Microsoft VDI supportability for Windows XP (XP here is either a member of an RD pool or acts as a PDD)

Hi,

I'm writing this post on Microsoft VDI - Microsoft VDI supportability for Windows XP.

There are news that its not clear from Microsoft whether Windows XP would work in a RP Pool & PDD scenario. But I spoke with Virtualization support person who confirmed me that it does.

And yes! It does!

There is a beautiful document to make Windows 7 work in RD Pool or PDD, which holds good for Vista as well. But for Windows XP, there is no documentation &

the steps don't seem to be pretty straight forward.

Following are the configuration settings that need to be done on the VM:

1. External network created is to be added to the network adapter of the VMs.

2. The name of the VM in the Hyper-V Manager tool matches the FQDN of the guest OS on that VM (this is mandated only for VMs being used in PDD scenarios)

3. Integration Components should be installed on the Virtual Machine (present by default on a Win7 client).

4. Remote Desktop must be enabled on that VM.

5. The RD Virtualization Host server hosting this VM should be added to the VM’s RDP-Tcp listener permissions group.

6. The registry entry ‘AllowRemoteRPC’ must be set to 1.

7. Firewall exception needs to be enabled for Remote Desktop and Remote Service Management

8. Users who need access to VM should members of the Remote Desktop Users group.

They work fine on Vista & Windows 7. As far as Windows XP is concerned, there is not much clarity.

Refer to Step no. 5 - The RD Virtualization Host server hosting this VM should be added to the VM’s RDP-Tcp listener permissions group.

Does this group "RDP-Tcp listener permissions group" exist as a security group? I can't find it that easily said.

The proccess includes to grant the RDVH-SRV computer account permissions to the RDP protocol on the client and then restart the Remote Desktop Services service on the client. The RDVH-SRV computer account needs the WINSTATION_QUERY, WINSTATION_LOGOFF, and WINSTATION_DISCONNECT permissions on client.

Here client is either a member of an RD pool or acts a PDD & RDVH-SRV is Remote Desktop Virtualization Host (RD Virtualization Host) server

To add RDP protocol permissions to a virtual machine:

1. Click Start, point to All Programs, and then click Accessories.

2. Right-click Command Prompt, and then click Run as administrator.

3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

4. At the command prompt, type the following commands:

> wmic /node:localhost RDPERMISSIONS where TerminalName="RDP-Tcp" CALL AddAccount "contoso\rdvh-srv$",1

> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 0,1

> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 2,1

> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 9,1

> Net stop termservice

> Net start termservice

5. Log off the client computer. This is required in order for Morgan Skinner to log on to the personal virtual desktop successfully.

Now the whole purpose this discussion here is: How to grant RDP-Tcp listener permissions on an XP machine which either resides in an RP pool or acts as a PDD.

Solution:

This script works & resolves this: "How to grant RDP-Tcp listener permissions on an XP machine which either resides in an RP pool or acts as a PDD"

#####

function Grant RDPPermissions ([String]$RDVHost)

{

$tsAccounts = @(Get-WMIObject -Namespace "root\cimv2" -Query "SELECT * FROM Win32_TSAccount WHERE (TerminalName = 'RDP-TCP' OR TerminalName = 'Console') AND AccountName = '$($RDVHost.replace("\", "\\"))'")

if ($tsAccounts -eq $NULL -or $tsaccounts.count -eq 0)

{

Write-Host " $RDVHost is being added as a member of RDP-TCP permissions list"

$permissionSettings = @(Get-WmiObject -Namespace $nameSpace -Query "SELECT * FROM Win32_TSPermissionsSetting WHERE TerminalName = 'RDP-TCP'")

foreach($setting in $permissionSettings)

{

$setting.addaccount("$RDVHost", 1) | Out-Null

}

}

$tsAccounts = @(Get-WMIObject -Namespace $nameSpace -Query "SELECT * FROM Win32_TSAccount WHERE (TerminalName = 'RDP-TCP' OR TerminalName = 'Console') AND AccountName = '$($RDVHost.replace("\", "\\"))'")

foreach($account in $tsAccounts)

{

if (($account.PermissionsAllowed -band 517) -ne 517)

{

Write-Host " Granting permissions : $RDVHost"

$account.ModifyPermissions(0,1) | Out-Null

$account.ModifyPermissions(2,1) | Out-Null

$account.ModifyPermissions(9,1) | Out-Null

}

}

}

#####

----------------------------------------------------------------------------------------