Aaron Parker

BriForum London 2012 – Slide deck for The Definitive Guide to delivering Office with App-V

2012-05-24T17:36:04Z

I shared a lightning round session at BriForum London 2012 with Dan Brinkmann. I rolled two lightning rounds (including Should Office Be in the Base Image?) into one with The Definitive Guide to delivering Office with App-V.

We were very lucky to have a great turn out considering the strong competition in the other sessions for that slot. Thanks to those who attended, it was very much appreciated.

If you’re interested in taking a look at the slide deck, I’ve embedded (via SkyDrive) it below:

BriForum London 2012 – Slide deck for The Definitive Guide to delivering Office with App-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Citrix Synergy 2012 – Slide deck for Geek Speak Live ‘User Environment Management smackdown 2012′

2012-05-24T17:37:02Z

At Citrix Synergy 2012, I had the distinct pleasure of moderating a Geek Speak panel: ”User Environment Management smackdown 2012″ with Shawn Bass, Helge Klein, Harry Labana from AppSense, Bob Janssen from RES Software and Mike Larkin from Citrix on the state of User Environment Management.

Feedback was good and I’m hoping that we might be able to do something new on this topic in Barcelona later this year.

Unfortunately I don’t think it was recorded, but if you’d like to see the slide deck, I’ve embedded it (via SkyDrive) below:

Citrix Synergy 2012 – Slide deck for Geek Speak Live ‘User Environment Management smackdown 2012′ is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V Books from Packt Publishing available with discounts in May

2012-05-18T13:30:49Z

I’ve been fortunate enough to have performed technical editor duties on a couple of App-V books by Augusto Alvarez - Getting Started with Microsoft Application Virtualization 4.6 and Microsoft Application Virtualization Advanced Guide.

Packt Microsoft Carnival is a special offer by Packt Publishing during May where you can acquire several Microsoft’s titles with discounts.

Packt’s Microsoft Carnival includes a variety of titles on App-V, BizTalk, SharePoint, SQL Server, Silverlight, .NET Framework stack, XNA, Forefront, System Center and more. Packt has reduce the prices on its selected Microsoft titles by up to 30%. Some of the books include:

Augusto’s two App-V books are also available in other stores, but the Packt Microsoft Carnival discount only applies in Packt Publishing site.

Augusto’s original post is here: App-V Books with Packt Publishing Discounts on May

App-V Books from Packt Publishing available with discounts in May is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

BriForum talk – Office and App-V

2012-05-18T13:32:08Z

If you’re attending BriForum London next week, I have a couple of lightning round sessions on Thursday at 13:40:

Should Office Be in the Base Image?
The Definitive Guide to Deploying Microsoft Office with App-V

This is really a single topic, but with any luck the discussion should be good and I’ll share my tips for successfully virtualising Office, if I haven’t talked you out of it in the first part of the presentation.

If you’re coming to BriForum London, drop by and say Hi.

BriForum talk – Office and App-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Migrating packages from App-V 4.x to App-V 5.0

2012-04-27T12:56:37Z

With the App-V 5.0 beta having been sprung upon us, it’s time to starting talking about it. Here’s how to automate the migration of packages from the old 4.x format to the new App-V 5.0 format.

To perform a migration of packages, I’ve setup a Windows 7 virtual machine for hosting the App-V 5.0 Sequencer. This virtual machine is configured in exactly the same way that I’ve been configuring Windows for sequencing with App-V 4.x with the exception of a Q drive as this is no longer needed. For more information on how I recommend configuring a virtual machine, see this article: Delivering Office with App-V – Sequencer Recommendations & Best Practices.

Installing the App-V 5.0 Sequencer is very straight-forward process. Start the Sequencer setup from appv_sequencer_setup.exe:

You’ll need to accept the license agreement and joining the Customer Experience Improvement Program is not optional during the beta. Once the Sequencer is installed, two PowerShell modules are available – AppVPkgConverter and AppVSequencer. AppVPkgConverter is used for converting legacy packages to the new format.

To see the new modules, import the AppVPkgConverter module and list the available commands in that module, run the following commands from a PowerShell prompt:

Get-Module -ListAvailable
Import-Module AppVPkgConverter
Get-Command -Module AppVPkgConverter

Which looks like this:

The AppVPkgConverter module has two commands – ConvertFrom-LegacyAppvPackage and Test-LegacyAppVPackage.

In my test environment, I have a number of legacy packages that I’m going to convert. I have 22 packages, totalling 4.5Gb:

To test these packages before conversion, I can run the following command against a legacy package:

Test-LegacyAppvPackage <path to legacy package>

One of my packages results in a warning when running Test-LegacyAppvPackage against it, in this case an issue that won’t prevent conversion:

To test all of my packages and convert those without errors (but include those with warnings), I can use the following example code:

$Source = "Y:\Packages"
$Dest = "Y:\Packages.v5"
Get-ChildItem -Path $Source | Test-LegacyAppvPackage | Where-Object {$_.Errors.Count -eq 0 } | ConvertFrom-LegacyAppvPackage -Target $Dest

This will result in the packages being converted into the new format in the destination folder. In this example, the conversion process took a little over an hour.

To make this a little cleaner I’ve also added some code to move the converted packages into their own folder, so that each folder contains the APPV, MSI and XML files for a single package. Here’s the full code listing:

## Convert a folder of legacy App-V packages to v5 format

# Source and destination folders
$Source = "Y:\Packages"
$Dest = "Y:\Packages.v5"

# Test legacy packages and convert those without errors to the new format
Get-ChildItem -Path $Source | Test-LegacyAppvPackage | Where-Object {$_.Errors.Count -eq 0 } | ConvertFrom-LegacyAppvPackage -Target $Dest

# Move packages and related files to a sub-folder per-package
$Packages = Get-ChildItem -Path $Dest -Filter "*.appv*"
foreach ($Package in $Packages) {
	$Name = $Package.Name.substring(0,($Package.Name.length - 5))
	$PackageItems = Get-ChildItem -Path $Dest -Filter "$Name*"
	New-Item -Path $Dest\$Name -Type Directory
	For ($n=0; $n -le $PackageItems.Count -1; $n++) { Move-Item $PackageItems[$n].FullName $Dest\$Name }
}

Migrating packages from App-V 4.x to App-V 5.0 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Citrix Technology Professional Award

2012-03-28T19:16:08Z

Last Friday turned out to be a pretty awesome day – my wife and I found out we’ll be having a girl in July and I’ve been selected to receive the Citrix Technology Professional award for 2012.

I’m extremely honoured to be counted amongst the list of CTPs, especially those that I’ve already met over the past few years. I’m looking forward to meeting the rest in San Francisco in May.

A big thanks to Laura Whalen and the rest of the team at Citrix.

Citrix Technology Professional Award is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Configuring Hyper-V Virtual Networks with PowerShell

2012-03-17T09:25:13Z

I’ve been configuring a Windows Server 2008 R2 Hyper-V deployment in the lab via MDT to a couple of ProLiant DL380 G5′s. I’ve been keeping the deployment as simple as possible, so there’s no SCVMM integrated at this point and as such I’ve need to configure the Hyper-V networking once the OS is deployed to the machine. Naturally, I don’t want to do that manually.

I’ve taken the opportunity write something in PowerShell that can perform the configuration via the MDT task sequence. To do that I’ve had to resort to the PowerShell Management Library for Hyper-V. A special thanks to Jeff Wouters for pointing me in the right direction with a couple of the Hyper-V specific commands.

An odd occurrence when deploying Windows Server to these boxes is that the adapter names often change between each deployment. So what might be HP NC373i Multifunction Gigabit Server Adapter #13 today becomes HP NC373i Multifunction Gigabit Server Adapter #14 when I next re-deploy Windows to that box.

Because the New-VMExternalSwitch and Remove-VMSwitchNic commandlets to used configure the virtual networks require the adapter description, I’ve had to come up with a way to grab the description based on some that remains static – the MAC address. List below is a script that contains a list of MAC addresses (you could improve on this by keeping the list in a file) for each target MAC address in each server.

It’s just a simple list, so if I add another server, I just add the new server’s MAC address to the list. The script returns the description of the adapter with that MAC address and then uses that to configure the new virtual network. Enjoy.

## Configures a Hyper-V external virtual network based on a supplied MAC address

## Variables ##
# Path to the PowerShell Management Library for Hyper-V
$HyperVLibrary = "$env:ProgramFiles\modules\HyperV"

# Virtual switch name
$SwitchName = "External"

# List of MAC addresses for the adapter in each server to be bound to a virtual switch
# HV1=00:1C:C4:D8:36:BA; HV2=00:19:BB:C9:63:04;
$MACAddressList = "00:1C:C4:D8:36:BA", "00:19:BB:C9:63:04"

# If the PowerShell Management Library for Hyper-V exists, we're good to go
If (Test-Path $HyperVLibrary) {

    # Match a MAC address to a local adapter and return the adapter description
    $Adapters = get-wmiobject -query "Select * From Win32_NetworkAdapterConfiguration"
    For ($n=0; $n -le $MACAddressList.Count -1; $n++) {
        For ($i=0; $i -le $Adapters.Count -1; $i++) {
            If ($MACAddressList[$n] -eq $Adapters[$i].MACAddress) {
                $AdapterDecription = $Adapters[$i].Description
            }
        }
    }

    # Configure Hyper-V networking with the supplied MAC Address
    If ($AdapterDecription) {

        # Import the PowerShell Management Library for Hyper-V
	    Import-Module $HyperVLibrary

        # Create the Hyper-V network and remove the option 'Allow management operating system to share this network adapter'
        New-VMExternalSwitch -VirtualSwitchName $SwitchName -ExternalEthernet $AdapterDecription -force
        Remove-VMSwitchNic -Name $SwitchName -Force
    }
    Else {
        Write-Warning "Unable to match a local adapter from the list of supplied MAC addresses."
    }
}
Else {
    Write-Warning "'$HyperVLibrary' doesn't exist. Unable to continue without the PowerShell Management Library for Hyper-V."
}

Configuring Hyper-V Virtual Networks with PowerShell is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Client Side Performance Testing coming to Login VSI

2012-03-15T10:48:50Z

I was invited to sit in on a preview of the new Client Side Performance Testing module for the Login VSI testing suite. The session was led by Mark Plettenberg, the lead developer of Login VSI. This new module looks very interesting because it will allow us to objectively measure and analyse the performance of remoting protocols such as Teradici PCoIP, Microsoft RDP, Citrix ICA/HDX and Quest EOP.

What is Login VSI?

If you’re not familiar with Login VSI, it’s essentially the gold standard in vendor independent testing suite for measuring the performance and scalability of desktop virtualization evironments (hosted virtual desktop and session-based desktops).

Login VSI was developed to solve the problem of sizing an environment correctly. Login VSI allows you to test and compare different hardware and software configurations in your environment. The results of those tests will ensure that you can scale your infrastructure confidently as well as understand the impact of changes to your environment.

Client Side Performance Testing

Login Consultants have been working to extend the testing of desktop virtualization environments to the client with the ability to test performance of remoting protocols. This is important because it gives us a full end-to-end picture of the user experience in desktop virtualization environments. Remoting protocols can now be tested for network characteristics like bandwidth and latency and the effects on the performance on the protocol.

