Archive | Windows RSS feed for this section

Windows 365 Cloud PC & Azure Virtual Desktop – Disk Cleanup using Storage Sense – Intune Configuration Policies

23 Jan

With the slightest effort, do you want to perform a disk cleanup operation? In this blogpost, we are setting up the Storage Sense to cleanup Temporary Files & Empty recycle bin on Windows 365 Cloud PC & AVD Multi-session host. Note by no means is Storage Sense a replacement for the detailed cleanmgr.exe tool, which can perform disk cleanup options in a much more granular manner. The below method is a quick method to get you started and later on improvise on your disk cleanup strategy.

What is Storage Sense?

Storage Sense is a feature in Microsoft Windows 11 that helps users free up space on their device by automatically deleting unnecessary files. It can delete temporary files, files in the recycle bin, and files that have not been accessed in a certain period of time. It also helps users to see what is taking up space on their device and gives them the option to delete specific files or move files to an external storage device.

What features are available within Storage Sense?

Storage Sense in Microsoft Windows 11 has the following features:

  • Automatic cleanup: Storage Sense can automatically delete temporary files, files in the recycle bin, and files that have not been accessed in a certain period of time.
  • Storage usage: It helps users to see what is taking up space on their device, and gives them the option to delete specific files or move files to an external storage device.
  • Storage sense can move files to external storage device
  • Storage sense can compress files to save space
  • Storage sense can move files to the cloud
  • Storage sense can delete files that are no longer needed
  • Storage sense can free up space by uninstalling apps
  • Storage sense can show you the storage usage of each app
  • Storage sense can help you to free up storage by cleaning up your downloads folder

What Configurations are available within Intune (MEM Portal)?

There are many ways to setup Storage Sense. However, the method we are going to opt is inline with the modern workplace management solution using Microsoft Intune (Microsoft Endpoint Manager admin center)

Setting NameDetails
Allow Disk Health Model UpdatesAllows disk health model updates to predict disk hardware failure.
Allow Storage Sense GlobalStorage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the
Allow Storage Sense Temporary Files CleanupWhen Storage Sense runs, it can delete the user’s temporary files that are not in use. If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect. If you enable this policy setting, Storage Sense will delete the user’s temporary files that are not in use.
Config Storage Sense Cloud Content Dehydration ThresholdWhen Storage Sense runs, it can dehydrate cloud-backed content that hasn’t been opened in a certain amount of days. If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect. If you enable this policy setting, you must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it. Supported values are: 0–365. If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content
Config Storage Sense Downloads Cleanup ThresholdWhen Storage Sense runs, it can delete files in the user’s Downloads folder if they haven’t been opened for more than a certain number of days. If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect. If you enable this policy setting, you must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from the Downloads folder. Supported values are: 0-365. If you set this value to zero, Storage Sense will not delete files in the user’s Downloads folder
Config Storage Sense Recycle Bin Cleanup ThresholdWhen Storage Sense runs, it can delete files in the user’s Recycle Bin if they have been there for over a certain amount of days. If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect. If you enable this policy setting, you must provide the minimum age threshold (in days) of a file in the Recycle Bin before Storage Sense will delete it. Supported values are: 0–365
Removable Disk Deny Write AccessIf you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. Note: To require that users write data to BitLocker-protected storage, enable the policy setting “Deny write access to drives not protected by BitLocker,” which is located in “Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives.”

What policies are we applying?

In this scenario, we only focus on the deletion of temporary files, Recycle Bin, Moving the files to the OneDrive Known Folder (if configured) and checking the disk hardware.

What is the target of this policy?

We aim to kill two birds with one stone, and this policy configuration is not only applicable for Windows 10/11 based Windows 365 Cloud PC, it also works well for Windows 10/11 Multi-session host for Azure Virtual Desktop. This filter is critical to identifying whether the configuration setting will apply to your device type.

Assignments

We are assiging the policy to the Windows 365 AAD device group and add the Azure Virtual Desktop AAD device group here.

