Version: 1.0
Deutsche Bank
Deutsche Bank
This document is confidential and for internal use only. The information contained herein is the property of Deutsche Bank. This
document may not be copied, used or disclosed on whole or in part, stored in a retrieval system or transmitted in any form or by any
means (electronic, mechanical, reprographic, recording or otherwise) without the prior written permission of Deutsche Bank.
1
For internal use only
Document Control
Version Control
Version Number Author(s) Date Summary of Changes
1.0 Mark Charles Initial Draft
Change History
Version Number Author(s) Date Change Description
Circulation List
2
For internal use only
Table of Contents
1 Introduction .................................................................................................................................... 6
3.1 App-V 5 SP2 Client Configuration Settings differences per platform. .................................... 9
4.2 App-V 5 Client Configuration Group Policy Settings per PCMODELTYPE ............................. 13
3
For internal use only
8.1 App-V 5 OS Integration ......................................................................................................... 19
13.1 DB_MC_Install_Action.ps1.................................................................................................... 50
4
For internal use only
14 Managed Client Action flow diagrams .......................................................................................... 86
5
For internal use only
1 Introduction
The purpose of this document is to detail the design at a low level, of Microsoft’s latest Application
Virtualisation technology App-V 5 SP2 and its and implementation on Deutsche Bank platforms. We
currently use App-V 4.6 as an Application Packaging solution within Deutsche Bank. App-V 5 is a
major overhaul of this technology and as a result requires a newly engineered design.
6
For internal use only
1.1 Background
Microsoft released App-V 5 in November 2012. App-V releases via Microsoft Desktop Optimization
Pack (MDOP) for the desktop Operating Systems but also supports Remote Desktop Servers where
the client license is bundled in with the RDS CAL.
App-V 5 is a complete overhaul of the App-V product and has been written from the ground up.
There is a new format for the virtualised packages and a new client. As a result App-V 4 and app-V 5
do not understand each other therefore in essence we are dealing with more a migration rather
than an upgrade.
1.2 Objective
The objective of this design is to detail the required App-V 5 client & server configurations, engineer
installation scripts to integrate with the Managed Client (MC7) and to inform and detail how App-V 5
feature sets can be used from a Packaging/Sequencing perspective for use within Deutsche Bank.
Provide configurations for the App-V 5 SP2 Clients across all Deutsche Bank
platforms detailed later.
Provide Server side (ROFS) configurations for optimized streaming of App-V 5
packages to the clients.
Provide Group Policy Settings to enforce App-V Client configurations.
Engineer Installation scripts written in Powershell to integrate with the Managed
Client in order to manage the delivery of packaged applications.
Detail the App-V 5 feature sets and their usage from an Application Packaging
perspective.
1.4 Scope
The scope of this project applies to Prod, UAT and Dev environments across the following platforms.
Desktops
Laptops
DesktopOnDemand (DOD)
DOD Lite
ApplicationsOnDemand 2 (AOD2)
Blade Workstations
It applies to App-V 5 SP2 onwards and does not encompass the App-V 5 Application Packaging
Standards.
7
For internal use only
2 Target Platforms
2.1 PCMODELTYPE
As mentioned above, App-V 5 Clients and packages will have the following platforms in scope.
Desktops
Laptops
DesktopOnDemand (DOD)
DOD Lite
ApplicationsOnDemand (AOD2)
Blade Workstations
In order for the App-V 5 Client Installation and App-V 5 packages to identify these platforms the
PCMODELTYPE registry key will be interrogated.
HKEY_LOCAL_MACHINE\Software\Deutsche Bank\PCMODELTYPE
The following are the platforms that the various PCMODELTYPE values represent.
The PCMODELTYPE Registry key will be written at build time and re-enforced by Group Policy.
It is vital that this key exists and is accurate as all installations are dependent on its existence.
8
For internal use only
3 App-V 5 SP2 Client Configurations per Platform Type
There are two released versions of the App-V 5 SP2 Client x64, one for desktops and one for RDS
platforms (AOD2 & DOD Lite). These are the client installations this design will be based on.
Each App-V 5 client installation will be installed using the setup.exe provided by Microsoft rather
than the extracted MSI owing to complications in applying hot fixes thereafter. Client configuration
settings will be passed to the setup.exe via the command line and alterations will be coded to
provide configuration variations where necessary based on the PCMODELTYPE.
The App-V 5 SP2 Client UI is now provided separately as an App-V 5 packages application. We will
however not be providing this UI in DB. All User interaction with the App-V 5 client will be via the
MC7 console only.
Note: The App-V Client configuration settings can be retrieved from the client machine by using the
Powershell App-V 5 cmdlet “Get-AppVClientConfiguration”
1. “NOTEBOOK”
AutoLoad = 2
PackageInstallationRoot = %programdata%\App-V
2. “DESKTOP”
AutoLoad = 2
PackageInstallationRoot = %programdata%\App-V
3. “VIRTUALDESKTOP”
AutoLoad = 0
PackageInstallationRoot = %programdata%\App-V
4. “RDSDESKTOPS”
AutoLoad = 0
PackageInstallationRoot = E:\AppV5Cache
5. “RDSAPPLICATIONS”
AutoLoad = 2
PackageInstallationRoot = E:\AppV5Cache
6. “BLADEWORKSTATION”
AutoLoad = 2
PackageInstallationRoot = %programdata%\App-V
9
For internal use only
3.2 Common App-V 5 SP2 Client Configuration Settings
The App-V 5 SP2 client configuration settings that are common across all platform types are as
follows
PackageSourceRoot =
LocationProvider =
EnablePackageScripts = 1
RestablishmentInterval = 5
RestablishmentRetries = 3
CertFilterForClientSsl = “LOCAL_MACHINE\MY\1.3.6.1.5.5.7.3.2”
VerifyCertificateRevocationList = 1
MigrationMode = 1
RoamingFileExclusions = “Downloads;Saved Games;AppData\Roaming\Juniper
Networks;AppData\Roaming\SoftGrid Client\Icon Cache;AppData\Roaming\Macromedia\Flash
Player”
RoamingRegistryExclusions = “software\classes;software\Clients”
AllowHighCostLaunch = 0
PackageStoreAccessControl = 0
IntegrationRootUser = “%LOCALAPPDATA%\Microsoft\AppV\Client\Integration”
IntegrationRootGlobal = “%ALLUSERSPROFILE%\Microsoft\AppV\Client\Integration”
VirtualizableExtensions = “exe,com,bat,cmd,vbs,ps1,cpl,jar,wsf,wsh,msc”
ReportingEnabled = 0
ReportingStartTime =
ReportingRandomDelay =
ReportingInterval =
ReportingserverURL =
ReportingDataCacheLimit =
ReportingdataBlockSize =
ExperienceImprovementOptIn = 0
EnablePublishingRefreshUX =
ProcessesUsingVirtualComponents = {%SystemRoot%\explorer.exe, %ProgramFiles%\Internet
Explorer\iexplore.exe, %ProgramFiles(x86)%\Internet Explorer\iexplore.exe}
Design Decision: The use of SharedContentStoreMode was considered for the DOD, DOD
Lite platforms. Extensive testing was carried out to determine its suitability. It was
decided that in the absence of a large scale pilot, there were too many unknowns in
terms of the potential impact on the ROFS infrastructure and the Network. It is it
however an area we would like to explore in the future and can be easily re-configured
on the client via group policy. Shared Content Store in Microsoft App-V 5.0
10
For internal use only
3.3 AutoLoad Setting
The AUTOLOAD setting defines how and when an App-V 5 package is streamed into the local cache
on the client. Laptops, Desktops, Bladeworkstations and AOD2 platforms will have the entire
package cached at App-V Publishing time (MC7 Install Action for AOD2 and the Unlock Action for all
platforms). Virtual Desktops and DOD Lite will ‘fault stream’ the package components during
application use by the Users. AutoLoad Setting in App-V 5.0
The default permissions for Users set on this directory is read access for “Everyone”. By enabling the
PackageStoreAccessControl setting, read access is only assigned to Users who have the package
Published (MC7 Unlocked) to them.