The client-side measure launcher can now be used to perform these tests:

Character response – what’s the response time from pressing a key on the keyboard to that character being displayed on screen
Desktop filling text – how long does it take to copy text from the local client clipboard and paste that text into a remote application
Mouse click feedback – how long does it take to register the a mouse click and show that change to the user
Image quality and loading times – how long does it take for an image to load and what is the resulting quality. This is very interesting because Login VSI can objectively measure the client-side image quality against the original lossless image

Scenarios

With very little between the performance of the most common remoting protocols on the LAN, there are a number of scenarios that will make for interesting tests in your environment, including:

Testing access from branch offices across the WAN
Branch access can also be tested using WAN simulator such as WANem
Check response time – what is the real world response time for your typical work loads?
Testing without caching enabled on the client for realistic results. Disabling caching enables you to test the raw performance of the remoting protocol

Additional Points

This is the first release of the Client Side Performance Testing module, so there’s a few things to consider:

Linux clients aren’t yet available – the client-side module is Windows only
This first version is aimed at typical office and line-of-business applications. Video and audio testing is planned for the next version and will be able to test audio and video sync
A (beta?) release is planned within 2 weeks
This module will be included in the Login VSI license

For more info on the Client Side Performance Testing module keep an eye on the Login VSI web site.

Client Side Performance Testing coming to Login VSI is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Delivering Office with App-V – Sequencer Recommendations & Best Practices

2012-03-05T10:56:38Z

Having had to travel to Australia and the US recently, I’ve not had that much time to work on an upcoming white paper, but I have been posting some of the early versions of the chapters. So here’s another in that series while I work on getting the paper finished.

Creation of successful App-V packages requires building on a solid base – that base is the machine used to perform sequencing. This section details recommendations for creating the perfect sequencing machine. Follow these recommendations for the best chance at creating clean, successful App-V packages.

Obtain background information

Microsoft has made available a number of documents as introductions to App-V and the sequencing of applications.

Review the product documentation that was included together with App-V. This includes the following documents:
Review the “Best practices to use for sequencing in Microsoft App-V ” article. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 932137 (http://support.microsoft.com/kb/932137/)
Install the Office suites and applications to become familiar with the functionality of the program. Additionally understand the deployment requirements for Office

Do’s and Don’ts

Don’t make the sequencing machine an exact copy of your Standard Operating Environment (SOE) or add the machine to your domain. That is, do not create a sequencing machine directly from your SOE; instead create a new environment that closely matches your SOE. There are several reasons for this:

Your SOE most likely has many pre-requisites or applications installed that may interfere with sequencing, such as security agents and anti-virus
Changes to your SOE may break virtual applications – if your SOE has a DLL required by a virtual application, that DLL wouldn’t be captured in the virtual application package. In the event of the SOE changing and the DLL being removed or the version changing, any virtual application package that doesn’t include that DLL may now not work
Domain computers may have services, process or scheduled tasks that will interfere with sequencing or may cause files or registry settings to be inadvertently captured – changes made by a process that starts during sequencing will be captured in the package
Domain computers may have policies applied that may be inadvertently captured in the package, causing issues with virtual applications or subsequent changes to those policies to be ignored

Based on my own experiences and those of others that I’ve spoken to, the most successful App-V packages are created on vanilla installations of Windows.

Don’ts

Don’t add the sequencing VM to the domain, unless sequencing an application that requires it
Don’t use an exact copy of your SOE
Don’t install anti-virus applications or other security agents
If possible, don’t access the Internet directly from the sequencing VM

Do’s

Do leave Windows in workgroup mode the majority of applications
Do use the same versions of components used in your SOE
Do choose carefully which of those components should be installed in the sequencing VM
Do scan the VM with the Microsoft Windows Malicious Software Removal Tool; optionally mount the VM’s virtual disk on your host machine and scan it with the anti-virus application on the host
Do create a snapshot of the sequencing VM in a clean state
Do patch the sequencing VM each month

Hardware

Always use a virtual machine to host the sequencing machine – a virtual machine provides snapshots to allow you to capture a clean image of the sequencing VM and then rollback to that clean snapshot after sequencing an application.When taking a snapshot, ensure that the virtual machine is shutdown – do not leave the Sequencer running when taking a snapshot. Leaving the VM running puts you at risk of creating multiple packages with the same GUID. Every App-V package requires a unique GUID.

If you are using a local PC for sequencing, a second hard drive to host the VMs is recommended so that the sequencing process does not affect the host machine.Virtual machine software or hypervisors available for free include:

Microsoft Windows Virtual PC (Virtual PC does not support 64-bit guests)
Microsoft Hyper-V, available as either a stand-alone product or as a component of Windows Server 2008 R2 SP1
VMware Player (note that Player does not support snapshots)
VMware vSphere Hypervisor
Oracle VirtualBox
Citrix XenServer

Create a new virtual machine with the following virtual hardware:

1 x vCPU – the Sequencer is still only single threaded and additional CPUs will make little difference
A minimum of 1 GB RAM – Windows XP may require less
Add NICs, a sound card, USB hubs, COM & LPT ports as required
2 x vDisks – use fixed size disks if you have the space. Fixed size disks will offer better IO performance. Additionally the App-V 4.6 SP1 Sequencer can automatically create a Q: drive if none already exists; however a second vDisk is a better approach.

If no secondary partition exists, the Sequencer setup will create a substituted drive letter for the virtual drive. A known issue exists where this configuration can cause an issue with new and upgraded packages because the Sequencer resolves the full path instead of the substituted drive letter.

This issue looks to be fixed with Hotfix 3 for the 4.6 SP1 Sequencer; however it is still recommended that you create a second vDisk, rather than let setup create the drive for you.

Windows

Windows XP Professional or Windows 7 Enterprise editions are recommended for client OS deployments. If you are sequencing for both Windows XP/7 and Windows Server, sequence on the lowest common denominator (Windows XP in this example). If issues arise with testing a package on a different operating system, create a new version of the package for that OS.To create a clean Windows VM for sequencing, follow these steps:

Install Windows via the ISO, or better still, create an unattended deployment using the Microsoft Deployment Toolkit or your software deployment tool of choice, but keep the Windows deployment as vanilla as possible. Use the same Windows version and service pack level as your App-V client machines. This may mean creating multiple sequencing VMs. If you are deploying to both x86 and x64 clients, sequence on an x86 Windows machine, re-sequence the application on 64-bit Windows if required
- Service Pack deployment is recommended via a slipstreamed Windows ISO (that is the ISO with the latest service pack integrated into it)
Install the hypervisor tools or additions to install drivers and services required by the hypervisor to support the VM correctly
Enable Windows Firewall including the File and Printer Sharing rule to prevent remote PCs from connecting to the virtual machine
Active Windows inside the VM. A KMS will be make this simple; however if you are using a MAK key provided by your TechNet or MSDN subscription, this article is recommended reading: Managing product activation with a TechNet subscription
Disable System Restore on Windows XP or System Protection on Windows 7
Disable Windows Defender on Windows 7 (or disable the service)
If deploying Windows 7, leave the following Optional Components enabled:
- Windows Search
- XPS Services
- XPS Viewer
If deploying Windows XP, remove the following Windows Components:
- MSN Explorer
- Internet Gateway Device Discovery and Control Client
- Windows Messenger
- Additionally it’s recommended to remove the Adobe Flash Player that comes with Windows XP: http://kb2.adobe.com/cps/141/tn_14157.html
If deploying Windows XP or Windows Server 2003, install the following updates from the Microsoft Download Centre: http://microsoft.com/downloads
- XML Paper Specification Essentials Pack
- Windows Search 4.0 (available via Windows Update)
- Windows Media Player 11 (available via Windows Update)
- Update for Root Certificates (available via Windows Update)
Install the latest version of Internet Explorer for the target operating system – if you would prefer to match the IE version of your SOE, then stick with that version. Set the home page to about:tabs, this will ensure that if Internet Explorer is started during sequencing it won’t attempt to connect to the Internet
Install or enable the Microsoft .NET Framework – install the most recent version of the .NET Framework deployed in your environment. Note that .NET Framework 4.0 comes with all previous versions and .NET Framework 3.5 SP1 come with all its previous versions (and so on)
Install the Visual C++ Redistributables – 2005, 2008 and 2010 redistributables are recommended. Multiple versions of each redistributable may be required depending on application requirements. It is recommended to install these in order of release
Enable Microsoft Update
Update Windows with the latest updates – High Priority, Critical and Important updates should be installed at a minimum
- Do not install Microsoft Silverlight – this important for Microsoft Lync or if you intend to sequence Silverlight
- Windows Update may need to be run multiple times to ensure all updates have been detected and installed
Configure the following services (some services are not available on Windows XP):

Service	State
Diagnostic Policy Service	Disabled
Offline Files	Disabled
Security Center	Disabled
Windows Defender	Disabled
Windows Search	Manual
Windows Update	Manual

At a minimum, run the following built in applications so that they make changes to the local profile and remove first-run dialogs:
- Control Panel
- Internet Explorer including the Internet Options Control Panel applet
  - Start Internet Explorer a couple of times
  - Set the home page to about:tabs so that if IE is launched during sequencing, it will not connect to the Internet
- Windows Media Player
- Notepad
- WordPad
Restart the VM several times and log back on to ensure all first-run dialogs have been acknowledged or do not appear

Additional pre-requisites should only be installed when required by an application. For example, if Office is a pre-requisite of another application (such as SAP products or a plug-in) only install Office when sequencing that application.

At this point you will have a VM that can be used as a sequencing environment as well as an App-V client. It is highly recommended that you create two VMs based on this environment so that you have a second VM to perform testing of packages to confirm that the sequenced applications work at runtime.

Sequencer

Office 2010 is only supported with the 4.5 SP2 and 4.6 SP1 version of the Sequencer. Office 2007 and Office 2003 can be sequenced with earlier versions. Where possible it is recommended to use the latest Sequencer – this often requires the matching version of the client to be deployed as well (although the App-V 4.6 SP1 Sequencer is backwardly compatible with the App-V 4.6 client).

Install the Sequencer into the VM along with the most recent hotfix rollup. At the time of publishing of this document the most recent versions of the Sequencer are:

App-V 4.6 Service Pack 1 with Hotfix Rollup 3: http://support.microsoft.com/kb/2571168
App-V 4.5 Service Pack 2: http://support.microsoft.com/kb/980847

Application Install Source

Installing applications from a copy of the setup files located on a local disk inside the VM is recommended. Installation of the application from setup files located on a network share may cause files from that location to be captured during sequencing. Create a local folder inside the VM where application setup files will be copied to before sequencing. For example, use C:\Packages or C:\Source.

To ensure successful sequencing, it is not recommended to run setup applications directly from the networkEnsure that the folder is then added as an exclusion in your sequencing projects – often application setups may write log or temporary files to the same folder.

Snapshots

Once Windows has been configured, shutdown the VM – never take a snapshot of the virtual machine with the App-V Sequencer running. Each App-V package must have a unique GUID and snapshots with the Sequencer running are often a source of duplicate GUIDs. Additionally a VM in a shutdown state will take less room on disk for a snapshot because the VM’s RAM won’t be included in the snapshot.

Periodically rollback the VM to this snapshot to install the latest updates from Windows Update, then re-create the snapshot.

Sequencer Template

The App-V 4.6 SP1 Sequencer supports templates which will allow you to configure project options including exclusions, enabling Windows Update during sequencing and enabling compression when saving the package. Package templates can be used by multiple sequencing engineers or across multiple Office packages to ensure consistency.

Package Options

A number of options can be set in a sequencer template that may be required for an Office package:

Allow Microsoft Update to run during monitoring – enable updating of an Office package via Windows Update
Allow all named objects and COM objects to interact with the local system – this enabled LOCAL_INTERACTION_ALLOWED in the OSD file. This will save you from having to set this option manually after sequencing. If you are creating an Office package that will co-exist with other Office packages or locally installed Office, do not enable this option
Compress Package – Reduce the size of your Office package with compression. Recommended for all Office packages.

Exclusions

The table below lists the recommended exclusions to add when sequencing Office applications.

