Category: FSLogix

The curious case of the pinned Microsoft Edge shortcut

The curious case of the pinned Microsoft Edge shortcut

UPDATE – 04-06-2020 (June 4th 2020): As of 83.0.478.44 stable Microsoft has now fixed the install/configuration process, so a pinned shortcut is no longer created. I have tested this in both Windows Server 2019 and Windows 10. However in Windows 10, if the legacy Edge browser is pinned to the taskbar before deploying the new Edge browser, it will be replaced with a shortcut to the new Edge browser.

I really love the new Microsoft Edge browser! Most of all because we now have a modern browser which is supported by Microsoft in a server operating system, but also because we are now able to integrate our Microsoft Azure AD/Office 365 account with Edge, which among other things enables favorites and password sync.

It’s been a few months since my very first article on the Microsoft Edge browser, written during Citrix Summit 2020. As you’ll probably notice, this article is focused mainly on how to install Edge in a Citrix setup.

I have penned an additional Edge article where I focus on how to secure the browser using the Microsoft Security baseline GPO settings.

As you can see I have spent a great deal of time with Edge, and it has of course also become my first choice of internet browser. The are so many scenarios where Edge fits right in, so I also spend a great deal of time telling customers and colleagues about the fantastic use cases where Edge might provide new or better functionality or solve an issue in a Citrix VAD setup.

However as much as I like Edge, I have found that Edge is now doing stuff it shouldn’t be doing. To be specific, when launching Edge for the first time in Windows Server 2016/2019 (probably also 2012 R2) a pinned taskbar shortcut is created, for no apparent reason. It is well known that when installing Edge on an up to date Windows 10 machine, the so called “legacy Edge browser” is replaced, Microsoft published an article around the same time as the first stable release of Edge. This means that any legacy Edge browser shortcuts, are replaced with shortcuts to the new Edge app, however we do not have the legacy Edge browser in a server operating system. I have also seen that evene if I don’t have a pinned “legacy Edge” shortcut in the taskbar, a pinned shortcut to the new Edge browser i still created, not OK!

I have created a small screen recording to shown what is going on. To rule out any domain related configuration like group policy, scripts etc. I have conducted the test on a non-domain joined Windows Server 2019 with the latest cumulative update. I am of course installing the latest Microsoft Edge stable release.

Screenpresso.com does not endorse this recording or this blog, I simply forgot to register the application 🙂

How is the pinned shortcut created?

During the installation of Edge an Active Setup registry key is created which launches a setup.exe file with a specific set of parameters.

This particular Active Setup is created during setup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{9459C573-B17A-45AE-9F64-1857B5D58CEE}

From what I can see in Process Monitor, the setup.exe process actually doesn’t do very much, but it does create a registry value in HKCU\Software\Microsoft\Edge (even in a server OS) called TaskBarAutoPin.

The first time Edge is launched, and this value data is “1”, a pinned taskbar shortcut is created, and the value is deleted.

How to get rid of the pinned shortcut?

I started looking into the documentation a The Chromium Projects website, and I found an article describing how to create a master_preference file. I have used master_preferences before in Google Chrome and also with the earlier releases of Edge, to remove the Edge shortcut on the desktop. In the documentation a “do_not_create_taskbar_shortcut” setting is mentioned, however it only works in Windows 8 and older, which I confirmed to be true, it does not work in either Windows 10 or Windows Server 2019.

With the Edge stable version 81.0.416.32 , Microsoft introduced an MSI command line parameter the “DONOTCREATEDESKTOPSHORTCUT=TRUE” which does indeed work, it prevents the desktop shortcut from being created. Hoping that Microsoft had built in a “secret” command line parameter I had to try “DONOTCREATETASKBARSHORTCUT=TRUE”, unfortunately it did not work.

I reached out to a former colleague of mine who is now a program manager at Microsoft. We discussed this issue for quite some time, and it basically ended up with him recommending me to submit a so called Microsoft Edge User Voice where I should describe the issue. Someone had beat me to it, a User Voice for the issue had already been submitted here. Please cast your vote, we need to make Microsoft aware of this issue and hopefully make them change this unusual behavior of creating pinned taskbar shortcuts. Or at least give us a way to prevent the pinned taskbar shortcut from appearing, in both Windows Server and Windows 10.

I am a tenacious guy, so I managed to find 4 different ways to get rid of the pinned taskbar shortcut, take that Microsoft! Credit goes out to Trentent Tye, James Rankin and Nathan Sperry for providing inspiration and/Or information to a couple of the solutions described.

Solution 1:

Using one of my favorite applications, Citrix Workspace Environment Management, we are able to remove all pinned shortcuts in the taskbar during logon by simply checking a box:

This will delete the shortcut during logon, it works and it is a non-destructive way of removing the shortcut. It’s was not quite what I was looking for though, I wanted to flat out prevent the shortcut from ever appearing, this procedure also removes any other pinned shortcuts, that might not be desirable.

