Considering taking the plunge into Virtual Desktops deployed using Windows XP?  If you are, use this pre-install check-list to ensure your XP image is lean and mean:

XP Check-list

1. Align the boot partition
   
2. Install the latest service pack provided by Microsoft. 
   Download Windows XP Service Pack 3
   
3. Install and configure VMware Tools on the guest OS.
4. Install and configure VMware View agent on the guest OS.
   Download View agent
   
5. Run Windows Update and download/install all the latest patches and updates.
6. Disable and remove unused hardware
   Example: COM1 and COM2
7. Ensure video hardware acceleration is enabled.
8. Set visual effects for best performance.
9. Delete Windows uninstall folders
10. Disable Windows indexing service
11. Disable indexing of the C:\
12. Disable and remove system restore points.
13. Disable unnecessary services.
14. Turn off Windows theme enhancements.
15. Configure RDP default color depth for 24-bit.
16. Perform a disk clean-up.
17. Perform a disk defragmentation.
    

Group Policy Check-list

1. Set the Windows screen saver to blank
2. Set screen saver to password protect on resume
3. Enable RDP access for non-privileged users.
4. Allow users to connect remotely using Terminal Services 
5. Remove desktop wallpaper
6. Disable remote Windows security items from start menu
7. Remove disconnect option from shut down dialog window
8. Set a time limit for active but idle Terminal Services sessions

Disk Alignment:

VMware reports throughput can increase by as much as 62% (averaging about 12%) with a latency decreases of up to 33% (averaging about 10%) in disks that have been properly aligned.  Follow the VMware Disk Alignment KB to align the boot volume.

VMware Tools Installation:

From within Virtual Center, with your virtual machine (VM) image running, right click on the VM and select the 'Install/Upgrade VMware Tools' option from the menu:

A installation wizard will appear on the console of the VM.  Complete the guided install and reboot the VM after installation.

VMware View Agent Installation:

1. Download the VMware View Agent install media to your Virtual Machine (VM)
   Download from VMware
   
2. Run the installation Wizard
3. Reboot the VM after the Agent has been installed.
   

Video Hardware Acceleration:

1. Right click on the desktop and select 'Properties':
   
   
   
   
2. Click the 'Settings' tab:
   
   
   
   
3. Click the 'Advanced' button
   
   
   
   
4. Click the 'Troubleshoot' tab
   
   
   
   
5. Slide the slider-bar to the 'Full' option
   
   
   
   
6. Click through the remaining screens selecting the 'OK' option until the changes have been saved
   

Visual Effects:

1. Right click on 'My Computer' and select 'Properties':
   
   
   
   
2. Click the 'Advanced' tab:
   
   
   
   
3. Click the 'Settings' button
   
   
   
   
4. Select the 'Adjust for best performance' option
   
   
   
   
5. Click through the remaining screens selecting the 'OK' option until the changes have been saved
   

Delete Uninstall Folders:

You can free up space on your Virtual Machine's image by removing the Windows uninstall folders.  Windows uses these folders to roll back system updates in the event something should go wrong during install.  Once your satisfied with all your updates, there is no need to keep the uninstall data on your drive.  To see a list of all your uninstall folders, browse to the 'C:\Windows' directory.  You will have to enable the 'Show hidden files and folders' view in Explorer's folder options menu to see them.  Anything that begins with '$NTUninstall' can be safely removed (DO NOT remove $hf_mig$).

Note: Removing these files could corrupt Windows System Restore points and Add/Remove Program functionality so proceed with caution.

You can now clean-up the Add/Remove Programs list by opening 'Add or Remove Programs', and then attempting to remove one of the updates.  Windows will provide an alert similar to the following:

Clicking 'Yes' will automatically remove the entry from the Add/Remove Programs list.

Disabling Indexing Services:

1. Right click on 'My computer' and select 'Manage'
   
   
   
   
2. Under 'Services' in the Computer Management Window, select the service named "Indexing Service"
   
   
   
   
3. Right click on the service name and select 'Properties'
   
   
   
   
4. Choose the 'Disabled' option from the 'Startup type' drop down window
   
   
   
   
5. Click through the remaining screens selecting the 'OK' option until the changes have been saved

Disable Indexing on C:\:

1. In Windows Explorer, right click on your C:\ disk and select 'Properties'
   
   
   
   
2. Uncheck the 'Allow Indexing Service to index this disk for fast file searching' from the Disk Properties window and click 'OK'
   
   
   
   
3. Select the 'Apply changes to C:\, subfolders and files' option and click 'OK'
   
   
   
   
4. After the Applying attributes Window closes, click the 'OK' option to save the changes
   
   
   
   

Disabling System Restore:

1. Right click on 'My Computer' and select 'Properties'
   
   
   
   
2. Click the 'System Restore' tab
   
   
   
   
3. Check the 'Turn off System Restore on all drives' option
   
   
   
   
4. Click 'OK' to save the changes
5. Click the 'Yes' option to confirm your selection
   
   
   
   

Blank screen saver:

Creating a group policy object to blank the screen saver will save system resources on your ESX host.