Path	Description
%CSIDL_COMMON_APPDATA%\Microsoft\RAC	Microsoft Reliability Analysis Component.
%CSIDL_PROFILE%\Lync Recordings	Microsoft Lync saved recordings folder. Just like documents, we don’t want these being saved into the virtual environment
%CSIDL_PROGRAM_FILES%\MSECACHE	Outlook Connector cache. Reduce the package size by excluding cached installers
%CSIDL_PROGRAM_FILESS%\OCSetup	Lync/Communicator cached setup files. Reduce the package size by excluding cached installers
%CSIDL_WINDOWS%\Installer	Windows Installer cache. Reduce the package size by excluding cached installers
%CSIDL_WINDOWS%\SoftwareDistribution	Windows Update. Ensure that these files are not cached to prevent breaking future updates to the package
%SFT_MNT%\Config.msi	Windows Installer rollback files. Reduce the package size by excluding cached installers
%SFT_MNT%\MSOCACHE	Microsoft Office installer cache. Reduce the package size by excluding cached installers
C:\MSOCACHE	Microsoft Office installer cache. Reduce the package size by excluding cached installers
<Source Folder> (e.g. C:\Packages)	A local folder that contains Office setup. Ensure that any changed files are not captured
Q:\Config.msi	Windows Installer rollback files. Reduce the package size by excluding cached installers
Q:\MSOCACHE	Microsoft Office installer cache. Reduce the package size by excluding cached installers
\REGISTRY\MACHINE\Software\Policies	Machine-level Group Policies. Ensure that Group Policy can deliver Office policies post deployment
\REGISTRY\USER\%SFT_SID%\Software\Microsoft\Tracing	Microsoft Tracing settings
\REGISTRY\USER\%SFT_SID%\Software\Microsoft\Windows\CurrentVersion\Internet Settings	User-level proxy server and other browser settings. Ensure that proxy settings aren’t cached in the package
\REGISTRY\USER\%SFT_SID%\Software\Microsoft\Internet Explorer	Internet Explorer settings. Ensure Internet Explorer settings aren’t cached in the package
\REGISTRY\USER\%SFT_SID%\Policies	User level Group Policies. Ensure that Group Policy can deliver Office policies post deployment

Using the Sequencer Template

To create a sequencer template, open the Sequencer and choose Tools / Options to set the package options and exclusions. Then choose File / Save As Template to save the file to disk. Save the template to a file and open in a text editor such as Notepad. The new template will have a number of changes over a default templateUnder DEFAULTS, the following options will be set to Yes (if they aren’t change them to Yes):

<DEFAULT Name="AllowMUADuringMonitoring" Value="Yes"/>
<DEFAULT Name="CompressPackage" Value="Yes"/>

Additional exclusions should also be listed, for example:

<EXCLUSION Pattern="Q:\MSOCACHE" Context="VFS_EXC" Type="PSR_DataSystem"/>

The DEFAULTOSD section sets the LOCAL_INTERACTION_ALLOWED option:

<DEFAULTOSD>&lt;SOFTPKG&gt;&lt;IMPLEMENTATION&gt;&lt;CODEBASE HREF="rtsps://%SFT_SOFTGRIDSERVER%:322/"/&gt;&lt;OS VALUE="Win7"/&gt;&lt;VIRTUALENV&gt;&lt;POLICIES&gt;&lt;LOCAL_INTERACTION_ALLOWED&gt;TRUE&lt;/LOCAL_INTERACTION_ALLOWED&gt;&lt;/POLICIES&gt;&lt;/VIRTUALENV&gt;&lt;/IMPLEMENTATION&gt;&lt;/SOFTPKG&gt;
</DEFAULTOSD>

To use the template during sequencing, start the Sequencer and choose File / New from Template, and choose your Sequencer Template file.

Delivering Office with App-V – Sequencer Recommendations & Best Practices is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V White Papers

2012-03-28T08:34:02Z

Update (28/03/2012): This list of white papers are now available on the Microsoft Download Centre: Microsoft Application Virtualization (App-V) Documentation Resources Download Page

Microsoft TechNet recently went through a redesign that seems to have removed some content and in particular a list of App-V white papers that was on the previous Application Virtualization TechCenter no longer exists.

A couple of the white papers are currently available on TechNet, but the full list still includes a number of useful documents that are not. Here’s the original list of documents available for download:

Microsoft Application Virtualization Version 4.6 SP1 Trial Guide	This Trial Guide is designed to help you quickly set up a limited Microsoft® Application Virtualization (App-V) evaluation in a test environment. This guide provides details of the steps necessary to install Microsoft Application Virtualization server components, for both Microsoft Application Virtualization Management Server and Microsoft Application Virtualization Streaming Server. You will install Microsoft Application Virtualization Desktop Client, publish the shortcuts of sequenced applications, and then stream and run these virtual applications on App-V clients. You will learn to virtualize a select set of applications using the Microsoft Application Virtualization Sequencer. You will also configure clients to run applications in a standalone environment.	March 10, 2011	Download the white paper
Microsoft Application Virtualization 4.6 SP1 Sequencing Guide	This whitepaper is designed to provide administrators with guidance for sequencing applications to create virtual packages that can be delivered to the end user. This document discusses setting up the App-V Sequencer, sequencing best practices, an example of sequencing, important information related to updating packages, and finally, examples of advanced OSD scripting.	March 10, 2011	Download the white paper
Microsoft Application Virtualization Version 4.6 Trial Guide	This guide is designed to help you quickly set up and evaluate a Microsoft Application Virtualization (App-V) environment. This guide outlines steps necessary to install Microsoft Application Virtualization server components, both System Center Application Virtualization Management Server and System Center Application Virtualization Streaming Server. You will install Microsoft Application Virtualization for Desktops, publish the shortcuts of sequenced applications, and then stream and run these virtual applications on App-V clients. You will learn to virtualize a select set of applications using System Center Application Virtualization Sequencer. You will also configure clients to run applications in a standalone environment.	September 27, 2010	Download the white paper
Virtual Application Management with Microsoft Application Virtualization 4.5 and System Center Configuration Manager 2007 R2	This paper discusses the integration of System Center Configuration Manager 2007 R2 and Microsoft Application Virtualization 4.5, including supported scenarios, best practices, deployment planning considerations, and how to perform common virtual application management tasks with Configuration Manager 2007 R2.	March 15, 2010	Download the white paper
Virtual Application Management with Microsoft Application Virtualization 4.6 and System Center Configuration Manager 2007 R2	This paper discusses the integration of System Center Configuration Manager 2007 R2 and Microsoft Application Virtualization 4.6, including supported scenarios, best practices, deployment planning considerations, and how to perform common virtual application management tasks with Configuration Manager 2007 R2.	February 22, 2010	Download the white paper
Microsoft Application Virtualization 4.6 Sequencing Guide	This white paper is designed to provide administrators with guidance for sequencing applications to create virtual packages that can be delivered to the end user. This white paper discusses setting up the sequencer, sequencing best practices, an example of sequencing, important information related to updating packages, and finally examples of advanced OSD scripting.	February 22, 2010	Download the guide
App-V Application Publishing and Client Interaction	This white paper provides information about how the client operates and where it stores data to support virtual applications.	February 22, 2010	Download the white paper
App-V 4.6 Infrastructure Planning and Design Guide	Use the IPD guide to maximize your organization’s time with step by step guidance to ease you through the process of planning your application virtualization infrastructure.	February 15, 2010	Download the guide
Application Virtualization 4.5 for Terminal Services	This whitepaper discusses the benefits, configurations and considerations when planning a TS (RDS) deployment that includes Microsoft Application Virtualization (App-V). This document was built to support designers and architects of Microsoft® Application Virtualization 4.5 infrastructures. Included in this document are performance data and recommendations for selecting the number and types of App-V components to use in an infrastructure.	September 29, 2009	Download the white paper
App-V 4.5 Server Sizing Guide	This document was built to support designers and architects of Microsoft® Application Virtualization 4.5 infrastructures. Included in this document are performance data and recommendations for selecting the number and types of App-V components to use in an infrastructure.	February 16, 2009	Download the white paper
Microsoft Application Virtualization Version 4.5 Trial Guide	This guide is designed to help you quickly set up and evaluate a Microsoft Application Virtualization (App-V) environment. This guide outlines steps necessary to install Microsoft Application Virtualization server components, both System Center Application Virtualization Management Server and System Center Application Virtualization Streaming Server. You will install Microsoft Application Virtualization for Desktops, publish the shortcuts of sequenced applications, and then stream and run these virtual applications on App-V clients. You will learn to virtualize a select set of applications using System Center Application Virtualization Sequencer. You will also configure clients to run applications in a standalone environment.	August 27, 2009	Download the white paper
App-V Extensibility Today Before the SDK	This white paper presents administrators with the available tools to automate common tasks in App-V 4.5, including sample scenarios and examples using the tools.	September 19, 2008	Download the white paper
App-V Security Best Practices	This white paper provides administrators with the starting place for designing security into the App-V infrastructure. The white paper also describes recommended security configurations available in App-V today.	September 15, 2008	Download the white paper
App-V Security Operations Guide	The purpose of this white paper is to provide the App-V administrator with steps to configure security settings. Some of the security settings are well-known configurations within Windows and the appropriate links will be provided.	September 15, 2008	Download the white paper
Creating a New Application Virtualization 4.5 Database Using SQL Scripting	This white paper explains and documents the procedure to install the Microsoft Application Virtualization Server when the administrator installing does not have “sysadmin” privileges to the SQL Server.	October 6, 2009	Download the white paper
Microsoft Application Virtualization (App-V) 4.5 ADM Template	This white paper was designed to provide administrators with the steps necessary to deploy configuration for the App-V client with Group Policies. The App-V Client ADM Template was created to provide administrators with the ability to centrally manage the most commonly configured App-V client settings. A working knowledge of Group Policies in Active Directory is required to implement the ADM Template to the appropriate clients, and is not described in this document.	September 3, 2008	Download the white paper
App-V 4.5 Infrastructure Planning and Design Guide	Use the IPD guide to maximize your organization’s time with step by step guidance to ease you through the process of planning your application virtualization infrastructure.	September 29, 2008	Download the guide

App-V White Papers is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Mailbag – Deploying multiple editions of Office 2010 with App-V

2012-02-15T17:54:06Z

I’m not sure why I didn’t think of this earlier – I get emails from readers fairly regularly and many of them make great topics for blog posts. So here’s the first in a series of posts where I’ll cover interesting questions I get via email and where I think other readers will benefit from a public response.

I’ve removed personally identifiable information from the original email.

Question

We have set up Citrix / App-V environment and sequenced Office 2010 Pro Plus and we have installed the MSOffvirt kit [the Office 2010 Deployment Kit for App-V] using the Office Pro Plus Key on the Citrix PVS servers as part of the PVS image. Now our client has decided they also want to be able to deliver Office 2010 Std via app-v as well. Do we now need to change the license key that it is installed with the MSOffvirt kit or is there another way round it? We could of course silo it and have Office Pro Plus on some PVS servers and Office Standard on others.

Answer

My first recommendation would actually be against virtualizing the primary version Office, but I’ll assume that your Office requirements are simple and virtualizing Office with App-V is working OK for you.

It sounds like you’re already aware that App-V doesn’t really allow you to juggle different editions of Office on the same machine, as the Deployment Kit handles licensing, you can only add a single edition (e.g. Standard or Professional Plus) to any single machine. If you’ve already got an existing PVS image, I would recommend cracking it open, uninstalling the Deployment Kit and reinstalling using the product key for the edition you need in each image. That way you can ensure you have a clean image.