Solution 2:

Another favorite of mine is FSLogix. The App Masking feature in FSLogix can be used for a variety of different things, but in this particular case it can be used to hide the entire Active Setup registry key created by the Edge setup, so the setup.exe process is never even launched.

I have created a very simple hiding rule which hides the Edge Active Setup key. This procedure is non-destructive which means it doesn’t delete anything, so if something breaks you can remove the hiding rule and the Edge Active Setup key is back in business.

I have created a hiding rule via the FSLogix Rule Editor:

Create a new blank hiding rule

Provide the hiding rule with a name and click the New Rule button:

In the object name box put in the full key path to the Edge Active Setup key and specify that it is a Directory/Registry in object type and click OK.

Lastly we need to specify which users/groups this hiding rule is applied to. I have specified that Everyone should have this rule applied, but if you want to be a bit more granular in your approach, you might want to select one or more AD groups instead.
To configure the user/group assignment, right click the name of the hiding rule and select Manage Assignments:

Here you will be able to enable the Everyone group and specify other groups this rule should apply to.

Click OK. Your hiding rule is now ready.

The only thing left to do is to copy the hiding rules files to the C:\Program Files\FSLogix\Apps\Rules folder:

The Edge Active Setup key is now hidden for all users logging on to the server, hence it will not run the setup.exe process and we will not get the pinned taskbar icon, happy days!

Solution 3:

Really simple solution. Delete the Edge Active setup registry key entirely. This can of course be done manually via regedit or via PowerShell::
Remove-Item -Path “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components{9459C573-B17A-45AE-9F64-1857B5D58CEE}” -Force

This is a destructive solution, so if anything breaks, you will have to have some way back to the original state. You can incorporate this solution is a part of the Edge setup process.

Solution 4:

Also a fairly simple solution. Delete the TaskbarAutoPin value in registry. Again this can be done manually via regedit or via PowerShell:
Remove-ItemProperty -Path “HKCU:\Software\Microsoft\Edge” -Name “TaskbarAutoPin” -Force

However I will of course recommend using Citrix WEM to delete the TaskbarAutoPin value via a registry action:

Like solution 3, this is also a destructive solution, so if needed you will also have to have a way back if things go sideways.

So there you have it, leave it to a Citrix-guy to fix Microsoft’s mess. I do hope that Microsoft will provide us with a better and/or simpler solution to prevent the pinned taskbar shortcut from being created. In the meantime we now have a couple of different workarounds to remove the shortcut.

The rise and fall of a champion

The rise and fall of a champion

A couple a weeks ago a attended Citrix Synergy at the Hilton Convention Center in Anaheim in the US. I’ve been there a few times before, and it has been a pleasure visiting and attending Citrix Synergy at this venue every time.

There were a lot of great sessions which sometimes made it hard to decide which one to attend. However in this article I will bring my views and opinions about some announcements made regarding Citrix Workspace Environment Manager (WEM) and Citrix Profile Management (CPM) formerly know as Citrix User Profile Manager (UPM).

Citrix announced Office 365 experience support in CPM/WEM. This means that CPM/WEM will be able to handle an Outlook OST file and Windows Search Index Roaming in a non-persistent Session Host/VDI setup, exactly like the 3rd party vendors, FSLogix and Liquidware. This is somewhat great news, as this is a feature I have wanted in CPM for years, however Citrix may have been dragging their feet just a bit too long in this matter.

The Rise….

Before I go any further, a bit of history never hurt anyone. Back in May 2008 Citrix acquired sepagoProfile from sepago, this product was rebranded and became Citrix User Profile Manager (UPM) which meant that Citrix got a Profile Management solution that was far superior to the Windows Roaming Profile solution built in to most Windows versions.

Citrix UPM was THE profile management solution from there on out, well in most cases at least. Of course UPM had issues from time to time, but Citrix was usually very quick to address and solve these issues. Back in the days with Windows XP and Windows  Server 2003 we had to rely on tools like UPHClean to get a stable Windows Roaming Profile environment without profile lockups. With Citrix UPM this was no longer the case, as UPM was much more “intelligent” and had builtin mechanisms to prevent profile lockups.

Gone were the days where we needed obscure batch or VB scripts running during logon or logoff, to manage or support application settings that was not saved in the APPDATA\Roaming folder, Citrix UPM was able to handle files and folders in the APPDATA\Local or APPDATA\LocalLow folders.

UPM eventually got additional features like Profile Streaming which enabled parts of the user’s profile to be streamed to the Session Host or VDI during logon, which most of the times had a huge impact bringing down logon times.

The Fall….

