Introduction
In order to run Citrix Virtual Apps and Desktops with Multi-Session machine catalogues, one requirement has always been that the target machines must run a Windows Server operating system. Besides correct Citrix licenses, RDS CAL licenses were necessary as well for allowing the multi-session setup to come into existence.
Enter the dawn of Azure Virtual Desktop and the fact that a majority of my Citrix DaaS clients have already resorted to Azure as their resource location of choice, the playground has changed.
You see, when AVD released together with the Windows 10/11 multi-session SKU’s (unique to the Azure platform) the license requirement included the Microsoft 365 E3/E5 licenses, in which almost all of my Citrix DaaS clients already had for ensuring that their employees could use Microsoft 365/ Office apps.
To put it simply, it virtually became a no-brainer to migrate these clients’ Citrix DaaS workloads to a Windows 11 multi-session SKU, therefore cutting license costs by not needing to renew the expensive RDS CAL licenses anymore.
Having worked intensely with both Azure Virtual Desktop and Citrix DaaS with Azure as the resource location, I figured I would share some pointers, tips and lessons learned on what a baseline configuration of the Windows 11 multi-session image could consist of. This with the perspective of the image being used primarily in a Citrix MCS catalogue and in a non-persistent scenario.
Keep in mind that this is not a complete outline and that some recommendations could be irrelevant depending on your case. I have personally not seen a similiar writeup and merely want to share a guideline to lean against should this be a new type of setup for you! 🙂
Golden VM Deployment in Azure
Azure Marketplace AVD image SKU’s
When deploying a new virtual machine acting as a golden image VM for your upcoming Citrix MCS machine catalogue, you’re hopefully carrying it out elegantly through Azure Cloud Shell, Azure VM Image Builder, Terraform or similar instead of manually clicking around within the Azure portal.
In regards to the former, the following SKU’s along with Publisher and Offer has to be referenced depending on what Windows 11 Multi-Session feature version you’re intending to run.
Windows 11 Enterprise multi-session 24H2 – Gen2
| Publisher | MicrosoftWindowsDesktop |
| Offer | Windows-11 |
| SKU | win11-24h2-avd |
Windows 11 Enterprise multi-session 24H2 + Microsoft 365 Apps – Gen2
| Publisher | MicrosoftWindowsDesktop |
| Offer | Office-365 |
| SKU | win11-24h2-avd-m365 |
Windows 11 Enterprise multi-session 23H2 – Gen2
| Publisher | MicrosoftWindowsDesktop |
| Offer | Windows-11 |
| SKU | win11-23h2-avd |
Windows 11 Enterprise multi-session 23H2 + Microsoft 365 Apps – Gen2
| Publisher | MicrosoftWindowsDesktop |
| Offer | Office-365 |
| SKU | win11-23h2-avd-m365 |
Windows 11 Enterprise multi-session 22H2 – Gen2
| Publisher | MicrosoftWindowsDesktop |
| Offer | Windows-11 |
| SKU | win11-22h2-avd |
Windows 11 Enterprise multi-session 22H2 + Microsoft 365 Apps – Gen2
| Publisher | MicrosoftWindowsDesktop |
| Offer | Office-365 |
| SKU | win11-22h2-avd-m365 |
VM size considerations
Choosing a suitable Azure VM size for a Citrix MCS machine catalogue can differ a lot depending on what type of workload, users, applications etc. are expected, so for now I won’t plunge deep into which VM size family and series fits your use case. If anything, I’d say a good starting point would be to look into the D-family (general purpose), the E-family (memory optimised) or perhaps even the NV-family for GPU accelerated workloads.
For GPU accelerated workloads, ensure that the golden image VM actually runs the very same VM size as chosen for the MCS Machine Catalogue. This will enable you to install either the NVIDIA GPU drivers or the AMD GPU drivers.
With above being said, I highly recommend you to consider any VM series supporting Ephemeral OS disks. This functionality is not to be enabled on your Golden Image VM, but rather be chosen in thought for your Citrix MCS provisioned non-persistent machines. This will cut away unneccessary persistent storage costs all while gaining faster disks than selecting Premium SSD disks(!).