My ideal approach to this would be to build the PVS image from an unattended source (such as the Microsoft Deployment Toolkit) where you’ve changed the product key, rather than manually make changes to the image.

From a licensing perspective, Microsoft doesn’t provide you the right to license a device for Office 2010 Professional Plus and then deploy Standard edition to that device. You can read more on licensing in this document: Downgrade Rights – Microsoft Volume Licensing Programs, Original Equipment Manufacturer (OEM) License, and Full Packaged Product (FPP) License, February 2011

Mailbag – Deploying multiple editions of Office 2010 with App-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Reducing Profile Size with a Profile Clean Up Script – PowerShell Edition

2012-01-05T16:09:55Z

I recently posted a script for removing unnecessary files and pruning files based on their age, which can be used at logoff to keep profile sizes manageable - Reducing Profile Size with a Profile Clean Up Script.

Andrew Morgan (@andyjmorgan) has kindly translated my very basic VBscript to PowerShell. This can be used as a standalone script or the function (remove-itembyage) could be integrated into your own scripts and has the added benefit of in-built help and the ability to run silently.

Just like the original script, this could be executed at logoff, before the profile is saved back to the network, to perform two actions:

Delete all files of a specific file type in a specified folder, including sub-folders
Delete all files older than X days in a specified folder, including sub-folders

For example, you could use the script to delete all .log or temporary files below %APPDATA% that aren’t required to be roamed, or delete all Cookies older than 90 days to keep the Cookies folder to a manageable size.

Note: the script listing below has the -whatif parameter applied when calling the function, so no deletes will occur unless the parameter is removed.

function remove-itembyage{
    <#
        .SYNOPSIS
            remove items from folders recursively.

        .DESCRIPTION
            this function removes items older than a specified age from the target folder

        .PARAMETER Days
            Specifies the ammount of days since the file was last written to you wish to filter on.

        .PARAMETER Path
            Specifies the path to the folder you wish to search recursively.

        .PARAMETER Silent
            Instructs the function not to return any output.

         .EXAMPLE
            PS C:\> remove-itembyage -days 0 -path $recent

            This command searches the $recent directory, for any files, then deletes them.

        .EXAMPLE
            PS C:\> remove-itembyage -days 5 -path $recent

            This command searches the $recent directory, for files older than 5 days, then deletes them.

        .EXAMPLE
            PS C:\> remove-itembyage -days 10 -path $appdata -typefilter "txt,log"

            This command searches the $cookies directory, for files older than 10 days and end with txt or log extensions, then deletes them.

        .EXAMPLE
            PS C:\> remove-itembyage -days 10 -path $cookies -typefilter "txt,log" -silent

            This command searches the $cookies directory, for files older than 10 days and end with txt or log extensions, then deletes them without a report.

        .NOTES
            http://blog.stealthpuppy.com/user-virtualization/profile-clean-up-script-powershell-edition/ for support information.

        .LINK

http://blog.stealthpuppy.com/user-virtualization/profile-clean-up-script-powershell-edition/

    #>

    [cmdletbinding(SupportsShouldProcess=$True)]
    param(
        [Parameter(Mandatory=$true, Position=0,HelpMessage="Number of days to filter by, E.G. ""14""")]
        [int]$days,
        [Parameter(Mandatory=$true, Position=1,HelpMessage="Path to files you wish to delete")]
        [string]$path,
        [string]$typefilter,
        [switch]$silent)

    #check for silent switch
    if ($silent){$ea="Silentlycontinue"}
    Else {$ea="Continue"}

    #check for typefilter, creates an array if specified.
    if (!($typefilter)){$filter="*"}
    Else{$filter=foreach ($item in $typefilter.split(",")){$item.insert(0,"*.")}}

    if (test-path $path){
        $now=get-date
        $datefilter=$now.adddays(-$days)
        foreach ($file in get-childitem "$path\*" -recurse -force -include $filter | where {$_.PSIsContainer -eq $false -and $_.lastwritetime -le $datefilter -and $_.name -ne "desktop.ini"}){
            if (!($silent)){write-host "Deleting: $($file.fullname)"}
            remove-item -literalPath $file.fullname -force -ea $ea
        }#end for
    }#end if

    Else{
        if (!($silent)){write-warning "the path specified does not exist! ($path)"}
    }#end else
}#end function

#Get KnownFolder Paths
$appdata=$env:appdata
$Cookies=(new-object -com shell.application).namespace(289).Self.Path
$History=(new-object -com shell.application).namespace(34).Self.Path
$recent=(new-object -com shell.application).namespace(8).Self.Path
$profile=$env:userprofile

#commands
remove-itembyage -days 0 -path $appdata -typefilter "txt,log" -silent -whatif
remove-itembyage -days 90 -path $cookies -silent -whatif
remove-itembyage -days 14 -path $recent -silent -whatif
remove-itembyage -days 21 -path $history -silent -whatif
remove-itembyage -days 14 -path "$appdata\Microsoft\office\Recent" -silent -whatif

Reducing Profile Size with a Profile Clean Up Script – PowerShell Edition is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

App-V MVP renewed for 2012

2012-03-05T11:13:39Z

I was quite relieved and grateful to receive the Microsoft MVP award again for 2012:

Congratulations! We are pleased to present you with the 2012 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in App-V technical communities during the past year.

A big thank-you to the community, other App-V MVPs and the App-V product team. Here’s to another full year.

App-V MVP renewed for 2012 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Reducing Profile Size with a Profile Clean Up Script

2011-12-31T10:33:14Z

Windows profiles become larger over time – it’s an inescapable fact. This means that if you are using roaming profiles, logons (and logoff) will be longer and longer. It’s not just individual file sizes, but also the number of files stored in a profile that will make the synchronisation process slower.

One approach to reducing profile sizes is to exclude certain folders. A better solution is to ditch roaming profiles and use a third-party solution to manage roaming of the user environment.

However, there will still be folders that need to be roamed to maintain the experience that users expect when moving between devices (i.e. consistency). For those folders we can implement some maintenance to keep them at a manageable size – that is remove files that are not needed in a roaming profile (e.g. log files) or delete files older than a specific number of days.

Warning: there’s a reason that Windows doesn’t do this maintenance itself – only each application vendor will have an understanding of whether specific files are required or can be discarded (hence the roaming and local portions of AppData). However, as any experienced Windows admin knows – many vendors either don’t test for or don’t care about roaming scenarios, therefore I strongly recommend testing this approach before production deployment.

As a part of an upcoming version of this configuration, I’ve created a script that will execute at logoff, before the profile is saved back to the network, that will perform two actions:

Delete all files of a specific file type in a specified folder, including sub-folders
Delete all files older than X days in a specified folder, including sub-folders

So for example, you could use the script to delete all .log files below %APPDATA% or delete all Cookies older than 90 days.

The script is extremely simple on purpose and I recommend testing thoroughly before implementing – use at your own risk; however feedback is welcome.

' Profile clean up - remove unneeded or old files before logoff
' --------------------------------------------------------------
' Original scripts:
'	http://www.wisesoft.co.uk/scripts/vbscript_recursive_file_delete_by_extension.aspx
'	http://ss64.com/vb/syntax-profile.html
'	http://csi-windows.com/toolkit/csigetspecialfolder

'	Version 2.0; 27/12/2011

Option Explicit
On Error Resume Next 'Avoid file in use issues

Dim strExtensionsToDelete, strAppData, strUserProfile, objFSO, strCookies, strHistory, strRecent, objShellApp
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShellApp = CreateObject("Shell.Application")
Const CSIDL_COOKIES = "&H21"
Const CSIDL_HISTORY = "&H22"
Const CSIDL_RECENT = "&H08"
Const CSIDL_NETHOOD = "&H13"
Const CSIDL_APPDATA = "&H1A"
Const CSIDL_PROFILE = "&H28"

' Folder to delete files from (files will also be deleted from Subfolders)
strUserProfile = objShellApp.NameSpace(cint(CSIDL_PROFILE)).Self.Path
strAppData = objShellApp.NameSpace(cint(CSIDL_APPDATA)).Self.Path
strCookies = objShellApp.NameSpace(cint(CSIDL_COOKIES)).Self.Path
strHistory = objShellApp.NameSpace(cint(CSIDL_HISTORY)).Self.Path
strRecent = objShellApp.NameSpace(cint(CSIDL_RECENT)).Self.Path
strNetHood = objShellApp.NameSpace(cint(CSIDL_NETHOOD)).Self.Path

' Main
RecursiveDeleteByExtension strAppData, "tmp,log"
RecursiveDeleteOlder 90, strCookies
RecursiveDeleteOlder 14, strRecent
RecursiveDeleteOlder 21, strHistory
RecursiveDeleteOlder 21, strNetHood
RecursiveDeleteOlder 14, strAppData & "\Microsoft\Office\Recent"
'RecursiveDeleteOlder 5, strAppData & "\Sun\Java\Deployment\cache"
'RecursiveDeleteOlder 3, strAppData & "\Macromedia\Flash Player"
'RecursiveDeleteOlder 14, strUserProfile & "\Oracle Jar Cache"

Sub RecursiveDeleteByExtension(ByVal strPath,strExtensionsToDelete)
	' Walk through strPath and sub-folders and delete files of type strExtensionsToDelete
	Dim objFolder, objSubFolder, objFile, strExt

	If objFSO.FolderExists(strPath) = True Then
		Set objFolder = objFSO.GetFolder(strPath)
		For Each objFile in objFolder.Files
			For each strExt in Split(UCase(strExtensionsToDelete),",")
				If Right(UCase(objFile.Path),Len(strExt)+1) = "." & strExt then
					WScript.Echo "Deleting: " & objFile.Path
					objFile.Delete(True)
					Exit For
				End If
			Next
		Next
		For Each objSubFolder in objFolder.SubFolders
			RecursiveDeleteByExtension objSubFolder.Path,strExtensionsToDelete
		Next
	End If
End Sub

Sub RecursiveDeleteOlder(ByVal intDays,strPath)
	' Delete files from strPath that are more than intDays old
	Dim objFolder, objFile, objSubFolder

	If objFSO.FolderExists(strPath) = True Then
		Set objFolder = objFSO.GetFolder(strPath)
		For each objFile in objFolder.files
			If DateDiff("d", objFile.DateLastModified,Now) > intDays Then
				If UCase(objFile.Name) <> "DESKTOP.INI" Then  ' Ensure we don't delete desktop.ini
					WScript.Echo "Deleting: " & objFile.Path
					objFile.Delete(True)
				End If
			End If
		Next
		For Each objSubFolder in objFolder.SubFolders
			RecursiveDeleteOlder intDays,objSubFolder.Path
		Next
	End If
End Sub

Reducing Profile Size with a Profile Clean Up Script is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Don’t put yourself at risk by virtualizing Adobe Reader X

2011-12-11T10:19:29Z

Adobe released a new security advisory for Reader and Acrobat 9 and X this week to address details of an upcoming fix to these versions for a 0 day vulnerability. Exploits for this vulnerability exist for Reader and Acrobat 9 and are currently active:

A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

Since the release of Reader and Acrobat X, there have been no malware that has been effective against the Protected Mode (sandbox) feature of version X. From Adobe’s blog post on this issue:

I’d like to take this moment to encourage any remaining users still running Adobe Reader or Acrobat 9.x (or worse, older unsupported versions) to PLEASE upgrade to Adobe Reader or Acrobat X. We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install. Help us help you by running the latest version of the software!

If you have any version of Adobe Reader other than X deployed, you should seriously consider migrating to the new version as a matter of priority. That’s not “lets consider doing this in the next month” – you should stop reading this post and get started deploying Reader X now.