It is advised that this setting be added to the ADMX template and used across all platforms.
UPDATE: Following our testing we exposed issues with this feature and raised a case with Microsoft.
They confirmed our findings and as a result have deprecated the feature.
http://support.microsoft.com/kb/2963211
Without this PSAC there is an element of risk that a user who is not entitled to an application would
be able to browse to package cache directory and launch an application executable directly from
there. We believe the risk is minimal for the following reasons.
1. Workstations are typically used by a single user and a package will not be in cache unless it
was installed/entitled to that user.
2. It unlikely an un-entitled user would locate these folders.
3. Even if an un-entitled user did locate a cached package it is unlikely that the application
executable will work as the package has not been published or integrated for that user. E.g.
no FTA, COM, Shell integration, App paths registration etc and if the package is a connection
group member it will not be enabled for that user preventing the application from seeing its
other members.
11
For internal use only
4 App-V 5 SP2 Client Configuration - Group Policy Setting
The App-V 5 SP2 Client packages will set the client configuration settings at Install time. Re-
enforcement of some of these settings is advised via by group policy.
How to Modify Client Configuration Using the ADMX Template and Group Policy
The following group policy settings can be configured for App-V 5 using the template
Virtualization settings
It is advised that at least the following settings be set. Some may vary dependent on the Platform
type (PCMODELTYPE) as detailed earlier therefore different templates may need to be applied to the
appropriate OU’s.
1. PackageSourceRoot - This will be defined at package installation time therefore this must be not
be set.
3. EnablePackageScripts = 1
4. MigrationMode = 1
5. SharedContentStoreMode = 0
12
For internal use only
Following testing we discovered that there is an issue with the above ADMX template (v2.0)
regarding the display of “Virtual Component Process Whitelist” Group Policy object.
We raised a case with Microsoft and the solution they provided was to modify the ADMX file by
deleting the highlighted line below.
</policy>
<policy name="Virtualization_JITVWhitelist" class="Machine"
displayName="$(string.Virtualization_JITVWhitelist)"
explainText="$(string.Virtualization_JITVWhitelist_Help)"
presentation="$(presentation.Virtualization_JITVWhitelist)"
key="SOFTWARE\Policies\Microsoft\AppV\Client\Virtualization"
valueName="ProcessesUsingVirtualComponents">
<parentCategory ref="CAT_Virtualization" />
<supportedOn ref="windows:SUPPORTED_Windows7" />
<elements>
<multiText id="Virtualization_JITVWhitelist_Prompt" valueName="ProcessesUsingVirtualComponents" />
</elements>
</policy>
13
For internal use only
5 ROFS Configuration for App-V 5
We will also avail of the ROFS infrastructure to act as the App-V 5 content share for packaged
sequences.
Our intention originally was to use the same protocol for streaming App-V5 packages as we use with
App-V4 packages today namely HTTP.
Following testing we discovered unexpected excessive data transfer over the network between the
ROFS and the client during 1st launching of our test applications. We subsequently raised a case with
Microsoft following which they conceded that there was an overhead with HTTP streaming and that
they would now recommend SMB streaming over HTTP.
There are no new configurations required on the ROFS servers to enable SMB streaming of App-V5
packages.
However as MC7 on the client cannot currently distinguish between App-V 4 & 5 packages, we
needed to provide a solution for App-V5 to stream via SMB whilst allowing App-V4 to continue to
use HTTP.
This solution involves the addition of a registry key called "Appv5StreamingProtocol" = "SMB" or
"HTTP" under
This key will be set at build time and reinforced by group policy.
14
For internal use only
Our App-V5 installation scripts then read this key to determine the protocol and then build the path
to the .appv package file on the ROFS with the help of the MC7 hardpath or APPVURL key depending
on the protocol specified.
However on the ROFS servers there are some configurations that should be applied.
The MIME type for the .appv file extension should be configured in Internet Information Services
(IIS) on the ROFS Server.
Microsoft IIS has a number of built-in caching mechanisms to accelerate the delivery of web content.
It is advised that the server team looks into the possibility of tuning the IIS settings to enable App-V 5
packages to be avail of the File Cache Memory.
15
For internal use only
6 App-V 5 Sequencing
Detailed documentation of the App-V 5 sequencing procedure will be outlined in a separate
document but the primary change from App-V 4 sequencing is that all packages, regardless of the
expected target platform, should be optimized for Streaming in the following manner.
In the ‘Prepare for Streaming’ dialog, the “Run Selected” option should not normally be executed to
create Feature blocks in the sequence and the check-box to ‘Force Applications to Fully Downloaded’
should remain Un-checked.
The Streaming behaviour will be subsequently managed by the App-V 5 Client ‘Autoload’
configuration which is set depending on the PCMODELTYPE as explained earlier.
16
For internal use only
7 App-V 5 Powershell Modules and Cmdlets
Microsoft App-V 5.0 marked the introduction of Powershell (v3.0) as a means to Sequence and
administer a vast array of tasks, all while leveraging the support of .NET’s extensive libraries.
