable credential synchronization: + +`Enable-UevTemplate RoamingCredentialSettings` + +`Copy` + +Use this PowerShell cmdlet to disable credential synchronization: + +`Disable-UevTemplate RoamingCredentialSettings` + +`Copy` + + + +[Group Policy](uev-configuring-uev-with-group-policy-objects.md)**:** You must edit the Group Policy administrative template for UE-V, which is included in Windows 10, version 1607, to enable credential synchronization through group policy. Credentials synchronization is managed in Windows settings. To manage this feature with Group Policy, enable the **Synchronize Windows** settings policy. + +1. Open Group Policy Editor and navigate to **User Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**. + +2. Double-click **Synchronize Windows settings**. + +3. If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it. + +4. Click **OK**. + +### Credential locations synchronized by UE-V + +Credential files saved by applications into the following locations are synchronized: + +- %UserProfile%\\AppData\\Roaming\\Microsoft\\Credentials\\ + +- %UserProfile%\\AppData\\Roaming\\Microsoft\\Crypto\\ + +- %UserProfile%\\AppData\\Roaming\\Microsoft\\Protect\\ + +- %UserProfile%\\AppData\\Roaming\\Microsoft\\SystemCertificates\\ + +Credentials saved to other locations are not synchronized by UE-V. + +### Windows applications settings synchronization + +UE-V manages Windows application settings synchronization in three ways: + +- **Sync Windows applications:** Allow or deny any Windows application synchronization + +- **Windows applications list:** Synchronize a list of Windows applications + +- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that are not in the Windows applications list. + +For more information, see the [Windows Application List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist). + +### Custom UE-V settings location templates + +If you are deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices. + +Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including System Center Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell. + +For more information about custom settings location templates, see [Deploy UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). For more information about using UE-V with Configuration Manager, see [Configuring UE-V with System Center Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md). + +### Prevent unintentional user settings configuration + +UE-V downloads new user settings information from a settings storage location and applies the settings to the local device in these instances: + +- Each time an application is started that has a registered UE-V template + +- When a user logs on to a device + +- When a user unlocks a device + +- When a connection is made to a remote desktop device running UE-V + +- When the Sync Controller Application scheduled task is run + +If UE-V is installed on computer A and computer B, and the settings that you want for the application are on computer A, then computer A should open and close the application first. If the application is opened and closed on computer B first, then the application settings on computer A are configured to the application settings on computer B. Settings are synchronized between computers on per-application basis. Over time, settings become consistent between computers as they are opened and closed with preferred settings. + +This scenario also applies to Windows settings. If the Windows settings on computer B should be the same as the Windows settings on computer A, then the user should log on and log off computer A first. + +If the user settings that the user wants are applied in the wrong order, they can be recovered by performing a restore operation for the specific application or Windows configuration on the computer on which the settings were overwritten. For more information, see [Manage Administrative Backup and Restore in UE-V](uev-manage-administrative-backup-and-restore.md). + +### Performance and capacity planning + +Specify your requirements for UE-V with standard disk capacity and network health monitoring. + +UE-V uses a Server Message Block (SMB) share for the storage of settings packages. The size of settings packages varies depending on the settings information for each application. While most settings packages are small, the synchronization of potentially large files, such as desktop images, can result in poor performance, particularly on slower networks. + +To reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location. + +By default, UE-V synchronization times out after 2 seconds to prevent excessive lag due to a large settings package. You can configure the SyncMethod=SyncProvider setting by using [Group Policy objects](uev-configuring-uev-with-group-policy-objects.md). + +### High availability for UE-V + +The UE-V settings storage location and settings template catalog support storing user data on any writable share. To ensure high availability, follow these criteria: + +- Format the storage volume with an NTFS file system. + + + +- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](http://go.microsoft.com/fwlink/p/?LinkId=313991). + + In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication. + +- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md#ssl). + +- Use file server clustering along with the UE-V service to provide access to copies of user state data in the event of communications failures. + +- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both. + +### Synchronize computer clocks for UE-V settings synchronization + +Computers that run the UE-V service must use a time server to maintain a consistent settings experience. UE-V uses time stamps to determine if settings must be synchronized from the settings storage location. If the computer clock is inaccurate, older settings can overwrite newer settings, or the new settings might not be saved to the settings storage location. + +## Confirm prerequisites and supported configurations for UE-V + +Before you proceed, ensure that your environment meets these requirements for using UE-V. + +| **Operating system** | **Edition** | **Service pack** | **System architecture** | **Windows PowerShell** | **Microsoft .NET Framework** | +|--------------------------|---------------|------------------|-------------------------|--------------------------|--------------------------------| +| Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | +| Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | +| Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | + +**Note** +- Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed. + +- The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used. + +There are no special random access memory (RAM) requirements specific to UE-V. + +### Synchronization of settings through the Sync Provider + +Sync Provider is the default setting for users and synchronizes a local cache with the settings storage location in these instances: + +- Log on/log off + +- Lock/unlock + +- Remote desktop connect/disconnect + +- Application open/close + +A scheduled task manages this synchronization of settings every 30 minutes or through trigger events for certain applications. For more information, see [Changing the frequency of UE-V scheduled tasks](uev-changing-the-frequency-of-scheduled-tasks.md). + +The UE-V service synchronizes user settings for devices that are not always connected to the enterprise network (remote devices and laptops) and devices that are always connected to the network (devices that run Windows Server and host virtual desktop interface (VDI) sessions). + +**Synchronization for computers with always-available connections** When you use UE-V on devices that are always connected to the network, you must configure the UE-V service to synchronize settings by using the *SyncMethod=None* parameter, which treats the settings storage server as a standard network share. In this configuration, the UE-V service can be configured to notify if the import of the application settings is delayed. + +Enable this configuration using one of these methods: + +- After you enable the UE-V service, use the Settings Management feature in System Center Configuration Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration. + +- Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the SyncMethod = None configuration. + +Restart the device to allow the settings to synchronize. + +- >**Note** +These methods do not work for pooled virtual desktop infrastructure (VDI) environments. + + +>**Note** +If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path. + +**Synchronization for external sync engines** The *SyncMethod=External* parameter specifies that if UE-V settings are written to a local folder on the user device, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different devices that users access. + +**Support for shared VDI sessions** UE-V supports VDI sessions that are shared among end users. You can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions. + +>**Note** +If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](uev-manage-administrative-backup-and-restore.md). + +The VDI template is provided with UE-V and is typically available here after installation: C:\ProgramData\Microsoft\UEV\InboxTemplates + +### Prerequisites for UE-V template generator support + +Install the UE-V template generator on the device that is used to create custom settings location templates. This device should be able to run the applications that you want to synchronize settings for. You must be a member of the Administrators group on the device that runs the UE-V template generator software. + +The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 4. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). + +## Other resources for this feature + +- [User Experience Virtualization overview](uev-for-windows.md) + +- [Get started with UE-V](uev-getting-started.md) + +- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md) + +- [Administering UE-V ](uev-administering-uev.md) + +- [Troubleshooting UE-V ](uev-troubleshooting.md) + +- [Technical Reference for UE-V](uev-technical-reference.md) diff --git a/windows/manage/uev-privacy-statement.md b/windows/manage/uev-privacy-statement.md new file mode 100644 index 0000000000..30e1e65622 --- /dev/null +++ b/windows/manage/uev-privacy-statement.md @@ -0,0 +1,156 @@ +--- +title: User Experience Virtualization Privacy Statement +description: User Experience Virtualization Privacy Statement +author: jamiejdt +ms.assetid: c2919034-f2cf-48d6-b18e-4dd318252426 +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w8 +--- + + +# User Experience Virtualization Privacy Statement + + +Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft User Experience Virtualization (“UE-V”). This is a preliminary disclosure that focuses on features that communicate with the Internet and is not intended to be an exhaustive list. + +Microsoft User Experience Virtualization allows the separation of settings from an application or operating system. Those settings can then be transferred to a remote storage location, eliminating the constraints of local storage and giving users the ability to have their settings follow them to other computers. + +## Collection and Use of Your Information + + +The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to analyze and improve Microsoft products and services. + +We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates. + +In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area. + +Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. + +Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets. + +Information that is collected by or sent to Microsoft by UE-V may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. + +## Collection and Use of Information about Your Computer + + +When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. + +The privacy details for each UE-V feature, software or service