If you’re not convinced, see James Kindon’s breakdown on Ephemeral Disks together with Citrix MCS.
Also, keep in mind that all of the Windows 11 SKU’s available in Azure Marketplace only supports Generation 2 VM sizes, so confirm that your chosen size has this support.
General OS Configurations
Before initiating the Citrix VDA installation, I prefer to run some commands and scripts within the category of what I call “absolute general OS configuration”. Here’s a selection of interest.
Configure Power Plan ‘High Performance’
Setting a high performing power plan on VM might seem trivial these days, but I still can’t help but experience a small boost in performance after running the script in question. Placebo or not, it doesn’t hurt to run!
Try {
$HighPerf = powercfg -l | %{if($_.contains("High performance")) {$_.split()[3]}}
$CurrPlan = $(powercfg -getactivescheme).split()[3]
if ($CurrPlan -ne $HighPerf) {powercfg -setactive $HighPerf}
} Catch {
Write-Warning -Message "Unable to set power plan to high performance"
}Disable Auto Updates
Disabling auto-updates on a golden image VM can be necessary in environments requiring a controlled method of pushing updates. Adding this registry key will ensure that Windows Updates won’t run automatically during each VM boot.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 1 /fInstall Language Packs
For you folks outside of the US, we often want to add an additional language pack besides the default “en-US” language code. In the example below we’re simply using the new Install-Language cmdlet and add the Swedish language pack as referenced by “se-SE”. Change this if another language code is wished for.
Install-Language -Language sv-SESet System Preferred UI Language
After installing an additional language pack, you might also want to set this to be the default UI Language using the Set-SystemPreferredUILanguage cmdlet. Again the example below sets the Swedish as the UI Language as referenced by “se-SE”. Change this if another language code is wished for.
Set-SystemPreferredUILanguage sv-SE
Personally, I rarely change the UI language on the golden image itself but rather restrict this as a setting in an User GPO filtered on the MCS target machines. Consider this option if your image is intended to be utilized internationally.
Set Default Time Zone
By default, the time zone for Azure VM’s are in UTC which doesn’t always correspond to our local time. Using the Set-TimeZone cmdlet we can change this, example being that we’re setting Central European Time (UTC+01:00).
You can also retrieve a list on available time zones using the Get-TimeZone cmdlet.
Set-TimeZone -Id "W. Europe Standard Time"
#Get a list of all available time zon
Get-TimeZone -ListAvailableEnable Time Zone Redirection
As an extension to the default timezone, we can also make use of the below registry key. With this key added, each individual end user’s local time will be passed through to the target machine/Citrix desktop they end up on.
It’s especially useful for desktop resources intended to be used internationally.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableTimeZoneRedirection /t REG_DWORD /d 1 /fGeneral Applications
Citrix Virtual Delivery Agent
Installing the Citrix VDA is identical to what you should be used to. Simply choose the option to install Multi-Session, or just run the Server VDA installer itself.
The following VDA versions supports Windows 11 Multi-Session.
● 2203 LTSR or newer
● 2203 CR or newer
FSLogix Profile Management
Something to be aware of is that the Windows 11 Multi-Session image retrieved from Azure Marketplace comes included with FSLogix Apps. Ensure that you uninstall this application if you’re aiming to use Citrix Profile Management.
If you intend to remain with FSLogix as your profile management, double-check the Release Notes as I’ve found that the latest available hotfix isn’t always included within the multi-session image.
Windows Photo Viewer
The classic Windows Photo Viewer app was removed starting with Windows 10, but it’s actually possible to restore it back in both Windows 10 and 11. This can done by saving the following text in a .reg file and initiate it on your golden image VM.
Keep in mind that this same .reg file also sets File Associations for a selection of image formats (starting from line 238 all through 251). Edit these as wished for.