Up until the release of Windows 10 and Windows Server 2016, this was more or less the story with UPM. However, Citrix UPM is curently on a deroute and should, in my opinion, no longer be considered the preferred solution, this is primarily because of how Windows 10 and Windows Server 2016 handles the user’s profiles.

As Citrix UPM still relies on the principles of a roaming profile, copying the profile back and forth between a file server share and the Session Host/VDI during logon and logoff, there are still some situations where Citrix UPM has issues, and it still requires a great deal of configuration and management to prevent profile bloating and to obtain a relatively stable profile environment. Yes it still supports the Profile Streaming feature, but even that has over time shown that it is not always the way to go, as certain applications does not support this feature and may break or not work properly.

Currently there is a major bug in the Citrix UPM version introduced in Citrix XenApp and XenDesktop 7.15 LTSR CU1, which is mentioned in the Citrix discussions forums here – https://discussions.citrix.com/topic/391754-windows-2016-start-menu-blank-icons-with-715-cu1/

Citrix has posted a CTX article with 2 workarounds, however a couple of people are mentioning that these workarounds are not working. There is however a workaround described in the forum thread, which involves a PowerShell script, that should be able to take care of things.

The fact that this bug still exists in both Citrix XenApp and XenDesktop 7.16 and 7.17 and was introduced in an LTSR edition of Citrix XenApp and XenDesktop is, in my opinion, a major let down by Citrix and illustrates just how much Citrix is struggling with Citrix UPM at the moment.

The Future….

In my opinion the future of Citrix UPM is a bit hazy.

Considering the amount of issues that I have personally encountered, with Citrix UPM in Windows Server 2012/2012 R2, Windows 10 and Windows Server 2016, and the major bug described above, I have very little faith in Citrix providing anything remotely stable within this year, eventhough they claim to have the Office 365 experience feature ready within the next 90 days. This means that we are probably going to see this feature in Citrix XenApp and XenDesktop 7.19 or 7.20.

UPDATE – 14-08-18: The UPM Office 365 Experience feature is available in Citrix XenApp and XenDesktop 7.18

Also to be considered is the fact that Citrix is around 4-6 years behind in developing anything disk based whether it be supporting Office 365 or the entire profile in a disk based solution. Microsoft have had their User Profile Disk solution since Windows Server 2012 which was released 6 years ago, FSLogix and Liquidware both have disk based profile solutions going on 4+ years now, so Citrix has some cathing up to do.

To spice things up, Citrix will now have 2 seperate and very different products covering the same Office 365 experience features as Citrix App Layering have the User Layers feature, which is the entire user profile in a disk based solution, this feature is still in Labs though, which means that it isn’t ready for production use yet.

With Citrix App Layering you also have the Office 365 Layers feature, this only covers the Outlook OST file and nothing else, this feature is however production ready, BUT and there is a major “but” in there, both User Layers and Office 365 Layers is only available with the Platinum license, mentioned in this article – A Breakdown of Citrix App Layering Features by Edition this will prevent a lot of customers from being able to implement these features.
UPDATE – 25-05-18:
Te above statement around the Office 365 Layer was incorrect. As per this article – https://www.citrix.com/products/xenapp-xendesktop/feature-matrix.html the Office 365 Layer is available in all XenApp and XenDesktop license models, however it’s currently only supported on Windows 7 and Windows 10 64-bit.

I am looking very much forward to see how Citrix will develop both the User Layer and Office 365 Layer in Citrix App Layering and the merge of Citrix WEM/CPM with the Office 365 experience feature. If Citrix manages to get the Office 365 experience feature stable, a disk based profile solution with WEM/CPM, may not be far behind and if Citrix goes down that road FSLogix and Liquidware may have their work cut out for them.

For now, my recommendation is still to go with a disk based profile solution, like FSLogix Profile Container and Office 365 Container.

AppLocker is breaking Windows Start Menu

AppLocker is breaking Windows Start Menu

The other day I was setting up a couple of Window Server 2016 XenApp VDA servers to do some more extensive tests of the different Citrix policy templates, to evaluate how the settings in these policy templates impacts the user experience.

During these tests I kept running into an issue with the Start Menu not working properly. The context menu worked is it should, but nothing happened with a regular left click on the Start button. I have run into this issue many times before, in both Windows Server 2016 and Windows 10, the main cause was always either Citrix UPM not being able to handle the Tile Data Service database, or plain old regular Windows Roaming Profile just being old and broken.

However in this case I had not configured either Citrix UPM nor Windows Roaming Profile, I had configured FSLogix Profile Container, so why was this happening? To make it even more strange I experienced the issue with an admin user with a local profile as well, so this ruled out any profile handling issues.

As you may already have guessed, AppLocker had a part to play in the issue I experienced, but what was AppLocker actually doing?

Well as it turns out, AppLocker was blocking the “Windows Shell Experience Host” and “Cortana”, and apparently both are necessary for the Start Menu to work properly.

During my troubleshooting I came across this message in the AppLocker part of Windows Event Viewer:

Not very helpful! I had Exe rules configured alright, but the “no Packaged app rules have been configured” part was a bit confusing. My AppLocker GPO was configured to enforce Packaged app rules, however no rules were configured, just like the event viewer was telling me. As it turns out Packaged Apps is another word for Universal Windows Platform (UWP) apps, these UWP apps are, among other things, handled by the before mentioned “Windows Shell Experience Host”.

As AppLocker was apparently blocking the Windows Shell Experience, this would explain why my Start Menu wasn’t working properly. The solution was actually really simple and required nothing more than creating another AppLocker rule.

Go into your AppLocker GPO and right click the Packaged app Rules and select “Create Default Rules” this should create one rule which allows all signed packaged apps to be executed.

Once this rule is created, either run a “gpupdate /target: computer /force” in a command prompt or simply reboot the server/computer.

This should bring back the Start Menu and Cortana and all your application shortcuts.

 

Why is FSLogix O365 Container essential when using Office 365?

Why is FSLogix O365 Container essential when using Office 365?

I have worked quite a bit with some of the products in the FSLogix Apps Suite, so it’s only natural that my first blog post is about one of the products in this suite.

FSLogix Office 365 Container is getting a lot of attention at the moment, and for good reason. It’s very easy to setup and dosn’t require much maintenance, once it’s up and running.

Microsoft MVP and Citrix Technology Professional Aaron Parker has written a nice guide on how to install FSLogix Profile Container and Office 365 Container.

For those of you who hasn’t heard of, or worked with, FSLogix Office 365 Container, I’ll provide you with a short introduction to the product.

FSLogix Office 365 Container provides the following:

  • Redirection and roaming of the Outlook OST file
  • Redirection and roaming of the user’s Windows Search Index
  • Redirection and roaming of the user’s OneDrive content

FSLogix is redirecting these features to a VHD/VHDX file/disk on the network. This means that we no longer have to deal with OST files or the OneDrive content in users profiles, OST and OneDrive sync usually means HUGE profiles and resyncs on every logon as OST and OneDrive isn’t roamed. As FSLogix uses the SMB3 protocol, it is possible to use block level transfer instead of file level transfer which is used with the traditional redirection features, this brings in a significant performance increase of the network traffic going in and out of the file server.

Another issue with the OST and OneDrive sync, is that the default paths are in the user’s profile which means that all writes go to the C-drive, and in a non-persistent Session Host or VDI setup we would usually like to have as few writes to the C-drive as possible, because writes consume our write cache which these days are usually in RAM.

Let’s say we have 10 users logging on to a Session Host. Each user has a 50GB mailbox in Office 365, as this is the default mailbox size in Office 365. According to Microsoft, we have to enable “Exchange Cached Mode” (OST file) when using an Exchange mail account in Office 365, to provide a better experience. This means that we now have to consider the amount of mail account data that needs to be synchronized down to the OST file.

Maybe each of the 10 users needs to synchronize at least 5GB of data, this is 50GB of data in total, all writes that goes to the C-drive. Our write cache is now long gone and our Session Host or VDI is currently caching to disk, which usually does not perform as well, as caching in RAM. This is just the user’s OST file, we haven’t even begun synchronizing the OneDrive content.

Microsoft’s solution to the OST issue, is to redirect the OST file to a network share. On the surface that may look like and easy and straight forward approach, however it does present us with a few other things to consider.

Microsoft didn’t design Outlook to store OST files on network drives, Outlook expects the OST file to be available at all times, this may not always be the case if storing an OST file on a network file share. All sorts of things can go wrong in that scenario.

A network outage may cut the connection to the OST file which means that it’s not available, hence Outlook stops working, until the OST file is available. A poor performing file server or storage subsystem may present it selves as if Outlook is not performing at an acceptable level.

Microsoft’s solution also presents another issue. The Outlook mailbox index is not roamed! This means the every single time a users logs on, Outlook and the Windows Search Indexer will start to do an index of the OST file. This may not be that big of an issue with 10 user’s 5Gb OST files, however imagine 20, 30 or maybe even 50GB OST files for hundreds or thousands of users, that may present a huge performance impact on the Session Host or VDI and the file server hosting the OST files.

Again we haven’t even started addressing the issues with OneDrive synchronization. Basically the scenario is the same, however as we cannot control how much data the user synchronizes to the local drive, this means that the amount of data may be way beyond the 50GB mark which just intensifies our current headache with the OST files and  Windows Search Index roaming.

If you are considering to switch to Office 365 or if you are already on Office 365, you may run into the issues mentioned and at the moment FSLogix provides a great and cost-effective solution to a potential major headache.

Feel free to signup for a fully functional 30 day evaluation of FSLogix Apps Suite and have a look at the other great products from FSLogix while you are at it.