Technical Note – Optimize

Citrix.com 1 Table of Contents

Removing Unnecessary Windows 10 Applications 3

Scheduled Task Considerations 4

Microsoft Customer Experience Program 4

Safety 5

Maintenance \ Optimization \ Protection 6

HDX Optimizations 13

OS and User Optimization 13

User Experience Optimizations 14

Optimized for WAN 15

Printing from non-Windows end points (Mac and Linux) 17

www.citrix.com | Technical Note | Windows 10 Optimizations 2

This technical note a collection of Windows 10 optimizations best practices used by Citrix architects in the field. It is not official recommendation from either Citrix or , and is only intended as a starting point for administrators to evaluate in their own staging environment.

If deployed correctly, these optimizations can significantly improve the scalability and user-response of Windows 10 virtual desktops delivered using Citrix XenDesktop.

Disclaimer

This White paper is intended for administrators deploying Windows 10 in a XenDesktop 7.x environment. Many of the examples reference non-persistent environments, but the modifications also apply to persistent desktops. The materials in this document are provided “as is” and Citrix hereby disclaims all express or implied representations.

Removing Unnecessary Windows 10 Applications Windows 10 contains many applications after a fresh installation. After installation, Windows 10 Enterprise contains over 50 applications already in my menu, many of these are the system apps that we want to keep like PowerShell and Prompt, but there are many others that are unneeded, and will consume unneeded resources.

Look the Windows 10 list of default apps by running the following PowerShell command:

Get-ProvisionedAppXPackage -Online|Select DisplayName

www.citrix.com | Technical Note | Windows 10 Optimizations 3

Before creating a master image, the following PowerShell command can be run to cleanup all unnecessary applications.

Get-AppxPackage -AllUsers | Remove-AppxPackage

Scheduled Task Considerations Many of the scheduled tasks listed below were designed to enhance a persistent . Many Windows 10 instances in XenDesktop are provisioned on-the-fly and discarded upon log-off, using MCS or PVS. The scheduled tasks below may be removed. Below is a sample PowerShell script that removes all task not named Outlook or GoToMeeting.

#Remove all scheduled tasks except task to pin outlook to taskbar

#if -notmatch -or does not work here

$schedule = New-Object -com Schedule.Service

$schedule.connect()

$tasks = $schedule.getfolder("\").gettasks(0)

foreach ($task in ($tasks | select Name)) {

if ($task -notmatch "G2MUpdateTask"){

$task2 = $task

if ($task2 -notmatch "outlook"){

SchTasks /Delete /TN $($task2.name) /f

} } }

Microsoft Customer Experience Program

Tasks Description

Aggregates and uploads Application Application Telemetry information if opted-in to the Experience \ Appraiser Microsoft Customer Experience www.citrix.com | Technical Note | Windows 10 Optimizations 4

Improvement Program.

Application Collects program telemetry information if Experience \ opted-in to the Microsoft Customer ProgramDataUpdater Experience Improvement Program

This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer AutoCHK \ Proxy Experience Improvement Program.

If the user has consented to participate in Customer Experience the Windows Customer Experience Improvement Program Improvement Program, this job collects and \Consolidator sends usage data to Microsoft.

The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and Customer Experience sends this data to Microsoft. If the user has Improvement Program not consented to participate in Windows \KernelCeipTask CEIP, this task does nothing.

Customer Experience This job sends data about windows based on Improvement Program user participation in the Windows Customer \Uploader Experience Improvement Program

The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends to the Windows Device Connectivity engineering group at Microsoft. The information received is used to improve the reliability, stability, and overall Customer Experience functionality of USB in Windows. If the user Improvement Program has not consented to participate in Windows \UsbCeip CEIP, this task does not do anything.

Safety

Tasks Description

www.citrix.com | Technical Note | Windows 10 Optimizations 5

Initializes Family Safety monitoring and Shell \ FamilySafetyMonitor enforcement.

Synchronizes the latest settings with Shell \ FamilySafetyRefresh the Family Safety website.

Can be disabled in case an alternative Windows Defender \ Windows virus and malware protection has been Defender CacheMaintenance implemented.

Can be disabled in case an alternative Windows Defender \ Windows virus and malware protection has been Defender CacheMaintenance implemented.

Can be disabled in case an alternative Windows Defender \ Windows virus and malware protection has been Defender Cleanup implemented.