WindowsPhotoViewer
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open]
"MuiVerb"="@photoviewer.dll,-3043"
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap]
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,36,00,00,\
00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-70"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print]
"NeverDefault"=""
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\DropTarget]
"Clsid"="{60fd46de-f830-4894-a628-6fa81bc0190d}"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-72"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open]
"MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-72"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open]
"MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif]
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-83"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png]
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-71"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\DefaultIcon]
@="%SystemRoot%\\System32\\wmphoto.dll,-400"
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open]
"MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"
[HKEY_CLASSES_ROOT\SystemFileAssociations\image\shell\Image Preview\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00
[HKEY_CLASSES_ROOT\SystemFileAssociations\image\shell\Image Preview\DropTarget]
"{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities]
"ApplicationDescription"="@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3069"
"ApplicationName"="@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
".cr2"="PhotoViewer.FileAssoc.Tiff"
".jpg"="PhotoViewer.FileAssoc.Jpeg"
".wdp"="PhotoViewer.FileAssoc.Wdp"
".jfif"="PhotoViewer.FileAssoc.JFIF"
".dib"="PhotoViewer.FileAssoc.Bitmap"
".png"="PhotoViewer.FileAssoc.Png"
".jxr"="PhotoViewer.FileAssoc.Wdp"
".bmp"="PhotoViewer.FileAssoc.Bitmap"
".jpe"="PhotoViewer.FileAssoc.Jpeg"
".jpeg"="PhotoViewer.FileAssoc.Jpeg"
".gif"="PhotoViewer.FileAssoc.Gif"
".tif"="PhotoViewer.FileAssoc.Tiff"
".tiff"="PhotoViewer.FileAssoc.Tiff"Optimizations
Citrix Optimizer Tool
The Citrix Optimizer Tool should be considered an essential when preparing a client operating system for use with Citrix DaaS.
Personally, I prefer to run this tool after snapshot revisions or an Azure Compute Gallery for image versioning has been established, instead of it being part of the general OS configurations. My reasoning is that some options within this tool can effectively render your golden image VM unusable, so should that be the reality we can easily rollback to a previous snapshot/image version.
Below should give you an idea of an “aggressive” optimization template based on an included template within the tool, only marginally modified.
I can attest to you that it won’t break the OS, although I highly encourage you to double-check each optimization option and decide for yourself!
Citrix Optimizer Tool – Template – Windows 11 version 21H2, 22H2, 23H2 (2009) from Citrix
INFO Download Citrix Optimizer Tool from https://support.citrix.com/s/article/CTX224676-citrix-optimizer-tool?language=en_US
> Unzip all of the files to a temporary path, say "C:\Temp\Citrix Optimizer Tool"
RUN "C:\Temp\Citrix Optimizer Tool\CitrixOptimizerTool.exe"
CONF Local Templates > OS Optimizations > Windows 11 version 21H2, 22H2, 23H2 (2009) from Citrix
CONF Disable Service (40/40)
> Remove Built-in Apps
- [ ] Microsoft.MSPaint
> Disable Scheduled Tasks (53/53)
> Miscellaneous (11/14)
- [ ] Disable default system screensaver
- [ ] Disable NTFS last access timestamps
- [ ] Windows Update
> Maintenance Tasks (0/4)
- [ ] Clear All Event Logs
- [ ] Set NewDiskPolicy to OnlineAll
- [ ] Native Image Generation 32bit (NGEN)
- [ ] Native Image Generation 54bit (NGEN)
> Optional Components (0/9)
> Rollback (0/3)
- [ ] Connected User Experiences and Telemetry
- [ ] Optimize drives
- [ ] Shell Hardware Detection
> OptimizeUninstalling UWP/Built-in app Packages
With Windows 11 being a client operating system you can imagine it comes crammed with UWP apps, in contrast to the Windows Server counterparts. A slew of them are nothing but pointless (Xbox app in an Enterprise environment, hello!?) in consuming storage, impacting performance and frankly being a clutter. This is why I’ve included this subject as part of an optimization opportunity.
For the keen eye, removing some of these UWP/Built-in apps is an option within the Citrix Optimizer Tool itself. But if we really want to eliminate them completely from ever populating within the end users’ start menu, we have to approach it isolated.
Having previously been inspired by the Debloat-Windows-10 project at GitHub, I took their remove-default-apps.ps1 script as a base, figured out the new UWP apps with the Get-AppxPackage cmdlet and then altered the script with a Windows 11 22H2 golden image in thought (back when it was the latest version). I ended up with something like below, just to give you an idea on what can be removed.