1. Cmdlet ConvertFrom-AppvLegacyPackage
2. Cmdlet Test-AppvLegacyPackage
It is therefore advised that in Deutsche Bank new App-V 5 packages be sequenced from the Source
media where possible.
Many will also be useful to the Packager/Sequencer and potentially Desktop Support teams to test
and troubleshoot package installations.
1. Function Get-AppvVirtualProcess
2. Function Start-AppvVirtualProcess
3. Cmdlet Add-AppvClientConnectionGroup
4. Cmdlet Add-AppvClientPackage
5. Cmdlet Add-AppvPublishingServer
6. Cmdlet Disable-AppvClientConnectionGroup
7. Cmdlet Enable-AppvClientConnectionGroup
8. Cmdlet Get-AppvClientApplication
9. Cmdlet Get-AppvClientConfiguration
10. Cmdlet Get-AppvClientConnectionGroup
11. Cmdlet Get-AppvClientMode
12. Cmdlet Get-AppvClientPackage
13. Cmdlet Get-AppvPublishingServer
14. Cmdlet Mount-AppvClientConnectionGroup
15. Cmdlet Mount-AppvClientPackage
17
For internal use only
16. Cmdlet Publish-AppvClientPackage
17. Cmdlet Remove-AppvClientConnectionGroup
18. Cmdlet Remove-AppvClientPackage
19. Cmdlet Remove-AppvPublishingServer
20. Cmdlet Repair-AppvClientConnectionGroup
21. Cmdlet Repair-AppvClientPackage
22. Cmdlet Send-AppvClientReport
23. Cmdlet Set-AppvClientConfiguration
24. Cmdlet Set-AppvClientMode
25. Cmdlet Set-AppvClientPackage
26. Cmdlet Set-AppvPublishingServer
27. Cmdlet Stop-AppvClientConnectionGroup
28. Cmdlet Stop-AppvClientPackage
29. Cmdlet Sync-AppvPublishingServer
30. Cmdlet Unpublish-AppvClientPackage
18
For internal use only
8 App-V 5 – New Features
App-V 5 has changed dramatically from App-V 4.6. It has been redeveloped from the ground up and
as a result there are many new features and changes.
Here we will identify the most important and explain their uses.
The sequenced package components have changed. There is essentially only one file
required to deploy and publish our App-V 5 packaged application which is the .APPV file.
Dynamic Deployment Configuration .XML files are created as part of the sequencing process
but are not used unless specified in the Install/Publishing Powershell command lines. The
.APPV file can be renamed as .ZIP in order to reveal its components.
App-V 5 packages now cache to the file system in a flat file structure typically under
This provides greater transparency when compared to the App-V 4 file system cache
previously held in the .FSD file. The Application executables are now called directly.
8.1.3 Registry
The package registry information is held within the Registry.dat file found in the .APPV file. It
can be mounted in the Registry editor to reveal its settings.
App-V 5 packages when Added/Published to the client, store this registration in the
following locations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\[PackageId]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\Packages\[PackageId]
In App-V 5, User Profile file based changes are stored in the following location
%APPDATA%\Microsoft\AppV\Client\VFS\[PackageId]
19
For internal use only
These changes will roam with the Users profile.
%LOCALAPPDATA%\Microsoft\AppV\Client\VFS\[PackageId]
These changes are machine based and will not be roamed with the User.
With the introduction of App-V 5 SP2, the following list of Shell extensions are now fully
supported.
ActiveX controls are now also registered and supported via the AppxManifest.xml. The
implementation is limited by the fact that the package must be globally published similar to
the RunVirtual solution outlined below.
There are two principle methods of executing a local process such as iexplore.exe inside the
virtual environment of a package or connection group.
RunVirtual
/APPVVE: Switch
8.1.6.1 RunVirtual
RunVirtual is a way for the App-V 5 client to detect a particular local process and use it as a
trigger to launch it within the virtual environment of a specified App-V package.
It is potentially a solution for say, Internet Explorer and the sequencing of IE Plugins and
similarly for locally installed MS Office and virtualised Add-ins.
20
For internal use only
An important limitation is that the App-V 5 packages must be globally installed. As a result it
may only be suitable on the AOD2 (RDSAPPLICATIONS) platform or in a very controlled and
managed delivery to the other platforms. There would also be licensing considerations to
global installations.
Another limitation is that you can only list one virtual package against the native process.
You can however create a Connection Group of packages and access this group via the ID’s
of one member.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual
e.g.
Unlike the RunVirtual keys this method can use the Connection Group Id’s to enter the
virtual environment of a Connection Group. It also does not require the package/Connection
Group members to be published globally.
The App-V 5 SP2 update also introduced the ability to automatically package and deploy SxS
Assemblies. These are most commonly in the form of Microsoft Visual C++ Runtime
dependencies and MSXML.
21
For internal use only
These runtime files are automatically detected regardless of whether they are already on the
sequencing machine or not, this is achieved by scanning the executable for any
dependencies. On the client side during package installation, the App-V 5 client will check for
the presence of the required SxS and if it is not there it will be automatically installed.
You can review captured dependencies after sequencing within the report.xml file:
22
For internal use only
8.1.8 Primary Virtual Application Directory (PVAD)
The PVAD is the location you tell the sequencer you are intending to install your application. This
then becomes your root directory. Everything written outside this location is located under the VFS.
In summary, by default all files and folders sequenced under the PVAD are permissioned with write
access for both admin and non-admin Users whereas the VFS is permissioned with write access for
admin users only (with the exception of user profiled locations which standard users will have write
access ). These settings may become an issue where poorly coded applications at run-time need to
write to a location other than the PVAD.
UPDATE: Full VFS Write Mode: Hotfix Package 4 for Application Virtualization 5.0 SP2 contains a new
sequencer setting that, when applied to a package, provisions the package with write access to any
files and folders in the virtual environment (VFS).
8.2.1 OS Integration
App-V 5.0 “isolates” virtual applications from the operating system and other processes. This is done
by hiding the application resources from everything else. One can imagine this as running the virtual
application in a bubble that isolates the application from the outside world.
23
For internal use only
Integration, on the other hand, can be thought of as tunnels punching through this bubble, exposing
the virtual application capabilities to the native operating system and to the user in a controlled
manner. This enables virtual applications to behave as native applications. Think about a shortcut of
a virtual application residing on the user’s desktop. This shortcut is outside the virtual bubble and is
not isolated since it is on user’s desktop. But this shortcut enables the user to launch the virtual
application seamlessly as if it was a native application. This shortcut feature and some others make
up the Integration component of App-V.