listed in this privacy statement describe what additional information is collected and how it is used. + +## Security of Your Information + + +Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities. + +## Changes to This Privacy Statement + + +We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information. + +## For More Information + + +Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us [MSUEVPrivacy@microsoft.com](mailto:%20MSUEVPrivacy@microsoft.com). + +## Specific features + + +The remainder of this document will address the following specific features: + +### UE-V Generator + +**What This Feature Does**: + +The UE-V generator is used to create settings location templates. These templates allow users to roam the settings for their applications. + +**Information Collected, Processed, or Transmitted**: + +When creating a settings location template the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. None of this information is sent to Microsoft. + +If you plan to share settings location templates with anyone outside your organization you should review all the settings locations and ensure the settings location template do not contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company: + +- **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template. + +- **Template Author Email** – Specify a general, non-identifying template author email or exclude this data from the template. + +**Use of Information**: + +The template author name and template author email can be used to identify the author of settings location template. If you share the template, the author name and email is viewable to all who use the template. No information is sent to Microsoft. + +**Choice/Control**:  + +To remove the template author name or template author email, start the UE-V generator application. Select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template. + +## Customer Experience Improvement Program + + +**What This Feature Does:** + +The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information. + +**Information Collected, Processed, or Transmitted:** + +For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at . + +**Use of Information:** + +We use this information to improve the quality, reliability, and performance of Microsoft software and services. + +**Choice/Control:** + +You are offered the opportunity to participate in CEIP during setup of the UE-V Agent. If you choose to participate and later change your mind, you can turn off CEIP at any time by:Re-running the UE-V agent setup and opting out of CEIP or by setting the following registry key either manually or via Group Policy: + +``` syntax +Key = HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent +RegEntry name = CustomerExperienceImprovementProgram +Entry type REG_DWORD (Hexadecimal): +0 is off +1 is on +``` + +## Microsoft Error Reporting + + +**What This Feature Does:** + +Microsoft Error Reporting provides a service that allows you to report problems you may be having with UE-V or other enabled applications to Microsoft and to receive information that may help you avoid or solve such problems. + +**Information Collected, Processed, or Transmitted:** + +For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at . + +**Use of Information:** + +We use the error reporting data to solve customer problems and improve our software and services. + +**Choice/Control:** + +If you choose the recommended settings during Windows setup, you turn on automatic checking for solutions, which will send basic error reports and look for solutions to the problems reported. If you use automatic checking, you are not typically prompted to send basic information about errors to Microsoft. If a more detailed error report is required, you will be prompted to review it. You can change this setting at any time by going to Action Center in Control Panel. + +**Important Information:** + +Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at . + +UE-V will not modify the Microsoft Error Reporting preference and will honor the system setting in the Control Panel and/or the setting enforced via Group Policy. + +## Microsoft Update + + +**What This Feature Does:** + +Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software. + +**Information Collected, Processed, or Transmitted:** + +For details about what information is collected and how it is used, see the Update Services Privacy Statement at + +**Use of Information:** + +- For details about what information is collected and how it is used, see the Update Services Privacy Statement at . + +- Choice/Control: + + For details about controlling this feature, see the Update Services Privacy Statement at . + diff --git a/windows/manage/uev-release-notes-1607.md b/windows/manage/uev-release-notes-1607.md new file mode 100644 index 0000000000..0f9af96e11 --- /dev/null +++ b/windows/manage/uev-release-notes-1607.md @@ -0,0 +1,117 @@ +--- +title: User Experience Virtualization (UE-V) Release Notes +description: User Experience Virtualization (UE-V) Release Notes +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# User Experience Virtualization (UE-V) Release Notes + +Applies to: Windows 10, version 1607 + +This topic includes information required to successfully install and use UE-V that is not included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative. + +### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked + +Version 1.0 of UE-V includes client-side caching technology used to pin the UE-V sync folder, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607. + +WORKAROUND: Unpin the UE-V 1.0 client-side caching sync folder and then upgrade to the in-box version included in UE-V for Windows, version 1607 release. + +### UE-V settings location templates for Skype cause Skype to crash + +When a user generates a valid settings location template for the Skype desktop application, registers it, and then launches the Skype desktop application, Skype crashes. An ACCESS\_VIOLATION is recorded in the Application Event Log. + +WORKAROUND: Remove or unregister the Skype template to allow Skype to work again. + +### Registry settings do not synchronize between App-V and native applications on the same device + +When a device has an application that is installed through both Application Virtualization (App-V) and locally with a Windows Installer (.msi) file, the registry-based settings do not synchronize between the technologies. + +WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both. + +### Unpredictable results when both Office 2010 and Office 2013 are installed on the same device + +When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used. + +WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V. + +### Uninstall and re-install of Windows 8 applications reverts settings to initial state + +While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gather the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications. + +WORKAROUND: None. + +### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office + +We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office. + +WORKAROUND: None + +### Favicons that are associated with Internet Explorer 9 favorites do not roam + +The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer. + +WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser. + +### File settings paths are stored in registry + +Some application settings store the paths of their configuration and settings files as values in the registry. The files that are referenced as paths in the registry must be synchronized when settings are roamed between computers. + +WORKAROUND: Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam. + +### Long Settings Storage Paths could cause an error + +Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log: + +\[boost::filesystem::copy\_file: The system cannot find the path specified\] + +To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational. + +WORKAROUND: None. + +### Some operating system settings only roam between like operating system versions + +Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8. + +WORKAROUND: None + +## Hotfixes and Knowledge Base articles for UE-V + +This section contains hotfixes and KB articles for UE-V. + +| KB Article | Title | Link | +|------------|---------|--------| +| 3018608 | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing | [support.microsoft.com/kb/3018608/EN-US](http://support.microsoft.com/kb/3018608/EN-US) | +| 2903501 | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles | [support.microsoft.com/kb/2903501/EN-US](http://support.microsoft.com/kb/2903501/EN-US) | +| 2770042 | UE-V Registry Settings | [support.microsoft.com/kb/2770042/EN-US](http://support.microsoft.com/kb/2770042/EN-US) | +| 2847017 | UE-V settings replicated by Internet Explorer | [support.microsoft.com/kb/2847017/EN-US](http://support.microsoft.com/kb/2847017/EN-US) | +| 2769631 | How to repair a corrupted UE-V install | [support.microsoft.com/kb/2769631/EN-US](http://support.microsoft.com/kb/2769631/EN-US) | +| 2850989 | Migrating MAPI profiles with Microsoft UE-V is not supported | [support.microsoft.com/kb/2850989/EN-US](http://support.microsoft.com/kb/2850989/EN-US) | +| 2769586 | UE-V roams empty folders and registry keys | [support.microsoft.com/kb/2769586/EN-US](http://support.microsoft.com/kb/2769586/EN-US) | +| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997/EN-US](http://support.microsoft.com/kb/2782997/EN-US) | +| 2769570 | UE-V does not update the theme on RDS or VDI sessions | [support.microsoft.com/kb/2769570/EN-US](http://support.microsoft.com/kb/2769570/EN-US) | +| 2850582 | How To Use Microsoft User Experience Virtualization With App-V Applications | [support.microsoft.com/kb/2850582/EN-US](http://support.microsoft.com/kb/2850582/EN-US) | +| 3041879 | Current file versions for Microsoft User Experience Virtualization | [support.microsoft.com/kb/3041879/EN-US](http://support.microsoft.com/kb/3041879/EN-US) | +| 2843592 | Information on User Experience Virtualization and High Availability | [support.microsoft.com/kb/2843592/EN-US](http://support.microsoft.com/kb/2843592/EN-US) | + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +**Additional resources for this feature** + + +- [User Experience Virtualization](uev-for-windows.md) + +- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) + +- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md) + +- [Administering UE-V ](uev-administering-uev.md) + +- [Troubleshooting UE-V ](uev-troubleshooting.md) + +- [Technical Reference for UE-V](uev-technical-reference.md) diff --git a/windows/manage/uev-security-considerations.md b/windows/manage/uev-security-considerations.md new file mode 100644 index 0000000000..2cfc34087e --- /dev/null +++ b/windows/manage/uev-security-considerations.md @@ -0,0 +1,225 @@ +--- +title: Security Considerations for UE-V +description: Security Considerations for UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Security Considerations for UE-V + + +This topic contains a brief overview of accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V). For more information, follow the links that are provided here. + +## Security considerations for UE-V configuration + + +**Important** +When you create the settings storage share, limit the share access to users who require access. + +Because settings packages might contain personal information, you should take care to protect them as well as possible. In general, do the following: + +- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users. + +- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share is not visible in My Network Places. + +- Only give users the minimum amount of permissions that they must have. The following tables show the required permissions. + +1. Set the following share-level SMB permissions for the setting storage location folder. + + + + + + + + + + + + + + + + + + + + + + +
    User accountRecommended permissions