Can be disabled in case an alternative Windows Defender \ Windows virus and malware protection has been DefenderScheduled Scan implemented.

Can be disabled in case an alternative Windows Defender \ Windows virus and malware protection has been DefenderVerification implemented.

This task adjusts the start for firewall-triggered services when the Windows Filtering Platform start type of the Base Filtering Engine \BfeOnServiceStartTypeChange (BFE) is disabled.

Maintenance \ Optimization \ Protection

Tasks Description

Scans startup entries and raises Application Experience \ notification to the user if there are too StartupAppTask many startup entries.

CHKDSK \ Proactive Scan NTFS Health Scan

The Windows Scheduled Maintenance Diagnosis \ Scheduled Task performs periodic maintenance of

www.citrix.com | Technical Note | Windows 10 Optimizations 6

the computer system by fixing problems automatically or reporting them through the .

The Windows Disk Diagnostic reports DiskDiagnostic \ Microsoft- general disk and system information to Windows- Microsoft for users participating in the DiskDiagnosticDataCollector Customer Experience Program.

DiskDiagnostic \ Microsoft- This task warns users about faults that Windows- occur on disks that support Self- DiskDiagnosticResolver Monitoring and Reporting Technology

Defrag \ ScheduledDefrag This task optimizes local storage drives

Protects user files from accidental loss by copying them to a backup location FileHistory \ File History when the system is unattended

Measures a system’s performance and Maintenance \ WinSAT capabilities

MemoryDiagnostic \ Schedules a memory diagnostic in ProcessMemoryDiagnosticEvents response to system events.

MemoryDiagnostic \ Detects and mitigates problems in RunFullMemoryDiagnostic physical memory (RAM).

This task analyzes the system looking Power Efficiency Diagnostics \ for conditions that may cause high AnalyzeSystem energy use.

RecoveryEnvironment \ Validates the Windows Recovery VerifyWinRE Environment.

Registry \ RegIdleBackup Registry Idle Backup Task

This task creates regular system SystemRestore \ SR protection points.

The Windows Diagnostic Infrastructure Resolution host enables interactive resolutions for system problems detected by the Diagnostic Policy WDI \ ResolutionHost Service. It is triggered when necessary www.citrix.com | Technical Note | Windows 10 Optimizations 7

by the Diagnostic Policy Service in the appropriate user session. If the Diagnostic Policy Service is not running, the task will not run

In Windows 10, these services are running, by default, and can be stopped and disabled (Caution: Disabling these services can result in applications not working appropriately and will increase troubleshooting ).

Service Name Default State Default Status Notes

Set default state to “Manual” as 3rd party Background software might Intelligent Automatic require the Transfer Service (Delayed Start) Running service.

Device Association Manual (Trigger Service Start) Running

Diagnostic Policy Services Automatic Running

Diagnostic Service Host Manual Running

Diagnostic System Host Manual Running

Diagnostics Tracking Service Automatic Running

Function Discovery Provider Host Manual Running

Function Discovery Manual Running Resource www.citrix.com | Technical Note | Windows 10 Optimizations 8

Publication

Home Group Manual (Trigger Not used in VDI Provider Start) Running environment

Automatic Security Center (Delayed Start) Running

Supports Shell Hardware AutoPlay, which Detection is not typically Service Automatic Running used in VDI.

Not typically used in corporate SSDP Discovery Manual Running environments.

Can enable for dedicated SuperFetch Automatic Running desktops

This will impact the user Themes Automatic Running experience

Windows Connect Now – Config Registrar Not required in Service Manual Running VDI

Consider disabling. Will have a high Automatic impact on server Windows Search (Delayed Start) Running density.

These services are not running, but they are set to Manual or Manual (Trigger Start). Although they are not running, disabling them will prevent their accidental execution in a VDI environment. (Caution: Disabling these services can result in applications not working appropriately and will increase www.citrix.com | Technical Note | Windows 10 Optimizations 9

troubleshooting time).

Service Name Default State Default Status Notes

Manual (Trigger AllJoyn Router Start) Stopped

Application Not needed for Layer Gateway VDI Service Manual Stopped environments.

Drive encryption BitLocker Drive not typically Encryption Manual (Trigger used in VDI Service Start) Stopped environments.

Block Level Windows backup Backup Engine not typically Service Manual Stopped used in VDI.

Bluetooth Hands Manual (Trigger Not typically free Service Start) Stopped used in VDI.