Integration is a collection of subsystems that individually handle one specific integration area. The
following is the list of integration subsystems currently available in App-V product:
Shortcut Subsystem
FTA Subsystem
COM Subsystem
An extension point is a single integration unit such as a shortcut of a virtual application. Each
integration subsystem can have one or more extension points (EPs). An example would be a virtual
package having multiple shortcuts.
App-V uses dynamic configuration files to provide customizations to the virtual package post
sequencing since the package (.appv file) itself is not editable. These configuration files can be used
to alter behavior of integration subsystems such as adding or editing a new shortcut.
Enable or disable integration subsystems. When a subsystem is disabled, its EPs will not be
integrated
Provide extra configuration for integration subsystems
Replace EPs of subsystems
24
For internal use only
There are two types of configuration files:
Configure the package for global publishing or user publishing on that machine
o E.g. add a new shortcut for all users that get the package
o E.g. add a new shortcut specific to the user to whom the package is being
published
If a Dynamic Deployment Configuration (DDC) exist for the package, DUC replaces “User
Configuration” section during integration
During sequencing, the sequencer captures all the extension information it can handle and places it
in the AppxManifest.xml file which is located inside the .appv file. The App-V Sequencer generates
sample DUC and DDC files for each package to ease creation or modification of these xml
documents. It uses EPs from the package manifest (AppxManifest.xml) to pre-populate them. The
DynamicConfig.xml or UserConfig.xml files are not actually used unless explicitly specified on the
command line for the Addition or Publishing of a package.
Important: When a configuration file includes EPs of a subsystem, these extensions will replace all
EPs defined in the package manifest (AppXmanifest.xml). To edit or remove a single EP (e.g. a
shortcut), all the EPs belonging to that subsystem should be copied first from the AppXmanifest and
the EP in question edited or removed from the DDC/DUC xml file.
Issues can also arise when subsystems enablement/disablement differ between the members of a
connection groups. It is therefore important that the subsystems settings match across all
connection group member packages.
Design Decision
We will not be using Dynamic User Configuration (DUC) in Deutsche Bank. You cannot use DUC
with globally published packages (i.e. AOD2/RDSAPPLICATIONS) thus compromising our goal of
using one package for all our target platforms.
It is our belief DDC will provide all the functionality we may need to post configure a sequence. 25
For internal use only
8.2.4 Publishing
During publishing of an App-V package, Integration reads extension points from the package
manifest (AppxManifest.xml), dynamic deployment configuration and dynamic user configuration
files (if these configuration files are provided via parameters). Integration then merges EPs from all
these sources and finally integrates these EPs to the native operating system.
Let’s examine the example scenarios below using sample files to understand what happens during
publishing. First, let’s introduce sample files:
26
For internal use only
When a package is published to a User
If no DDC or DUC provided during publishing, Shortcut 1 and Shortcut 2 are integrated
If DDC is provided, only Shortcut 3 is integrated
If DUC is provided, only Shortcut 4 is integrated
If both DDC and DUC are provided, only Shortcut 4 is integrated
When a package is published globally (Note: with global publishing a DUC cannot be provided)
27
For internal use only
8.2.6 App-V Client Powershell Cmdlets and Integration
Dynamic Configuration allows you to specify a policy for a package at either the machine level or at
the user level. So with the dynamic configuration xml files you can control the execution whether
you want to run a script at a machine level or at a user level. Also, you can run scripts at various
execution times of the package lifecycle.
The ability to execute scripts in the DDC will be essential in Deutsche bank in order to invoke the
Managed Clients Package Regionalisation utility for example.
Below is a table that helps describe the various script events and when and how they can execute.
28
For internal use only
More detailed information on Dynamic Deployment Configuration Scripting and how to implement it
can be found here.
Much of the complexity associated with packaging scripts in App-V 5 come with improper placement
in deployment and dynamic configuration files and how they are targeted. Scripts that need to be
called during package add and global publishing events should be part of the DeploymentConfig.XML
file. These scripts will also run in the context of the local system account so scripts that map drives,
for example, should not go here. Those need to be called as a <UserScript> element. The following
visual workflow will help to determine targeting and publishing.
29
For internal use only
In the case of global publishing, the deployment configuration also has a UserConfiguration element
in addition to MachineConfiguration which means that scripts appearing during these events will
apply to all users when the package is published globally. This would be the appropriate place to
have scripts which for example map network drives.
As already stated we will not be supporting DUC in Deutsche Bank therefore the events in green
from the table above are not supported.
App-V 4 allowed for the execution of scripts and these were detailed on the OSD file. These scripts
were subsequently executed at application launch time (pre or post). It is expected that for App-V 5
the sequencer will normally execute scripts on the same event (Script Type =
“StartVirtualEnvironment”) but this will remain at the discretion of the Packager taking into account
what it is they are trying to achieve and the potential impact of placing the script in a particular
event.
30
For internal use only
9 App-V 5 – Connection Groups
Connection Groups group one or more APP-V 5 packages to enable member applications in these
packages to interact with one another while maintaining isolation from the rest of the system. This
gives the Packager the flexibility to maintain packages independently and removes the redundancy
of adding the same application several times onto a machine.
Connection groups can be managed using the APP-V management/publishing servers on a Full
Infrastructure Modeled environment or in our case on a Standalone environment using App-V 5
Powershell cmdlets on the Client machine. Providing a working solution for connection groups
proved very complex and a lot of time was spent arriving at the resultant solution.
Design Decision
Because we are in effect running a stand-alone app-v environment we do not have the benefit
of app-v management & publishing servers to centrally manage the creation and publishing of
connection groups.
We considered the idea of creating separate packages to create connection groups but this
was discounted. In the end we agreed the best solution available to us was to have a CG
Parent package define the details of a CG within its package manifest.xml and rely on our
installation scripts to dynamically manage the creation of the CG on the client.
31
For internal use only
The configurable components are
1. AppConnectionGroupId - This is the unique GUID identifier for this connection group. The
connection group state is associated with this identifier. You will only specify this identifier
when you create the connection group. You can create a new GUID using Powershell by
typing: [Guid]::NewGuid(). This ID will be defined within the parent package manifest.xml.
2. VersionId - This is the version GUID identifier for this version of the connection group. When
you update a connection group, for example by adding a new package or when a package is
updated, a new version GUID will be created. This will be dynamically created by our
installation scripts.
3. Priority - This is the priority field for the connection group. The lower the number the higher
the priority. This will be dynamically created by our installation scripts.
4. DisplayName - This is the display name of the connection group. This will be dynamically
created by our installation scripts.
5. Package Members – each package member is listed with the following information
a) DisplayName
b) PackageId
c) VersionId
These members will be defined in the Parent package manifest.xml and dynamically
created by our installation scripts.
The available attributes for a connection group retrievable using the Get-
AppVClientConnectionGroup cmdlet are as follows.
32
For internal use only
9.3 Areas to Consider
There are a number of important areas that require consideration when dealing with Connection
Groups.
Once a Connection Group is enabled, applications from the packages forming this Connection Group
are launched in the Virtual Environment of the Connection Group. The VE of the Connection Group is
identified by the Group ID and the Group Version ID. This is quite different when compared to App-V
4 where a dependent package was streamed into the VE of the Parent, identified by the Dynamic
Suite Composition (DSC) link in the parents .OSD file.
Packages can exist in multiple connection groups. The VE that an application from such a package
launches into is determined by the priority specified in the connection group descriptor document.
Connection Group priority is identified by the “Priority” attribute of the “AppConnectionGroup”
element in the Connection Group Descriptor document.
If an application is launched from within a package that is a member of more than one Connection
Group and the priorities of these connection groups do not differ, then the application will error on
launch. It was therefore necessary for the logic in our installation scripts to handle this possibility
during the creation of the connection group.
A virtual application is launched in the VE of the connection group it belongs to, even when the
parent process is a virtual process belonging to a different connection group or package. When the
package belongs to multiple connection groups, the app is launched in the connection group with
the lower number for priority.
33
For internal use only
9.3.4 User Settings
User settings from member packages will not be propagated to Connection Groups when a package
is added to a Connection Group. Similarly, once the Connection Group is disabled, user settings from
the Connection Group will not be propagated to the member packages.
Similar to Package setting detailed earlier, User profile file setting for a Connection Group are stored
under
%APPDATA%\Microsoft\AppV\Client\VFS\[GroupId]
Non-User Profile file based state changes are saved to the following location
%LOCALAPPDATA%\Microsoft\AppV\Client\VFS\[GroupId]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\PackagesGroups\[GroupId]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\PackagesGroups\[GroupId]
Note, as with Package settings, the VersionId GUID is not used to identify settings. This allows for
User setting to be retained when a Connection Group is Minor updated.
This also allows for these settings to successfully roam as the GroupId is defined within the Parent
package manifest and therefore will be the same on all machines the package is installed.
The order in which the Connection Group member packages are listed in the descriptor XML
document dictates how the member packages are merged when combined into the Connection
group virtual environment. The first listed package has precedence over the second and so on.
Our solution sets the Connection group parent package as the first Package and the subsequent
merge order of the other member packages is defined within the manifest.xml by ascending ordinal
number as detailed further on.
Consider a Connection Group MyConnectionGroup with 2 Packages: Package1 and Package2 in that
order.
Registry Merge
34
For internal use only
The registry data for the group MyConnectionGroup will have “Bar” with REG_SZ value data:
“Package1_Data” as Package1 has precedence in the merge.
Note: Only fully VFS’ed files are merged for Connection Groups. These include all files under
Root\VFS in the sequenced package directory.
Package1 has:
Root\Foo\Foo.exe
Root\VFS\Bar\Bar.exe
Package2 has:
Root\Foo\Foo.txt
Root\VFS\Bar\Bar.txt
In this case, contents of Root\VFS will be merged, contents of Root\Foo will NOT therefore
- If Foo.exe were to access Foo.txt using relative path (.\Foo.txt), it would NOT find it.
- If Bar.exe were to access Bar.txt using relative path (.\Bar.txt), it would be found.
The Connection Group Descriptor XML contents for the above example.
35
For internal use only
10 App-V 5 – Roaming User Environments
App-V 5 profile management and storage locations have changed significantly from App-V 4. It is
now arguably more complex but certainly more transparent. No longer do we have .fsd and .pkg files
storing our cached packages and user data.
App-V 5 is able to provide a near-native experience when roaming, depending on how the
application being used is written. By default, App-V will roam AppData stored in the roaming
location, based on the roaming configuration of the operating system. Other locations for storage of
file-based data do not roam from machine to machine, since they are in locations that are not
roamed.
In the first scenario, when a standard user launches an App-V 5 application, both HKLM and HKCU
for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct
paths:
HKLM:
HKCU\SOFTWARE\Classes\AppV\Client\Packages\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
HKCU:
HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\REGISTRY\USER\{UserSID}\SOFTWA
RE
The locations are enabled for roaming based on the operating system settings.
For the second scenario, where an application is launched with elevation, the HKLM data is stored in
the HKLM hive on the local machine and HKCU data is stored in the User Registry location. This
eliminates these settings from being roamed with normal operating system roaming configurations,
and the resultant registry keys and values are stored in the following location:
HKLM:
HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\{UserSID}\REGISTRY\MACHINE\SOF
TWARE
HKCU:
HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\{PkgGUID}\Registry\User\{UserSID}\SOFTWARE
36
For internal use only
10.2 File Based Data
A typical package has several locations mapped in the users backing store for settings in both
“AppData\Local” and “AppData\Roaming”. These locations are the Copy on Write locations (COW)
that are used to store changes made to the package VFS directories and protecting the default
package VFS and stored per user in the user’s profile. The table below shows locations, both local
and roaming.
The following table provides a detailed list of locations where App-V 5 stores its data.
37
For internal use only
10.3 Package Catalogs
The App-V Client manages the following two file-based locations:
Catalogs (user and machine).
Registry locations, depending on how the package is targeted for publishing. There is
a Catalog (data store) for the computer and one for each individual user. The
Machine Catalog stores global information applicable to all users or any user, and
the User Catalog stores information applicable to a specific user. The Catalog is a
collection of Dynamic Configurations and manifest files; there is discrete data both
file and registry per package version.
If a package is part of a connection group the machine catalog is created at the following location in
addition to the specific package location above at
“%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGU
ID” and includes the following files:
PackageGroupDescriptor.xml
UserPackageGroupDescriptor.xml (Globally published Connection Group i.e. AOD2)
The Machine Catalog stores package documents that are available to users on the machine, when
packages are added and published. However, if a package is “global” at publishing time, the
integrations are available to all users. If a package is non-global, the integrations are only published
for specific users, but there are still global resources that are modified and visible to anyone on the
machine (e.g. the package directory is in a shared disk location).