Furthermore if are deploying or have deployed Reader X, I can’t recommend virtualizing it with application virtualization. The reason for this is that Protected Mode is not compatible and is not supported with application virtualization. It doesn’t work with Citrix App Streaming, Microsoft App-V or VMware ThinApp (it may be possible with the current version of ThinApp, but I haven’t confirmed).

[Update: thanks to prompting from Dan Gough, I've confirmed that Protected Mode in Reader X (10.1.1), works under App-V 4.6.1.30091 (Hotfix 4)]

[Update 2: Protected Mode in Reader X is confirmed to work under ThinApp 4.6.2 and 4.7. You'll have to update your virtual applications and re-enable Protected Mode with the latest releases]

In short – leaving Protected Mode enabled will protect your users and devices and because Protected Mode has been incompatible with the isolation that application virtualisation introduces, I recommend that you do not deploy Reader X with application virtualization solutions unless you are using the very latest versions.

But.. what about those scenarios when a virtualized application needs to call a locally installed Reader X? Until the app virt vendors fully support Protected Mode, the best you can do is ensure that Protected Mode is only disabled when Reader runs within the virtualization environment (using a tool like PolicyPak) and is not completely disabled. Until then, the best we can do is cross our fingers and hope it doesn’t happen to us.

Don’t put yourself at risk by virtualizing Adobe Reader X is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Delivering Office with App-V – The Need for Profile Management

2011-11-24T09:27:50Z

Because Office is a core application of most desktop deployments, user interaction with Office and the user experience are important factors in the deployment of Office. From an administration perspective, providing a seamless user experience requires managing the user preferences of an application, independent of the application delivery method.

Multiple App-V packages are common

Microsoft recommends sequencing applications on the same operating system as the target clients are running. This means that if your target clients are running Windows XP and Windows 7, then you should create two App-V packages for each application – one for each operating system.

However, in practice it is often advisable to sequence on the lowest common denominator. In the example with Windows XP and Windows 7 clients, sequencing should be performed on Windows XP. In the event that a package does not then execute correctly on Windows 7, then the application should be re-sequenced on Windows 7.

The same applies to x86 and x64 processor architectures – if you are deliverying 32-bit applications to both x86 and x64 Windows, you should sequence in a 32-bit Windows environment. If you find that a 32-bit virtual application package executes OK on x86 Windows but not on x64 Windows, you will have to create two packages, one for each processor architecture.

There are several reasons for this, but they’re out of scope of a discussion on profile management; however what this highlights is that if you have multiple packages for the same application due to different operating systems and/or processor architectures, again the only way to improve the user experience is to rely on a third party profile management solution that works independently of the App-V package.

App-V and User Profiles

The default behaviour of App-V is to not only virtualize the application, but also the user profile locations for that application (HKEY_CURRENT_USER and %APPDATA%). This means that that profile information for the Microsoft Office packages will be stored, in its entirety, in the PKG.

The implication of this is that the settings for a virtualized Office package will be specific to that package – that is, a user’s Office settings will not only be specific to a version of Office but also specific to an individual Office package.

Consider the following scenarios:

A user moves between desktops where Office Standard has been deployed to the first desktop, but Office Professional has been deployed to the second. These will be different App-V packages, so by default, no user preferences will be shared
You create an Office package which has been released to production and later find issues with the package that requires re-creating it from scratch – user preferences from the old package will not be shared with the new package
You find that you need to create multiple Office packages for different platforms – for example a package for desktops and a package for Remote Desktop Session Host servers. These are separate App-V packages and user preferences will not be consistent across those packages

Each scenario will result in separate App-V packages for the same applications.

If you need to upgrade a package or migrate between Office versions, you now have a further challenge that you would not have if Office were installed instead of virtualized.

By implementing a 3^rd party profile management solution, you gain the ability to manage user’s Office preferences independent of the Office version (App-V package version or Office version) and remove the reliance on a specific Office package. A profile management solution will allow you to create, update and re-create Office packages without affecting the end-user experience.

What solution should I use?

The user profile management or user state virtualization tools built into Windows aren’t able to see into the App-V virtual environment and therefore aren’t able to manage an application user preferences independent of the App-V package. If you would like to manage user preferences more granularly, a 3^rd party solution will be required.

A profile management solution that is capable of managing user preferences inside and across App-V packages will provide you with the flexibility and consistency of user experience required to support a core application like Microsoft Office. Without providing users with a consistent user experience or one that matches their existing Office deployments, user acceptance will be low.

For an objective comparison of the 3^rd party solutions available, see the following white paper: UEM Smackdown: Head-to-head analysis of Appsense, Citrix, Immidio, Liquidware Labs, Microsoft, Quest, RES, Scense, Tricerat and others

Delivering Office with App-V – The Need for Profile Management is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

An Archive and Analysis of #AppV Tweets

2011-11-10T12:32:34Z

Several months ago, I used the The Archivist to create an archive and analysis of tweets with the #AppV hash tag. 1,740 tweets later (not all of which I’m sure are App-V related), we get an interesting picture of conversations around App-V. To view the archive visit this URL: http://bit.ly/appvarchive

The top users who have been tweeting about App-V over the past several months:

Quite a few of the top URLs have already expired or link to non-existent pages. What’s interesting though, is most of the top URLs link to several App-V videos on TechNet – I had hoped that community created content might feature more prominently.

It’s an interesting exercise and although the graphs that are rendered are a little buggy, I think the data is worthwhile reviewing.

An Archive and Analysis of #AppV Tweets is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Sequencing Mozilla Firefox 8

2011-12-08T10:25:57Z

Mozilla has just released Firefox 8, so it’s time to look at virtualizing the new version. It’s a simple task to virtualize Firefox, as it lends itself well to application virtualization; however getting it right takes a little more effort. Here’s how to successfully sequence Mozilla Firefox 8.x.

What you lose by virtualizing Firefox

Virtualizing Firefox with App-V will isolate the application from the OS, so the following features will not be available once Firefox has been sequenced:

Firefox Jump Lists in the Start Menu and Taskbar
The ability set the browser as default

Firefox features to disable

There are a couple of features that should be disabled when running Firefox under App-V:

Automatic updates for Firefox – Options / Advanced / Update – Automatically check for updates to: Firefox. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
Default browser check – Options / Advanced / General – Always check to see if Firefox is the default browser on startup. Once Firefox is isolated from the OS, the user won’t be able to make it the default browser

I will cover using a couple of customisation to ensure these features are disabled for any new Firefox profile.

Managing the Firefox profile – virtualize or not?

Firefox stores preferences, extensions and other user data in:

%APPDATA%\Mozilla (preferences, bookmarks etc.); and
%LOCALAPPDATA%\Mozilla (browser cache)

The default behaviour of the App-V Sequencer is to exclude %LOCALAPPDATA% – this is a good thing and I don’t recommend removing this exclusion. %APPDATA% will be included by default and whether you leave this location included in the package will depend on your specific deployment requirements; however my recommendation is to exclude this location by adding %CSIDL_APPDATA%\Mozillato the exclusion list in your sequence. On the client, Firefox will then create a new profile in the real file system when the user starts the browser for the first time. There are several reasons why this approach is a good idea:

Some of the configuration files within the Firefox profile include hard-codes paths – challenging if your App-V virtual drive changes between clients
Virtualizing the profile increases the complexity of upgrading Firefox packages especially challenging given Mozilla’s new approach to Firefox releases. By storing the Firefox profile on the real file system, Firefox can be deployed via completely unrelated packages – no need to create upgrade versions
Users can potentially create multiple Firefox profiles, with each stored in the users’ PKG file. The minimum size for a new Firefox profile is 12Mb – the PKG file will grow by 12Mb for each new Firefox profile created

By excluding %APPDATA% and not virtualizing the user profile you will gain some flexibility with your Firefox deployment.

Configuring Firefox Defaults

If a Firefox profile is not virtualized within the package any options set during the monitoring phase won’t be captured. Fortunately Firefox can be configured with defaults for any new profile so that it will contain your required configuration options.

Mozilla has made it easy to deploy custom default settings and preferences – by adding files to %ProgramFiles%\Mozilla Firefox\defaults\profile (change the path to suit your environment), new Firefox profiles will pick up a copy of these files when the profile is created. I will walk through adding a couple of files to this location to ensure that any new Firefox profile receives the required settings. You can find more detailed documentation on these features in the following articles:

To enforce user settings we can leverage user.js and the use UserChrome.css to remove those user interface elements. Available below is a copy of user.js that disables automatic updates of Firefox and checking whether it is the default browser:

Firefox user.js

A simple approach to extending the options in user.js and prefs.js is to install Firefox and configure it the way you would like. Then open prefs.js from the new profile and use the entries to create custom versions.

Available here is a copy of userChrome.css that will remove from the user interface the options to enable browser updates and set Firefox as the default browser:

Firefox userChrome.css

Sequencing Platform

I have sequenced Firefox 8 on a clean Windows 7 SP1 x86 VM with all current updates and no other applications other than the App-V Sequencer. I’ve configured a Q: drive using a second vDisk, rather than let the Sequencer create a Q: drive for me. I’ve used a VFS install and tested successfully; however if you would prefer a MNT install just change the install folder when installing Firefox

The Firefox version available from Mozilla is an x86 application (x64 build are available from other sources), so I generally recommend sequencing Firefox on Windows 7 x86 virtual machine even though you may be deploying to 64-bit Windows. However confirm this in your own environment and re-sequence for 64-bit platforms if required.

Sequencer Configuration

Before Sequencing, add the following exclusions:

%CSIDL_APPDATA%\Mozilla
%CSIDL_COMMON_APPDATA%\Microsoft\RAC
\REGISTRY\USER\%SFT_SID%\Software\Microsoft\Windows\CurrentVersion\Internet Settings

If you are adding Adobe Flash Player to the package, add these exclusions as well:

%CSIDL_APPDATA%\Adobe
%CSIDL_APPDATA%\Macromedia
%CSIDL_WINDOWS%\Installer

I have included these in a Package Template for Firefox that you can download from here:

App-V Package Template for Firefox

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. Sequencing Firefox will require the following steps:

Install Firefox
Configure profile defaults
Optionally add global add-ons and install plug-ins such as Adobe Flash Player

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Firefox package if required.

Mozilla Firefox installer command line arguments – use the INI file approach to control where Firefox is installed and to prevent the addition of a desktop shortcut, if required
After installing Firefox, copy user.js to %ProgramFiles%\Mozilla Firefox\defaults\profile
Copy userChrome.css to %ProgramFiles%\Mozilla Firefox\defaults\profile\chrome
Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
If you are including Adobe Flash player in the package, be sure to disable the auto-update notification

For an example script that will automate the install and configuration of Firefox, see the script below:

@ECHO OFF
SET SOURCE=%~dp0
SET SOURCE=%SOURCE:~0,-2%

REM Create the Firefox answer file
ECHO [Install] > %SOURCE%\Firefox8.ini
ECHO ; InstallDirectoryName=Firefox8 >> %SOURCE%\Firefox8.ini
ECHO ; InstallDirectoryPath=Q:\MozillaFirefox8_en-GB >> %SOURCE%\Firefox8.ini
ECHO QuickLaunchShortcut=false >> %SOURCE%\Firefox8.ini
ECHO DesktopShortcut=false >> %SOURCE%\Firefox8.ini
ECHO StartMenuShortcuts=true >> %SOURCE%\Firefox8.ini
REM Install Firefox - the START command will not work if the Firefox setup filename includes spaces
START /WAIT FirefoxSetup8.exe /INI=%SOURCE%\Firefox8.ini

REM Configure Firefox profile defaults
MD "%ProgramFiles%\Mozilla Firefox\defaults\profile\chrome"
COPY %SOURCE%\user.js "%ProgramFiles%\Mozilla Firefox\defaults\profile\user.js"
COPY %SOURCE%\userChrome.css "%ProgramFiles%\Mozilla Firefox\defaults\profile\chrome\userChrome.css"

Shortcuts

If the monitoring phase was successful the Sequencer should create a single shortcut for Firefox. If you are including Flash Player, add an additional shortcut for the Flash Player Control Panel applet using “C:\Windows\System32\FlashPlayerCPLApp.cpl” as the target.