Bluetooth Manual (Trigger Support Service Start) Stopped

Used for network savings to a WAN and BranchCache not typically Service Manual Stopped needed in VDI

Computer Manual (Trigger Browser Service Start) Stopped

Encrypting File Manual (Trigger System Service Start) Stopped

Fax Service Manual Stopped

Not used within Home Group corporate Listener Manual Stopped environments.

Manual Stopped Internet Not used within www.citrix.com | Technical Note | Windows 10 Optimizations 10

Connection VDI Sharing (ICS) environments.

Manual (Trigger Offline Files Start) Stopped

Should only optimize in the Optimize Drives Manual Stopped master image

Retail Demo Manual Stopped

Sensor Monitoring Manual (Trigger Service Start) Stopped

UPnP Device Host Service Manual Stopped

Disable if logs Windows Error are not being Reporting Manual (Trigger gathered and Service Start) Stopped analyzed

Windows Media Not typically Player Network used in VDI Sharing Manual Stopped environments.

Manual (Trigger Only update the Windows Update Start) Stopped master image.

Not typically WLAN used in VDI AutoConfig Manual Stopped environments.

Not typically WWAN used in VDI AutoConfig Manual Stopped environments.

Not typically Xbox Live Auth used in VDI Manager Manual Stopped environments.

Not typically Manual Stopped Xbox Live Game used in VDI www.citrix.com | Technical Note | Windows 10 Optimizations 11

Save environments.

Xbox Live Not typically Networking used in VDI Service Manual Stopped environments.

IMPORTANT

If these services are disabled in the master image, it will be difficult to effectively manage the master image. For example, if Windows Update is disabled in the master image, an administrator will be required to re-enable the Windows Update Service BEFORE trying to run Windows Update. The administrator will then have to remember to disable Windows Update when the update process is complete.

The following Powershell commands set the Windows Update Service to manual, and also starts the service.

$service ="wuauserv"

$result = (gwmi win32_service -computername $env:computername - filter "name='$service'").startservice() #<------.stopservice()

$result = (gwmi win32_service -computername $env:computername - filter "name='$service'").ChangeStartMode("manual") #<------“automatic”

Administering Services via (preferred)

www.citrix.com | Technical Note | Windows 10 Optimizations 12

HDX Optimizations

OS and User Optimization

Optimization Configuration

Disable hibernate -h off

Turn Off Data Execution Prention bcdedit /set nx AlwaysOff

Disable System Recovery bcdedit /set recoveryenabled no

Optimization Configuration

Disable default HKEY_USERS\.DEFAULT\ControlPanel\Desktop system Screensaver “ScreenSaveActive”=dword: 00000000

Disable the Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wind 10 First ows\CurrentVersion\Policies\System] Logon Animation “EnableFirstLogonAnimation”=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Hide Hard Error Control\Windows] Messages “ErrorMode”=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Window Settings “Visual s\CurrentVersion\Explorer\VisualEffects] Effects to Custom” “VisualFXSetting”=dword:00000003

Disable “Show [HKEY_CURRENT_USER\Software\Microsoft\Window translucent selection s\CurrentVersion\Explorer\Advanced] rectangle” “ListviewAlphaSelect”=dword:00000000

Disable “Show [HKEY_CURRENT_USER\Software\Microsoft\Window shadows under s\CurrentVersion\Explorer\Advanced] windows” “ListviewShadow”=dword:00000000

Disable “Animate windows when [HKEY_CURRENT_USER minimizing and \ControlPanel\Desktop\WindowMetrics] maximizing” “MinAnimate”=”0”

Disable “Animations [HKEY_CURRENT_USER\Software\Microsoft\Window www.citrix.com | Technical Note | Windows 10 Optimizations 13

in the taskbar” s\CurrentVersion\Explorer\Advanced] “TaskbarAnimations”=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Window Disable “Enable s\DWM] Peek” “EnableAeroPeek”=dword:00000000

Disable “Save [HKEY_CURRENT_USER\Software\Microsoft\Window Taskbar Thumbnail s\DWM] Previews” “AlwaysHibernateThumbnails”=dword:00000000

Disable “Smooth

edges of screen [HKEY_CURRENT_USER \Control Panel\Desktop] fonts” “FontSmoothing”=”0”

Disable the rest of [HKEY_CURRENT_USER \Control Panel\Desktop\] the visual effects “UserPreferencesMask”=RegBin: “90,12,01,80”