If a package is available to a user on the computer (global or non-global), the manifest is stored in
the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file,
stored in the Machine Catalog; therefore, the determination of whether a package is global or not is
defined as whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.
38
For internal use only
If a package is part of a connection group, the user catalog is created at the following location, in
addition to the specific package location above at
“AppData\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerG
UID” and includes the following file:
UserPackageGroupDescriptor.xml
When a package is published for a user, the policy file is stored in the User Catalog. At the same
time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is
removed for a user, the relevant package files are removed from the User Catalog. Looking at the
user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates
the package is entitled for that user.
App-V 5 workaround
Following testing we discovered an issue when the connection group catalog folders were roamed.
The problem centered around inconsistencies on how the App-V5 powershell cmdlets read the
status of an application. We were seeing different results depending on which cmdlet we used. After
troubleshooting the issue is became apparent the root of the problem was the presence of the
connection group calatalog xml files when roamed to a machine where the connection group was
not currently added. Our solution was to exclude the following folder from the roaming profile via
GPO and this was approved by the Microsoft PFE David Falkus.
“AppData\Roaming\Microsoft\AppV\Client\Catalog\PackageGroups”
39
For internal use only
This folder will need to be added to the following GPO as per below.
You must exclude the following items using Profile management exclusions:
AppData\Roaming\Microsoft\AppV\Client\Catalog
AppData\Local\Microsoft\AppV
Software\Microsoft\AppV\Client\Integration
Software\Microsoft\AppV\Client\Publishing
It’s worth noting that on the AOD2 (RDSAPPLICATIONS) platform packages are always globally
published and connection groups are always globally enabled. This means that the package and
connection group catalog xml files will never be created in the roaming profile and hence the issue
we highlighted above regarding roaming connection group catalog folders is not relevant.
It will be however be relevant to the DOD Lite (RDSDESKTOPS) platform as applications are to be
installed by the user via the managed client console (user publishing).
40
For internal use only
11 App-V 5 – MC7 Delivery
We will continue to leverage the Deutsche Bank Managed Client (MC7) to deploy App-V 5 packages
as we do today for App-V 4 packages.
The App-V 5 client Powershell cmdlets will be used to execute the installation of packages and
creation of Connection Groups using Powershell v3.
A collection of Powershell scripts will be used by the various MC7 actions on order to Install, Lock,
Unlock, Repair, Uninstall & Update the package
A. Standard Package – This is a singular package to deploy one App-V 5 Package i.e. No
Connection Groups but it may contain MSI dependencies.
B. Standard Update Package – This will provide minor updates to older versions of the
application and also manage the minor version update of any connection groups the
older version is a child member of on a given client.
C. Connection Group Parent Package – This will manage its own installation as well as
instructing the deployment of its dependencies and creating a Connection Group of App-
V 5 packages to run in the same virtual environment.
D. Connection Group Parent Minor Update Package – This will provide minor updates to
older versions of the application and also manage the minor version update of any other
connection groups the older version is a member of on a given client. It will also provide
the ability to update its own connection group in any manner e.g. Add a new package
member to the connection group or change the merge order of the group.
Design Decision
41
For internal use only
12 MC7 Manifest Schema for App-V 5
Updates to the MC7 manifest schema were required to provide the information necessary to
install/publish App-V 5 packages and create connection groups.
The following table identifies the tags that can be specified and some examples.
Example.
<packageid> This is the App-V 5 Package GUID which is set by the Yes
Sequencer.
<versionid> This is the App-V 5 Package version GUID which is set by Yes
the Sequencer.
<appvfile> This is the name of the .APPV file to be Added to the Client. Yes
packagegroup Yes
packageid Yes
<sequencerversion> This is the version of the App-V 5 sequencer on which the Yes
package was sequenced. It is for informational purposes
only.
42
For internal use only
Design Decisions:
1. Both the packageid and the versionid are generated by the sequencer and are required in
order to Add and Publish the package to the user.
3. There was a requirement for a <connectiongroup> section within the appv tags in addition
to the existing Manifest <dependencies> section for the following reasons.
b. The merge order of App-V 5 packages in a connection group is important and this
order is strictly controlled by the use of the ordinal numbers. Note: the parent
package is not listed here and is given precedence over all child members.
c. As with connectiongroup versionid’s, the versionid’s are not required here for
member packages as these members may be minor updated outside of the
control of this package hence the versionid would become obsolete.
d. Note: all member packages listed must first be delivered by the MC7
<dependencies> section. They may of course also be delivered as child
dependencies of these listed dependencies using MC7’s native dependency
management features.
43
For internal use only
12.2 <artefacts> Section
This is an existing section within the manifest which delimited by the <artefact> and </artefact>
tags.
It contains a list of files which must be downloaded from the package directory on the GAR to the
local machine before any package action takes place. Typically this will include any script or
executable files which need to be invoked as part of the install or update process or as part of the
locking or unlocking procedure.
2. DB_MC_Install_Action.ps1 (mandatory)
3. DB_MC_Uninstall_Action.ps1 (mandatory)
4. DB_MC_Unlock_Action.ps1 (mandatory)
5. DB_MC_Lock_Action.ps1 (mandatory)
6. DB_MC_Update_Action.ps1 (optional)
Celo.exe
The Powershell scripts will be passed for execution to an in-house developed utility called Celo.exe
within each MC7 Action in order prevent the Powershell console window from appearing when the
scripts are executed. The exit codes returned from the Powershell scripts will also be passed out to
Celo.exe so they can be assessed by MC7 for Success or Failure.
Powershell workarounds
1. Powershell execution policy prevented us from executing the Install & Update scripts
from the ROFS as was our preference as these two scripts are only ever run when the
machine is connected.
2. It was required to have all the other scripts copied locally to allow for disconnected
operation.
3. Celo.exe was developed as fully hidden execution of a powershell script console
window was not possible natively.
44
For internal use only
12.4 <actions> Section
This section defines the various MC7 actions available to an App-V 5 package namely
1. Install
2. Update
3. Repair
4. Uninstall
Celo.exe silently executes Powershell.exe (which will resolve to the 64bit version under
“C:\Windows\System32\WindowsPowerShell\v1.0”). To Powershell.exe we will pass the following
parameters
45
For internal use only
4. –ForceCache – Optional switch. This is a switch that when present will force the
installation to be 100% cached or Mounted in App-V 5 terms, immediately at
install time. Typically the App-V 5 client configuration Autoload setting will
dictate how a package is cached (The exception being laptops which will be
automatically fully cached by the scripts). This switch should only be used as an
exception.