First Run Tasks and Primary Feature Block

If the steps above have been followed for exclusions, installation and configuration of Firefox, there will be no first run tasks to complete. Additionally the resultant package will be reasonably small so there is no need to create the Primary Feature Block. Because you don’t need to complete first run tasks or create the Primary Feature Block, you could automate the entire end-to-end process of creating a Firefox package using the App-V Sequencer command-line interface.

Finally

Save your package and deploy. With compression enabled, the package should be around 22Mb.

Sequencing Mozilla Firefox 8 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Sequencing Google Chrome 15

2011-11-29T21:08:31Z

Here’s how to successfully sequence Google Chrome 15; however the same approach should work for Chrome 13, 14 and 16 and maybe even some other versions.

What you lose by virtualizing Chrome

Virtualizing Chrome with App-V will isolate the application from the OS, so the following features will not be available once Chrome has been sequenced:

Chrome Jump Lists in the Start Menu and Taskbar
The ability set the browser as default
The Chrome sandbox (maybe)

Note: Note that disabling the sandbox will reduce the browser security. This is not recommended and as such, I actually do not recommend virtualizing Chrome, if it is to be your regular browser.

Managing the Chrome profile – virtualize or not?

Chrome stores preferences, extensions and other user datain:

%LOCALAPPDATA%\Google\Chrome\User Data\Default (preferences, bookmarks etc. and browser cache)

I don’t know why Google has chosen this location by default, however I suspect that it may be to encourage users to signup for a Google account to enable the native syncing features of the browser. The Chrome User Data folder can become very large and that’s without the Cache folder. You could potentially hit the limit of the user PKG file size.

Whether you the Chrome user profile in the package will depend on your specific deployment requirements; however my recommendation is to use this sync feature and leave the User Data outside of the App-V package.

There are a couple of reasons why this approach is a good idea:

Some of the configuration files within the Chrome profile include hard-codes paths – challenging if your App-V virtual drive changes between clients
Virtualizing the profile increases the complexity of upgrading Chrome packages especially challenging given how often the browser is updated. By storing the Chrome profile on the real file system, Chrome can be deployed via completely unrelated packages – no need to create upgrade versions

By not virtualizing the user profile you will gain some flexibility with your Chrome deployment.

However, if you absolutely must place the Chrome profile in the virtual environment, then here’s a couple of approaches to including the User Data folder in the App-V package:

Use the –user-data-dir and –disk-cache-dir command line parameters to specify an alternate location for the User Data and Cache folders
Remove the exclusions for the Local AppData location from the Sequencer before sequencing

For the first approach, add the parameters to the command line, placing the User Data folder in the roaming portion of the profile and the browser cache in the local portion:

chrome --user-data-dir=%AppData%\Google\Chrome\User Data --disk-cache-dir=%LocalAppData%\Google\Chrome\User Data

The second approach doesn’t require any command line parameters, but it will require modifying the default Sequencer exclusions and some scripting:

Remove the default exclusions of %CSIDL_LOCAL_APPDATA% and %CSIDL_PROFILE%\Local Settings
Add an exclusion for %CSIDL_LOCAL_APPDATA%\Google\Chrome\User Data\Default\Cache or %CSIDL_PROFILE%\Local Settings\Google\Chrome\User Data\Default\Cache, depending on the operating system you are sequencing on
Post sequencing, set the folder to Merge with Local and add a pre-launch script that creates the Cache folder outside of the virtual environment

The first approach would be the easiest way to go.

Chrome features to disable

There are a couple of features that should be disabled when running Chrome under App-V:

Browser auto updates. Chrome updates should be delivered via new App-V packages
Default browser check. Once Chrome is isolated from the OS, the user won’t be able to make it the default browser

Disabling browser auto updates on Windows requires setting a policy. This can be done via Group Policy, delivered post sequence, or placing the policy directly into the package. To deliver the setting via Group Policy, ensure that the Policies key is not captured in the package.

To set the policy during sequencing, run the following command:

REG ADD HKLM\SOFTWARE\Policies\Google\Update /v AutoUpdateCheckPeriodMinutes /d 0 /t REG_SZ /f

Google Update should also be excluded from the package, which I discuss below. The default browser check can be disabled with a couple of approaches including the master preferences file.

Configuring Chrome Defaults

If a Chrome profile is not virtualized within the package any options set during the monitoring phase won’t be captured. Fortunately Chrome can be configured with defaults for any new profile so that it will contain your required configuration options. Google has made it simple to deploy custom default settings and preferences – by adding a preference file to the same folder where Chrome is installed, Chrome will use these master preferences for any new user who runs Chrome.

For information on what these master preferences are, see the Chromium administrators documentation on master preferences. I’ve included a sample master_preferences file in which I have set several defaults including removing the default browser check, preventing Google from adding a shortcut to the user’s desktop on first run and setting a home page.

Google Chrome Master Preferences

Remove the .txt file extension to use

Sequencing Platform

I have sequenced Google Chrome 15.0.874.106 on a clean Windows 7 SP1 x86 VM with all current updates and no other applications other than the App-V Sequencer. I’ve configured a Q: drive using a second vDisk. I’ve used a VFS install because installing Chrome to the Q: drive isn’t an option, unless you want to move the application manually.

Sequencer Configuration

Before Sequencing, add the following exclusions:

\REGISTRY\USER\%SFT_SID%\Software\Microsoft\Windows\CurrentVersion\Internet Settings
%CSIDL_COMMON_APPDATA%\Microsoft\RAC
%CSIDL_WINDOWS%\Microsoft.NET
%CSIDL_WINDOWS%\Installer
%CSIDL_PROGRAM_FILES%\Google\Update
%CSIDL_WINDOWS%\Tasks

The last two exclusions will prevent Google Update related binaries from being captured. Additionally disable the option to “Allow Virtualization of Services” to prevent the capture of the Google Update services.

I have included these options in a Package Template for Chrome that you can download here:

Google Chrome App-V Sequence Template

Sequencing Chrome

Download the Google Chrome Enterprise (or MSI) installer. Sequencing Chrome will require the following steps:

Install Chrome using the Windows Installer file
Delete the cached copy of the Chrome installer, which won’t be required once delivered with App-V
Move chrome.exe to the same folder as the current version’s binaries (or vice-versa).

With the default folder structure, Chrome will execute during sequencing, but won’t execute once delivered to a client. The debug.log file will contain entries similar to this:

[1106/180706:ERROR:client_util.cc(231)] Could not get Chrome DLL version.
[1106/180706:ERROR:client_util.cc(268)] Could not find exported function RelaunchChromeBrowserWithNewCommandLineIfNeeded

Copy the master_preferences file to the same location as chrome.exe to configure user profile defaults
Disable browser auto updates
Prevent the Sequencer from deleting the Chrome application folder once the monitoring phase is finished. To see why the Sequencer may process a reboot task that deletes the Chrome install folder read this article: The Case of the Disappearing Application during Sequencing.

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Chrome package if required. Here’s an example script that will perform the tasks above:

START /WAIT GoogleChromeStandaloneEnterprise.MSI ALLUSERS=TRUE /QB-
RD /Q /S "%ProgramFiles%\Google\Chrome\Application\15.0.874.106\Installer"
ROBOCOPY "%ProgramFiles%\Google\Chrome\Application\15.0.874.106" "%ProgramFiles%\Google\Chrome\Application" /mov /e
COPY master_preferences "%ProgramFiles%\Google\Chrome\Application\master_preferences
REG ADD HKLM\SOFTWARE\Policies\Google\Update /v AutoUpdateCheckPeriodMinutes /d 0 /t REG_SZ /f
REG ADD "HKLM\System\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations /d "" /t REG_MULTI_SZ /f

Shortcuts

For Chrome to run successfully under App-V there are a few additional command line parameters that will need to be added to the Chrome shortcut at the configure applications stage:

–disable-custom-jumplist: Disables the Windows 7 Jump List, which doesn’t work once Chrome is virtualized any way
–no-default-browser-check: A further flag to prevent the browser from prompting the user to set it as default
–in-process-plugins: Run plugins inside the renderer process. May be optional, but has been required in the past when virtualizing Chrome
–no-sandbox: Not required; however I have found that extensions do not install if this parameter has not been added

For the full list of command-line parameters for Chrome and Chromium see this page: List of Chromium Command Line Switches

With the sandbox running, you will see an error similar to this when attempting to add an extension:

Note: Note that disabling the sandbox will reduce the browser security. I recommend testing the browser functionality and see if you can get away without disabling the sandbox.

The browser will notify you when the sandbox is disabled:

First Run Tasks and Primary Feature Block

If the steps above have been followed for exclusions, installation and configuration of Chrome, there will be no first run tasks to complete. Additionally the resultant package will be reasonably small so there is no need to create the Primary Feature Block. Because you don’t need to complete first run tasks or create the Primary Feature Block, you could automate the entire end-to-end process of creating a Chrome package using the App-V Sequencer command-line interface.

Finally

Save your package and deploy. With compression enabled, the package should be around 36Mb.

Sequencing Google Chrome 15 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

The Case of the Disappearing Application during Sequencing

2011-11-04T16:30:11Z

In the official Microsoft TechNet forums, a question had been asked about sequencing Google Chrome and the poster states that when using the Chrome Enterprise Installer (a downloadable MSI for deployment inside an organisation), Chrome installs OK during the monitoring phase, but the folder is deleted at the end of monitoring and thus isn’t captured.

I thought that that behaviour was a little strange, so decided to test this out myself and to my surprise I could replicate the issue. To track down what was going on, I had to perform some troubleshooting.

I tested this on a virtual machine running Windows 7 SP1 x86 and could see from browsing to the Google installation folder (C:\Program Files\Google\Chrome) that the Application sub-folder was being removed after the monitoring phase was complete. To work out which process was deleting the folder, I’ve used Process Monitor. To see what was going on, I’ve reset my VM back to a clean snapshot, started the App-V Sequencer and Process Monitor and set a filter in Process Monitor for Path beginning with C:\Program Files\Google\Chrome\Application and then re-started the sequencing process.

With this filter, I was able to see that the process that was deleting the folder is the Sequencer itself (SFTSequencer.exe). Click the screenshot for a larger view.

The next most obvious place to look then is the Sequencer log file, hopefully it will hold some information about why the folder is being deleted. To view the Sequencer log, browse to C:\Program Files\Microsoft Application Virtualization Sequencer\Logs and open sft-seq-log.txt.

