Tagarchief: Windows 10

Howto: Manage Windows 10 Workspaces using RES ONE Workspace v10

In this chapter I share my best practice for managing Windows 10 workspaces using RES ONE Workspace v10. I assume you already have experience with RES (Workspace) and Microsoft (Windows).


Choose the right Windows 10

First off all, some NRRR (Not Really RES Related) things. If you want to manage the tiles in the start menu you have to choose for Windows 10 Enterprise. It’s important to determine which service branch is going to be used in your environment.

See this chapter for the full story about choosing the right Windows 10 version.


Performance matters!

Users don’t like waiting (what about you?) so make sure your Workspace performance as you would accept it yourself. For more information and best practice about performance tuning Windows 10 see this blog. As a RES RSVP I am under NDA but I can tell you that the best performance upgrade from RES ONE Workspace is coming soon!

Keep watching my blogs for more information!



My advise is to automate the installation/configuration off the golden image using tools like RES ONE Automation. This way your image is documented from the start and it’s easy to rollout a fresh new version.

This seems like lots off work but it saves time when managing/operating the environment. The (zero touch) rollout off Windows is made easy using the free MDT and WDS tools. See this blog post for that. Don’t worry, i will share a RES ONE Automation building block for helping you out here.


Security from the start!

One off the first thing we enable in the RES ONE Console is security (managed applications). My advice is to enable web security on the backend (not the frontend). In Server Based computing environments like Citrix or Microsoft Remote Desktop I advise to use the Read Only Blanketing Security feature also.

Make sure you get the business policy for removable devices like USB sticks or disks on paper. RES Security has plenty of skills on board to manage complex remove device policy’s.

New applications can be easy onboarded using the learning (security) mode. In this way processes are authorized on the managed application and not in the global authorized process list. off course it’s possible to move the authorized processes from global to application level.

Also see these resources for making sure you understand RES Security:


And these blogs about RES Security:


Setup The User Profile

To make a long story short: Don’t setup user profiles, Use local profiles instead. Don’t spent to much time in tweaking the default profile (leave it default). when you add or remove programs the default settings usually are reflected to the default user profile. Make sure your Workspaces are running from fast storage like SSD/flash.

Use (RES) Zero profile to save and apply user settings when needed in the user workspaces. That’s easy right?, don’t worry I will help you in setting up Zero Profile later in this chapter.


Manage several workspaces using ONE Workspace management console

RES ONE Workspace allows you to manage several Workspaces by creating workspace containers, use this cool feature to create your Test, Desktop and Server based computing workspaces in one management console.



Location and Devices

Use RES location and devices to make your Workspace dynamic, for example for location based printing or to make specific applications available only at the headquarters. your brain is the limitation in possibility’s here.


Browser configuration

As more and more applications are web based (private or public cloud) setting up a decent browser configuration is important. I don’t recommend to use Edge (yet) so let’s start with Internet Explorer 11 (IE11).



Default browser message?

When using outlook 2007 or 2010 you might keep getting the ‘Choose Default Browser’ message.

Set IE11 as your default browser using this post.

MMmmmm Cookies!

Off course you want your users to be able to roam cookies, but Microsoft only allows you to do so with roaming profiles with a persistent local profile. don’t worry RES found a solution for this. they tweak the local profile to roaming and set the required IE configuration.



Master / Slave Setup

Set all the Configuration (Zero Profile, tasks, variables, registry ect.) on one (master) IE11 application and link all other (slave) IE11 shortcuts to this master for the configuration and required user settings. let me help you with this buildingblok.



What about the other browsers?

Off course there are still applications that require Firefox or Chrome, my best practice is to deliver those browsers virtualized (Thinapp, App-V or whatever). Limit the browser to allow only the URL that’s required for the application to work and check the browser combability for those apps yourself because I noticed that for several applications IE11 just worked.

Use the Master / Slave setup I mentioned with these applications. Setup one (Firefox or Chrome) application and link the other applications that need these browser to this master application configuration.


Microsoft Office

Another frequently player on the user workspace is Microsoft Office, so it’s important to setup this one in a decent way also. use the default (built-in) RES templates to setup Zero profile for this applications.

you’re not capturing all settings with these templates. don’t worry, I will share my best practice buildingbloks for managing Office 2010 here for you.


Office add-in(s)

Make sure you find the locations off the add-ins which are installed in the golden image and next you delete them! Apply them in the user Workspace for only the users that require them. Place the add-in configuration on the application (not global).


Zero Profile configuration

User profiles contain a lot of junk so don’t manage, store and backup everything! Try roaming profiles if you want to capture all user settings ;-).

My advice is to configure Zero Profile for the common applications and use the wel known ‘beep system’ to configure the settings that the users miss. Use the built in (RES) templates and the built in (RES) tools to sample and capture user settings.

You might get lost in which application captures which settings, dont worry. use the user settings overview to get you back on track.

Don’t forget to instruct your users how to use the self-service feature to restore their own application settings.








Modern Apps?

My experience with modern apps that they are not used in business environments, another thing about modern apps is that they don’t allow saving user settings. My advice is to remove the modern apps using this PowerShell one liner:

Get-AppxProvisionedPackage -online | Remove-AppxProvisionedPackage -online’


Built-in Applications

Don’t forget to deliver the built-in apps like notepad, calculator and sniping tool because your users (also) need them. Microsoft decided to transfer calculator to a modern app so we need to install the ‘old’ calculator. use this link to download the old calculator.


File type association(s)

Do NOT configure file type association for the native installed applications. Use RES process interception for these applications. make sure that process interception is only configured for the applications that need to start using file type association (for example when many shortcuts are created and linked to a ‘Master’ application (like iexplore.exe for example) configure process interception only for the master application.


Printer troubles?

NRRR again, I didn’t find environments without printer problems (yet). In most cases the customer weren’t even aware off them ;-). Most problems occur with the (printer) drivers. The solution is simple: Take the time to find and install the right printer drivers on your print server and install the right drivers on your base image.

My advice is to not allow automatic printer driver installation. because this can slow down you login time dramatically and users don’t like that!

Packaged Drivers

Another thing with printer drivers is the way they are delivered/installed on the client. The right driver is installed on the client but a message pops up every time the user logs on about installing the driver. This can happen when your printer driver is not packaged.

To find out whether the driver is package-aware using print Manager. Open the drivers section, if the driver is package-aware it will have the ‘true’ status in the packaged column. See this Microsoft KB for more information.

There is a little trick printers that makes a system think that the driver is package-aware. To do it, open the
HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx64\Drivers\…\Driver name\ branch of the registry on the print server and change the value of ‘PrinterDriverAttributes’ key for the specific driver by adding 1 to the current value.For example, If the attribute value has been equal to 5, change it to 6.

The same has to be done for the driver attribute in HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx NT x86\Drivers…\Driver name\.

After the restart, your printers will connect without any warnings.


Elevated processes that require environment variables…

I had some issues using RES dynamic privileges when using environment variables. I noticed that after setting the ‘EnableLinkedConnections’ registry key solved this issue’s.
See this Microsoft KB for more information. There were some issue’s with the early Windows 10 builds but all seems to work fine now.



Again this NRRR but i have seen many workspace improvements after a decent configuration off the virus scanner. for example make sure you download and apply the Best Practice – Antivirus Recommendations from RES.

When using VMware ESXi and vSchield antivirus protection make sure that your VMware tools version in the image meets the version on the hosts.



Off course you want your Windows 10 workspace to look good! this means the lockscreen, user account pictures ect. needs to be set. The default user account pictures are stored in ‘C:\ProgramData\Microsoft\User Account Pictures’ and the default lockscreen picture can be best stored at ‘C:\Windows\web\screen’.

Again I can help you with this buildingblock.


Missing Tiles in startmenu?

I noticed that sometimes the Start Menu was empty (no tiles), while items were pinned in previous sessions. See this excellent blogpost from John Billekens for a workaround for this issue.


What’s that?, you want more? Check these related blogs:

I really hope this blog will help you and your organization rolling out Windows 10 in a efficient way. If you have a question, comment, compliment or suggestion, let me know.

Thanks for reading, Rob Aarts