Example
Celo.exe silently executes Powershell.exe (which will resolve to the 64bit version under
“C:\Windows\System32\WindowsPowerShell\v1.0”). To Powershell.exe we will pass the following
parameters
1. –File - This parameter is mandatory and will reference the DB_MC_ Update_Action.ps1
script which will be found in the MC7 folder %LOCALMACHINEPACKAGEROOT% on the
client (delivered as an artefact). E.g. “C:\ProgramData\Deutsche
Bank\MC7\ManagedApps\Registry\APP-W7_NOTEPAD_PLUS_PLUS-633-000”
46
For internal use only
2. –PackageRoot - This parameter is mandatory and is used simply to pass the value of the
MC7 %PACKAGEROOT% variable into the powershell script where it is used to define the
path to the manifest.xml. For installs and Updates, %PACKAGEROOT% will resolve to the
location of the manifest.xml on the ROFS.
4. –ForceCache – Optional switch. This is a switch that when present will force the
installation to be 100% cached or Mounted in App-V 5 terms, immediately at install
time. Typically the App-V 5 client configuration Autoload setting will dictate how a
package is cached (The exception being laptops which will be automatically fully cached
by the scripts). This switch should only be used as an exception.
Example
Celo.exe silently executes Powershell.exe (which will resolve to the 64bit version under
“C:\Windows\System32\WindowsPowerShell\v1.0”). To Powershell.exe we will pass the following
parameters
Example
47
For internal use only
Note: This action will always be scoped as “User”.
Celo.exe silently executes Powershell.exe (which will resolve to the 64bit version under
“C:\Windows\System32\WindowsPowerShell\v1.0”). To Powershell.exe we will pass the following
parameters
Example
48
For internal use only
12.5 <unlocktargets> and <locktargets> Sections
For App-V 5 the unlocktargets and locktargets sections are used to Publish/Unpublish packages and
Enable/Disable connection groups. They are executed by MC7 under various circumstances which
we will outline later.
<unlocktargets>
<command>%LOCALMACHINEPACKAGEROOT%\CELO.EXE</command>
<arguments>POWERSHELL.EXE -File
\"%LOCALMACHINEPACKAGEROOT%\DB_MC_Unlock_Action.ps1\"</arguments>
</target>
</unlocktargets>
<locktargets>
<command>%LOCALMACHINEPACKAGEROOT%\CELO.EXE</command>
<arguments>POWERSHELL.EXE -File
\"%LOCALMACHINEPACKAGEROOT%\DB_MC_Lock_Action.ps1\"</arguments>
</target>
</locktargets>
49
For internal use only
13 Manifest Powershell Scripts for App-V 5
The App-V4 client uses the sftmime command line interface to install App-V4 sequenced packages.
These command lines are entered directly into the MC7 actions as commands.
Due to the complexity involved in installing App-V 5 packages and connection groups in particular,
along with the difficulty in integrating them with the sequential requirements of the Managed Client
(MC7) and added to the need to target multiple platforms with different App-V 5 configuration
requirements, it became obvious very quickly that we would need to write code to assist MC7 in
delivering App-V 5 packages and connection groups.
13.1 DB_MC_Install_Action.ps1
The purpose of this script is to add a package to the client and if required create a
connection group of packages of which this package will act as the parent.
This script is executed by the MC7 manifest Install action when
o A user initiates a package install via the MC7 console.
o Via mcCLInt
The log file location has changed with MC7.3. We have coded to change
the location from “%ProgramData%\Deutsche Bank\MC7\logs” to
“%ProgramData%\Deutsche Bank\MC7\AM\logs” from this version
onwards.
50
For internal use only
3. # Load Manifest.xml from %PACKAGEROOT% and retrieve appv related information
The manifest located on ROFS is loaded into an $xml object from $Manifest =
$PackageRoot + "\manifest.xml"
1.
4. # Establish type of Update (single Package or Connection Group Parent Package)
If the $connectiongroupid is retrieved from the manifest then we will assume this is
an $InstallType = “CGUpdate” else it’s a “PKGUpdate”
This $InstallType value will be used for decision making later.
5. # Get PCMODELTYPE
This value is taken from the client and will determine which switch statement code
blocks will be run later.
51
For internal use only
Then depending if the AppV5StreamingProtocol GPO setting is set to “SMB”
(default) we will use the matched PrimaryHardPath or if set to “HTTP” then we will
use the corresponding APPVURL value to the build our installation path.
Eventually we end up with a path to the .appv file on the ROFS assigned to a variable
called $appvfilePath which will be used by the powershell cmdlets later to Add
the package to the client.
52
For internal use only
1. http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
2. http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
3.http://www.download.windowsupdate.com/msdownload/update/v3/static/truste
dr/en/authrootstl.cab
Workaround code 1.
o Load the module dll’s directly. You will need to modify the scripts to
replace the existing module importation code. Please ensure this is
never included in a production package.
Workaround code 2.
o Bypass CRL checking on you test machine by setting the following
registry key.
o “HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust
Providers\Software Publishing\State” from 0x00023c00 to 0x00023e00
The default code block will cater for all PCMODELTYPE’s other than the ones specified following
this section. It currently includes VIRTUALDESKTOP, DESKTOP, RDSDESKTOP,
BLADEWORKSTATION.
If the $InstallType = “PKGInstall” then Add the package using the appv5 powershell
cmdlet “Add-AppvClientPackage”. There are four variations in the command line used
depending on whether we had $DynamicDeploymentConfiguration and/or $ForceCache
parameters passed to the script.
We then exit the script with a 1 or 0 depending on any errors returned from the cmdlet.
If the $InstallType = “CGInstall” then we execute a different code block.
As above we will first Add the package in a similar manner.
On success we will then execute the CreateAddConnectionGroupFromManifest
function
53
For internal use only
Function CreateAddConnectionGroupFromManifest
Firstly we must create the connection group child member objects and establish what
the Priority of our new connection group will be.
Retrieve number of child member packages from the ROFS manifest
Create a package object for each child member and save to and array.
The child members as identified from the manifest will only provide a packageid. We will
select the package based on a package containing this packageid of which there can be a
maximum of one as only one version of a package can be published to a user at any one
time.
In the unlikely event we do not find a published package based on the above search then
we will widen the search to “–All” packages on the machine and if there are multiple
versions returned then we will select the latest version.