Worth a mention, Jannik Reinhard has published a remediation method via cleanmgr.exe and PowerShell – Use Endpoint Analytics to clean up the disk – Modern Device Management (jannikreinhard.com) and is also a great resource if you decide to go into phase 2 strategy of disk clean-up.

I hope you will find this helpful information for performing disk clean-up on Temporary & Recycle for Windows 365 Cloud PC & AVD. Please let me know if I have missed any steps or details, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Install VMware Horizon Client using Winget

14 Dec

The enterprise has been rolling out the application packages using various available methods (GPOs, SCCM, WS1 UEM etc.) in the industry. Today we are going to take a step further and see how to deploy the VMware Horizon Client using the new Micrososft Windows Package Manager (Winget)

Available Commands for various verison of Horizon Client

Following are the commands however, it’s recommended only to install the latest or the matching version based on your VMware Horizon environment.

VMware Horizon 8.xVMware Horizon Client 8.x
VMware Horizon 7.xVMware Horizon Client 5.x
# Latest GA version VMware Horizon Client version 8.7.0.31805
winget install -e --id VMware.HorizonClient
# VMware Horizon Client version 8.6.0.29364
winget install -e --id VMware.HorizonClient -v 8.6.0.29364
# VMware Horizon Client version 8.5.0.26981
winget install -e --id VMware.HorizonClient -v 8.5.0.26981
# VMware Horizon Client version 8.4.1.26410
winget install -e --id VMware.HorizonClient -v 8.4.1.26410
# VMware Horizon Client version 8.3.0.21227
winget install -e --id VMware.HorizonClient -v 8.3.0.21227
# VMware Horizon Client version 8.2.0.18176
winget install -e --id VMware.HorizonClient -v 8.2.0.18176
# VMware Horizon Client version 8.1.0.15949
winget install -e --id VMware.HorizonClient -v 8.1.0.15949
# VMware Horizon Client version 8.0.0.13243
winget install -e --id VMware.HorizonClient -v 8.0.0.13243
# VMware Horizon Client version 5.5.4.26353
winget install -e --id VMware.HorizonClient -v 5.5.4.26353
# VMware Horizon Client version 5.5.3.24986
winget install -e --id VMware.HorizonClient -v 5.5.3.24986
# VMware Horizon Client version 5.5.2.19788
winget install -e --id VMware.HorizonClient -v 5.5.2.19788
# VMware Horizon Client version 5.5.1.17068
winget install -e --id VMware.HorizonClient -v 5.5.1.17068
# VMware Horizon Client version 5.5.0.14558
winget install -e --id VMware.HorizonClient -v 5.5.0.14558

Installing, Listing, Upgrading and Un-installing the latest version HZ Client

Open the PowerShell with administrative privileges

Installing

winget install -e --id VMware.HorizonClient

Listing the installed package

List the package and its details of the previous installation step

winget list --name 'VMware Horizon Client'

Upgrading from version 5.5.4 to 8.7.0

winget upgrade --id VMware.HorizonClient

Un-installing

Following is the command to uninstall the Horizon Client.

winget uninstall --id VMware.HorizonClient

Note after running the above command, the Windows endpoint rebooted immediately. I am not whether the product team has included the /norestart switches to the packages. If you come across the same leave a comment down below.

I hope you will find this helpful post about the winget and VMware Horizon Client details. Give it a spin in your lab and production environment, if you find anything interesting. I hope you can share it back with me?

Thanks,
Aresh Sarkari

ProTip – App Update – Microsoft Store apps to Microsoft Intune (new)

5 Dec

There is numerous guidance on the brand new feature of deploying Microsoft Store applications via Microsoft Intune. A critical aspect of Application Update may bite back if the GPOs from the legacy enivornment for Microsoft Store are setup.

App Update (MS Store Apps)

By default, all the applications that are deployed from the Microsoft Store are automatically kept up to date with the latest version of the app. There are no extra configurations or guidance required here.

In my scenario, I have deployed a few apps using the new feature that will auto-update itself throughout the application’s lifecycle as when Microsoft Store releases the updates.

