Microsoft announced Windows Virtual Desktop and began a private preview. Since then, we’ve been hard at work developing the ability to scale and deliver a true multi-session Windows 10 and Office 365 ProPlus virtual desktop and app experience on any device.
Windows Virtual Desktop will also be extended and enriched by leading partners in the following ways:
- Citrix can extend Windows Virtual Desktop capabilities with their Citrix Cloud services.
- Through our partnership with Samsung, Windows Virtual Desktop will provide highly mobile First line Workers access to a full Windows 10 and Office 365 ProPlus experience with Samsung DeX.
- Software and service providers will extend Windows Virtual Desktop to offer targeted solutions in the Azure marketplace.
- Microsoft Cloud Solution Providers (CSPs) will deliver end-to-end desktop-as-a-service (DaaS) offerings and value-added services to their customers.
Prepare Image
Prepare Windows 10 Ent Golden Image to be used for Windows Virtual Desktop in Azure Cloud. Execute the following steps on the Windows 10 Ent master image.
Step1: Remove Persistent Routing using this command, route delete
Step2: Remove Proxy Server using this Command, netsh winhttp reset proxy
Step3: Set the disk SAN policy to Onlineall using this command, diskpart then san policy=onlineall
Step4: Set time zone to Windows Automatic
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\TimeZoneInformation’ -name “RealTimeIsUniversal” -Value 1 -Type DWord -force
Set-Service -Name w32time -StartupType Automatic
Step5: Setup Power Profile using this command powercfg /setactive SCHEME_MIN
Step6: Setup TEMP and TMP and location to default
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment’ -name “TEMP” -Value “%SystemRoot%\TEMP” -Type ExpandString -force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment’ -name “TMP” -Value “%SystemRoot%\TEMP” -Type ExpandString –force
Step7: Setup Windows Services to automatic
Set-Service -Name bfe -StartupType Automatic
Set-Service -Name dhcp -StartupType Automatic
Set-Service -Name dnscache -StartupType Automatic
Set-Service -Name IKEEXT -StartupType Automatic
Set-Service -Name iphlpsvc -StartupType Automatic
Set-Service -Name netlogon -StartupType Manual
Set-Service -Name netman -StartupType Manual
Set-Service -Name nsi -StartupType Automatic
Set-Service -Name termService -StartupType Manual
Set-Service -Name MpsSvc -StartupType Automatic
Set-Service -Name RemoteRegistry -StartupType Automatic
Step8: Setup Remote Desktop registry
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server’ -name “fDenyTSConnections” -Value 0 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “fDenyTSConnections” -Value 0 -Type DWord –force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “PortNumber” -Value 3389 -Type DWord –force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “LanAdapter” -Value 0 -Type DWord –force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “SecurityLayer” -Value 1 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “fAllowSecProtocolNegotiation” -Value 1 -Type DWord –force
Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “KeepAliveEnable” -Value 1 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “KeepAliveInterval” -Value 1 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “KeepAliveTimeout” -Value 1 -Type DWord –force
Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “KeepAliveEnable” -Value 1 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “KeepAliveInterval” -Value 1 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “KeepAliveTimeout” -Value 1 -Type DWord –force
Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’ -name “fDisableAutoReconnect” -Value 0 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “fInheritReconnectSame” -Value 1 -Type DWord -force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “fReconnectSame” -Value 0 -Type DWord –force
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp’ -name “MaxInstanceCount” -Value 4294967295 -Type DWord –force
Remove-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “SSLCertificateSHA1Hash” –force
Step9: Setup Firewall
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
Enable-PSRemoting -force
Set-NetFirewallRule -DisplayName “Windows Remote Management (HTTP-In)” -Enabled True
Set-NetFirewallRule -DisplayGroup “Remote Desktop” -Enabled True
Set-NetFirewallRule -DisplayName “File and Printer Sharing (Echo Request – ICMPv4-In)” -Enabled True
Step10: Check VM disk on next boot
Chkdsk /f
Step11: Set the Boot Configuration Data (BCD) settings
bcdedit /set {bootmgr} integrityservices enable
bcdedit /set {default} device partition=C:
bcdedit /set {default} integrityservices enable
bcdedit /set {default} recoveryenabled Off
bcdedit /set {default} osdevice partition=C:
bcdedit /set {default} bootstatuspolicy IgnoreAllFailures
#Enable Serial Console Feature
bcdedit /set {bootmgr} displaybootmenu yes
bcdedit /set {bootmgr} timeout 5
bcdedit /set {bootmgr} bootems yes
bcdedit /ems {current} ON
bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200
Step11: Setup Crash dump
# Setup the Guest OS to collect a kernel dump on an OS crash event
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl’ -name CrashDumpEnabled -Type DWord -force -Value 2
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl’ -name DumpFile -Type ExpandString -force -Value “%SystemRoot%\MEMORY.DMP”
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl’ -name NMICrashDump -Type DWord -force -Value 1
#Setup the Guest OS to collect user mode dumps on a service crash event
$key = ‘HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps’
if ((Test-Path -Path $key) -eq $false) {(New-Item -Path ‘HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting’ -Name LocalDumps)}
New-ItemProperty -Path $key -name DumpFolder -Type ExpandString -force -Value “c:\CrashDumps”
New-ItemProperty -Path $key -name CrashCount -Type DWord -force -Value 10
New-ItemProperty -Path $key -name DumpType -Type DWord -force -Value 2
Set-Service -Name WerSvc -StartupType Manual
Step12: Verify that the Windows Management Instrumentations (WMI) repository
winmgmt /verifyrepository
Step14: Do not remove or modify access for the following accounts
- Administrators
- Backup Operators
- Everyone
- Users
Step13: Install Azure VM Agents
Install the Azure VMs Agent.