    Everyone

    No permissions

    Security group of UE-V

    Full control

    + + +2. Set the following NTFS file system permissions for the settings storage location folder. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    User accountRecommended permissionsFolder

    Creator/Owner

    No permissions

    No permissions

    Domain Admins

    Full control

    This folder, subfolders, and files

    Security group of UE-V users

    List folder/read data, create folders/append data

    This folder only

    Everyone

    Remove all permissions

    No permissions

    + +3. Set the following share-level SMB permissions for the settings template catalog folder. + + + + + + + + + + + + + + + + + + + + + + + + + + +
    User accountRecommend permissions

    Everyone

    No permissions

    Domain computers

    Read permission Levels

    Administrators

    Read/write permission levels

    + + +4. Set the following NTFS permissions for the settings template catalog folder. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    User accountRecommended permissionsApply to

    Creator/Owner

    Full control

    This folder, subfolders, and files

    Domain Computers

    List folder contents and Read permissions

    This folder, subfolders, and files

    Everyone

    No permissions

    No permissions

    Administrators

    Full Control

    This folder, subfolders, and files

    + +### Use Windows Server as of Windows Server 2003 to host redirected file shares + +User settings package files contain personal information that is transferred between the client computer and the server that stores the settings packages. Because of this process, you should ensure that the data is protected while it travels over the network. + +User settings data is vulnerable to these potential threats: interception of the data as it passes over the network, tampering with the data as it passes over the network, and spoofing of the server that hosts the data. + +As of Windows Server 2003, several features of the Windows Server operating system can help secure user data: + +- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client does not know whether the server is valid. This difference is particularly important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos is not available on the Microsoft Windows NT Server 4.0 or earlier operating systems. + +- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures the following: + + - Roamed data is safe from data modification while data is en route. + + - Roamed data is safe from interception, viewing, or copying. + + - Roamed data is safe from access by unauthenticated parties. + +- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. Note that the SMB signing imposes a performance penalty. It does not consume any more network bandwidth, but it uses more CPU cycles on the client and server side. + +### Always use the NTFS file system for volumes that hold user data + +For the most secure configuration, configure servers that host the UE-V settings files to use the NTFS file system. Unlike the FAT file system, NTFS supports Discretionary access control lists (DACLs) and system access control lists (SACLs). DACLs and SACLs control who can perform operations on a file and what events trigger the logging of actions that is performed on a file. + +### Do not rely on EFS to encrypt user files when they are transmitted over the network + +When you use the Encrypting File System (EFS) to encrypt files on a remote server, the encrypted data is not encrypted during transit over the network; it only becomes encrypted when it is stored on disk. + +This encryption process does not apply when your system includes Internet Protocol security (IPsec) or Web Distributed Authoring and Versioning (WebDAV). IPsec encrypts data while it is transported over a TCP/IP network. If the file is encrypted before it is copied or moved to a WebDAV folder on a server, it remains encrypted during the transmission and while it is stored on the server. + +### Let the UE-V service create folders for each user + +To ensure that UE-V works optimally, create only the root share on the server, and let the UE-V service create the folders for each user. UE-V creates these user folders with the appropriate security. + +This permission configuration enables users to create folders for settings storage. The UE-V service creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users do not inherit access to this folder. You do not have to create and secure individual user directories. The UE-V service that runs in the context of the user does it automatically. + +> **Note**  Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command: + +1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`. + +2. Set the registry key value to *1*. + +When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service does not grant access to the folder. + + +If you must create folders for the users, ensure that you have the correct permissions set. + +We strongly recommend that you do not pre-create folders. Instead, let the UE-V service create the folder for the user. + +### Ensure correct permissions to store UE-V 2 settings in a home directory or custom directory + +If you redirect UE-V settings to a user’s home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization. + +## Have a suggestion for UE-V? + + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Technical Reference for UE-V](uev-technical-reference.md) diff --git a/windows/manage/uev-sync-methods.md b/windows/manage/uev-sync-methods.md new file mode 100644 index 0000000000..7b78c035f0 --- /dev/null +++ b/windows/manage/uev-sync-methods.md @@ -0,0 +1,42 @@ +--- +title: Sync Methods for UE-V +description: Sync Methods for UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Sync Methods for UE-V + + +The User Experience Virtualization (UE-V) service lets you synchronize users’ application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md). + +## SyncMethod Configuration + +This table provides a description of each SyncMethod configuration: + +| **SyncMethod Configuration** | **Description** | +|------------------------------|---------------------| +| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path.
    This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn’t delayed for a long period of time.
    This functionality is also tied to the Scheduled task – Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. | +| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. | +| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available.
    Any settings changes are saved directly to the server. If the network connection to the settings storage path is not available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on logoff, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.
    Apps and OS will wait indefinitely for the location to be present. This could cause App load or OS logon time to dramatically increase if the location is not found. | + +You can configure the sync method in these ways: + +- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings + +- With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V + +- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md) + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +[Deploy Required UE-V Features](uev-deploy-required-features.md) + +[Technical Reference for UE-V](uev-technical-reference.md) diff --git a/windows/manage/uev-sync-trigger-events.md b/windows/manage/uev-sync-trigger-events.md new file mode 100644 index 0000000000..811a463e97 --- /dev/null +++ b/windows/manage/uev-sync-trigger-events.md @@ -0,0 +1,126 @@ +--- +title: Sync Trigger Events for UE-V +description: Sync Trigger Events for UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Sync Trigger Events for UE-V + + +User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices. *Sync trigger events* define when the UE-V service synchronizes those settings with the settings storage location. For more information about Sync Method configuration, see [Sync Methods for UE-V](uev-sync-methods.md). + +## UE-V Sync Trigger Events + + +The following table explains the trigger events for classic applications and Windows settings. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    UE-V Trigger Event

    SyncMethod=SyncProvider

    SyncMethod=None

    Windows Logon

      +

    • Application and Windows settings are imported to the local cache from the settings storage location.