The deal breaker for auto App Update

In specific environments previously, you might have configured group policies around Microsoft Store. In particular, we are looking at – Turn off Automatic Download and Install of updates policy. For this feature to work from Intune, this policy should not be enabled.

Please ensure you have this policy “Not Configured” or “Disabled” else you might be wondering why my UWP applications deployed from Microsoft Intune are not getting updated.

I hope you will find this quick valuable tip for the new MS Store Apps via Intune. Please let me know if I have missed any steps or details, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Making Microsoft Quick Assist work with VMware App Volumes – Writable Volumes

6 Sep

Microsoft Quick Assist is a tool widely used by service desk teams to take remote control of a computer and help end-users with a screen share. We noticed with the recent changes Microsoft made to Quick Assist, it stopped working when VMware App Volumes – Writable Volumes were present.

Error launching Quick Assist

We tried many steps of installing the Quick Assist offline using various Powershell commands, and nothing worked out. We also got to a point Quick Assist will launch without the Writable Volumes present or local admins with Writable Volumes. In the end, VMware Support GSS, with help from backend engineering, provided a working solution.

Solution (Workaround)

Step 1 – Download the offline version of the Quick Assist App from the Microsoft store and place all the files into C:\Temp\QuickAssist. Following are the steps to download the offline version of MS store apps.

Offline Files MS Quick Assist

Step 2 – Delete the old version of the Quick Assist App (Not part of the MS Store). Start Menu > Settings > Apps > Optional features > Microsoft Quick Assist > Uninstall. 

Uninstall Optional Features – Microsoft Quick Assist

Step 3 – Install the Offline version of the Microsoft Quick Assist package using PowerShell

PowerShell Add-AppxProvisionedPackage -PackagePath C:\Install\MicrosoftCorporationII.QuickAssist_2022.614.2314.0_neutral___8wekyb3d8bbwe.AppxBundle -online -SkipLicense
PowerShell Install Appx Package

Step 4 – Install WebView2 component which is a pre-requisite for Quick Assist. Note this step is quite important and not something that has been emphazied alot.

  reg add HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate /v InstallDefault /t REG_DWORD /d 1 /f
  C:\Install\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
  reg add HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate /v InstallDefault /t REG_DWORD /d 0 /f
Install Microsoft Edge WebView

Step 5 – Launch the Quick Assist App once. Make sure, without launching the app, don’t move to the next step. Please wait at least 10 mins on this step or/else reboot the template VM and launch the app

explorer shell:AppsFolder\MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe!app
Launching Quick Assist

Step 6 – Create an OS scheduled task to run at every logon. This will launch the Quick Assist and register at every logon.

schtasks /create /RU "SYSTEM" /TN RegisterQuickAssist /SC ONLOGON /TR "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-AppxProvisionedPackage -PackagePath C:\Temp\QuickAssist\MicrosoftCorporationII.QuickAssist_2022.614.2314.0_neutral___8wekyb3d8bbwe.AppxBundle -online -SkipLicense"
Schedule Task – Register of Microsoft Quick Assist at User Login

Step 7 – Take a snapshot of the golden image and the remaning steps will be performed in App Volumes files.

Step 8 – We need to prepare the template bundle of Writable Volumes (UIA+Profile) to contain a file startup_postsvc.bat with the following contents. Note Alter the file path if you decide to use something else.

  @echo off
  setlocal enabledelayedexpansion
  set WV_Path=none
  for /F "tokens=3" %%A in ('reg query HKLM\System\ControlSet001\Services\svservice\Parameters /v WritableVolume 2^>nul') do (
    set WV_Path=C:%%A
    fltmc attach bindflt !WV_PATH!
  )
  reg query "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView" /v DisplayName >nul 2>&1
  if %ERRORLEVEL% NEQ 0 (
    reg add HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate /v InstallDefault /t REG_DWORD /d 1 /f
    start /wait C:\Temp\QuickAssist\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
    reg add HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate /v InstallDefault /t REG_DWORD /d 0 /f
  )

Here is the procedure to update the writable volume’s file – Update Writable Volumes (vmware.com). Zip all the files and push the changes using AV Manager > Writables > Update Writable Volumes

Additional Files for writable volumes startup

Step 9 – Validation login to the virtual desktop (Make sure the updated file – startup_postsvc.bat are pushed onto the WV). After a few seconds, the Microsoft Edge WebView2 Runtime component and Quick Assist should appear in Programs and Features.

