What’s up, everyone!
Welcome to the second blogpost on how to create and optimize your own custom image for Windows 365. The first post shows how to create your own custom image from a virtual machine running in Azure. You can find the post here.
In this second post it’s time to find out how we can optimize our image for Windows 365! Let’s dive right into it!
The first thing that comes to mind is that Microsoft already optimized gallery images before they are released to the public and they have documented the optimizations here. These optimizations can be divided in two categories;
The operating system is optimized for:
- Optimized services to run in a virtualized environment.
- Removed UWP packages.
- Disabled task scheduler actions.
Microsoft 365 Apps
- Set the IsWVDEnvironment registry key so Teams knows it’s running in a VM.
- C++ runtime for Teams.
- Installed the WebRTC Redirector service for Teams offloading.
- Microsoft Edge settings (Sleeping tabs, startup boost, first time run)
- Microsoft Outlook auto logon based on the Azure AD profile. Support for other profiles.
Why is this important?
There are a couple of ways you can create your custom image. If you haven’t used the Cloud PC image template as mentioned in the previous post, you will miss out on these optimizations so you will need to configure them yourself. Or just start over and use the preconfigured gallery image as a starting point for you custom image.
A quick check
I’ve created a new virtual machine in Azure using the Windows 365 Cloud PC template based on Windows 11 Enterprise 22h2 with the Microsoft 365 Apps installed. Now I won’t check every optimization, but let’s see if the WebRTC Redirector is installed and if the IsWVDEnvironment registry is set. Looks good right?
Honorable mention for recommended settings for VDI desktops
The previously mentioned docs for operating systems optimizations doesn’t really specify what buttons have been pushed to optimize the operating system. Naturally I tried to find more information on this topic. I didn’t find a lot of things for Windows 11 but I do want to mention a doc from Microsoft titled Recommended settings for VDI desktops. It’s pretty in-depth but it’s geared towards Windows 10. I suppose I can be used for Windows 11 as well for a large part.
Please find the doc with all the optimizations here.
Virtual Desktop Optimization Tool or VDOT
The VDOT tool is created by the community and looks to improve Windows operating systems for VDI solutions like Azure Virtual Desktop, Windows 365 and even servers.
Make sure to test your newly created image
Even though this tool is created with lots of love by legends in the community it’s worth noting that you need to test your image before promoting it to production. As an example, make sure to boot a Cloud PC from an admin using this optimized custom image. Make sure that your apps work and nothing is broken due to your optimizations.
How to download VDOT?
VDOT consist of a set of files which you can download from Github as a .zip file. Just open the following URL:
Click the green Code button and select Download ZIP.
The .zip file will begin to download. Save the file somewhere you can easily find it and make sure to copy the file to your Azure VM. Extract the contents of the .zip file somewhere nice, like C:\Optimize.
How does it work and what does VDOT optimize?
Well luckily this process isn’t all that hard to understand. You can optimize the image by kicking off a Powershell script named Windows_VDOT.ps1. The script will run and use a couple of .json files depending on the parameters you supply. You can choose to run all optimizations or a just a couple. Accepted values are:
- NetworkOptimizations (LanmanWorkstation service and Network Adapter Buffer)
Let’s see what each item does by following the order as mentioned in the script.
Resource file: none
This will check for Windows Mediaplayer and remove the app.
Resource file: \2009\ConfigurationFiles\AppxPackages.json
The script will remove Appx packages detailed in the .json file. If you don’t want to remove one of the apps, just remove it from the .json file.
Resource file: \2009\ConfigurationFiles\DefaultUserSettings.json
The script will load the default user registry hive and change values according to the corresponding .json file. Once completed it will unload the default user registry hive effectively saving it. A common but great way to change registry settings for the default user profile and subsequently all newly created user profiles on the machine.
Resource file: \2009\ConfigurationFiles\Autologgers.json
This part of the script will disable Windows traces or autologgers detailed in the autologgers.json file.
Resource file: \2009\ConfigurationFiles\Services.json
The script will check for services detailed in the services.json file and disable them in the operating system. It does not remove them which is a good thing.
Resource file: \2009\ConfigurationFiles\LanManWorkstation.json
In this part the script will set registry parameters used by the LanManWorkstation service. It will also set the Send Buffer Size property to 4 MB.
Local Group Policy Settings or LGPO
Resource file: \2009\ConfigurationFiles\PolicyRegSettings.json
You can use this part if your Cloud PC’s are Azure AD Joined only. If your Cloud PC’s are hybrid joined (also connected to a local Active Directory) I would advise to use group policies instead of local policies.
AdvancedOptimizations – Edge
Resource file: \2009\ConfigurationFiles\EdgeSettings.json
The script will optimize Microsoft Edge for VDI usage.
AdvancedOptimizations – RemoveLegacyIE
Resource file: None
Removes Internet Explorer if found.
AdvancedOptimizations – RemoveOnedrive
Resource file: None
Removes OneDrive Commercial. The scripts checks both the system32 and syswow64 path.
Resource file: None
- Removes files with certain extensions, like /tmp, etl, log and a couple of others.
- Removes RetailDemo if found on the systemdrive.
- Empties C:\Windows\Temp.
- Clears the Windows Error Reporting reports (WER).
- Empties the personal temp folder.
- Clears the recycle bin.
- Clears BranchCache cache.
Since the optimization process is done using Powershell, we need to set the executionpolicy to bypass. Open up an administrative Powershell and enter the following command;
set-executionpolicy -executionpolicy bypass
Now it’s time to run VDOT and optimize our image. Let’s just tick all the boxes and use All for optimizations and advanced optimizations.
.\Windows_VDOT.ps1 -Optimizations All -AdvancedOptimizations All -Verbose -AcceptEULA
You should end up with something like this when the script completes. The only thing left to do is to reboot the virtual machine and find out if it we can see a difference when compared to the baseline we created earlier.
There it is! I can see a decrease in the number of processes and handles. The number of threads is up by just a bit but it’s still in the area as it was before.
Multimedia Redirection or MMR
Another thing that’s definitely worth including in this post is Multimedia Redirection. You can greatly increase the user experience of watching videos on your virtual desktop, AVD or W365, by offloading the multimedia to your local client. I’ve written a post about MMR in the past which is still pretty relevant today with the biggest difference that MMR is no longer in public preview but in general availability.
Other ways to optimize your image
...And then there was sysprep!
In the first part of this mini series I mentioned that I ran into an issue while running sysprep and I promised to get into more details in this blogpost. So let’s review what happened:
I had installed Notepad++ and I ran the sysprep command as shown. So I installed Notepad++ again in my new VM and ran the command again. Luckily I get the same error message:
Let’s just follow the breadcrumbs as see where it leads us. I opened the mentioned log file and see if we can get any wiser:
And there it is; notepad++ is installed for a user but not provisioned for all users. This is can be a drawback if you’ve opted to install all apps in to you custom image. For this demo Notepad++ isn’t really necessary so I’m perfectly happy removing the app. Another possibility is to install Notepad++ in a later stage using Intune but then there’s the drawback that you will need to manage apps in the image itself and Microsoft Intune.
Things change though if this was a very important business app. In that case you should try other options like checking if the installer has an all users option, maybe there’s an updated version or contact the ISV and find a solution together.
I hope you enjoyed the post!
I used the following resources for this blogpost: