Versions Compared

Old Version 4

changes.mady.by.user Scott Arnold

Saved on

compared with

New Version 5

changes.mady.by.user Scott Arnold

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
panel

Image Added

bgColor#004CFF

Summary

Evolve IP requires the following best practices be implemented with DaaS, ensuring best user experience and supportability.  As the client administrator, you are responsible to understand and implement all or some of the policies below, based on your specific requirements.  

Evolve IP service delivery requires that the following be setup, configured and tested prior to entering a UAT phase of the project.  Long term Evolve IP support and SLA's will be contingent upon the client environment being in compliance with the following recommendations and best practices.

Recommended Best Practices and Policies:


Applications and Load Over Time - Memory Requirements Will Grow 

Memory resources are a driving factor in the performance of your DaaS seat.  It is important to recognize that over time as you add new applications that were not part of the initial design requirements, less free memory (RAM) can constrain performance.  Specifically, Real Time Audio Video collaboration tools will see a performance decrease as memory is consumed by additional applications.  See the Real Time Audio Video Collaboration Tools section below for more details.

It is recommended that before you add new applications or software to check with Evolve IP to see if any changes to the DaaS seat resources are necessary.


Real Time Audio Video Collaboration Tools

Real Time Audio Video (RTAV) collaboration has become a standard tool for every business.  It is important to recognize that the manufacturer's recommendation to use RTAV tools like Microsoft Teams and Zoom is to run them locally from the users endpoint.  Evolve IP deploys our vendor's RTAV optimizations in order to provide the best RTAV possible outside of running from the local endpoint.  RTAV will have performance and feature limitations running in DaaS when compared to to running them from your local machine. We have detailed our experience with RTAV in virtualized environments here for your reference to help you select the best DaaS seat option. 


Group Policy Objects

GPOs are settings within Microsoft's OS that define what a system will look like and how it will behave for a defined group of users.  For example, GPOs enable control over a user's ability to access restricted files, deploy new software, run background processes and limit a user's access to applications like the payroll software.

Evolve IP has provided the following GPOs to provide the best user experience: 


Microsoft Teams Optimization

Message Box
iconbuild
titleMicrosoft Teams Optimization

Recommended Group Policies

We recommend these as best practice to improve user experience and provide the best possible performance.

Div
classtoc

In This Article

Table of Contents
stylesquare

Prevent Bing Extension for Chrome

Message Box
iconbuild
titlePrevent Bing Extension for Chrome
typehint
  1. Download and install the Microsoft Office Group Policy Templates (ADMX and ADML files)
    1. https://www.microsoft.com/en-us/download/details.aspx?id=49030
  2. Create new GPO Under the OU with the desktops in it with the name:  Evolve IP - DaaS 3 - Disable Bing
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Navigate to Computer Configuration -> Policies -> Administrative Templates -> Microsoft Office 2016 (Machine) -> Updates
    2. Look through the list of policies and double-click on the Don't install extension for Microsoft Search in Bing that makes Bing the default the search engine option.
    3. Select Enabled and then press Apply followed by OK to configure the policy.

Windows 10 Device Registration

Message Box
iconbuild
titleWindows 10 Device Registration
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Windows 10 Device Registration
  2. Evolve IP can provide the needed admx/adml files if these options are missing.
    1. The ADMX files would get copied into your “Policy Definitions” folder
    2. The ADML files would get copied into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Device Registration
      1. Register domain-joined computers as devices
        1. Enabled
    2. Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update
      1. Do not connect to any Windows Update Internet Locations
        1. Disabled

Turn Off Display

Message Box
iconbuild
titleTurn Off Display
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Turn Off DisplayMicrosoft Teams Optimization
  2. Evolve IP can provide the needed admx/adml files if these options are missing.
    1. The ADMX files would get copied into your “Policy Definitions” folder
    2. The ADML files would get copied into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Policies -> Administrative Templates -> System -> Power Management -> Video and Display Settings
      1. Turn Off the Display (Plugged In): Enabled
      2. Turn Off the Display (seconds): 0
PCoIP - Clipboard Redirection & vSphere Console Access
    1. VMware View Agent Configuration → VMware HTML5 Features → VMware WebRTC Redirection Features
      1. Enable Media Optimization for Microsoft Teams
        1. Enabled

Zoom Optimization

Message Box
iconbuild
titleZoom Optimization
typehint


Prevent Bing Extension for Chrome

Message Box
iconbuild
titlePrevent Bing Extension for ChromePCoIP - Clipboard Redirection & vSphere Console Access
typehint
  1. Download and install the Microsoft Office Group Policy Templates (ADMX and ADML files)
    1. https://www.microsoft.com/en-us/download/details.aspx?id=49030
  2. Create new GPO Under the OU with the desktops in it with the name:  Evolve IP - DaaS 3 - Disable Bing
  3. Right-click the GPO that you created
  4. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 – PcoIP
  5. Evolve IP can provide the needed admx/adml files
    1. Copy PCOIP.ADMX into your “Policy Definitions” folder
    2. Copy PCOIP.ADML into your “Policy Definitions\en-US” folder
  6. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Navigate to Computer Configuration -> Policies -> Administrative Templates ->
    Classic
    1. Microsoft Office 2016 (Machine) ->
    PCoIP Session Variables -> Overridable Administrator Defaults
    1. Enable access to a PCoIP session from a vSphere console
      1. Enabled
    2. Configure Clipboard Redirection
      1. Enabled
      2. Enabled in both directions

Blast - Screen Blanking & Clipboard Redirection

    1. Updates
    2. Look through the list of policies and double-click on the Don't install extension for Microsoft Search in Bing that makes Bing the default the search engine option.
    3. Select Enabled and then press Apply followed by OK to configure the policy.

Windows 10 Device Registration

Message Box
iconbuild
titleBlast - Screen Blanking & Clipboard RedirectionWindows 10 Device Registration
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 – Blast- Windows 10 Device Registration
  2. Evolve IP can provide the needed admx/adml files if these options are missing.
    1. The ADMX files would get copied
    2. Copy VDM_BLAST.ADMX into your “Policy Definitions” folderCopy VDM_
    3. BLAST.ADML The ADML files would get copied into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Policies -> Administrative Templates -> Classic Windows Components -> VMware Blast
      1. Screen Blanking
        1. Disabled
      2. Configure Clipboard Redirection
        1. Enabled
        2. Enabled in both directions
Internet Explorer / Edge Graphics Optimization
    1. Device Registration
      1. Register domain-joined computers as devices
        1. Enabled
    2. Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update
      1. Do not connect to any Windows Update Internet Locations
        1. Disabled

Display and Screensaver

Message Box
iconbuild
titleIE Graphics OptimizationTurn Off Display
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - IE Graphics OptimizationTurn Off Display
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. User Computer Configuration -> Preferences Administrative Templates -> System -> Windows Settings Power Management -> Registry
      1. Action: Create
      2. Hive: HKEY_CURRENT_USER
      3. Key Path: Software\Microsoft\Internet Explorer\Main
      4. Value Name: UseSWRender
      5. Value Type: REG_DWORD
      6. Value Data: 00000001
      7. Base: Hexadecimal

Disable Peer to Peer Windows Updates

    1. Video and Display Settings
      1. Turn Off the Display (Plugged In): Enabled
      2. Turn Off the Display (seconds): 0

Screensaver - No 3D screensavers are supported in DaaS.  

PCoIP - Clipboard Redirection & vSphere Console Access

Message Box
iconbuild
titlePCoIP - Clipboard Redirection & vSphere Console Access
typehint
  1. Create new GPO Under
Message Box
titleDisable Peer to Peer Windows Updates
typegeneric
  1.  Create new GPO under the OU with the desktops in it with the name:   Evolve IP - DaaS 3 - Windows Update Delivery Optimization– PcoIP
  2. Evolve IP can provide the needed admx/adml files
    1. Copy PCOIP.ADMX into your “Policy Definitions” folder
    2. Copy PCOIP.ADML into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings Right-click the GPO that you created for the group policy settins and select Edit.
    1. Computer Configuration -> Policies -> Policies → Administrative Templates → Windows Components → Delivery Optimization
      1. Edit Download Mode
        1. Enabled
        2. HTTP only (0)
Google Chrome Graphics Optimization
    1. Administrative -> Classic -> PCoIP Session Variables -> Overridable Administrator Defaults
      1. Enable access to a PCoIP session from a vSphere console
        1. Enabled
      2. Configure Clipboard Redirection
        1. Enabled
        2. Enabled in both directions

Blast - Screen Blanking & Clipboard Redirection

Message Box
iconbuild
titleChrome Graphics OptimizationBlast - Screen Blanking & Clipboard Redirection
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Chrome Graphics Optimization– Blast
  2. Evolve IP can provide the needed admx/adml files
    1. Copy CHROMEVDM_BLAST.ADMX into your “Policy Definitions” folder
    2. Copy CHROMEVDM_BLAST.ADML into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Polices Policies -> Administrative Templates -> Classic -> Google Chrome
      1. Use hardware acceleration when available: Disabled
Office 2016/2019/365
    1. VMware Blast
      1. Screen Blanking
        1. Disabled
      2. Configure Clipboard Redirection
        1. Enabled
        2. Enabled in both directions

Internet Explorer Graphics Optimization

Message Box
iconbuild
titleOffice 2016/2019/365 IE Graphics Optimization
typehint
  1. NOTE: This GPO is version specific. If using an older version of office, the appropriate ADMX/ADML files would be required.
  2. Create Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Office 2016/2019/365 IE Graphics Optimization
  3. Evolve IP can provide the needed admx/adml files
    1. Copy all office ADMX files into your “Policy Definitions” folder
    2. Copy all office ADML files into your “Policy Definitions\en-US” folder
  4. Right-click the GPO that you created for the group policy Right-click the GPO that you created for the group policy settings and select Edit.
    1. User Configuration -> Policies Preferences -> Administrative Templates Windows Settings -> Microsoft Office 2016 -> Miscellaneous
      1. Do not use hardware graphics acceleration: Enabled

Outlook - Cached Mode Enabled

    1. Registry
      1. Action: Create
      2. Hive: HKEY_CURRENT_USER
      3. Key Path: Software\Microsoft\Internet Explorer\Main
      4. Value Name: UseSWRender
      5. Value Type: REG_DWORD
      6. Value Data: 00000001
      7. Base: Hexadecimal

Microsoft Edge Graphics Optimization

Message Box
titleMicrosoft Edge Graphics Optimization
typegeneric
Message Box
iconbuild
titleOutlook - Cached Mode Enabled
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Outlook Cached Mode.
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. User Configuration -> Policies -> Administrative Templates → Microsoft Outlook 2016 → Account Settings → Exchange → Cached Exchange Mode
    2. Set Cached Exchange Mode Sync Settings to enabled and 3 months unless customer requests longer duration
    3. Set Use Cached Exchange Mode for new and existing Outlook profiles to enabled.
    4. User Configuration -> Policies -> Administrative Templates → Microsoft Outlook 2016 → Outlook Options → Delegates
    5. Set Disable shared mail folder caching to enabled

 

Allow Windows Store Apps to Auto Update

  1. – Microsoft Edge Graphics Optimization
  2. Evolve IP can provide the needed admx/adml files. Download Microsoft Edge for Business - Microsoft 
    1. Copy msedge.admx, msedgeupdae.admx, and msedgewebview2.admx into your “Policy Definitions” folder
    2. Copy msedge.adml, msedgeupdae.adml, and msedgewebview2.adml into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration -> Policies -> Administrative -> Microsoft Edge
    2. User Hardware Acceleration when available
      1. Disabled

Disable Peer to Peer Windows Updates

Message Box
titleDisable Peer to Peer Windows Updates
typegeneric
  1.  Create new GPO under
Message Box
iconbuild
titleAllow Windows Store Apps to Auto Update
typehint
  1. Create new GPO Under the OU with the desktops in it with the name:  Evolve IP- DaaS 3 - Windows Store AppsUpdate Delivery Optimization
  2. Right-click the GPO that you created for the group policy settings settins and select Edit.
    1. Computer Configuration -> Preferences -> Windows Settings -> Registry
      1. Action: Delete
      2. Hive: HKEY_LOCAL_MACHINE
      3. Key Path: Software\Policies\Microsoft\WindowsStore
      4. Value Name: AutoDownload
Windows Updates
    1. Policies → Administrative Templates → Windows Components → Delivery Optimization
      1. Edit Download Mode
        1. Enabled
        2. HTTP only (0)

Google Chrome Graphics Optimization

Message Box
iconbuild
titleDaaS Windows UpdatesChrome Graphics Optimization
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Windows UpdatesChrome Graphics Optimization
  2. Evolve IP can provide the needed admx/adml files
    1. Copy CHROME.ADMX into your “Policy Definitions” folder
    2. Copy CHROME.ADML into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer Configuration → Policies →  Administrative Templates →  Windows Components →  Windows Updates → Windows Updates for Business
      1. Select when Preview Builds and Feature Updates are received: Enabled
        1. Select the Windows readiness level for the updates you receive: Semi-annual Channel
        2. After a Preview Build or Feature Update is released, defer receiving it for this many days: 365
  1. Disable Peer-to-Peer Delivery: Disable Windows Update Delivery Optimization through Group Policy or - Microsoft Community

RMM Windows Firewall Exceptions

    1. Configuration -> Polices -> Administrative Templates -> Google Chrome
      1. Use hardware acceleration when available: Disabled

Google  Chrome - Disable Software Reporter Tool

Message Box
titleChrome - Disable Software Reporter Tool
typegeneric
Message Box
iconbuild
titleRMM Windows Firewall Exceptions
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 -
Windows Firewall
  1. Chrome Disable Software Reporter Tool
  2. Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer
Configuration →  Polices →  Administrative Templates →  Network → Network Connections → Windows Defender Firewall → Domain Profile
  1. Windows Defender Firewall: Allow inbound file and printer sharing exception : Enabled
    1. Allow unsolicited incoming messages from these IP addresses: 10.200.1.0/24
  2. Windows Defender Firewall: Allow ICMP exceptions: Enabled
    1. Options: Allow inbound echo request
  3. Windows Defender Firewall: Allow inbound remote administration exception: Enabled
    1. Allow unsolicited incoming messages from these IP addresses: 10.200.1.0/24

RMM Checks

    1. Configuration -> Preferences -> Windows Settings -> Registry
      1. Registry Key 1:
        1. Action: Create
        2. Hive: HKEY_LOCAL_MACHINE
        3. Key Path: Software\Policies\Google\Chrome
        4. Type: DWORD
        5. Name: ChromeCleanupEnabled
        6. Value: 0
      2. Registry Key 2:
        1. Action: Create
        2. Hive: HKEY_LOCAL_MACHINE
        3. Key Path: Software\Policies\Google\Chrome
        4. Type: DWORD
        5. Name: ChromeCleanupReportingEnabled
        6. Value: 0

Office 2016/2019/365 Graphics Optimization

Message Box
iconbuild
titleRMM ChecksOffice 2016/2019/365 Graphics Optimization
typehint

RMM allows you to set up periodic checks to ensure optimal performance.  We recommend setting these checks for after hours in order to reduce load on the platform.

User Group Policy Loopback

  1. NOTE: This GPO is version specific. If using an older version of office, the appropriate ADMX/ADML files would be required.
  2. Create new GPO Under
Message Box
iconbuild
titleUser Group Policy Loopback
typehint
  1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - User Group Policy LoopbackOffice 2016/2019/365 Graphics Optimization
  2. Evolve IP can provide the needed admx/adml files
    1. Copy all office ADMX files into your “Policy Definitions” folder
    2. Copy all office ADML files into your “Policy Definitions\en-US” folder
  3. Right-click the GPO that you created for the group policy Right-click the GPO that you created for the group policy settings and select Edit.
    1. Computer User Configuration -> Policies -> Administrative Templates -> System Microsoft Office 2016 -> Group PolicyMiscellaneous
      1. Do not use hardware graphics acceleration
      2. User Group Policy Loopback processing mode: Enabled

Outlook - Cached Mode

: Merge
  • Ensure this GPO is processed last.

    • Enabled

    Folder Redirection

    Message Box
    iconbuild
    titleFolder RedirectionOutlook - Cached Mode Enabled
    typehint
    1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Folder RedirectionOutlook Cached Mode.
    2. Right-click the GPO that you created for the group policy settings and select Edit.
      1. User Configuration -> Policies > Policies -> Windows Settings -> Folder Redirection
        1. Favorites (right click the folder)
          1. Setting: Basic (Redirect everyone’s folder to the same location)
          2. Target Folder Location: Create a folder for each user under the root path
          3. Root Path: \\server\share
          4. Options:
            1. Grant user exclusive rights to Favorites: Disabled
            2. Move the Contents of Favorites to the new location: Enabled
            3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
            4. Policy Removal Behavior: Leave Contents
        2. Desktop
          1. Setting: Basic (Redirect everyone’s folder to the same location)
          2. Target Folder Location: Create a folder for each user under the root path
          3. Root Path: \\server\share
          4. Options:
            1. Grant user exclusive rights to Desktop: Disabled
            2. Move the Contents of Desktop to the new location: Enabled
            3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
            4. Policy Removal Behavior: Leave Contents
        3. Documents
          1. Setting: Basic (Redirect everyone’s folder to the same location
          2. Target Folder Location: Create a folder for each user under the root path
          3. Root Path: \\server\share
          4. Options:
            1. Grant user exclusive rights to Documents: Disabled
            2. Move the Contents of Documents to the new location: Enabled
            3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
            4. Policy Removal Behavior: Leave Contents
        4. Downloads
          1. Setting: Basic (Redirect everyone’s folder to the same location)
          2. Target Folder Location: Create a folder for each user under the root path
          3. Root Path: \\server\share
          4. Options:
            1. Grant user exclusive rights to Downloads: Disabled
            2. Move the Contents of Downloads to the new location: Enabled
            3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
            4. Policy Removal Behavior: Leave Contents
        5. Music
          1. Setting: Follow the Documents Folder
        6. Videos
          1. Setting: Follow the Documents Folder
        7. Pictures
          1. Setting: Follow the Documents Folder
    Trend Micro Worry Free
      1. Administrative Templates → Microsoft Outlook 2016 → Account Settings → Exchange → Cached Exchange Mode
      2. Set Cached Exchange Mode Sync Settings to enabled and 3 months unless customer requests longer duration
      3. Set Use Cached Exchange Mode for new and existing Outlook profiles to enabled.
      4. User Configuration -> Policies -> Administrative Templates → Microsoft Outlook 2016 → Outlook Options → Delegates
      5. Set Disable shared mail folder caching to enabled

     

    Allow Windows Store Apps to Auto Update

    Message Box
    iconbuild
    titleAllow Windows Store Apps to Auto Update
    typehint
    1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Windows Store Apps
    2. Right-click the GPO that you created for the group policy settings and select Edit.
      1. Computer Configuration -> Preferences -> Windows Settings -> Registry
        1. Action: Delete
        2. Hive: HKEY_LOCAL_MACHINE
        3. Key Path: Software\Policies\Microsoft\WindowsStore
        4. Value Name: AutoDownload

    Windows Updates

    Message Box
    iconbuild
    titleDaaS Windows Updates
    typehint
    1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Windows Updates
    2. Right-click the GPO that you created for the group policy settings and select Edit.
      1. Computer Configuration → Policies →  Administrative Templates →  Windows Components →  Windows Updates → Windows Updates for Business
        1. Select when Preview Builds and Feature Updates are received: Enabled
          1. Select the Windows readiness level for the updates you receive: Semi-annual Channel
          2. After a Preview Build or Feature Update is released, defer receiving it for this many days: 365


    1. Disable Peer-to-Peer Delivery: Disable Windows Update Delivery Optimization through Group Policy or - Microsoft Community

    RMM Windows Firewall Exceptions

    Message Box
    iconbuild
    titleTrend Micro Worry FreeRMM Windows Firewall Exceptions
    typehint
    1. Create
    a
    1. new GPO
    in
    1. Under the
    DaaS
    1. OU with the
    following properties.Name
    1. desktops in it with the name: Evolve IP - DaaS
    - Trend WF Install
  • Computer Configuration → Policies → Windows Settings → Scripts → Startup
    1. PowerShell Scripts → Add
      1. Script Name: Click Browse and locate the install script you just created in your deployment share.
    • PowerShell Script:  C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Citrix\User Profile Manager\UserProfileManager.exe
    C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
    C:\Windows\system32\taskmgr.exe
    ${WinDir}\SoftwareDistribution\Datastore\DataStore.edb
    ${WinDir}\SoftwareDistribution\Datastore\Logs\Edb*.jrs
    ${WinDir}\SoftwareDistribution\Datastore\Logs\Edb.chk
    ${WinDir}\SoftwareDistribution\Datastore\Logs\Tmp.edb
    ${windir}\Security\Database\*.edb
    ${windir}\Security\Database\*.sdb
    ${windir}\Security\Database\*.log
    ${windir}\Security\Database\*.chk
    ${windir}\Security\Database\*.jrs
    ${windir}\Security\Database\*.xml
    ${windir}\Security\Database\*.csv
    ${windir}\Security\Database\*.cmtx
    pcoip_server_win32.exe
    wssm.exe
    VMBlastS.exe
    wsnm_jms.exe
    vmwareviewclipboard.exe*
    outlook.exe*
    excel.exe
    splwow64.exe
    vmtoolsd.exe
    C:\Program Files (x86)\VMware\VMware DaaS Agent\service\DaaSAgent.exe
    1. 3 - Windows Firewall
    2. Right-click the GPO that you created for the group policy settings and select Edit.
      1. Computer Configuration →  Polices →  Administrative Templates →  Network → Network Connections → Windows Defender Firewall → Domain Profile
        1. Windows Defender Firewall: Allow inbound file and printer sharing exception : Enabled
          1. Allow unsolicited incoming messages from these IP addresses: 10.200.1.0/24
        2. Windows Defender Firewall: Allow ICMP exceptions: Enabled
          1. Options: Allow inbound echo request
        3. Windows Defender Firewall: Allow inbound remote administration exception: Enabled
          1. Allow unsolicited incoming messages from these IP addresses: 10.200.1.0/24

    User Group Policy Loopback

    Message Box
    iconbuild
    titleUser Group Policy Loopback
    typehint
    1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - User Group Policy Loopback
    2. Right-click the GPO that you created for the group policy settings and select Edit.
      1. Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy
        1. User Group Policy Loopback processing mode: Enabled
          1. Mode: Merge
    3. Ensure this GPO is processed last.

    Folder Redirection

    Message Box
    iconbuild
    titleFolder Redirection
    typehint
    1. Create new GPO Under the OU with the desktops in it with the name: Evolve IP - DaaS 3 - Folder Redirection
    2. Right-click the GPO that you created for the group policy settings and select Edit.
      1. User Configuration -> Policies -> Windows Settings -> Folder Redirection
        1. Favorites (right click the folder)
          1. Setting: Basic (Redirect everyone’s folder to the same location)
          2. Target Folder Location: Create a folder for each user under the root path
          3. Root Path: \\server\share
          4. Options:
            1. Grant user exclusive rights to Favorites: Disabled
            2. Move the Contents of Favorites to the new location: Enabled
            3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
            4. Policy Removal Behavior: Leave Contents
        2. Desktop
          1. Setting: Basic (Redirect everyone’s folder to the same location)
          2. Target Folder Location: Create a folder for each user under the root path
          3. Root Path: \\server\share
          4. Options:
            1. Grant user exclusive rights to Desktop: Disabled
            2. Move the Contents of Desktop to the new location: Enabled
            3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
            4. Policy Removal Behavior: Leave Contents
        3. Documents
          1. Setting: Basic (Redirect everyone’s folder to the same location
          2. Target Folder Location: Create a folder for each user under the root path
          3. Root Path: \\server\share
          4. Options:
            1. Grant user exclusive rights to Documents: Disabled
            2. Move the Contents of Documents to the new location: Enabled
            3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
            4. Policy Removal Behavior: Leave Contents
        4. Downloads
          1. Setting: Basic (Redirect everyone’s folder to the same location)
          2. Target Folder Location: Create a folder for each user under the root path
          3. Root Path: \\server\share
          4. Options:
            1. Grant user exclusive rights to Downloads: Disabled
            2. Move the Contents of Downloads to the new location: Enabled
            3. Also apply redirection policy to Windows 2000 server, Windows…: Disabled
            4. Policy Removal Behavior: Leave Contents
        5. Music
          1. Setting: Follow the Documents Folder
        6. Videos
          1. Setting: Follow the Documents Folder
        7. Pictures
          1. Setting: Follow the Documents Folder

    File Exclusions for Anti Virus

    Message Box
    iconbuild
    titleFile Exclusions for Anti Virus
    typehint

    File Exclusions for Anti Virus:

    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Citrix\User Profile Manager\UserProfileManager.exe
    C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
    C:\Windows\system32\taskmgr.exe
    ${WinDir}\SoftwareDistribution\Datastore\DataStore.edb
    ${WinDir}\SoftwareDistribution\Datastore\Logs\Edb*.jrs
    ${WinDir}\SoftwareDistribution\Datastore\Logs\Edb.chk
    ${WinDir}\SoftwareDistribution\Datastore\Logs\Tmp.edb
    ${windir}\Security\Database\*.edb
    ${windir}\Security\Database\*.sdb
    ${windir}\Security\Database\*.log
    ${windir}\Security\Database\*.chk
    ${windir}\Security\Database\*.jrs
    ${windir}\Security\Database\*.xml
    ${windir}\Security\Database\*.csv
    ${windir}\Security\Database\*.cmtx
    pcoip_server_win32.exe
    wssm.exe
    VMBlastS.exe
    wsnm_jms.exe
    vmwareviewclipboard.exe*
    outlook.exe*
    excel.exe
    splwow64.exe
    vmtoolsd.exe
    C:\Program Files (x86)\VMware\VMware DaaS Agent\service\DaaSAgent.exe

    Local Horizon View Client

    Message Box
    iconbuild
    titleLocal Horizon View Client
    typehint

    Thick Client Requirements:

    Minimum Version to support Teams Optimization is v2012 Build 8.1


    Thin Client Requirements:

    If using a Wyse 5030: The Firmware version must be v8.6_412_3040 in order for Teams Optimization to function

    RMM Checks

    Message Box
    iconbuild
    titleRMM Checks
    typehint

    RMM allows you to set up periodic checks to ensure optimal performance.  We recommend setting these checks for after hours in order to reduce load on the platform.  Using any RMM scheduled task.  Preexisting IT policies should be reevaluated prior to deploying automated 


    Client Signature:  __________________________________________

    Date:  _______________________________________________