PowerShell Get-AppxPackage *assist*

Step 10 – Launch Quick Assist via Start Menu or Explorer and Voila!

explorer shell:AppsFolder\MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe!app

If you encounter a similar issue, you can follow the above solution. I hope you will find this information useful if you encounter the same issue. A big thanks to my teammate Jishan T for his continuous effort while troubleshooting with GSS over 3+ months.

Thanks,
Aresh Sarkari

Unable to use Privilege Elevation – VMware Dynamic Environment Manager

7 Mar

We were exploring the feature Privilege Elevation – VMware Dynamic Environment Manager (DEM) within our development environment, and for some odd reason, a specific feature and configuration wouldn’t work in our setup.

Disclaimer

The windows registry mentioned within this blog post is used within enterprise-grade secure environments. The hardening measure is part of CIS Benchmarks on Windows 10. If your machines aren’t hardened, the feature typically works out of the box. For example, in my home lab, I had no issues with the Privilege Elevation feature working.

Issue

Whenever we enable the feature and apply any settings, it will not work. It didn’t matter which configuration you picked. The error within the logs remains constant.

The error within the FlexEngine-ElevatedTasks.log

2022-02-21 13:02:30.122 [ERROR] Cannot launch elevated task 'TaskName01' (token infrastructure not available)
2022-02-22 11:22:02.960 [ERROR] Cannot launch elevated task 'TaskName01' (token infrastructure not available)
2022-02-28 18:23:19.736 [ERROR] Cannot launch elevated task 'TaskName01' (token infrastructure not available)

Cause

Provided by VMware – The additional configuration on LSA Protection causing issues with the VMware DEM agent (2103 Version). The windows registry key – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

RunAsPPL=1

Resolution

My team managed to open a VMware GSS case handled by GuruKripal (A very helpful support engineer), we had to provide numerous amount of logs, procmons and group policy export of the enivornment. After giving them the export of our CIS Benchmarked group policies, they could reproduce the issue. In the end, the VMware engineering team provided us with a newer build of DEM Agent (10.2.4.1023 x64.msi).

If you encounter a similar issue, you can raise a VMware support case to obtain the fix or/else, I was assured all future releases of DEM Agent would include the fix. I hope you will find this information useful if you encounter the issue. A big thanks to my teammate Jishan T for his continuous effort while troubleshooting with GSS over 6+ months.

Thanks,
Aresh Sarkari

Explorer.exe keeps crashing every 3 seconds in Windows 10

19 Oct

It was patch Tuesday time, and we were implementing the Windows 10 1909 Oct October 12, 2021—KB5006667 (OS Build 18363.1854) patch to our base images which are used for VMware Horizon VDI. During our validations, we started noticing the strange behaviour of Explorer.exe crashing and desktop becoming completely unusable.

Update 16th Nov 2021 – The explorer.exe crashing issue is now resolved in November 9, 2021—KB5007189 (OS Build 18362.1916) (microsoft.com)

Issue

The Windows explorer.exe keeps crashing within the virtual desktop of Windows 10 1909. The virtual desktop is entirely unusable. The only way to see the Event Viewer or anything is by using Horizon Client – Options – Send Ctrl + Alt + Del command within the virtual desktop and then opening up the Task Manager.

Cause

Provided by Microsoft – The explorer is trying to update feeds content, and there is a NULL value due to this bug that is causing explorer to crash.

Resolution

We tried performing various steps of un-install and re-installing the patch etc.. However, nothing worked, and we ended up working with Microsoft and seemed like it was a known issue, and they provided us with the following fix:

Option 1 – Registry – Disable News and Interest

Open regedit.exe on the golden image or

 Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds\
 REG_DWORD name: ShellFeedsTaskbarViewMode
 Value: 2

Option 2 – GPO – Disable News and Interest

To access the policy for news and interests on the taskbar, on a device that has installed Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2) – v2.0 ADMX file Feeds.admx is newly added, and we can retrieve it from the below .admx file:

Computer Configuration > Administrative Templates > Windows Components > News and interests > News and interests on the taskbar > Select Disabled

Note – I suspect this fix might be applicable to other Windows 10 versions.

I hope you will find these steps helpful to resolve explorer.exe crashing issue and don’t have to go down the path of troubleshooting the issue.

Thanks,
Aresh Sarkari



Script to install CrowdStrike Sensor and VMware App Volumes snapvol.cfg exclusions for CrowdStrike Sensor

20 Aug

If you are planning to deploy CrowdStrike Sensor (CS Sensor) within your virtual desktop (Windows 10) or server operating(Remote Desktop – Windows Server 2016), then continue reading. In this post, we will take a look into the following topics:

  • Scripted silent install of CrowdStrike Sensor
  • Process exclusions for VMware App Volumes – Writable Volumes (snapvol.cfg)

Script to install CrowdStrike Sensor

Pre-requisites:

  • Based on your requirements, a complete range of silent switches can be found here – How to Install CrowdStrike Falcon Sensor | Dell US
  • Create a folder called C:\Temp\Sensor and place all the CS Sensor EXE within this folder.
  • Make sure to read the installer log files after the install is completed.
  • We use the proxy details as the virtual machines don’t have direct internet access.
  • Look for the exit code = 0 = success
#############################################################################################
# Install Crowd Strike Sensor to the Golden Image on Windows 10 and Windows Server 2016/2019
# Look for Exit Code 0 = Success
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari - https://twitter.com/askaresh
#############################################################################################

###################################################################
#                    Declare Variables                            #
###################################################################

#Sensor Names
$CSSensorName = "WindowsSen*"

#The sensor installer Location
$TempInstallPath = "C:\Temp\Sensor"

#Log Files location
$CSSensorlogFile = "C:\Temp\Sensor\CSSensor.log"

###################################################################
#                    EXE Arguments Arrary for CS Sensor           #
###################################################################
# Modify any Installer switches related to the sensor here.
# Dell Article covering all silent switches 
# https://www.dell.com/support/kbdoc/en-us/000126124/how-to-install-crowdstrike-falcon-sensor
# Proxy switches if your endpoints dont have direct Internet Access
# Log Files w.r.t to installation is generated in C:\Temp\*

# Crowd Strike Sensor Arguments
$CSArguments = @(
    "/install"
    "/quiet"
    "/norestart"
    "CID=YOUDIDGUIDWILLGOHERE-EG"
    "ProvToken=YOURTOKENNUMBER"
    "GROUPING_TAGS=TAG1,TAG_VDI"
    "ProvWaitTime=3600000"
    "APP_PROXYNAME=proxy.whateverproxy.com"
    "APP_PROXYPORT=80"
    "VDI=1"
	"/log"
    $CSSensorlogFile
)

###################################################################
#                    Main                                        #
###################################################################

# Install Crowd Strike Sensor
Write-Host "Installing the Crowd Strike Sensor" -ForegroundColor Green
$CSSensorPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $CSSensorName}).Fullname
$CSSensorInstall = (Start-Process -Filepath $CSSensorPath -Wait -ArgumentList "$CSArguments" -PassThru)
$CSSensorInstall.ExitCode

Start-Sleep 20

Git Hub scripts/CSSensor-Install at master · askaresh/scripts (github.com)

Process exclusions for VMware App Volumes

It is advisable you add the CrowdStrike process exclusions within the VMware App Volumes – Writable Volumes templates on snapvol.cfg. Here is the detailed guidance on how to modify the snapvold.cfg – Using the VMware App Volumes snapvol.cfg File to Customize Writable Volumes | VMware End-User Computing Blog. These two processes are visible within the Task Manager.

