Tuesday, 18 September 2012

Windows 7 Optimization and GPO's Settings

Please check out for more of my technical posts, alternately please call us on 01932 268289. 

Hi Guys,

I’d get my ideas down and put them up for discussion but no doubt over time I'll expand on this but this gives you a good base to work from.

Some are from Citrix best practices but the rest are what I think should be changed.

Disable following services
This can be done on the VM itself or via GPO added the settings to the below section.
Background Intelligent Transfer Service
Desktop Windows Manager Session Manager
Function Discovery Resource Publication
HomeGroup listener
HomeGroup provider
Offline Files
Security Center
System Restore
Windows Defender
Windows Media Player Sharing Service

Group Policies applied to Windows 7 VM - Computer
Error Reporting: Administrative Templates – Windows Components – Windows Error Reporting Disable Windows Error Reporting: Enabled
Windows Update: Administrative Templates – Windows Components – Windows Updates Configure Automatic Updates: Disabled
System Restore: Administrative templates – System – System Restore Turn off System Restore: Enabled

Group Policies applied to Windows 7 VM - Users
Screensaver :Administrative Templates – Control Panel – Personalization
Enable screen saver: Enabled
Prevent changing screen saver: Enabled
Password protect screen saver: Enabled
Screen saver timeout: Enabled – 600 seconds
Force specific screen saver: Enabled – scrnsave.scr
Force folder redirection: Enabled (Include AppData, Desktop, Documents, Downloads, Favourites and Pictures and Music depending on how strict we want to be.)
Ensure each folder redirection is setup like so.

Add following via registry preferences through a GPO
Force Offscreen Composition for Internet Explorer: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Force Offscreen Composition"=dword:00000001
Reduce Menu Show Delay: [HKEY_CURRENT_USER\Control Panel\Desktop] "MenuShowDelay"="150"
Disable all Visual Effects:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects] "VisualFXSetting"=dword:00000003
[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] "MinAnimate"="0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "ListviewAlphaSelect"=dword:00000000 "TaskbarAnimations"=dword:00000000 "ListviewWatermark"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop] "DragFullWindows"="0" "FontSmoothing"="0" "UserPreferencesMask"=binary:90,12,01,80 ,10,00,00,00

Citrix Profile Manager GPO – Version 4 and above
IMPORTANT: make sure the version of the ADM added to the GPO is exactly the same as the version of the installation that is in the image.
Profile Management – Enable Profile Management - Enabled
Profile Management – Processed groups: Enabled (add AD groups containing required users)
Profile Management – Process logons of local Administrators: Disabled
Profile Management – Path to Store: Enabled (specify path to store)
Profile Management – Active write back: Enabled
Profile Management – Profile Handling – Template profile: Enable (if we want to standardise user profiles)
Profile Management – Advanced settings – Process Internet cookies files on logoff: Enabled
Profile Management – Log Settings – Enable logging: Enabled
Profile Management – File System – Exclusion list – Directories

AppData\Local\Microsoft\Windows\Temporary Internet Files
AppData\Local\Microsoft\Windows Live
AppData\Local\Microsoft\Windows Live Contacts
AppData\Local\Microsoft\Terminal Server Client
AppData\Local\Windows Live
AppData\Local\Google\Chrome\User Data\Default\Cache
AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images
AppData\Roaming\Microsoft\Windows\Start Menu

Profile Management – File System – Synchronization – folders to mirror: Enabled (AppData\Roaming\Microsoft\Windows\Cookies)
Profile Management – Streamed user profile – Profile Streaming: Enabled

Changes applied directly to VM
Disable Large Send Offload :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNNS\Parameters] "EnableOffload"=dword:00000000
Disable TCP/IP Offload :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]  "DisableTaskOffload"=dword:00000001
Increase Service Startup Timeout [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] "ServicesPipeTimeout"=dword:0002bf20
Hide Hard Error Messages [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows] "ErrorMode"=dword:00000002
Disable CIFS Change Notifications :[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRemoteRecursiveEvents"=dword:00000001
Disable Logon Screensaver :[HKEY_USERS\.DEFAULT\Control Panel\Desktop] "ScreenSaveActive"="0"
Modify C:\ProgramData\Microsoft\Windows\Start Menu to reflect a “tidy” start menu

If we are using a PVS in an environment ensure that the PVS optimizer is run at least once on image or at the end of each image update process just to be on the safe side.

One time changes
Disable Boot Animation: bcdedit /set bootux disabled
Remove unused Windows components : Windows Media Center, DVD Maker, Tablet Components
Page file : Minimum and maximum the same

Final actions to be performed at each image update process.
Disk Cleanup
Run defragmentation
Optimize Antivirus
Clear event logs
Run a windows updates (potential)
Rerun PVS optimizer if client is using a PVS

1 comment:

  1. Great post. Is it possible for you to export your gpo and provide it as a download?