      • +

    • [Asynchronous Windows settings](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings2) are applied.

      • +

    • Synchronous Windows settings will be applied during the next Windows logon.

      • +

    • Application settings will be applied when the application starts.

      • +
      +

    • Application and Windows settings are read directly from the settings storage location.

      • +

    • Asynchronous and synchronous Windows settings are applied.

      • +

    • Application settings will be applied when the application starts.

      • +

    Windows Logoff

    Store changes locally and cache and copy asynchronous and synchronous Windows settings to the settings storage location server, if available

    Store changes to asynchronous and synchronous Windows settings storage location

    Windows Connect (RDP) / Unlock

    Synchronize any asynchronous Windows settings from settings storage location to local cache, if available.

    +

    Apply cached Windows settings

    Download and apply asynchronous windows settings from settings storage location

    Windows Disconnect (RDP) / Lock

    Store asynchronous Windows settings changes to the local cache.

    +

    Synchronize any asynchronous Windows settings from the local cache to settings storage location, if available

    Store asynchronous Windows settings changes to the settings storage location

    Application start

    Apply application settings from local cache as the application starts

    Apply application settings from settings storage location as the application starts

    Application closes

    Store any application settings changes to the local cache and copy settings to settings storage location, if available

    Store any application settings changes to settings storage location

    Sync Controller Scheduled Task

    +

    Application and Windows settings are synchronized between the settings storage location and the local cache.

    +
    +Note   +

    Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.

    +

    For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous).

    +
    +
    +  +
    +

    Settings are applied in these cases:

    +
      +

    • Asynchronous Windows settings are applied directly.

      • +

    • Application settings are applied when the application starts.

      • +

    • Both asynchronous and synchronous Windows settings are applied during the next Windows logon.

      • +

    • Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](http://technet.microsoft.com/library/dn458944.aspx) for more information.

      • +

    NA

    Asynchronous Settings updated on remote store*

    Load and apply new asynchronous settings from the cache.

    Load and apply settings from central server

    + +  + +## Have a suggestion for UE-V? + + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + + +[Technical Reference for UE-V](uev-technical-reference.md) + +[Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md) + +[Choose the Configuration Method for UE-V](uev-deploy-required-features.md) + +  + +  + + + + + diff --git a/windows/manage/uev-synchronizing-microsoft-office-with-uev.md b/windows/manage/uev-synchronizing-microsoft-office-with-uev.md new file mode 100644 index 0000000000..47aaa206af --- /dev/null +++ b/windows/manage/uev-synchronizing-microsoft-office-with-uev.md @@ -0,0 +1,139 @@ +--- +title: Synchronizing Microsoft Office with UE-V +description: Synchronizing Office with UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Synchronizing Office with UE-V + +Microsoft User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. The combination of UE-V and App-V support for Office enables the same experience on virtualized instances of Office from any UE-V-enabled device or virtualized desktop. + +To synchronize Office applications settings, you can download Office templates from the [Microsoft User Experience Virtualization (UE-V) Template Gallery](http://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates. + + +## Microsoft Office support in UE-V + +UE-V includes settings location templates for Microsoft Office 2016, 2013, and 2010. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system. + +These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](http://go.microsoft.com/fwlink/p/?LinkId=391220). + +## Synchronized Office Settings + + +Review the following tables for details about Office support in UE-V: + +### Supported UE-V templates for Microsoft Office + + +++++ + + + + + + + + + + + + + + +
    Office 2016 templates (UE-V for Windows 10 and Windows 10, version 1607, available in UE-V gallery)Office 2013 templates (UE-V for Windows 10 and UE-V 2.x, available on UE-V gallery)Office 2010 templates (UE-V 1.0 and 1.0 SP1)

    MicrosoftOffice2016Win32.xml

    +

    MicrosoftOffice2016Win64.xml

    +

    MicrosoftSkypeForBusiness2016Win32.xml

    +

    MicrosoftSkypeForBusiness2016Win64.xml

    MicrosoftOffice2013Win32.xml

    +

    MicrosoftOffice2013Win64.xml

    +

    MicrosoftLync2013Win32.xml

    +

    MicrosoftLync2013Win64.xml

    MicrosoftOffice2010Win32.xml

    +

    MicrosoftOffice2010Win64.xml

    +

    MicrosoftLync2010.xml

    +

    + +  + +### Microsoft Office Applications supported by the UE-V templates + + +++++ + + + + + + + +

    Microsoft Access 2016

    +

    Microsoft Lync 2016

    +

    Microsoft Excel 2016

    +

    Microsoft OneNote 2016

    +

    Microsoft Outlook 2016

    +

    Microsoft PowerPoint 2016

    +

    Microsoft Project 2016

    +

    Microsoft Publisher 2016

    +

    Microsoft SharePoint Designer 2013 (not udpated for 2016)