#Crowdstrike Exclusions
exclude_process_name=CSFalconService.exe
exclude_process_name=CSFalconContainer.exe

A big thanks to Jishan for the numerous testing cycles! I hope you will find this script and exclusions useful to install the CrowsStrike Sensor. A small request if you further enhance the script or exclusions, I hope you can share it back with me?

Thanks,
Aresh Sarkari

VMware App Volumes – AD Domain – LDAPS Configuration/Certificate Renewal

19 Aug

The Enterprise Root CA certificate was coming close to expiry, and we had to replace the certificate on VMware App Volumes Manager. In this blog post, we will take a look into the following topics:

  • How to identify the Microsoft Enterprise Root CA
  • How to generate the Root Certificate *.cer
  • Convert the certificate *.cer to *.pem format for App Volumes Manager
  • Replace the certificate within the App Volumes Manager
  • Configuring the App Volumes Manager for LDAPS

How to identify the Microsoft Enterprise Root CA

On any domain-joined box where you have the Active Directory administrative tools installed, open the adsiedit.msc and change the Naming Context to Configuration partition.

Adsiedit Connection

Navigate to the below path Under Certification Authorities, and you’ll find your Enterprise Root Certificate Authority server.

CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=askaresh,DC=dir
Active Directory – Configuration Partition

How to generate the Root Certificate *.cer

Log into the Root Certification Authority server with Administrator Account. Go to Start > Run > and type Cmd, and press on Enter button. Enter the following command:

certutil -ca.cert C:\Temp\rootca_cert.cer

Convert the certificate *.cer to *.pem format for App Volumes Manager

I typically use OpenSSL to convert all my certificates. Copy the rootca_cert.cer certificate into Folder – C:\OpenSSL-Win32\bin and run the following command to convert the certificate to PEM.

openssl x509 -in root_cer.cer -out adCA.pem

Note – We want the exported name to be adCA.pem as App Volumes Manager needs that name during setup.

Replace the certificate within the App Volumes Manager

Depending upon the number of AV Managers, you will have to repeat the steps:

  • Copy the adCA.pem on each App Volumes Manager server, to the /config directory where the App Volumes Manager is installed. The default installation location for App Volumes Manager is C:\Program Files (x86)\Cloud Volumes\Manager.
  • Restart the App Volumes Manager servers.

Configuring the App Volumes Manager for LDAPS

You only need to perform these steps on one App Volumes Manager per POD as the configurations are central on a SQL Database.

  • Login to the App Volumes Manager and go to Configuration – AD Domains – Select the Domain – Edit or New depending upon your requirements
  • Enter the Domain Name, Service Account Username, Service Account Password and Select Secure LDAPS. The port number is 636.
  • Click on Update
App Volumes Manager – AD Domains

I hope you will find these steps helpful to replace or configure the VMware App Volumes Manager with LDAPS.

Thanks,
Aresh Sarkari

Reference Links

Export Root Certification Authority Certificate – Windows Server | Microsoft Docs

Find the name of Enterprise Root CA server – Windows Server | Microsoft Docs

Configure CA Certificates in App Volumes Manager (vmware.com)

Script to install VMware EUC Agents – App Volumes Agent, DEM Agent and Horizon Agent

30 Jun

If you are planning for the VMware EUC Stack migration or upgrade and want to install the VMware EUC agent, then continue reading. The guidance on uninstalling the existing agents can be found on this blog post – Script uninstall VMware EUC Agents – App Volumes Agent, Horizon Client, DEM Agent, Horizon Agent and VMware Tools | AskAresh

In this script, we shall perform the agents install and reboot the golden image towards the end. There is no need to install the individual agents one by one, instead, sit back, relax and have a coffee!