Step14: Setup Pagefile to different location
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management’ -name “PagingFiles” -Value “D:\pagefile.sys” -Type MultiString –force
Generalise Golden Image
- Boot a PC into Audit Mode. When Windows boots into Audit Mode, System Preparation Tool will appear on the desktop. You can choose to either close the System Preparation Tool window or allow it to remain open.
- Customize Windows by adding drivers, changing settings, and installing programs. Do not install any Microsoft Store apps using the Microsoft Store.
- Run Sysprep. %WINDIR%\system32\sysprep\sysprep.exe /generalize /shutdown /oobe
Convert disk using Hyper-V Manager
- Open Hyper-V Manager and select your local computer on the left. In the menu above the computer list, click Action > Edit Disk.
- On the Locate Virtual Hard Disk screen, locate and select your virtual disk.
- On the Choose Action screen, and then select Convert and Next.
- If you need to convert from VHDX, select VHD and then click Next.
- If you need to convert from a dynamically expanding disk, select Fixed size and then click Next.
- Locate and select a path to save the new VHD file to.
- Click Finish.
- You can do the same using PowerShell Convert-VHD –Path c:\test\MY-VM.vhdx –DestinationPath c:\test\MY-NEW-VM.vhd -VHDType Fixed
Export Windows 10 Enterprise VHD
- On Hyper-V Manager, right-click the virtual machine and select Export.
- Choose where to store the exported files, and click Export.
- When the export is done, you can see all exported files under the export location.
Upload VHD to Azure Blob Storage
You can also upload a VHD to your storage account using one of the following:
- AzCopy
- Azure Storage Copy Blob API
- Azure Storage Explorer Uploading Blobs
- Storage Import/Export Service REST API Reference
- PowerShell
Use the Add-AzVhd cmdlet to upload the VHD to a container in your storage account.
$rgName = “myResourceGroup”
$urlOfUploadedImageVhd = “https://mystorageaccount.blob.core.windows.net/mycontainer/myUploadedVHD.vhd”
Add-AzVhd -ResourceGroupName $rgName -Destination $urlOfUploadedImageVhd
-LocalFilePath “C:\Users\Public\Documents\Virtual hard disks\myVHD.vhd”
Create a managed image from the uploaded VHD
$location = “Australia East”
$imageName = “Windows10EntGoldImage”
$imageConfig = New-AzImageConfig -Location $location
$imageConfig = Set-AzImageOsDisk -Image $imageConfig -OsType Windows -OsState Generalized -BlobUri $urlOfUploadedImageVhd -DiskSizeGB 20
New-AzImage -ImageName $imageName -ResourceGroupName $rgName –Image $imageConfig
Create the VM
New-AzVm -ResourceGroupName $rgName -Name ” VM1″ -ImageName $imageName -Location $location -VirtualNetworkName “myVnet” -SubnetName “mySubnet” -SecurityGroupName “myNSG” -PublicIpAddressName “myPIP” -OpenPorts 3389
Deploy Windows Virtual Desktop Host Pool from the Azure Managed Image.
Use the below KBs to create Windows Virtual Desktop host pool.
KB1 and KB2. Follow the KBs except when selecting an image select Managed Image you created using above how to.