In this file I can see a number of lines where the Sequencer is attempting to copy files that no longer exist:

[11/03/2011 21:45:34 VRB VFSX] ...failed getting long path name for the file (C:\Program Files\Google\Chrome). Error: 2
[11/03/2011 21:45:34 VRB CORE] GetShortPathName failure using: C:\Program Files\Google\Chrome. Error is: 2
[11/03/2011 21:45:34 VRB CORE] Could not copy C:\Program Files\Google\Chrome to Q:\Google Chrome\VFS\CSIDL_PROGRAM_FILES\Google\Chrome.  Error is: 2.
[11/03/2011 21:45:34 VRB VFSX] ...failed getting long path name for the file (C:\Program Files\Google\Chrome\Application). Error: 3
[11/03/2011 21:45:34 VRB CORE] GetShortPathName failure using: C:\Program Files\Google\Chrome. Error is: 2
[11/03/2011 21:45:34 VRB CORE] Could not copy C:\Program Files\Google\Chrome to Q:\Google Chrome\VFS\CSIDL_PROGRAM_FILES\Google\Chrome.  Error is: 2.
[11/03/2011 21:45:34 VRB CORE] CopyResourceToVFS failed.
[11/03/2011 21:45:34 VRB VFSX] ...failed getting long path name for the file (C:\Program Files\Google\Chrome\Application\15.0.874.106). Error: 3
[11/03/2011 21:45:34 VRB CORE] GetShortPathName failure using: C:\Program Files\Google\Chrome. Error is: 2
[11/03/2011 21:45:34 VRB CORE] Could not copy C:\Program Files\Google\Chrome to Q:\Google Chrome\VFS\CSIDL_PROGRAM_FILES\Google\Chrome.  Error is: 2.
[11/03/2011 21:45:34 VRB CORE] CopyResourceToVFS failed.

A few lines previous to these is this line:

[11/03/2011 21:45:26 VRB RTSK] Reboot processing detected need to delete \??\C:\Program Files\Google\Chrome.

The Sequencer is doing exactly what’s it being told to do – process a reboot task at the end of the monitoring phase and delete the application. Interestingly though, only the Application sub-folder is being deleted, not the entire Chrome parent folder.

To get an idea of why, I’ve used WhyReboot, a fantastic free tool for finding out why a reboot has been requested. How many times have you suspected that an application installer asks to reboot Windows when it’s not actually needed?

Going through the sequencing process again and running WhyReboot before ending monitoring, gives me an idea of why the reboot has been requested:

Note: I could also use PendMoves another Sysinternals tool to query this information as well.

PendingFileRenameOperations is a Registry value that lists file system operations that must be processed during a reboot or shutdown. Generally these types of operations need to be processed on reboot because there are open file handles that are only released once the system shuts down.

So what’s writing this entry to PendingFileRenameOperations and why does this only happen during sequencing? To find out, I’ve reached for Process Monitor again, but unfortunately I haven’t been able find which process is writing to the PendingFileRenameOperations value, as Process Monitor didn’t find any RegSetValue operations.

Circumstantial evidence points to SETUP.EXE, but without Process Monitor giving me more information I can’t say for sure. I do however, have a workaround that allow me to sequence Chrome – before finishing the monitoring phase, I clear the PendingFileRenameOperations data with this command:

REG ADD "HKLM\System\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations /d "" /t REG_MULTI_SZ /f

The Case of the Disappearing Application during Sequencing is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

One profile, or Two, or Three, or…

2011-10-28T16:29:28Z

Surely one of the main goals of any good desktop delivery project is to remove the user’s reliance on any single device?

To achieve that goal, we need to ensure that the user’s environment is available across any device. Whether the desktop is a physical PC, Remote Desktop server or running on a virtual machine in the data centre, providing the user with a consistent view of their applications allows them to be productive as soon as they logon.

Once we achieve device independence, users should rightly expect that their data and preferences will be available where ever they logon. At least, that’s what I would expect – I don’t care too much how I access an application, I’d like some consistency when I do access them. I’d like my favourites to follow me (Google got this right with Chrome), I’d like my application settings to follow me, and of course my data as well.

How do we do this in a corporate environment today, with multiple operating systems and often multiple versions of an application? I can bet you aren’t achieving that with standard Roaming Profiles.

I’ve recently finished working on a project consisting of migrating to Windows 7 which also includes delivering desktops and applications using Citrix XenDesktop and XenApp. A key component of the migration was to provide users with some consistency across those desktops.

That’s not as simple as task as it may sound. How do you migrate user settings and preferences from the previous operating system and roam settings between Windows 7 and Windows Server 2008 R2 (and with any luck, back again)?

Another barrier, and a surprising one to me, is that (depending on the size of the organisation) all architecture and engineering teams need to be on board with the roaming train. Having dealt with a team that was responsible for some of the core applications, who didn’t understand roaming, clear direction on the approach to the user environment is critical.

So my goal has been is this – provide the user with a single set of preferences across all operating systems. Even moving those preferences to down level versions of Windows if the project demands it. There will always be a certain subset of preferences that can’t be moved across Windows versions; however for the most part this is achievable.

I asserted this during my sessions at BriForum this year, in London and Chicago, User Environment Smack Down – a single profile per user provides the best user experience.

However what if you don’t want that? Perhaps it’s a valid approach for a user to have completely separate profiles per machine. So I thought that a completely non-scientific poll might be an interesting way to find out your thoughts. Have you say by voting in the poll embedded below:

Take Our Poll

So how do you get to a single profile? For an independent review of the 3rd party solutions available for achieving a consistent user environment regardless of device, download the User Environment Smack Down white paper from brianmadden.com. We’ve been hard at work on version 1.1 which is due very soon.

One profile, or Two, or Three, or… is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Comparing User Profiles Sizes for Microsoft Office Suites

2011-10-26T11:13:04Z

I’ve been doing some work recently virtualizing various versions of Office in App-V plus managing user preferences for those Office packages. Here’s something interesting that I’ve found – the size of the profile settings for a default installation of Office 2010 is massively different in size over previous versions of Office.

Here’s a look at my user profile where I’ve been running Office 2010, Office 2007 and Office 2003 and capturing the user preferences for those applications with a third-party management tool:

In this screenshot, the profile sizes for each versions of Office breaks down like this:

Office 2010 – 7150Kb
Office 2007 – 767Kb
Office 2003 – 33Kb

And that’s compressed too. So in my profile, the user preferences for Office 2010 are 9 times larger than for Office 2007 and 216 times larger than the preferences for Office 2003!

If you’re in the process of or have upgraded to Office 2010, have you thought about the additional data that you’ll be managing (whether proactively or not)? If you’re stuck with “managing” user preferences with Roaming Profiles, you’re just masking this issue and will have no real insight into how much space this stuff is consuming.

What do you do about it? I think the only solution is to use a third party user environment management (or user virtualization, if you like) solution from one of the vendors covered in this white paper: User Environment Management Smackdown*. Go read it to find out what you can do with a solution that actually manages the user layer.

*OK, yes it’s a shameless plug – I helped write the paper.

Comparing User Profiles Sizes for Microsoft Office Suites is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Delivering Office with App-V – Error 0×80070424 installing the Office 2010 Deployment Kit

2011-10-31T14:41:09Z

If you have issues installing the Office 2010 Deployment Kit for App-V (OffVirt.msi) to install the licensing component for a virtualized Office 2010 package, it may fail to install. A typical command line to install the licensing component look like this:

START /WAIT MSIEXEC /I OffVirt.msi PROPLUS=1 PROJECTPRO=1 VISIOPRO=1

However, by default OffVirt.msi runs silently and offers no errors, so to troubleshoot we need to log the install to a file (using the /l*v switch). In the log, you might find lines similar to the following:

CAInstallLicenses: OMSICA : Initializing CustomAction CAInstallLicenses
CAInstallLicenses: Populating the Token Store
CAInstallLicenses: Installing license: sl.RAC.GENERIC.PRIVATE
CAInstallLicenses: Error: Failed to open Token Store HResult: 0x80070424.

Toward the end of the log, the Windows Installer will report a return code of 1603:

CustomAction CAInstallLicenses returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

Fortunately the fix is easy – ensure the correct OffVirt.msi for your target platform is used. Windows x86 requires the 32-bit version and Windows x64 requires the 64-bit version. Note that the version of OffVirt.msi that you use is for the target Windows platform, not the Office 2010 package you have sequenced.

Delivering Office with App-V – Error 0×80070424 installing the Office 2010 Deployment Kit is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Delivering Office with App-V – The User Profile

2011-10-31T14:41:23Z

If you follow any of the following guidance from Microsoft for sequencing Office with App-V:

you will end up with a package that will include the following folders in the virtualized user profile (those folders captured during sequencing that will end up in the PKG file):

The folders captured under %CSIDL_APPDATA%\Microsoft are those folders that have been created during the first-run tasks – folders created when you launch an Office application and perform some standard tasks.

If you’re familiar with delivering applications with App-V (or any type of application virtualization platform) and managing the user environment, the portions of the user profile for an application will also be virtualized (unless you do something like this) and will end up in the PKG file.

To see what this looks like at runtime, here’s a view of a profile before running Office applications that have been delivered by App-V:

After executing each of the Office applications in the package (I’ve used a package with Office 2010 Professional Plus with Visio and Project) and using just about every feature in those applications:

There’s an additional 10 folders that have been created with 8 of those related to Office. This has left me with the majority of the Office user profile being virtualized and stored in the PKG file, whilst the rest is now stored on the real file system. This probably doesn’t have too much impact to the user if I’m using Roaming Profiles so that Office settings follow the user, but what happens for support?

The service desk now has to manage Office settings for the user in two places. If the aim is repair the Office settings by resetting the App-V package deleting the PKG file, a portion of the Office settings will remain. This is not an ideal solution – the profile for an application should virtualized entirely or not be virtualized at all.

Do that, you will need to add an additional step during sequencing – create those folders that during the monitoring phase. I do this via a script (that also installs and configures Office) that will create the folders listed in the table below. If you do that, the entire Office profile will now be virtualized.

Folder
%APPDATA%\Microsoft\AddIns
%APPDATA%\Microsoft\Bibliography
%APPDATA%\Microsoft\Clip Organizer
%APPDATA%\Microsoft\CLView
%APPDATA%\Microsoft\Document Building Blocks
%APPDATA%\Microsoft\Excel
%APPDATA%\Microsoft\Forms
%APPDATA%\Microsoft\InterConnect
%APPDATA%\Microsoft\MS Project
%APPDATA%\Microsoft\Office
%APPDATA%\Microsoft\OneNote
%APPDATA%\Microsoft\Outlook
%APPDATA%\Microsoft\PowerPoint
%APPDATA%\Microsoft\Proof
%APPDATA%\Microsoft\Publisher
%APPDATA%\Microsoft\Publisher Building Blocks
%APPDATA%\Microsoft\Queries
%APPDATA%\Microsoft\QuickStyles
%APPDATA%\Microsoft\SharePoint Designer
%APPDATA%\Microsoft\Signatures
%APPDATA%\Microsoft\Stationery
%APPDATA%\Microsoft\Templates
%APPDATA%\Microsoft\UProof
%APPDATA%\Microsoft\Word
%APPDATA%\Microsoft\Media Catalog
%APPDATA%\Microsoft\Graph
%APPDATA%\Microsoft\InfoPath
%APPDATA%\Microsoft\Themes
%APPDATA%\Microsoft\OIS
%APPDATA%\Microsoft\VSTAHost
%APPDATA%\Microsoft\VSCommon
%APPDATA%\Microsoft\VSTA
%APPDATA%\Microsoft\Web Server Extensions
%APPDATA%\Microsoft\IMJP10
%APPDATA%\Microsoft\IME12
%APPDATA%\Microsoft\IMJP8_1
%APPDATA%\Microsoft\IMJP9_0
%APPDATA%\Microsoft\IMJP12

Delivering Office with App-V – The User Profile is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Delivering Office with App-V – The Deployment Kit and Product Key issues

2011-10-31T14:40:42Z

When attempting to install the Office 2010 Deployment Kit for App-V using a MAK activation key, via the following command-line (or similar):

MSIEXEC /I OffVirt.msi PIDKEYS=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX USEROPERATIONS=1

You might receive the following error:

This is due to the key used on the command line and not actually any pre-existing component of Office, as the message suggests. If you are not using a MAK key – that is a key available for a volume license deployment of Office, then the installation will result in the error above. The only way to fix this issue is to ensure you are using a MAK or KMS key for Office 2010.