VMware EUC Agents:

  • VMware Horizon Agent (Works on 7.x and 8.x/YYMM)
    • Note few MSI switches are deprecated if you still use them, you will have an error code 1603
  • VMware Dynamic Environment Manager Agent (Works on 9.x and YYMM)
  • VMware App Volumes Agent (Works on 2.x and 4.x/YYMM)

Note – All the above testing is carried out on Windows 10 1909 with PowerShell 5.1. Reboot is required to complete the installation operations.

VMware EUC Agents Install

Pre-requisites:

#################################################################################################
# Install EUC Agents in the proper order - Horizon Agent , DEM Agent and App Volumes Agent
# Reboot the OS towards the end after install all Agents. Look for Exit Code 0 or 3010
# If you notice exit code 1603 there is a installation issue. Refer to my MSI switches blogpost
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari (Twitter - @askaresh)
################################################################################################

###################################################################
#                    Declare Variables                            #
###################################################################

#Agent Names
$HorizonAgentName = "VMware-Horizon-Agent-x86_64*"
$DEMAgentName = "VMware Dynamic Environment Manager*"
$AppVolumesAgentName = "App Volumes Agent*"
$AppVolMGR = "avm001.domain.com" # Manager LB VIP

# All the installer Location
#Create a folder C:\Temp\Agents and place all the MSI\EXE in there
$TempInstallPath = "C:\Temp\Agents" 

#Log Files location
# Go through all the logs post installation
$HZlogFile = "C:\Temp\Agents\HZAgent.log"
$DEMlogFile = "C:\Temp\Agents\DEMAgent.log"
$ApplogFile = "C:\Temp\Agents\AppVolAgent.log"

###################################################################
#                    MSI Arguments Arrary for EUC Agents          #
###################################################################
# Modify any MSI switched related to the agent here.
# Follow this blog post for swithces - https://askaresh.com/2021/06/28/comparision-vmware-horizon-agent-7-x-8-x-silent-install-switches-and-properties/

# VMware Horizon Agent MSI Switches
$HZMSIArguments = @(
	"/qn"
	"VDM_VC_MANAGED_AGENT=1"
    "SUPPRESS_RUNONCE_CHECK=1"
	"VDM_IP_Protocol_Usage=IPv4"
	"ADDLOCAL=Core,ClientDriveRedirection,NGVC,USB,RTAV,PerfTracker,PrintRedir,HelpDesk,TSMMR,VmwVaudio,V4V"
	"REBOOT=REallySuppress"
	"/L*v"
	$HZlogFile
)

# VMware Dynamic Enivornment Agent MSI Switches
$DEMMSIArguments = @(
    "/qn"
    "ADDLOCAL=FlexEngine"
    "REBOOT=REallysuppress"
    "/L*v"
    $DEMlogFile
)

# VMware App Volumes Agent MSI Switches
$AppVolMSIArguments = @(
    "/qn"
    "MANAGER_ADDR=$AppVolMGR"
    "MANAGER_PORT=443"
    "REBOOT=REallysuppress"
    "EnforceSSLCertificateValidation=0"
    "/L*v"
    $ApplogFile
)

###################################################################
#                    Main                                        #
###################################################################

# Install VMware Horizon Agent
Write-Host "Installing the VMware Horizon Agent" -ForegroundColor Green
$HZAgentPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $HorizonAgentName}).Fullname

# The switches "/s /v " is the Install Shield switches and rest of the aruguments are passed with MSI
$HZAgentInstall = (Start-Process -Filepath $HZAgentPath -Wait -ArgumentList "/s /v ""$HZMSIArguments" -PassThru)
$HZAgentInstall.ExitCode

Start-Sleep 20

# Install DEM Agent
Write-Host "Installing the VMware DEM Agent" -ForegroundColor Green
$DEMPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $DEMAgentName}).Fullname
$DEMAgentInstall = (Start-Process -Filepath $DEMPath -ArgumentList $DEMMSIArguments -Wait -PassThru)
$DEMAgentInstall.ExitCode