RemovalOfDefaultAppsForWindows1122H2EnterpriseMulti-SessionImage.ps1
$apps=@(
"microsoft.windowscommunicationsapps" #Microsoft Calendar
"Microsoft.WindowsCamera" #Microsoft Camera
"Clipchamp.Clipchamp" #Clipchamp - Video Editor
"Microsoft.WindowsAlarms" #Microsoft Clock
"Microsoft.549981C3F5F10" #Microsoft Cortana
"Microsoft.WindowsFeedbackHub" #Microsoft Feedback Hub
"Microsoft.GetHelp" #Microsoft Get Help
"Microsoft.Getstarted" #Get Started Hub or Tips
"Microsoft.WindowsMaps" #Microsoft Maps
"Microsoft.ZuneMusic" #Zune or Groove Music or Media Player
"Microsoft.BingNews" #Microsoft News
"Microsoft.Todos" #Microsoft To Do
"Microsoft.ZuneVideo" #Zune Video, Groove Video or Movies & TV
"Microsoft.MicrosoftOfficeHub" #Office 2016 Hub
"Microsoft.MicrosoftSolitaireCollection" #Microsoft Solitaire Collection
"Microsoft.WindowsSoundRecorder" #Voice Recorder
"Microsoft.BingWeather" #Microsoft Weather
"Microsoft.XboxApp" #Xbox
"Microsoft.GamingApp" #Xbox
"Microsoft.XboxGamingOverlay" #Xbox Game Bar
"Microsoft.YourPhone" #Your Phone
)
foreach ($app in $apps) {
Write-Output $app
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage
Get-AppXProvisionedPackage -Online | where DisplayName -EQ $app | Remove-AppxProvisionedPackage -Online
$appPath="$Env:LOCALAPPDATA\Packages\$app*"
Remove-Item $appPath -Recurse -Force -ErrorAction 0
}
If it’s not overly clear, please use caution and do not run this mindlessly! Again, this script removes cited UWP apps entirely and can only be restored anew per user profile.
I urge you to figure out relevant UWP apps yourselves, since a client might have another opinion on this anyway, and then modify the script accordingly.
It’s also a good idea to run this type of script when you have snapshot/image versioning put into place, for easier rollback should a mistake happen.
Antivirus Exclusions
By assuring that suitable antivirus exclusions are put into place we can benefit from needless scans being made and therefore reduce the amount of system resources being consumed.
The problem is staying on top of relevant exclusions, so on that point I want to give John Billekens a shoutout for creating the site at https://ave.j81.nl/. He has put time and effort into cataloguing loads of typical exclusions within the EUC space, which covers enough for a good foundation.
Customizations
Group Policy Settings
Back when Windows 11 was a fresh release there was a bit of an outcry regarding Windows 10 ADMX and Windows 11 ADMX templates not being able to co-exist within the same central store. This fact complicated any GPO customizations that were sought after in the clients’ new Windows 11 workloads, since they still ran Windows 10 mainly. Thus I had to inventory GPO policies unique to Windows 11 and their corresponding registry key, thereby creating new Windows 11 GPO’s setting loads of different registry keys. It certainly seemed best to be catious and to not affect current production workloads.
Thankfully, this is not the case any more! As long as you’re using the Windows 11 ADMX templates published later than 7/21/2023, you’re good to go in adding these to your central store.
That being said, I’ll still give you a selection of interests related to Group Policy settings for Windows 11 Multi-Session, especially if you’re moving from a Windows 10 or a Windows Server operating system.
AppLocker
Should you have an AppLocker GPO originally created with a default ruleset, you should take another peek under “AppLocker > Packaged app rules” and ensure that the app “windows.immersivecontrolpanel” isn’t blocked. I’ve often seen this disabled because the good-ole Control Panel is already available, but with Windows 11 it’s about time to embrace the new Settings app. You’ll see why further down.
Computer Environment
If your end-users are not accustomed to the new File Explorer layout not having their classic folders displayed under “This PC” anymore, you can restore these on a Local Machine-level as described in this article.
