How To Optimize A Custom Image For Windows 365

What’s up, everyone! 

Welcome to the second blogpost on how to create and optimize your own custom image for Windows 365. The first post shows how to create your own custom image from a virtual machine running in Azure. You can find the post here

In this second post it’s time to find out how we can optimize our image for Windows 365! Let’s dive right into it!

Gallery optimizations

The first thing that comes to mind is that Microsoft already optimized gallery images before they are released to the public and they have documented the optimizations here. These optimizations can be divided in two categories;

Operating optimizations

The operating system is optimized for: 

  • Optimized services to run in a virtualized environment.
  • Removed UWP packages.
  • Disabled task scheduler actions.

Microsoft 365 Apps 

  • Set the IsWVDEnvironment registry key so Teams knows it’s running in a VM.
  • C++ runtime for Teams.
  • Installed the WebRTC Redirector service for Teams offloading.
  • Microsoft Edge settings (Sleeping tabs, startup boost, first time run)
  •  Microsoft Outlook auto logon based on the Azure AD profile. Support for other profiles.
Most optimizations are pretty much self-explanatory but some could use a bit more clarification. I would love to know more on the details of the operating system optimizations for instance.
 
Gallery images are created for Windows 10/11 Enterprise and have two flavours. The Enterprise + OS Optimizations do not have the Microsoft 365 Apps preinstalled but they do have the operating systems optimizations. The Enterprise + Microsoft 365 Apps have both the operating system and Microsoft 365 Apps optimizations preconfigured.

Why is this important?

There are a couple of ways you can create your custom image. If you haven’t used the Cloud PC image template as mentioned in the previous post, you will miss out on these optimizations so you will need to configure them yourself. Or just start over and use the preconfigured gallery image as a starting point for you custom image.

A quick check 

I’ve created a new virtual machine in Azure using the Windows 365 Cloud PC template based on Windows 11 Enterprise 22h2 with the Microsoft 365 Apps installed. Now I won’t check every optimization, but let’s see if the WebRTC Redirector is installed and if the IsWVDEnvironment registry is set. Looks good right? 

Honorable mention for recommended settings for VDI desktops

The previously mentioned docs for operating systems optimizations doesn’t really specify what buttons have been pushed to optimize the operating system. Naturally I tried to find more information on this topic. I didn’t find a lot of things for Windows 11 but I do want to mention a doc from Microsoft titled Recommended settings for VDI desktops. It’s pretty in-depth but it’s geared towards Windows 10. I suppose I can be used for Windows 11 as well for a large part. 

Please find the doc with all the optimizations here.

Screenshot of just a couple of settings mentioned in the doc.

Virtual Desktop Optimization Tool or VDOT

The VDOT tool is created by the community and looks to improve Windows operating systems for VDI solutions like Azure Virtual Desktop, Windows 365 and even servers.

Make sure to test your newly created image

Even though this tool is created with lots of love by legends in the community it’s worth noting that you need to test your image before promoting it to production. As an example, make sure to boot a Cloud PC from an admin using this optimized custom image. Make sure that your apps work and nothing is broken due to your optimizations.

How to download VDOT?

VDOT consist of a set of files which you can download from Github as a .zip file. Just open the following URL:

https://github.com/The-Virtual-Desktop-Team/Virtual-Desktop-Optimization-Tool

Click the green Code button and select Download ZIP.

The .zip file will begin to download. Save the file somewhere you can easily find it and make sure to copy the file to your Azure VM. Extract the contents of the .zip file somewhere nice, like C:\Optimize. 

How does it work and what does VDOT optimize?

Well luckily this process isn’t all that hard to understand. You can optimize the image by kicking off a Powershell script named Windows_VDOT.ps1. The script will run and use a couple of .json files depending on the parameters you supply. You can choose to run all optimizations or a just a couple. Accepted values are: 

  • All
  • WindowsMediaPlayer
  • AppxPackages
  • ScheduledTasks
  • DefaultUserSettings
  • Autologgers
  • Services
  • NetworkOptimizations (LanmanWorkstation service and Network Adapter Buffer)
  • LGPO
  • DiskCleanup
There are three advanced options you can choose from:
  • Edge
  • RemoveLegacyIE
  • RemoveOnedrive

Let’s see what each item does by following the order as mentioned in the script. 

WindowsMediaPlayer
Resource file: none

This will check for Windows Mediaplayer and remove the app.

AppxPackages

Resource file: \2009\ConfigurationFiles\AppxPackages.json

The script will remove Appx packages detailed in the .json file. If you don’t want to remove one of the apps, just remove it from the .json file.

