Microsoft VDI supportability for Windows XP (XP here is either a member of an RD pool or acts as a PDD)

Hi,

I'm writing this post on Microsoft VDI - Microsoft VDI supportability for Windows XP.

There are news that its not clear from Microsoft whether Windows XP would work in a RP Pool & PDD scenario. But I spoke with Virtualization support person who confirmed me that it does.

And yes! It does!

There is a beautiful document to make Windows 7 work in RD Pool or PDD, which holds good for Vista as well. But for Windows XP, there is no documentation &

the steps don't seem to be pretty straight forward.

Following are the configuration settings that need to be done on the VM:

1. External network created is to be added to the network adapter of the VMs.

2. The name of the VM in the Hyper-V Manager tool matches the FQDN of the guest OS on that VM (this is mandated only for VMs being used in PDD scenarios)

3. Integration Components should be installed on the Virtual Machine (present by default on a Win7 client).

4. Remote Desktop must be enabled on that VM.

5. The RD Virtualization Host server hosting this VM should be added to the VM’s RDP-Tcp listener permissions group.

6. The registry entry ‘AllowRemoteRPC’ must be set to 1.

7. Firewall exception needs to be enabled for Remote Desktop and Remote Service Management

8. Users who need access to VM should members of the Remote Desktop Users group.

They work fine on Vista & Windows 7. As far as Windows XP is concerned, there is not much clarity.

Refer to Step no. 5 - The RD Virtualization Host server hosting this VM should be added to the VM’s RDP-Tcp listener permissions group.

Does this group "RDP-Tcp listener permissions group" exist as a security group? I can't find it that easily said.

The proccess includes to grant the RDVH-SRV computer account permissions to the RDP protocol on the client and then restart the Remote Desktop Services service on the client. The RDVH-SRV computer account needs the WINSTATION_QUERY, WINSTATION_LOGOFF, and WINSTATION_DISCONNECT permissions on client.

Here client is either a member of an RD pool or acts a PDD & RDVH-SRV is Remote Desktop Virtualization Host (RD Virtualization Host) server

To add RDP protocol permissions to a virtual machine:

1. Click Start, point to All Programs, and then click Accessories.

2. Right-click Command Prompt, and then click Run as administrator.

3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

4. At the command prompt, type the following commands:

> wmic /node:localhost RDPERMISSIONS where TerminalName="RDP-Tcp" CALL AddAccount "contoso\rdvh-srv$",1

> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 0,1

> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 2,1

> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 9,1

> Net stop termservice

> Net start termservice

5. Log off the client computer. This is required in order for Morgan Skinner to log on to the personal virtual desktop successfully.

Now the whole purpose this discussion here is: How to grant RDP-Tcp listener permissions on an XP machine which either resides in an RP pool or acts as a PDD.

Solution:

This script works & resolves this: "How to grant RDP-Tcp listener permissions on an XP machine which either resides in an RP pool or acts as a PDD"

#####

function Grant RDPPermissions ([String]$RDVHost)

{

$tsAccounts = @(Get-WMIObject -Namespace "root\cimv2" -Query "SELECT * FROM Win32_TSAccount WHERE (TerminalName = 'RDP-TCP' OR TerminalName = 'Console') AND AccountName = '$($RDVHost.replace("\", "\\"))'")

if ($tsAccounts -eq $NULL -or $tsaccounts.count -eq 0)

{

Write-Host " $RDVHost is being added as a member of RDP-TCP permissions list"

$permissionSettings = @(Get-WmiObject -Namespace $nameSpace -Query "SELECT * FROM Win32_TSPermissionsSetting WHERE TerminalName = 'RDP-TCP'")

foreach($setting in $permissionSettings)

{

$setting.addaccount("$RDVHost", 1) | Out-Null

}

}

$tsAccounts = @(Get-WMIObject -Namespace $nameSpace -Query "SELECT * FROM Win32_TSAccount WHERE (TerminalName = 'RDP-TCP' OR TerminalName = 'Console') AND AccountName = '$($RDVHost.replace("\", "\\"))'")

foreach($account in $tsAccounts)

{

if (($account.PermissionsAllowed -band 517) -ne 517)

{

Write-Host " Granting permissions : $RDVHost"

$account.ModifyPermissions(0,1) | Out-Null

$account.ModifyPermissions(2,1) | Out-Null

$account.ModifyPermissions(9,1) | Out-Null

}

}

}

#####

----------------------------------------------------------------------------------------

Windows XP Mode for Windows 7 doesn't work with VDI

XP Mode won’t run on any virtual machine running on a hypervisor. Virtual Desktops directly running on blades (no hypervisor) will work however. Med-V is the management bit, part of MDOP that is used to manage the virtual images.

Why?

XP Mode uses a hardware assisted version of Microsoft Virtual PC to allow the use of XP compatible applications on Vista/7. You can’t use hardware assisted Virtual PC on a machine running on a hypervisor as it requires the hardware assist (VT) from the processor. Virtual Processors don’t have hardware assist. The current version of XP mode uses Virtual PC, but would one would suspect that this will change to an embedded Hyper-V at some stage.

So how does this affect me?

If you thought that VDI was an easy hop to migrating to Windows 7, think again, the much touted Microsoft application compatibility pieces won’t work without using another mechanism.

Will XP Mode run on my laptop?

Only if your chipset supports hardware assist, and if your vendor has added the ability to enable it in your BIOS!

Won’t Citrix Application Streaming/App-V/ThinApp/Altiris SVS etc. resolve this?

Nope, if the application is packaged as a virtual application, it won’t change the OS compatibility of the said application. If it doesn’t work using traditional installation, it won’t work isolated either. Remember its isolated from other applications, not the OS.

So how do I get those pesky XP applications running in my VMs?

Two ways:

1. You could use XenApp running Windows 2003, which combined with either XenApp Streamed Applications or App-V (to provide isolation and application sociability) would support almost all XP applications.

2. You could use VM hosted Apps. Citrix is releasing application publishing from a desktop OS in Q3 - more info here

Hang on, what about Laptop hypervisors, Citrix/Intel Project Independence and the like?

Same story, Windows 7 running on a desktop hypervisor won’t be able to use XP Mode. The difference here is that you can run the XP applications on a second VM on the same device, moreover there will even be elegant ways of accessing the XP applications from within the Windows 7 desktop. Better or worse than XP mode? - Performance will probably be better as you are using a type 1 hypervisor for the application.

----------------------------------------------------------------------------------------