Modify the following GPO options:

1. User Configuration >> Administrative Templates >> Control Panel >> Display >> Screen Saver >> Enabled
2. User Configuration >> Administrative Templates >> Control Panel >> Display >> Screen Saver executable name >> scrnsave.scr

RDP Color Depth:

By default, Windows XP uses a 16-bit color depth for RDP connections.  This is ideal for low bandwidth connections, however increasing this to 24-bit for higher bandwidth connections will provide a better user interaction.

Modify the following registry key on your image:

1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\fInheritColorDepth >> Change color depth to 4
   

Password protect screen saver on resume:

It's never a bad idea to password protect your screen saver.  This will keep your environment secure should the terminal be left unattended.

Modify the following GPO options:

1. User Configuration >> Administrative Templates >> Control Panel >> Display >> Screen Saver timeout >> 300
2. User Configuration >> Administrative Templates >> Control Panel >> Display >> Password protect the screen saver >> Enabled
   

Allow non-privileged users RDP access to View:

In a typical deployment, we create security groups in Active Directory that contain lists of users that have access to View or to a pool of View desktops.  However, unless these users have privileged access on the desktop, they will not have the proper privileges to connect via RDP to the View desktop/pool.

This is easily overcome by the addition of the 'Remote Desktop Users' group in the Restricted groups GPO.  Placing a group that contains users you wish to access View into the Restricted 'Remote Desktop Users' group allows any member of that group to connect via RDP without elevated privileges to the desktop.

Place the Active Directory security group containing your View users into the 'Remote Desktop Users' group located in the Restricted Groups GPO (Computer Configuration >> Windows Settings >> Security Settings >> Restricted Groups):

1. Find the Restricted Groups GPO
   
   
   
   
2. Rick click and choose the 'Add Group...' option
   
   
   
   
3. Enter the name of a Active Directory group that you want to enable View access for (in our example we use TCPDUMP\View-Users but you should use a previously defined group from your Active Directory forest.)
   
   
   
   
4. Click the 'Add' button from the group properties window
   
   
   
   
5. Enter 'Remote Desktop Users' in the group Membership window and click 'OK'
   
   
   
   
6. Confirm your changes by clicking 'OK'
   
   
   
   

Allow users to connect remotely using Terminal Services:

Specifies whether to allow users to connect remotely using Terminal Services.  This option is found on the Remote tab in System Properties.

Modify the following GPO option:

1. Computer Configuration >> Administrative Templates >> Windows Components >> Terminal Services >> Allow users to connect remotely using Terminal Services >> Enabled
   

Remove Desktop Wallpaper:

Specifies whether desktop wallpaper is displayed to remote clients connecting via Terminal Services.

Modify the following GPO option:

1. Computer Configuration >> Administrative Templates >> Windows Components >> Terminal Services >> Enforce Removal of Remote Desktop Wallpaper >> Enabled
   

Disable Remote Security Items:

Specifies whether to remove the Windows Security item from the Settings menu on Terminal Services clients. You can use this setting to prevent inexperienced users from logging off from Terminal Services inadvertently.

If the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.

Modify the following GPO option:

1. Computer Configuration >> Administrative Templates >> Windows Components >> Terminal Services >> Remove Windows Security item from Start menu >> Disabled
   

Remove Disconnect option from shut down window:

Specifies whether to remove the Disconnect option from the Shut Down Windows dialog box on Terminal Services clients. If the status is set to Enabled, Disconnect does not appear as an option in the drop-down list in the Shut Down Windows dialog box.

Modify the following GPO option:

1. Computer Configuration >> Administrative Templates >> Windows Components >> Terminal Services >> Remove Disconnect option from Shut Down dialog Properties >> Enabled
   

Limit idle active Terminal Services sessions:

You can use this setting to specify the maximum amount of time that an active session can be idle (that is, no user input) before it is automatically disconnected. By default, Terminal Services allows active sessions to remain idle for an unlimited time.

Modify the following GPO option:

1. Computer Configuration >> Administrative Templates >> Windows Components >> Terminal Services >> Sessions >> Sets a timelimit for active but idle Terminal Services sessions
   

Add this page to your favorite website

Comments

Add New Search

Akshay |29/08/2009 12:31:45 Useful info on rdp settings Reply | Quote

inbabi  - Network Administrator |22/12/2011 17:39:10 Very good presentation, and saves time with other reading we have to do. Thanks a million Reply | Quote

Write comment
Name:
Email:	do not notifynotify
Website:
Title:
UBBCode:	-color-aquablackbluefuchsiagraygreenlimemaroonnavyolivepurpleredsilvertealwhiteyellow -size-tinysmallmediumlargehuge
	Please input the anti-spam code that you can read in the image.

!joomlacomment 4.0 Copyright (C) 2009 Compojoom.com . All rights reserved."