Start-Sleep 20

# Install App Volumes Agent
Write-Host "Installing the VMware App Volumes Agent" -ForegroundColor Green
$AppVolPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $AppVolumesAgentName}).Fullname
$AppVolAgentInstall = (Start-Process -Filepath $AppVolPath -ArgumentList $AppVolMSIArguments -Wait -PassThru)
$AppVolAgentInstall.ExitCode

Start-Sleep 20

# Restart the computer
Write-Host "Restarting the computer post the VMware EUC Agents install" -ForegroundColor Green
Restart-Computer -Force

Git Hubscripts/vmwareeucagent-install at master · askaresh/scripts (github.com)

A big thanks to Chris H for providing the original blueprint of the script and Wouter for showing me the magical “space” on the switch /v within the Horizon Agent installer. Final thanks to Jishan for the numerous testing cycles and additions to a different version of this script which tackles VMware Tools reboot and continues installing post a reboot.

I hope you will find this script useful to install the VMware EUC agents and never look back to install them individually. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Reference Article – VMware Agent Install order – Agent installation order for Horizon View, Dynamic Environment Manager, and App Volumes (vmware.com)

Script uninstall VMware EUC Agents – App Volumes Agent, Horizon Client, DEM Agent, Horizon Agent and VMware Tools

29 Jun

If you are planning for the VMware EUC Stack migration or upgrade and are in the middle of uninstalling the existing agents, look no further and here is the script that will allow you to uninstall all the agents and reboot the golden image towards the end. There is no need to remove individual agents one by one from the “Program and Features”; instead, sit back, relax and have a coffee!

VMware EUC Agents:

  • VMware App Volumes Agent (Works on 2.x and 4.x/YYMM)
  • VMware Horizon Client (Optional)
  • VMware Dynamic Environment Manager Agent (Works on 9.x and YYMM)
  • VMware Horizon Agent (Works on 7.x and 8.x/YYMM)
  • VMware Tools (Works on 11.x)

Note – All the above testing is carried out on Windows 10 1909/Windows Server 2016 with PowerShell 5.1. The PowerShell module Uninstall-Package suppresses individual reboot and we perform the final reboot towards the end using the Restart-Computer module. (Reboot is required to complete the uninstallation operations.)

VMware EUC Agents
#################################################################################
# Un-Install EUC Agents in the proper order for Golden Image
# App Volumes Agent, Horizon Client(Optional), DEM, Horizon and VMware Tools
# Suppressed auto Reboot the OS towards the end after un-installing all Agents.
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari (Twitter - @askaresh)
#################################################################################

#Un-installing VMware App Volumes Agent
Write-Host "Un-installing the App Volumes Agent" -ForegroundColor Green
Get-Package -Name 'App Volumes **' | Uninstall-Package

sleep -Seconds 60

#Un-installing VMware Horizon Client
#Write-Host "Un-installing the VMware Horizon Client" -ForegroundColor Green
#Get-Package -Name 'VMware Horizon Cli**' | Uninstall-Package

#sleep -Seconds 60

#Un-installing VMware Dynamic Environment Agent
Write-Host "Un-installing the Dynamic Environment Agent" -ForegroundColor Green
Get-Package -Name 'VMware Dynamic **' | Uninstall-Package

sleep -Seconds 60

#Un-installing VMware Horizon Agent
Write-Host "Un-installing the VMware Horizon Agent" -ForegroundColor Green
Get-Package -Name 'VMware Horizon Ag**' | Uninstall-Package

sleep -Seconds 60

#Un-installing VMware Tools Agent
Write-Host "Un-installing the VMware Tools Agent" -ForegroundColor Green
Get-Package -Name 'VMware Tools' | Uninstall-Package

sleep -Seconds 60

# Restart the computer
Write-Host "Restarting the computer post the VMware EUC Agents Un-install" -ForegroundColor Green
Restart-Computer -Force

GitHub scripts/vmwareeucagent-uninstall at master · askaresh/scripts (github.com)

Thanks to Hilko and Joel for reviewing the script and providing valuable feedback.

I hope you will find this script useful to uninstall the VMware EUC agents and never look back to remove individual programs under “Programs and Features”. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari