Deploying the Core Optimized Desktop Using System Center Configuration Manager 2007 R2

Applies To: Windows 7

The optimized desktop enables flexible provisioning and management by integrating Windows® 7, the Microsoft® Desktop Optimization Pack (MDOP), Forefront™, and Office 2010. This white paper describes how to use System Center Configuration Manager (ConfigMgr) 2007 R2 to automate the installation and configuration of the core optimized desktop technologies. Core optimized desktop technologies include the Application Virtualization (App-V) client, the Diagnostic and Recovery Toolset (DaRT) recovery image, Forefront client, BitLocker™, and Office 2010 virtual application cache. By installing these technologies during deployment, client computers will be ready for optimized desktop management immediately after installation.

This white paper describes how to:

• Deploy the App-V client to client computers

• Enable ConfigMgr to stream virtual applications

• Create and distribute a virtual application package

• Create and customize a deployment task sequence

• Deploy the optimized desktop to client computers

This white paper assumes that you have a ConfigMgr infrastructure deployed in your organization. It also assumes that you have access to the MDOP installation files.

For a downloadable version of this document, see Deploying the Core Optimized Desktop Using System Center Configuration Manager 2007 R2 in the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=208127).

Deploy the App-V Client to Client Computers

For Configuration Manager 2007 client computers to run virtual application packages you must install the appropriate version of the App-V client. You can use a package definition file to install the App-V client. You must use the AppVirtMgmtClient.sms file to create the package definition file. After you create the package definition file you must add the package to a distribution point and advertise the package to the computers you want to install it on.

The App-V client requires the following prerequisites be installed on the Configuration Manager 2007 client computer:

• Microsoft Application Error Reporting. The install program for this software is included in the Support folder in the self-extracting archive file.

• Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) (https://go.microsoft.com/fwlink/?LinkId=116683)

To install the Microsoft Virtual Application Virtualization Desktop Client:

1. In the ConfigMgr console, navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution.

2. If necessary, expand the Software Distribution node and select Packages. To open the Create Package from Definition Wizard, right-click Packages, and then click New, Package From Definition.

3. On the welcome page, click Next.

4. On the Package Definition page, to specify the publisher and definition for the new package, click Browse. Locate and select the AppVirtMgmtClient.sms file. The default location for the AppVirtMgmtClient.sms file is:

   <ConfigMgrInstallationPath>\SMS\Tools\VirtualApp\AppVirtMgmtClient.sms

   The Name, Version, and Language associated with the specified .sms file are displayed in the Package definition pane. Click Next.

5. On the Source Files page, select Always obtain files from a source directory to help ensure the latest version of the client software will be available, and then click Next.

6. On the Source Directory page, specify the directory that contains the source files for the package. This is the directory that contains the App-V client. Specify the source location by providing the UNC path. Alternatively, click Browse to specify the location that contains the setup files for the type of client you want to install. Click Next.

7. On the Summary page, review the details for the package definition file. To create the package definition file and close the wizard, click Finish. To access the new package select the Packages node and the package will be available in the results pane.

Enable Configuration Manager to Stream Virtual Applications

You can easily use ConfigMgr to deploy virtual applications and virtual application streaming. In this section, you enable virtual application distribution and allow virtual application package advertisements to clients.

Enable Virtual Application Distribution

When managed by ConfigMgr, the App-V Client supports streaming virtual applications via HTTP or HTTPS from a ConfigMgr standard Distribution Point server or streaming via SMB from a ConfigMgr Branch Distribution Point. When streaming from a standard Distribution Point, HTTP is used when the ConfigMgr site is operating in mixed mode. HTTPS is used when the ConfigMgr site is operating in native mode.

To enable virtual application distribution:

1. In the tree pane, expand Site Database, Site Management, Site, Site Settings, Site Systems, and click a site system (such as: \\SEA-DC-01).

2. In the details pane, double-click ConfigMgr distribution point.

3. On the General tab, under Communication Settings, click to select the Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS (required for device clients and Internet-based clients) check box.

4. Click the Virtual Applications tab.

5. Click Enable virtual application streaming, and then click OK.

Allow Virtual Application Advertisements to Clients

The App-V client now includes support for streaming application packages via HTTP, HTTPS and Server Messages Block (SMB) network protocols. The ConfigMgr client agent for virtual applications is used to interact with virtual application deployments the Advertised Programs Client Agent.

To allow virtual application advertisements to clients:

1. In the tree pane, under Site Settings, click Client Agents.

2. In the details pane, double-click Advertised Programs Client Agent.

3. Click to select the Allow virtual application package advertisement check box, and click OK.

Create and Distribute a Virtual Application Package

ConfigMgr recognizes virtualized applications for software distribution. Using the new Virtualized Application Package wizard, sequenced applications can be imported into the management console and deployed using ConfigMgr protocols.

Create a Virtual Application Package for Office 2010

To create a virtual application package:

1. In the tree pane, expand Site Database, Computer Management, Software Distribution, and then click Packages.

2. In the Actions pane, click New, Virtual Application Package.

3. On the Package Source page, click Browse and open the Office 2010 manifest file. Virtual applications can be imported directly into the ConfigMgr console using the manifest file automatically generated during application sequencing.

4. Verify the applications listed by the manifest and click Next.

5. On the General tab, confirm the settings and click Next.

   Note: The Remove this package from clients when it is no longer advertised check box will cause the virtual application to be removed from a client if the client is no longer in the targeted membership list for the application. This option is only available for virtual applications.

6. In the Specify the ConfigMgr data source for this package box, type the destination directory for this package (such as: \\SEA-DC-01\VAppDist$) and click Next.

7. Click Next.

8. Click Next.

9. Click Close.

10. In the tree pane, expand Packages, Microsoft Office 2010 Professional.

Virtual application packages do not contain a Programs node like physical applications do. This is because the information normally detailed in the Program is already in the sequenced application.

Distribute the Office 2010 Virtual Application Package

To distribute the Office 2010 virtual application package to a distribution point:

1. In the tree pane, expand the Office 2010 package and click Distribution Points.

2. In the Actions pane, click New Distribution Points.

3. In the New Distribution Points Wizard, click Next.

4. Under Distribution points, select one or more distribution points, and click Next.

5. Click Close.

Before advertising the package to clients, you should verify that the package has successfully been distributed to the assigned distribution points.

To verify the Office 2010 package has been distributed:

1. In the tree pane, expand Package Status, Site under the Office 2010 package.

2. In the details pane, confirm the Installed state on each distribution point.

Create and Customize a Task Sequence for Deployment

In this section, you create a task sequence to deploy the optimized desktop base on the MDT 2010 client installation task sequence template. You then customize the task sequence to enable Bitlocker and install and pre-cache the sequenced Office 2010 Professional package.

Note: You must enable MDT 2010 integration with ConfigMgr before completing these steps. For more information, see the document “Quick Start Guide for Microsoft System Center Configuration Manager 2007” in the Microsoft Deployment Toolkit 2010. For a downloadable version, see Microsoft Deployment Toolkit 2010 Update 1 in the Microsoft Download Center (https://www.microsoft.com/downloads/en/details.aspx?FamilyID=3bd8561f-77ac-4400-a0c1-fe871c461a89\&displayLang=en).

Configuring the Optimized Desktop Deployment Task Sequence

To configure the optimized desktop deployment task sequence:

1. In the tree pane, expand Site Database, Computer Management, Operating System Deployment and click Task Sequences.

2. In the Actions pane, click Create Microsoft Deployment Task Sequence.

3. On the Choose Template page, ensure that Client Task Sequence is selected from the drop-down list, and then click Next.

4. On the General page, in the Task sequence name box, type a task sequence name (such as: OD Desktop Deploy), and then click Next.

5. On the Details page, click Join a domain.

6. In the Domain box, type the name of the domain to join (such as: WOODGROVEBANK.COM).

7. Next to the Account box, click Set.

8. In the User name box, type the name of the account to use for joining the domain (such as: WOODGROVEBANK\administrator).

9. In the Password and Confirm password boxes, type the account’s password.

10. Click OK.

11. In the Windows Settings area, in the User name box, type a user name (such as: WGBUser).

12. In the Organization name box, type an organization name (such as: Woodgrove Bank).

13. Click Next.

14. On the Capture Settings page, ensure that This task sequence will never be used to capture an image is selected and click Next.

15. On the Boot Image page, ensure that Specify an existing boot image package is selected, and then click Browse.

16. In the Select a Package dialog box, click a boot image, and then click OK.

17. Click Next.

18. On the MDT Package page, ensure Specify an existing Microsoft Deployment Toolkit Files package is selected and click Browse.

19. Select an MDT package and click OK. For more information, see the document “Quick Start Guide for Microsoft System Center Configuration Manager 2007” in MDT 2010.

20. Click Next.

21. On the OS Image page, ensure that Specify an existing OS image is selected, and then click Browse.

22. Click an image, and then click OK. For more information, see the document “Quick Start Guide for Microsoft System Center Configuration Manager 2007” in MDT 2010.

23. Click Next.

24. On the Client Package page, ensure Specify an existing ConfigMgr client package is selected, then click Browse.

25. Select a ConfigMgr client package and click OK. For more information, see the document “Quick Start Guide for Microsoft System Center Configuration Manager 2007” in MDT 2010.

26. Click Next.

27. On the USMT Package page ensure Specify an existing USMT package is selected and click Browse.

28. Select a USMT package and click OK. For more information, see the document “Quick Start Guide for Microsoft System Center Configuration Manager 2007” in MDT 2010.

29. Click Next.

30. On the Settings Package page, ensure Specify an existing settings package is selected and click Browse.

31. Select a settings package and click OK. For more information, see the document “Quick Start Guide for Microsoft System Center Configuration Manager 2007” in MDT 2010.

32. Click Next.

33. On the Sysprep Package page, ensure that No Sysprep package is required is selected, and then click Next.

34. On the Summary page, review the details, and click Next.

35. Click Finish.

Configure Bitlocker Settings

To configure BitLocker settings in the new task sequence:

1. In the details pane, right-click the new task sequence and click Edit.

2. In the console tree, scroll down to the State Restore node and select Enable Bitlocker.

3. In the details pane, click the Options tab.

4. Click to deselect the Disable this step check box.

5. Click the Properties tab and review the settings available.

6. Click OK.

Configure the AppV Client Installation Step

To configure the App-V client installation in the new task sequence:

1. In the details pane, right-click the new task sequence and click Edit.

2. In the console tree, click to select the Install Software task sequence step.

3. Click Add, General, Install Software.

4. Name the task sequence step Install AppV Client.

5. Click Browse, select the App-V client that you want to install, and click OK.

6. Click OK.

Configure the Deployment of Pre-cached Office 2010

The step includes the virtualized version of Microsoft Office 2010 so that it is pre-cached in the CCM cache on the client during the deployment operation.

To add the deployment of pre-cached Office 2010 to the new task sequence:

1. In the details pane, right-click the new task sequence and click Edit.

2. In the console tree, ensure that the Install AppV Client task sequence step is selected.

3. Click Add, General, Install Software.

4. Name the task sequence step Pre-cache Office 2010.

5. Click Browse, select the Office 2010 package that you created earlier, and click OK.

6. Click OK.

Deploy the Optimized Desktop to Clients

In this section, you create a new collection for unknown Windows 7 computers to target computers for the optimized desktop installation.

Create a Collection for New Windows 7 Computers

To create a collection for new Windows 7 computers:

1. In the console tree, under Computer Management, click Collections.

2. In the Actions pane, click New Collection. This may take a minute.

3. In the New Collection Wizard, in the Name box, type New Windows 7 Computers.

4. Click Next.

5. On the Membership Rules page, click the computer icon, do the following, and click Next.

   1. In the Create Direct Membership Rule Wizard, click Next.

   2. For Resource Class, choose Unknown Computer.

   3. For Attribute Name, choose Name.

   4. For Value, type %.

   5. Click Next.

   6. On the Collection Limiting page, click Next.

   7. Select both unknown computer objects, and click Next.

   8. On the Summary page, click Finish.

6. On the Advertisement page, click Next.

7. On the Security page, click Next.

8. On the Confirmation page, click Close.

9. In the tree pane, click Collections.

10. In the Actions pane, click Update Collection Membership.

11. In the Update Collections dialog box, click Yes.

Advertise the Task Sequence to New Windows 7 Computers

To advertise the task sequence to new Windows 7 computers:

1. In the tree pane, expand Site Database, Computer Management, Operating System Deployment, and click Task Sequences.

2. In the details pane, right-click the task sequence you created earlier, and click Advertise.

3. On the General page, for Collection, click Browse, select New Windows 7 Computers, and click OK.

4. Click to select the Make this task sequence available to boot media and PXE check box.

5. Click Next.

6. On Schedule page, click the star icon.

7. Click to select Assign immediately after this event, and click OK.

8. Click Next and complete the wizard with default settings.