    +

    Microsoft Visio 2016

    +

    Microsoft Word 2016

    +

    Microsoft Office Upload Manager

    Microsoft Access 2013

    +

    Microsoft Lync 2013

    +

    Microsoft Excel 2013

    +

    Microsoft InfoPath 2013

    +

    Microsoft OneNote 2013

    +

    Microsoft Outlook 2013

    +

    Microsoft PowerPoint 2013

    +

    Microsoft Project 2013

    +

    Microsoft Publisher 2013

    +

    Microsoft SharePoint Designer 2013

    +

    Microsoft Visio 2013

    +

    Microsoft Word 2013

    +

    Microsoft Office Upload Manager

    Microsoft Access 2010

    +

    Microsoft Lync 2010

    +

    Microsoft Excel 2010

    +

    Microsoft InfoPath 2010

    +

    Microsoft OneNote 2010

    +

    Microsoft Outlook 2010

    +

    Microsoft PowerPoint 2010

    +

    Microsoft Project 2010

    +

    Microsoft Publisher 2010

    +

    Microsoft SharePoint Designer 2010

    +

    Microsoft Visio 2010

    +

    Microsoft Word 2010

    +

    + +  + +## Deploying Office templates + + +You can deploy UE-V settings location template with the following methods: + +- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template: + + ``` syntax + Register-UevTemplate -Path + ``` + + For more information about using UE-V and Windows PowerShell, see [Managing UE-V settings location templates using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). + +- **Registering template with Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office template into the folder defined in the UE-V service. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploy a settings template catalog](uev-deploy-uev-for-custom-applications.md#deployasettingstemplatecatalog). + +- **Registering template with Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to user devices. For more information, see the guidance provided in the documentation for the [System Center Configuration Pack for User Experience Virtualization](http://go.microsoft.com/fwlink/?LinkId=317263). + +## Have a suggestion for UE-V? + + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). diff --git a/windows/manage/uev-technical-reference.md b/windows/manage/uev-technical-reference.md new file mode 100644 index 0000000000..d8eec5847d --- /dev/null +++ b/windows/manage/uev-technical-reference.md @@ -0,0 +1,69 @@ +--- +title: Technical Reference for UE-V +description: Technical Reference for UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Technical Reference for UE-V + + +This technical reference section includes additional technical documentation about the various features of User Experience Virtualization (UE-V). This information is provided to help the administrator better understand UE-V. + +## Technical reference topics for UE-V + + +- [Sync Methods for UE-V](uev-sync-methods.md) + + Defines how UE-V synchronizes settings between computers and the settings storage location. Sync Provider is the default sync method for UE-V. This topic includes technical reference information for sync methods, including the Sync Provider. + +- [Sync Trigger Events for UE-V](uev-sync-trigger-events.md) + + Defines when the UE-V service synchronizes those settings with the settings storage location. This topic provides technical reference information about when synchronization takes place based upon the sync method deployed. + +- [Synchronizing Microsoft Office with UE-V](uev-synchronizing-microsoft-office-with-uev.md) + + Provides guidance for downloading and enabling the Microsoft-authored UE-V settings location templates that support Microsoft Office settings synchronization. + +- [Application Template Schema Reference for UE-V](uev-application-template-schema-reference.md) + + Details the XML structure of UE-V settings location templates and provides guidance for editing these files. + +- [Accessibility for UE-V](uev-accessibility.md) + + Describes features and services that make UE-V more accessible for people with disabilities. + +- [Security Considerations for UE-V](uev-security-considerations.md) + + Provides a brief overview of accounts, groups, and other security-related considerations for UE-V. + +## Other resources for this feature + + +- [User Experience Virtualization overview](uev-for-windows.md) + +- [Get Started with UE-V](uev-getting-started.md) + +- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) + +- [Administering UE-V](uev-administering-uev.md) + +- [Troubleshooting UE-V](uev-troubleshooting.md) + +## Have a suggestion for UE-V? + + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +  + +  + + + + + diff --git a/windows/manage/uev-troubleshooting.md b/windows/manage/uev-troubleshooting.md new file mode 100644 index 0000000000..bc48051f72 --- /dev/null +++ b/windows/manage/uev-troubleshooting.md @@ -0,0 +1,79 @@ +--- +title: Troubleshooting UE-V +description: Troubleshooting UE-V +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Troubleshooting UE-V + + +Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905). + +## Find troubleshooting information + + +You can use the following information to find troubleshooting content or additional technical content for this product. + + +**To search the TechNet Wiki** + +1. Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page. + +2. Locate the **Search TechNet Wiki** search box and enter your search term. + +3. Review the search results for assistance. + +## Create a troubleshooting article + + +If you have a troubleshooting tip or a best practice to share that is not already included in TechNet Wiki, you can create your own TechNet Wiki article. + +**To create a TechNet Wiki troubleshooting or best practices article** + +1. Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page. + +2. Sign in with your Microsoft account. + +3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. + +4. Select **Post an article** in the **Getting Started** section. + +5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template, which is named **Troubleshooting.html**, and then click **Insert**. + +6. Give the article a descriptive title, and then overwrite the template information as needed to create your article. + +7. After you review your article, add a tag that is named **Troubleshooting** and another tag for the product name. To add tags help other users find your content. + +8. Click **Save** to publish the article to the TechNet Wiki. + +## Other resources for this feature + + +- [User Experience Virtualization overview](uev-for-windows.md) + +- [Get Started with UE-V](uev-getting-started.md) + +- [Prepare a UE-V deployment](uev-prepare-for-deployment.md) + +- [Administering UE-V](uev-administering-uev.md) + +- [Technical reference for UE-V](uev-technical-reference.md) + +## Have a suggestion for UE-V? + + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +  + +  + + + + + diff --git a/windows/manage/uev-upgrade-uev-from-previous-releases.md b/windows/manage/uev-upgrade-uev-from-previous-releases.md new file mode 100644 index 0000000000..acfd9ce64a --- /dev/null +++ b/windows/manage/uev-upgrade-uev-from-previous-releases.md @@ -0,0 +1,104 @@ +--- +title: Upgrade to UE-V for Windows 10 +description: Explains how to upgrade to the latest version of UE-V. +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# Upgrade to UE-V for Windows 10 + +Applies to: Windows 10, version 1607 + +If you’re already using UE-V 2.x and you’re planning to upgrade user devices to Windows 10, version 1607 or later releases, you need to make only a few adjustments to your existing environment. These steps are explained in more detail below. + +1. Upgrade user devices to Windows 10, version 1607 or later release. + +2. Verify that UE-V settings were migrated correctly. + +3. Enable the UE-V service on user devices. + +4. Install the UE-V template generator if you want to synchronize application settings for custom applications. + +> **Important**  You can upgrade your existing UE-V installation to Windows 10, version 1607 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10, version 1607.. + +## Upgrade user devices to Windows 10, version 1607 + +Performing an in-place upgrade on user devices automatically installs the UE-V service, updates the settings location path, and migrates users' UE-V settings. See the [Windows 10 for IT Pros documentation](https://technet.microsoft.com/itpro/windows/index) for information about upgrading user devices to Windows 10. + +## Verify that UE-V settings were migrated correctly + +After upgrading a user device to Windows 10, version 1607, it’s important to verify that UE-V settings and template registrations were migrated correctly during the upgrade. You can verify UE-V settings using Windows Powershell or the device’s registry. + +**To verify UE-V settings using Windows PowerShell** + +1. Run PowerShell as Administrator, type **Get-UEVConfiguration**, and press ENTER to view current configurations. + +2. Check that the settings were successfully updated. + +3. Type **Get-UEVTemplate** and press ENTER to check that your templates are still registered. + + > **Note** You’ll need to register the NotePad template again after you upgrade the device to Windows 10. + +**To verify UE-V settings using the device’s registry** + +1. In a command prompt, run **Regedit** as Administrator. + +2. Navigate to **HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration.** + +3. Verify that the settings storage path and the settings template catalog path are pointing to the same locations as before you upgraded the device to Windows 10. + +## Enable the UE-V service on user devices + +The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location. + +With Windows 10, version 1607 and later, the UE-V service replaces the UE-V Agent and no longer requires a separate download and installation. Enable the service on user devices to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell. + +> **Important**  The UE-V Agent used in prior releases of UE-V is replaced with the UE service. The UE-V service included with Windows 10, version 1607 and later releases, does not include the agent user interface and is configurable through cmdlets or registry settings only. + +**To enable the UE-V service with Group Policy** + +1. Open the device’s **Group Policy Editor**. + +2. Navigate to **Computer Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**. + +3. Run **Enable UEV** + +4. Restart the device. + +**To enable the UE-V service with Windows PowerShell** + +1. Run PowerShell as Administrator, type **Enable-UEV**, and press ENTER. + +2. Restart the device. + +3. Type **Get-UEVStatus** and press ENTER to verify that the service was successfully enabled. + +## Install the UE-V template generator + +The UE-V template generator is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. + +**To install the UE-V template generator** + +1. Go to [Download the Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) to access the ADK. + +2. Select the **Get Windows ADK for Windows 10** button on this page to start the ADK installer. On the screen pictured below, select **Microsoft User Experience Virtualization (UE-V) Template Generator** and then select **Install**. + + ![Selecting UE-V features in ADK](images/uev-adk-select-uev-feature.png) + +3. To open the generator, open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator**. + + +## Other resources for this feature + +- [UE-V Release Notes](uev-release-notes-1607.md) + +- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) + +- [Administer UE-V](uev-administering-uev.md) + +- [Migrating settings packages](uev-migrating-settings-packages.md) + +- [Technical Reference for UE-V](uev-technical-reference.md) diff --git a/windows/manage/uev-using-uev-with-application-virtualization-applications.md b/windows/manage/uev-using-uev-with-application-virtualization-applications.md new file mode 100644 index 0000000000..1f495c9b74 --- /dev/null +++ b/windows/manage/uev-using-uev-with-application-virtualization-applications.md @@ -0,0 +1,54 @@ +--- +title: Using UE-V with Application Virtualization applications +description: Using UE-V with Application Virtualization applications +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Using UE-V with Application Virtualization applications + + +User Experience Virtualization (UE-V) supports Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, an additional step is required because you cannot run the UE-V template generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V for Windows 10 packages and App-V 5.0 packages. + +## UE-V settings synchronization for App-V applications + + +UE-V monitors when an application opens by the program name and, optionally, by file version numbers and product version numbers, whether the application is installed locally or virtually by using App-V. When the application starts, UE-V monitors the App-V process, applies any settings that are stored in the user's settings storage path, and then enables the application to start normally. UE-V monitors App-V applications and automatically translates the relevant file and registry paths to the virtualized location as opposed to the physical location outside the App-V computing environment. + + **To implement settings synchronization for a virtualized application** + +1. Run the UE-V template generator to collect the settings of the locally installed application whose settings you want to synchronize between computers. This process creates a settings location template. If you use a built-in template such as a Microsoft Office template, skip this step. For more information about using the UE-V template generator, see [Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md#createcustomtemplates). + +2. Install the App-V application package if you have not already done so. + +3. Publish the template to the location of your settings template catalog or manually install the template by using the `Register-UEVTemplate` Windows PowerShell cmdlet. + + **Note**   + If you publish the newly created template to the settings template catalog, the client does not receive the template until the sync provider updates the settings. To manually start this process, open **Task Scheduler**, expand **Task Scheduler Library**, expand **Microsoft**, and expand **UE-V**. In the results pane, right-click **Template Auto Update**, and then click **Run**. + +   + +4. Start the App-V package. + +## Have a suggestion for UE-V? + + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + + +[Administering UE-V](uev-administering-uev.md) + +  + +  + + + + + diff --git a/windows/manage/uev-whats-new-in-uev-for-windows.md b/windows/manage/uev-whats-new-in-uev-for-windows.md new file mode 100644 index 0000000000..f4192c7109 --- /dev/null +++ b/windows/manage/uev-whats-new-in-uev-for-windows.md @@ -0,0 +1,105 @@ +--- +title: What's New in UE-V for Windows 10, version 1607 +description: What's New in UE-V for Windows 10, version 1607 +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + +# What's New in UE-V + +Applies to: Windows 10, version 1607 + +User Experience Virtualization (UE-V) for Windows 10, version 1607, includes these new features and capabilities compared to UE-V 2.1. See [UE-V Release notes](uev-release-notes-1607.md) for more information about the UE-V for Windows 10, version 1607 release. + +## UE-V is now a feature in Windows 10 + +With Windows 10, version 1607 and later releases, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack. + +The changes in UE-V for Windows 10, version 1607 impact already existing implementations of UE-V in the following ways: + +- The UE-V Agent is replaced by the UE-V service. The UE-V service is installed with Windows 10, version 1607 and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the UE-V service, migrates users’ UE-V configurations, and updates the settings storage path. + +- The UE-V template generator is available from the Windows 10 ADK. In previous releases of UE-V, the template generator was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new template generator to create new settings location templates, existing settings location templates will continue to work. + +For more information about how to configure an existing UE-V installation after upgrading user devices to Windows 10, see [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md). + +> **Important**  You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10. + +## New UE-V template generator is available from the Windows 10 ADK + +UE-V for Windows 10 includes a new template generator, available from a new location. If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK). + +## Compatibility with Microsoft Enterprise State Roaming + +With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V on on-premises domain-joined devices only. + +In hybrid cloud environments, UE-V can roam win32 applications on-premise while [Enterprise State Roaming](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) (ESR) can roam the rest, e.g., Windows and desktop settings, themes, colors, etc., to an Azure cloud installation. + +To configure UE-V to roam Windows desktop and application data only, change the following group policies: + +- Disable “Roam Windows settings” group policy + +- Enable “Do not synchronize Windows Apps” group policy + +For more information about using UE-V with Enterprise State Roaming, see [Settings and data roaming FAQ](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-faqs/#what-are-the-options-for-roaming-settings-for-existing-windows-desktop-applications). + +Additionally, to enable Windows 10 and UE-V to work together, configure these policy settings in the Microsoft User Experience Virtualization node: + +- Enable “Do Not Synchronize Windows Apps” + +- Disable “Sync Windows Settings” + +## Settings Synchronization Behavior Changed in UE-V for Windows 10 + +While earlier versions of UE-V roamed taskbar settings between Windows 10 devices, UE-V for Windows 10, version 1607 does not synchronize taskbar settings between devices running Windows 10 and devices running previous versions of Windows. + +In addition, UE-for Windows does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous versions of Windows. + +## Support Added for Roaming Network Printers + +Users can now print to their saved network printers from any network device, including their default network printer. + +Printer roaming in UE-V requires one of these scenarios: + +- The print server can download the required driver when it roams to a new device. + +- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer. + +- The printer driver can be imported from Windows Update. + +> **Note**  The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided. + +## Office 2016 Settings Location Template + +UE-V for Windows 10, version 1607 includes the Microsoft Office 2016 settings location template with improved Outlook signature support. We’ve added synchronization of default signature settings for new, reply, and forwarded emails. Users no longer have to choose the default signature settings. + +> **Note**  An Outlook profile must be created on any device on which a user wants to synchronize their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization. + +UE-V works with Office 365 to determine whether Office 2016 settings are roamed by Office 365. If settings are roamed by Office 365, they are not roamed by UE-V. See [Overview of user and roaming settings for Microsoft Office](https://technet.microsoft.com/library/jj733593.aspx) for more information. + +To enable settings synchronization using UE-V, do one of the following: + +- Use Group Policy to disable Office 365 synchronization + +- Do not enable the Office 365 synchronization experience during Office 2013 installation + +UE-V includes Office 2016, Office 2013, and Office 2010 templates. Office 2007 templates are no longer supported. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](http://go.microsoft.com/fwlink/p/?LinkID=246589). + +## Have a suggestion for UE-V? + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + +- [Microsoft User Experience Virtualization](uev-for-windows.md) + +- [Get Started with UE-V](uev-getting-started.md) + +- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) + +- [User Experience Virtualization (UE-V) Release Notes](uev-release-notes-1607.md) for Windows 10, version 1607 + +- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md) diff --git a/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md new file mode 100644 index 0000000000..d708176c7f --- /dev/null +++ b/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md @@ -0,0 +1,162 @@ +--- +title: Working with Custom UE-V Templates and the UE-V Template Generator +description: Working with Custom UE-V Templates and the UE-V Template Generator +author: MaggiePucciEvans +ms.pagetype: mdop, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +--- + + +# Working with custom UE-V templates and the UE-V template generator + +Applies to: Windows 10, version 1607 + +User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator. You can also edit or validate custom settings location templates with the UE-V template generator. + +Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator does not create settings location templates for the following types of applications: + +- Virtualized applications +- Applications that are offered through Terminal Services +- Java applications +- Windows applications + +## Standard and non-standard settings locations + +The UE-V template generator helps you identify where applications search for settings files and registry settings that applications use to store settings information. The generator discovers settings only in locations that are accessible to a standard user. Settings that are stored in other locations are excluded. + +Discovered settings are grouped into two categories: **Standard** and **Non-standard**. Standard settings are recommended for synchronization, and UE-V can readily capture and apply them. Non-standard settings can potentially synchronize settings but, because of the rules that UE-V uses, these settings might not consistently or dependably synchronize settings. These settings might depend on temporary files, result in unreliable synchronization, or might not be useful. These settings locations are presented in the UE-V template generator. You can choose to include or exclude them on a case-by-case basis. + +The UE-V template generator opens the application as part of the discovery process. The generator can capture settings in the following locations: + +- **Registry Settings** – Registry locations under **HKEY\_CURRENT\_USER** + +- **Application Settings Files** – Files that are stored under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming** + +The UE-V template generator excludes locations, which commonly store application software files, but do not synchronize well between user computers or environments. The UE-V template generator excludes these locations. Excluded locations are as follows: + +- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values + +- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system + +- All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive, which requires administrator rights and might require to set a User Account Control (UAC) agreement + +- Files that are located in Program Files directories, which requires administrator rights and might require to set a UAC agreement + +- Files that are located under Users \\ \[User name\] \\ AppData \\ LocalLow + +- Windows operating system files that are located in %Systemroot%, which requires administrator rights and might require to set a UAC agreement + +If registry keys and files that are stored in these locations are required to synchronize application settings, you can manually add the excluded locations to the settings location template during the template creation process. + +## Edit settings location templates with the UE-V template generator + +Use the UE-V template generator to edit settings location templates. When the revised settings are added to the templates with the UE-V template generator, the version information within the template is automatically updated to ensure that any existing templates that are deployed in the enterprise are updated correctly. + +**To edit a UE-V settings location template with the UE-V template generator** + +1. Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator. + +2. Click **Edit a settings location template**. + +3. In the list of recently used templates, select the template to be edited. Alternatively, click **Browse** to search for the settings template file. Click **Next** to continue. + +4. Review the **Properties**, **Registry** locations, and **Files** locations for the settings template. Edit as required. + + - On the **Properties** tab, you can view and edit the following properties: + + - **Application name** The application name that is written in the description of the program file properties. + + - **Program name** The name of the program that is taken from the program file properties. This name usually has the .exe file name extension. + + - **Product version** The product version number of the .exe file of the application. This property, together with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, then the settings location template applies to all versions of the product. + + - **File version** The file version number of the .exe file of the application. This property, along with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the program. + + - **Template author name** (optional) The name of the settings template author. + + - **Template author email** (optional) The email address of the settings location template author. + + - The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. You can edit the registry locations by using the **Tasks** drop-down menu. In the Tasks menu, you can add new keys, edit the name or scope of existing keys, delete keys, and browse the registry in which the keys are located. When you define the scope for the registry, you can use the **All Settings** scope to include all the registry settings under the specified key. Use **All Settings** and **Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings. + + - The **Files** tab lists the file path and file mask of the file locations that are included in the settings location template. You can edit the file locations by using the **Tasks** drop-down menu. In the **Tasks** menu for file locations, you can add new files or folder locations, edit the scope of existing files or folders, delete files or folders, and open the selected location in Windows Explorer. To include all files in the specified folder, leave the file mask empty. + +5. Click **Save** to save the changes to the settings location template. + +6. Click **Close** to close the Settings Template Wizard. Exit the UE-V template generator application. + + After you edit the settings location template for an application, you should test the template. Deploy the revised settings location template in a lab environment before you put it into production in the enterprise. + +**How to manually edit a settings location template** + +1. Create a local copy of the settings location template .xml file. UE-V settings location templates are .xml files that identify the locations where application store settings values. + + >**Note**   + A settings location template is unique because of the template **ID**. If you copy the template and rename the .xml file, template registration fails because UE-V reads the template **ID** tag in the .xml file to determine the name, not the file name of the .xml file. UE-V also reads the **Version** number to know if anything has changed. If the version number is higher, UE-V updates the template. + +   +2. Open the settings location template file with an XML editor. + +3. Edit the settings location template file. All changes must conform to the UE-V schema file that is defined in [SettingsLocationTempate.xsd](uev-application-template-schema-reference.md). By default, a copy of the .xsd file is located in \\ProgramData\\Microsoft\\UEV\\Templates. + +4. Increment the **Version** number for the settings location template. + +5. Save the settings location template file, and then close the XML editor. + +6. Validate the modified settings location template file by using the UE-V template generator. + +7. You must register the edited UE-V settings location template before it can synchronize settings between client computers. To register a template, open Windows PowerShell, and then run the following cmdlet: `update-uevtemplate [templatefilename]`. You can then copy the file to the settings storage catalog. The UE-V Agent on users’ computers should then update as scheduled in the scheduled task. + +## Validate settings location templates with the UE-V template generator + + +It is possible to create or edit settings location templates in an XML editor without using the UE-V template generator. If you do, you can use the UE-V template generator to validate that the new or revised XML matches the schema that has been defined for the template. + +**To validate a UE-V settings location template with the UE-V template generator** + +1. Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator. + +2. Click **Validate a settings location template**. + +3. In the list of recently used templates, select the template to be edited. Alternatively, you can **Browse** to the settings template file. Click **Next** to continue. + +4. Click **Validate** to continue. + +5. Click **Close** to close the Settings Template Wizard. Exit the UE-V template generator application. + + After you validate the settings location template for an application, you should test the template. Deploy the template in a lab environment before you put it into a production environment in enterprise. + +## Share settings location templates with the Template Gallery + + +The UE-V template gallery enables administrators to share their UE-V settings location templates. Upload your settings location templates to the gallery for other users to use, and download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](http://go.microsoft.com/fwlink/p/?LinkId=246589). + +Before you share a settings location template on the UE-V template gallery, ensure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company. + +- Template Author Name – Specify a general, non-identifying name for the template author name or exclude this data from the template. + +- Template Author Email – Specify a general, non-identifying template author email or exclude this data from the template. + +Before you deploy any settings location template that you have downloaded from the UE-V gallery, you should first test the template to ensure that the application settings synchronize settings correctly in a test environment. + +## Have a suggestion for UE-V? + + +Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc). + +## Related topics + + +[Administering UE-V](uev-administering-uev.md) + +[Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md) + +  + +  + + + + + diff --git a/windows/plan/change-history-for-plan-for-windows-10-deployment.md b/windows/plan/change-history-for-plan-for-windows-10-deployment.md index a5aa2b6a47..b584bf2f8d 100644 --- a/windows/plan/change-history-for-plan-for-windows-10-deployment.md +++ b/windows/plan/change-history-for-plan-for-windows-10-deployment.md @@ -16,7 +16,7 @@ This topic lists new and updated topics in the [Plan for Windows 10 deployment]( ## RELEASE: Windows 10, version 1607 -The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: +The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). ## July 2016 diff --git a/windows/whats-new/applocker.md b/windows/whats-new/applocker.md index eded8c7862..3cfd7a6582 100644 --- a/windows/whats-new/applocker.md +++ b/windows/whats-new/applocker.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library author: brianlic-msft -redirect_url: whats-new-windows-10-version-1507-and-1511.md +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview --- # What's new in AppLocker? diff --git a/windows/whats-new/bitlocker.md b/windows/whats-new/bitlocker.md index 0176decb20..6db25cd066 100644 --- a/windows/whats-new/bitlocker.md +++ b/windows/whats-new/bitlocker.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security, mobile author: brianlic-msft -redirect_url: whats-new-windows-10-version-1507-and-1511.md +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview --- # What's new in BitLocker? diff --git a/windows/whats-new/credential-guard.md b/windows/whats-new/credential-guard.md index 02ff200227..3edfe53458 100644 --- a/windows/whats-new/credential-guard.md +++ b/windows/whats-new/credential-guard.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library author: brianlic-msft -redirect_url: whats-new-windows-10-version-1507-and-1511.md +redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511 --- # What's new in Credential Guard? diff --git a/windows/whats-new/device-management.md b/windows/whats-new/device-management.md index 52e09d3d1a..79260f0f69 100644 --- a/windows/whats-new/device-management.md +++ b/windows/whats-new/device-management.md @@ -7,7 +7,7 @@ ms.pagetype: devices, mobile ms.mktglfcycl: explore ms.sitesec: library author: jdeckerMS -redirect_url: /whats-new/whats-new-windows-10-version-1507-and-1511 +redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-corporate-devices --- # Enterprise management for Windows 10 devices diff --git a/windows/whats-new/lockdown-features-windows-10.md b/windows/whats-new/lockdown-features-windows-10.md index 90a8a04ba6..67a759be13 100644 --- a/windows/whats-new/lockdown-features-windows-10.md +++ b/windows/whats-new/lockdown-features-windows-10.md @@ -8,7 +8,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: jdeckerMS -redirect_url: /manage/lockdown-features-windows-10 +redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/lockdown-features-windows-10 --- # Lockdown features from Windows Embedded 8.1 Industry diff --git a/windows/whats-new/microsoft-passport.md b/windows/whats-new/microsoft-passport.md index 57ac5201dc..e8b4935152 100644 --- a/windows/whats-new/microsoft-passport.md +++ b/windows/whats-new/microsoft-passport.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: mobile, security author: jdeckerMS -redirect_url: /whats-new/whats-new-windows-10-version-1607 +redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport --- # Windows Hello overview diff --git a/windows/whats-new/new-provisioning-packages.md b/windows/whats-new/new-provisioning-packages.md index 1b82f732b1..18725fae2a 100644 --- a/windows/whats-new/new-provisioning-packages.md +++ b/windows/whats-new/new-provisioning-packages.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: mobile author: jdeckerMS -redirect_url: /deploy/provisioning-packages +redirect_url: https://technet.microsoft.com/en-us/itpro/windows/deploy/provisioning-packages --- # Provisioning packages diff --git a/windows/whats-new/security-auditing.md b/windows/whats-new/security-auditing.md index c597c177b0..8890adb735 100644 --- a/windows/whats-new/security-auditing.md +++ b/windows/whats-new/security-auditing.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library author: brianlic-msft ms.pagetype: security, mobile -redirect_url: whats-new-windows-10-version-1507-and-1511.md +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/security-auditing-overview --- # What's new in security auditing? diff --git a/windows/whats-new/trusted-platform-module.md b/windows/whats-new/trusted-platform-module.md index 91f4646825..e4a2614653 100644 --- a/windows/whats-new/trusted-platform-module.md +++ b/windows/whats-new/trusted-platform-module.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security, mobile author: brianlic-msft -redirect_url: whats-new-windows-10-version-1507-and-1511.md +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/trusted-platform-module-overview --- # What's new in Trusted Platform Module? diff --git a/windows/whats-new/user-account-control.md b/windows/whats-new/user-account-control.md index 7933086c5d..3d41d3ca1d 100644 --- a/windows/whats-new/user-account-control.md +++ b/windows/whats-new/user-account-control.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: brianlic-msft -redirect_url: whats-new-windows-10-version-1507-and-1511.md +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/user-account-control-overview --- # What's new in User Account Control? diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index f31f532c25..5d509f5ee2 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -30,6 +30,26 @@ Windows ICD now includes simplified workflows for creating provisioning packages [Learn more about using provisioning packages in Windows 10.](../deploy/provisioning-packages.md) +### Windows Upgrade Analytics + +Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. + +With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. + +Use Upgrade Analytics to get: + +- A visual workflow that guides you from pilot to production +- Detailed computer and application inventory +- Powerful computer level search and drill-downs +- Guidance and insights into application and driver compatibility issues, with suggested fixes +- Data driven application rationalization tools +- Application usage information, allowing targeted validation; workflow to track validation progress and decisions +- Data export to commonly used software deployment tools + +The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are upgrade-ready. + +[Learn more about planning and managing Windows upgrades with Windows Upgrade Analytics.](../deploy/manage-windows-upgrades-with-upgrade-analytics.md) + ## Security ### Credential Guard and Device Guard @@ -76,6 +96,11 @@ Several new features and management options have been added to Windows Defender - [Run a Windows Defender scan from the command line](../keep-secure/run-cmd-scan-windows-defender-for-windows-10.md). - [Detect and block Potentially Unwanted Applications with Windows Defender](../keep-secure/enable-pua-windows-defender-for-windows-10.md) during download and install times. +### Windows Defender Advanced Threat Protection (ATP) +With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks. + +[Learn more about Windows Defender Advanced Threat Protection (ATP)](../keep-secure/windows-defender-advanced-threat-protection.md). + ## Management ### Use Remote Desktop Connection for PCs joined to Azure Active Directory @@ -95,6 +120,23 @@ Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilit Windows 10, Version 1607, introduces shared PC mode, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise. [Learn how to set up a shared or guest PC.](../manage/set-up-shared-or-guest-pc.md) +### Application Virtualization (App-V) for Windows 10 + +Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally. + +With the release of Windows 10, version 1607, App-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. + +[Learn how to deliver virtual applications with App-V.](../manage/appv-getting-started.md) + +### User Experience Virtualization (UE-V) for Windows 10 + +Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. + +With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to. + +With the release of Windows 10, version 1607, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and EU-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. + +[Learn how to synchronize user-customized settings with UE-V.](../manage/uev-for-windows.md) ## Learn more diff --git a/windows/whats-new/windows-spotlight.md b/windows/whats-new/windows-spotlight.md index 61edb41016..15caeeb2a9 100644 --- a/windows/whats-new/windows-spotlight.md +++ b/windows/whats-new/windows-spotlight.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library author: jdeckerMS -redirect_url: /manage/windows-spotlight +redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/windows-spotlight --- # Windows Spotlight on the lock screen