 ScheduledTasks
Resource file: \2009\ConfigurationFiles\ScheduledTasks.json 
 
By default the value Disabled will be used causing the script to disable all the scheduled tasks mentioned in the corresponding .json file. You can either change the value to Enabled or remove the scheduled task from the .json to keep it enabled.

DefaultUserSettings
Resource file: \2009\ConfigurationFiles\DefaultUserSettings.json

The script will load the default user registry hive and change values according to the corresponding .json file. Once completed it will unload the default user registry hive effectively saving it. A common but great way to change registry settings for the default user profile and subsequently all newly created user profiles on the machine.

Autologgers
Resource file: \2009\ConfigurationFiles\Autologgers.json

This part of the script will disable Windows traces or autologgers detailed in the autologgers.json file. 

Services
Resource file: \2009\ConfigurationFiles\Services.json

The script will check for services detailed in the services.json file and disable them in the operating system. It does not remove them which is a good thing.

NetworkOptimizations
Resource file: \2009\ConfigurationFiles\LanManWorkstation.json

In this part the script will set registry parameters used by the LanManWorkstation service. It will also set  the Send Buffer Size property to 4 MB.

Local Group Policy Settings or LGPO
Resource file: \2009\ConfigurationFiles\PolicyRegSettings.json

You can use this part if your Cloud PC’s are Azure AD Joined only. If your Cloud PC’s are hybrid joined (also connected to a local Active Directory) I would advise to use group policies instead of local policies.

AdvancedOptimizations – Edge
Resource file: \2009\ConfigurationFiles\EdgeSettings.json

The script will optimize Microsoft Edge for VDI usage.

AdvancedOptimizations – RemoveLegacyIE
Resource file: None

Removes Internet Explorer if found.

AdvancedOptimizations – RemoveOnedrive
Resource file: None

Removes OneDrive Commercial. The scripts checks both the system32 and syswow64 path.

Disk Cleanup
Resource file: None

  • Removes files with certain extensions, like /tmp, etl, log and a couple of others.
  • Removes RetailDemo if found on the systemdrive.
  • Empties C:\Windows\Temp.
  • Clears the Windows Error Reporting reports (WER).
  • Empties the personal temp folder.
  • Clears the recycle bin.
  • Clears BranchCache cache.
 Let’s set a quick baseline before we get start optimizing. Here is a short GIF on the number of processes, threads and handles;

Since the optimization process is done using Powershell, we need to set the executionpolicy to bypass. Open up an administrative Powershell and enter the following command;

set-executionpolicy -executionpolicy bypass

Now it’s time to run VDOT and optimize our image. Let’s just tick all the boxes and use All for optimizations and advanced optimizations. 

.\Windows_VDOT.ps1 -Optimizations All -AdvancedOptimizations All -Verbose -AcceptEULA

You should end up with something like this when the script completes. The only thing left to do is to reboot the virtual machine and find out if it we can see a difference when compared to the baseline we created earlier.

There it is! I can see a decrease in the number of processes and handles. The number of threads is up by just a bit but it’s still in the area as it was before.

Multimedia Redirection or MMR

Another thing that’s definitely worth including in this post is Multimedia Redirection. You can greatly increase the user experience of watching videos on your virtual desktop, AVD or W365, by offloading the multimedia to your local client. I’ve written a post about MMR in the past which is still pretty relevant today with the biggest difference that MMR is no longer in public preview but in general availability.

Other ways to optimize your image

Yes, there are other methods to optimize your image for VDI deployments. I have not tried them for this demo but I thought it was worth to give them a honory mention;

...And then there was sysprep!

In the first part of this mini series I mentioned that I ran into an issue while running sysprep and I promised to get into more details in this blogpost. So let’s review what happened:

I had installed Notepad++ and I ran the sysprep command as shown. So I installed Notepad++ again in my new VM and ran the command again. Luckily I get the same error message:

Let’s just follow the breadcrumbs as see where it leads us. I opened the mentioned log file and see if we can get any wiser:

And there it is; notepad++ is installed for a user but not provisioned for all users. This is can be a drawback if you’ve opted to install all apps in to you custom image. For this demo Notepad++ isn’t really necessary so I’m perfectly happy removing the app. Another possibility is to install Notepad++ in a later stage using Intune but then there’s the drawback that you will need to manage apps in the image itself and Microsoft Intune.

Things change though if this was a very important business app. In that case you should try other options like checking if the installer has an all users option, maybe there’s an updated version or contact the ISV and find a solution together. 

I hope you enjoyed the post!

Resources

Leave a Reply

Your email address will not be published. Required fields are marked *