Keys from Retail or boxed media, or a TechNet or MSDN subscription cannot be used for deploying Office 2010 via App-V. Making it particularly difficult for those looking to get experience virtualizing Office 2010 with App-V without purchasing a volume license.

(Neither the Office or App-V teams at Microsoft have any control over keys available on TechNet or MSDN)

Delivering Office with App-V – The Deployment Kit and Product Key issues is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Sequencing Mozilla Firefox 7

2011-10-23T21:54:24Z

It’s easy to virtualize Firefox with App-V; however getting it right takes a little more effort. Here’s how to successfully sequence Mozilla Firefox 7.x.

What you lose by virtualizing Firefox

Virtualizing Firefox with App-V will isolate the application from the OS, so the following features will not be available once Firefox has been sequenced:

Firefox Jump Lists in the Start Menu and Taskbar
The ability set the browser as default

Managing the Firefox profile – virtualize or not?

Firefox stores preferences, extensions and other user data in:

%APPDATA%\Mozilla (preferences, bookmarks etc.); and
%LOCALAPPDATA%\Mozilla (browser cache)

The default behaviour of the App-V Sequencer is to exclude %LOCALAPPDATA% – this is a good thing and I don’t recommend removing this exclusion.

%APPDATA% will be included by default and whether you leave this location included in the package will depend on your specific deployment requirements; however my recommendation is to exclude this location by adding %CSIDL_APPDATA%\Mozilla to the exclusion list in your sequence. On the client, Firefox will then create a new profile in the real file system when the user starts the browser for the first time.

There are several reasons why this approach is a good idea:

Some of the configuration files within the Firefox profile include hard-codes paths – challenging if your App-V virtual drive changes between clients
Virtualizing the profile increases the complexity of upgrading Firefox packages especially challenging given Mozilla’s new approach to Firefox releases. By storing the Firefox profile on the real file system, Firefox can be deployed via completely unrelated packages – no need to create upgrade versions
Users can potentially create multiple Firefox profiles, with each stored in the users’ PKG file. The minimum size for a new Firefox profile is 12Mb – the PKG file will grow by 12Mb for each new Firefox profile created

By excluding %APPDATA% and not virtualizing the user profile you will gain some flexibility with your Firefox deployment.

Configuring Firefox Defaults

Mozilla has made it easy to deploy custom default settings and preferences – by adding files to %ProgramFiles%\Mozilla Firefox\defaults\profile, new Firefox profiles will pick up a copy of these files when the profile is created.

I will walk through adding a couple of files to this location for to ensure that any new Firefox profile receives the required ; however you can find more detailed documentation on this feature in the following articles:

Enterprise Build Of Firefox For Deployment

Firefox features to disable

There are a couple of features that should be disabled when running Firefox under App-V:

Automatic updates for Firefox – Options / Advanced / Update – Automatically check for updates to: Firefox. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
Default browser check – Options / Advanced / General – Always check to see if Firefox is the default browser on startup. Once Firefox is isolated from the OS, the user won’t be able to make it the default browser

user.js is used to configure Firefox options and enforce them and UserChrome.css is used to remove those options from the user interface.

Available below is a copy of user.js that disables automatic updates of Firefox and checking whether it is the default browser:

Firefox user.js

Here is a copy of userChrome.css that will remove updates and default browser options from user interface:

Firefox userChrome.css

Sequencing Platform

The Firefox version available from Mozilla is an x86 application (x64 build are available from other sources), so I recommend sequencing Firefox on Windows 7 x86 virtual machine even though you may be deploying to 64-bit Windows.

I’ve used a VFS install, so I have configured a second virtual hard disk to host the Q: drive. If you would prefer a MNT install just change the install folder when installing Firefox.

Sequencer Configuration

Before Sequencing, add the following exclusions:

%CSIDL_APPDATA%\Mozilla
%CSIDL_COMMON_APPDATA%\Microsoft\RAC
\REGISTRY\USER\%SFT_SID%\Software\Microsoft\Windows\CurrentVersion\Internet Settings

If you are adding Adobe Flash Player to the package, add these exclusions as well:

%CSIDL_APPDATA%\Adobe
%CSIDL_APPDATA%\Macromedia
%CSIDL_WINDOWS%\Installer

I have included these in a Package Template for Firefox that you can download from here:

App-V Package Template for Firefox

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. Sequencing Firefox will require the following steps:

Install Firefox
Configure profile defaults
Optionally add global add-ons and install plug-ins such as Adobe Flash Player

Automating this process as much as possible will create a cleaner package and make it faster to re-create a new Firefox package if required.

Mozilla Firefox installer command line arguments – use the INI file approach to control where Firefox is installed and to prevent the addition of a desktop shortcut, if required
After installing Firefox, copy user.js to %ProgramFiles%\Mozilla Firefox\defaults\profile
Copy userChrome.css to %ProgramFiles%\Mozilla Firefox\defaults\profile\chrome
Firefox also allows you to add global add-ons by adding them to the Extensions sub-folder of the Firefox installation folder
If you are including Adobe Flash player in the package, be sure to disable the auto-update notification

For an example script that will automate the install and configuration of Firefox, see the script below:

Firefox 7 Install Script for App-V

Shortcuts

If the monitoring phase was successful the Sequencer should create a single shortcut for Firefox. If you are including Flash 10.4 or above in the package, add an additional shortcut for the Flash Player Control Panel applet using “C:\Windows\System32\FlashPlayerCPLApp.cpl” as the target.

First Run Tasks and Primary Feature Block

Because you don’t need to complete first run tasks or create the Primary Feature Block, you could automate the entire end-to-end process of creating a Firefox package using the App-V Sequencer command-line interface.

Finally

Save your package and deploy. With compression enabled, the package should be around 22Mb.

Sequencing Mozilla Firefox 7 is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Reducing the size of App-V packages

2011-09-25T21:48:27Z

If you’re looking to reduce the size of your App-V packages, you can compress them when saving them in the Sequencer; however if that content in the package doesn’t actually compress that well, you may not save as much space as you might expect. Here a quick win to reduce the size of your packages.

In this post I’m using Office Professional 2010 as an example, where I’ve reduce the size of the package from potentially 2.8GB (uncompressed) to 606Mb (compressed). This screenshot shows a default install left uncompressed:

The default Office installation caches a copy of the Office installation files in the C:\Windows\Installer and the MSOCache folders. These folders are generally required when installing Office so that repair operations can take place and features can be added post-installation. However when virtualizing Office, we won’t want either of those actions taking place – we want consistency and predictability. So when capturing Office with the Sequencer, we configure setup and run applications to ensure they don’t occur.

This then leaves us with a large amount of data in the package that will never be used at execution time, but will most likely still be streamed to each client – waste of disk space and bandwidth. Only when it comes time to update the package do we need those folders.

So instead of leaving them in the package, we could exclude them from the sequencer and copy them out of the Sequencing machine and save them with the package. The process would look something like this:

Add an exclusion to your package for %CSIDL_WINDOWS%\Installer and C:\MSOCache or %SFT_MNT%\MSOCache if you are sequencing Office
Sequence your application and save the package with compression enabled
Save the package to the Content share along with a copy of C:\Windows\Installer and MSOCache, if you are sequencing Office
When it comes time to update the package, copy the folders back into the sequencing machine before starting the sequencing process
Repeat the process once you’ve saved the updated package

The same Office 2010 package is now 606Mb – 22% of the size of the original package:

Reducing the size of App-V packages is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

First Annual European App-V User Group

2011-10-23T21:55:10Z

Great news – the first annual European App-V User Group has been announced, for Friday November 18, 2011 9:00 AM to be held at Microsoft HQ, in the Netherlands:

Welcome to our first annual European App-V User Group conference.

After a successful German edition in 2010, we were overwhelmed by the positive reactions, so we decided to expand our reach to the whole of Europe. We decided to see how many App-V experts we could gather on one event. Up till now we have 8 (!) out of 16 worldwide App-V MVPs found willing to attend the event and share their thoughts on App-V. This is almost the entire Europe based App-V MVP population!

The initiative is focused on bringing people from the App-V community together to learn about Microsoft App-V from the experts and share experiences and knowledge with each other. The event is sponsored by stakeholding companies, but is free of commercial messaging and gives an independent insight in the Microsoft App-V market.

We invite you to register for FREE and we are looking forward to welcome you on the event.

Keep an eye on the Twitter hashtag #AppVUG for more news, and sign up at the site if you’d like to attend. I’ll be there and presenting a session on virtualising Office with App-V.

First Annual European App-V User Group is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Is it legal to virtualize Apple iTunes?

2011-10-23T21:55:26Z

Preface: I don’t speak legalese and this post is based on my own intepretation of the iTunes distribution agreement.

I’ve previously talked about virtualizing Apple iTunes with App-V; however after taking a look through the distribution agreements that you’re supposed to accept, I’m under the impression that doing so doesn’t adhere to the agreement.

If you’re looking to distribute iTunes and QuickTime in your environment, Apple requires that you obtain an agreement to do so. There are two agreements – one for universities and another for corporations (uni’s actually have 2 – one for CD distribution, another for distribution from a server).

Here’s a quote from the university CD distribution agreement:

Licensee may not modify or alter the Software, or the Apple End User Agreement that accompanies the Software. The Software must be installed as part of the default installation of the Bundle without any additional action or selection required by the End User, using the installer provided by Apple. Installation must include all files as installed by such installer and Licensee must not interfere with the installer’s placement of the software alias icons on the desktop.

And here’s a quote from the corporate site license:

Licensee may not modify or alter the Software, the Apple installer or the Apple End User Agreement that accompanies the Software as provided by Apple to Licensee. As a condition of the rights granted herein, each installation of the iTunes and QuickTime Software must result in the iTunes and QuickTime Player icon residing on the desktop of each authorised user.

Based on my recipe for iTunes, I understand the process of virtualising the application to be breaking the agreement because we are doing a few things:

Extracting the MSI’s from the iTunes installer – breaking the Apple installer
Accepting the End User Agreement during the monitoring phase
Probably not delivering the iTunes and QuickTime shortcuts to the desktop

I could configure my package such that the user still needs to accept the license agreement, but in a corporate environment do you really want to have to let users do that?

I could also deliver the iTunes and QuickTime shortcuts to the user’s desktop, but most users already have enough shortcuts and files on their desktops, I’m not going to force more on them. Forcing desktop shortcuts on users isn’t great user experience and quite frankly, Apple’s not going to dictate the user experience in my environment.

But ultimately it’s point 1 that has me concerned – if you interpret the agreement to the letter, then it sounds like application virtualization is breaking that agreement.

What do you think?

Is it legal to virtualize Apple iTunes? is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Microsoft Office Click-to-Run for Office 2010 KB articles help explain how Office runs under App-V

2011-08-07T21:21:33Z

A number of knowledgebase articles have been updated recently that are interesting reading if you’re looking to understand how Microsoft Office works under App-V, and the limitations if you deploy Office in this method. If you’re already not aware, Office delivered by Click-to-Run is actually a modified version of App-V under the hood. There’s also an overview of Microsoft Office Click-to-Run for Office 2010 worth reading.

Articles that detail limitations and workarounds that have been updated recently include:

There’s even an article on getting into the virtual environment (which is good for a laugh):

How to access the registry information of Office 2010 that is delivered by Click-to-Run

For even more articles on Click-to-Run, start with this search on the Microsoft Support site.

Although some of the same limitation don’t apply if you are creating your own App-V package for Office, these articles are still worthwhile resources.

Microsoft Office Click-to-Run for Office 2010 KB articles help explain how Office runs under App-V is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.