Not seeing the point in utilizing Windows 11 widgets? There’s a computer policy for disabling that!
User Environment
Continuing on with the new Settings app, many of the Control Panel items have been moved here. So if you’ve previously locked down visibility of items within the Control Panel, you need these to be reflected in another policy for them to be reachable in the new app. Below shows an example of some Control Panel items that needed to be handled at one of my clients.
The full list of URI:s within the Settings app can be found here if you need further options available, just add any URI without the “ms-settings::” prefix and a “;” inbetween each.
Why must this be an User configuration then? Well, we only want to lock down the visibility for end-users and not for us admins. 🙂
Start Menu
The new Start Menu in Windows 11 has truly shed some divisive opinions within the community. You can still manage it through using Folder Redirection and endure configuring a default Start Layout, however it is not possible to open directly to the “drop-down list” without moving through the new Start Menu. As a way of balancing this act, we can do the following customization since Windows 11 version 22H2.
1. If Folder Redirection of the Start Menu is configured, finish it up with all desired shortcuts first.
2. Login as a test user towards your Citrix Desktop running Windows 11. Customize the start menu manually with folders and apps to your own liking. Example here:
3. When you are satisfied, retrieve your test user’s start2.bin file. It’s located in AppData, in this path: C:\Users\%USERNAME%\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\start2.bin
4. Through an User Configuration GPO, create a Files-setting that copies the start2.bin file from a common share over to the end-user’s respective profile. Something like this:
By setting Apply once and do not reapply to “Yes” (as greenmarked), we only set a default Windows 11 Start Menu during the first logon and therefore give the end-users the option to customize it themselves further along the line.
Taskbar
Customizing the taskbar‘s pinned list is still possible through using the Start Layout policy. This is great should you already have an .xml file lying around from a previous Windows setup and want to reuse it for Windows 11.
Otherwise, feel free to modify the example below if you want to configure your own taskbar in conjunction with the Start Layout policy. As seen on line 12 and 13, it would pin the Edge browser and the classic Outlook client.
Customization.xml
<?xml version="1.0" encoding="utf-8"?>
<LayoutModificationTemplate
xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
Version="1">
<CustomTaskbarLayoutCollection PinListPlacement="Replace">
<defaultlayout:TaskbarLayout>
<taskbar:TaskbarPinList>
<taskbar:DesktopApp DesktopApplicationLinkPath="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk" />
<taskbar:DesktopApp DesktopApplicationLinkPath="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk" />
</taskbar:TaskbarPinList>
</defaultlayout:TaskbarLayout>
</CustomTaskbarLayoutCollection>
</LayoutModificationTemplate>Default App Associations
If you are intending to reuse the Set a default associations configuration file policy and reutilize the associated .xml file, that’s works great for Windows 11 too. However, I came across a weird little bug in which this particular policy couldn’t read a path containing an environment variable. Thanks to this Reddit post I found out that the full UNC path had to be written out in order for the .xml file to apply. See example below.
Other Disorganized Pointers and Tips of Interest
- Citrix Community – Windows 11 Deployment Guide
https://community.citrix.com/tech-zone/build/deployment-guides/windows-11-deployment/ - Citrix Known Issues – Windows 11 22H2, 23H2, 24H2
https://support.citrix.com/s/article/CTX464127-windows-11-22h2-23h2-version-24h2-citrix-known-issues?language=en_US - Getting rid of the “Get Started” UWP app is impossible without breaking the Start Menu.
https://www.elevenforum.com/t/getting-rid-of-get-started.1521/ - Removing the “Recommended” section in the Start Menu is not possible in Windows 11 Enterprise, only in Windows 11 SE using local group policy.
https://winaero.com/windows-11-now-has-the-option-to-remove-recommended-from-start-but-you-cant-use-it/ - Removing the Notifications and Action Center swallows the calender flyout as well.
https://www.elevenforum.com/t/enable-or-disable-notification-center-in-windows-11.6187/#post-230932 - Have a hard time in searching for Windows 11 GPO settings? Use admx.help!