08-27-2019 05:02 PM
08-27-2019 05:02 PM
While the primary focus for Windows Virtual Desktop has been on the new Windows 10 multi-session desktop experience it is worth exploring the RemoteApp abilities as well. If you're not familiar with RemoteApp it allows administrators to deliver a streaming application experience to a remote client while providing users the experience of a locally installed application. Some of the benefits include:
New-RdsRemoteApp -TenantName "contoso" -HostPoolname "contosoHostPool" -AppGroupName "webApps" -Name "internetExplorerContosoWebApp" -FilePath "C:\Program Files\internet explorer\iexplore.exe" -FriendlyName "Contoso Web App" -IconPath "C:\Program Files\internet explorer\iexplore.exe" TenantGroupName : Default Tenant Group TenantName : contoso HostPoolName : contosoHostPool AppGroupName : webApps RemoteAppName : internetExplorerContosoWebApp FilePath : C:\Program Files\internet explorer\iexplore.exe AppAlias : CommandLineSetting : DoNotAllow Description : FriendlyName : Contoso Web App IconIndex : 0 IconPath : C:\Program Files\internet explorer\iexplore.exe RequiredCommandLine : ShowInWebFeed : True
I've put together a script that allows you to speed up the deployment process considerably, especially when needing to publish multiple applications across different RemoteApp groups. You can download it from my Github repository. The script will first connect to your WVD tenant and provide you with a list of AppGroups that support RemoteApp publishing. Once you select the appropriate pool, the script will check your host pool for available apps to publish and provide a list of them. You can choose either a single app or multiple apps to publish and once the selection is confirmed the script will publish them to your RemoteApp group. One tip for the script is that I run this from the PowerShell ISE to enable the use of the pop up selection window.
Don't worry if the app has been published before - the script will pass over it and continue publishing the rest of your selected apps without issue.
One of the other considerations when using RemoteApps are the save options presented to users. Someone recently asked of a way to prevent access to the remote host drives for Office365 ProPlus and if there was a way to encourage the use of OneDrive for the default save path. Due to a few nuances there's a few different ways to achieve both but here's a couple of ways that I found were quick and easy options. I'm going to focus on the Excel application below.
Within Excel there's a new option to "save to computer by default" which is user changeable and there's no ADMX template option available as I write this. Instead you can control the option via a simple registry key. The key can be applied to either force the setting on/off and also can be applied to be persistent.
Optionally you can also enable Loop-back Processing to the hosts to enforce the policy no matter who logs in. If successfully applied though the registry value will be created for the user and update all Office365 ProPlus clients on the next login.
At the end of the day when applied correctly, upon login the registry key should appear in the current user's registry and change the default path that comes up when choosing to Save As in Office.
Here I've applied the default save path to be %USERPROFILE%\OneDrive to make sure users are saving to their OneDrive directory. If you've enabled OneDrive for Business Known Folder Move you could also change this to the user's documents directory if you wished. This ensure if they choose to browse they will then be directed to their OneDrive by default. This policy is available through the existing Office ADMX templates available today and are applied per Office application.
Some organisations may also prefer to hide the C Drive completely and set the default save path to a specific location. . To hide local drive access you can enable the user policy "Hide these specified drives in My Computer". Below I've chosen to hide C:\ only which allows users to access their documents and/or OneDrive paths using the quick launch options in the save dialog and only if they were to enter a direct c:\ would they still be able to access the local drive.
To hide the drive, prevent access to UNC paths, local drives (i.e. C:) or local folders (i.e. c:\temp) then you will want to enable the user policy "Remove Run from Start Menu". This policy when enabled will prevent users from accessing the local drive paths that are hidden by entering the direct path into the save dialog while still allowing access to the OneDrive/Documents locations using the Quick Launch options. In my opinion this is far better than the alternative restricting drive access policy which prevents the use of OneDrive etc.