Disable “Cursor blink” Disable cursor blink [HKEY_CURRENT_USER \Control Panel\Desktop] rate “CursorBlinkRate”=”-1″

Disable Internet [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Micros Explorer First Run oft\InternetExplorer\Main] Wizard “DisableFirstRunCustomize”=dword:00000001

Reduce menu show [HKEY_CURRENT_USER\ControlPanel\Desktop] delay MenuShowDelay”, “0”

User Experience Optimizations The policies below can be implemented to optimize the Windows 10 user experience. The following policies apply to all users on the machine:

Computer Policy Setting

Audio Over UDP Allowed

Dynamic windows preview Enabled

Image caching Enabled

Session reliability connections Allowed

www.citrix.com | Technical Note | Windows 10 Optimizations 14

WebSockets connections Allowed

Windows Media redirection Allowed

Windows Media redirection buffer size 5 seconds

Windows Media redirection buffer size use Enabled

The following policies apply per user session:

User Policy Setting

Automatic keyboard display Allowed

Client USB device redirection Allowed

Default printer Do not adjust the user's default printer

Desktop Composition Redirection Disabled

Disconnected session timer Enabled

Disconnected session timer interval 2880 Minutes

Extra color compression Enabled

Remote the combo box Allowed

Optimized for WAN This template is intended for task workers in branch offices using a shared WAN connection or remote locations with low bandwidth connections accessing applications with graphically simple user interfaces with little multimedia content. This template trades off video playback experience and some server scalability for optimized bandwidth efficiency. The Optimized for WAN template was first introduced with www.citrix.com | Technical Note | Windows 10 Optimizations 15

XenDesktop 7.6 Feature Pack 3, and it serves as a guideline for users traversing WAN traffic. The example below applies the policy only to users coming through a NetScaler:

www.citrix.com | Technical Note | Windows 10 Optimizations 16

Printing from non-Windows end points (Mac and Linux) When non-Windows Receivers connect to a Windows 2012 Server with Universal Print Driver (UPD) options configured for client printers, the Post-script (PS) and PCL drivers might not be available, therefore the printers will not get auto-created.

Manual Workaround

As a workaround, to use the Citrix UPD for non- Windows clients, such as Mac and Linux, install appropriate drivers on the server manually:

 PS driver = HP Color LaserJet 2800 Series PS  PCL4 driver = HP LaserJet Series II  PCL5c driver = HP Color LaserJet 4500 PCL 5

From the 2012, choose Add a printer from Devices and Printers.

Continue through the wizard as if you are adding a local printer though it is not attached.

Click Add a local printer > select LPT1: (Printer Port) > click Windows Update.

www.citrix.com | Technical Note | Windows 10 Optimizations 17

From the new list, browse to HP and select the appropriate driver as listed in the preceding screen shot.

Add the printer.

Automated Process

To automate this process, navigate to :\windows\System32\DriverStore\FileRepository

The HP drivers from the Windows Update process (Step 3) are located at the below location, but if a different driver is needed, one may need to sort by date created and the .inf file needed.

C:\windows\System32\DriverStore\FileRepository\prnhp001.inf_amd 64_081cf2b90ec9e6d5

#Mac Printer redirection fix

pnputil -a C:\windows\System32\DriverStore\FileRepository\prnhp001.inf

printui.exe /ia /m "HP Color LaserJet 4500 PCL 5" /h "x64" /v "HP Color LaserJet 4500 PCL 5" /f "C:\windows\System32\DriverStore\FileRepository\prnhp001.inf"

printui.exe /ia /m "HP LaserJet Series II" /h "x64" /v "HP LaserJet Series II" /f "C:\windows\System32\DriverStore\FileRepository\prnhp001.inf"

printui.exe /ia /m "HP Color LaserJet 2800 Series PS" /h "x64" /v "HP Color LaserJet 2800 Series PS" /f "C:\windows\System32\DriverStore\FileRepository\prnhp001.inf" www.citrix.com | Technical Note | Windows 10 Optimizations 18

Enterprise Sales North America | 800-424-8749 Worldwide | +1 408-790-8000 Locations Corporate Headquarters | 851 Cypress Creek Road Fort Lauderdale, FL 33309 United States Silicon Valley | 4988 Great America Parkway Santa Clara, CA 95054 United States Copyright© 2016 Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Office and in other countries. All other marks are the property of their respective owner/s.

Citrix.com 19