The reason we included the above –All search was because we discovered that MC7
dependency Unlock actions are sequenced differently for a fresh install compared with
an Uninstall and reinstall of a package. See MC7 flow diagrams. We expect this to be a
rare occurrence.
For each connection child package object we then must check to see if they are a
member of any connection groups on the client using the function
GetConnectionGroupPriority and if they are we need to record the highest
connection group priority in order to ensure our new connection group is not built with
the same priority (Note: If two enabled connection contain the same member package
and the same priority then the common application will fail to launch). We will
increment the priority by 10 off the highest number returned by all executions of the
function.
Function GetConnectionGroupPriority
Get all the connection groups added to the client (Whether enabled to the User or not).
54
For internal use only
For each connection group found, get all its member packages (whether published to
the user or not)
$CGMembers = (Get-AppvClientConnectionGroup -GroupId $CG.GroupId -
VersionId $CG.VersionId -All).GetPackages()
For each member compare it’s packageId with the packageId of the child member we
passed to it.
If we get a match then record the Priority of that connection group.
The function will return the highest priority found or default to a value of 1000 if there
were no matches.
App-V5 Standalone Environment Workaround
If two connection groups share the same member package and the same Priority then this
application will fail to launch as the App-V 5 client does not know which connection group VE
to launch the application in.
The next step is to build the parameter values we will pass to the New-
AppvConnectionGroupFile function.
Function New-AppvConnectionGroupFile
The purpose of this function is to create the connection group descriptor xml and Add
the connection group to the client.
The following are the function parameters explained.
o -Path – This is the name and path to the new connection group descriptor file
which will contain the details of the connection group.
55
For internal use only
o -Packages – An array containing the all the member packages objects in order of
merge precedence. The parent package is always the first followed by the child
members in an order dictated by the manifest appv member ordinal numbers.
Finally we will check that the connection group object has been created successfully exiting
with 1 on failure and 0 on success.
PCMODELTYPE = “NOTEBOOK”
The code is the same as the above except we will Mount (fully cache) the package as part of
the Add-AppvClientPackage cmdlet.
The –ForceCache parameter is overlooked as we are already mounting the package.
There is no requirement to Mount the Connection group when adding it as the members will
already be mounted.
PCMODELTYPE = “RDSAPPLICATIONS”
1. RDSAPPLICATIONS installations are expected to run only within a maintenance window
therefore we assume no users will be logged on and therefore no packages will be in use.
2. The RDSAPPLICATIONS code block again follows a similar pattern to the above with a few
significant exceptions.
3. A requirement of the AOD2 platform is to globally publish all App-V 5 packages and enable
all connection groups globally. Unlike the other platforms we will carry out the package
publishing and Connection group enabling within this script as opposed to the
DB_MC_Unlock_Action.ps1 script which is not run on this platform.
4. Global publishing/Enabling is a machine based state therefore it was right that it should be
executed as part of this MC7 machine scoped action. The UnlockTargets/LockTargets actions
are consequently not required on this platform.
#Add Package
Add-AppvClientPackage -Path $appvfilePath
56
For internal use only
DB_MC_Install_Action
CLINT/PREPOP -
MC7 GUI - Install
Install
Manifest.xml Details
Mandatory
<packageid>
<versionid>
<appvfile>
Retrieve Manifest.xml details from ROFS
Optional
<connectiongroupid>
<connectiongroup>
PCMODELTYPE =
PCMODELTYPE = “VIRTUALDESKTOP”,
“VIRTUALDESKTOP”, PCMODELTYPE = “DESKTOP”,
PCMODELTYPE =
“NOTEBOOK” “RDSAPPLICATION” “NOTEBOOK”,
“RDSAPPLICATIONS”
“DESKTOP”, “RDSDESKTOPS”,
“RDSDESKTOPS” “BLADEWORKSTATION”
MC7
Unlock
Action
57
For internal use only
13.2 DB_MC_Update_Action.ps1
The purpose of this script is to update a package on the client and if required update all
connection groups it is a member of.
This script is executed by the MC7 manifest Update action when
o A user initiates a package update via the MC7 console.
o Via mcCLInt
5. # Get PCMODELTYPE
As previously defined
58
For internal use only
certainty as the package/connection groups to be updated will be published/enabled to
the current user prior to the script execution. (note: only one version of a package or a
connection group can be published/enable to any given user at one time)
We can also assume the same on AOD2 (RDSAPPLICATIONS) as the installations are
globally published/enabled therefore every installing account will have the package/CG
published/enabled to it.
To establish this we will run the function IsUserInitiated.
Function IsUserInitiated
o The purpose of this function is to determine if the powershell script process is User
initiated i.e. executed by MC7 (mcADA.exe) or not.
o If it’s not mcADA.exe then the likelihood is it will be mcCLInt but we just need to
establish if the action has been initiated by the User via the MC7 console or not.
o We will check the parent and grandparent processes running our powershell script
to see if either matches “mcADA”.
o We then set the $UserAction variable to $true or $false depending on the result.
$UserAction will be used later for decision making. E.g. to decide if we can present
User dialogs.
Function IsUserInitiated{
# Function to determine if mcADA.exe is executing this script and if so
we can assume this is being executed by the User via the MC7 console.
$MyPid = $PID
$ParentPid=(Get-WmiObject win32_process -Filter
"processid='$MyPid'").parentprocessid
$GrandParentPid=(Get-WmiObject win32_process -Filter
"processid='$ParentPid'").parentprocessid
$ParentProcessObj = Get-Process -Id $ParentPid
$GrandParentProcessObj = Get-Process -Id $GrandParentPid
If (($ParentProcessObj.Name -eq "mcADA") -or
($GrandParentProcessObj.Name -eq "mcADA")){LogWrite $("The parent process is
mcADA.exe therefore this action is User initiated via MC7 Console");Return
$true}
Else{LogWrite $("The parent process is not mcADA.exe therefore this
action is NOT User initiated via MC7 console");Return $false}
}
$UserAction = IsUserInitiated
In order to determine if the execution of this script is User driven via MC7 console or not
we check to see if one of the parent/grandparent processes are mcADA.
If our script has not been initiated by the mcADA or is not RDSAPPLICATIONS then
we will widen the search for the old package (the installing account will not have
anything published/enabled to it e.g. mcCLInt = System Account, PrePOP = local
Admin account)
59
For internal use only
As a consequence, the $OldPackageObj may contain more than one package
object.
The same applies for the $OldConnectionGroupObj
The default code block currently includes all PCMODELTYPE’s except RDSAPPLICATIONS for this
script.
If the Update is $UserInitiated and a “CGUpdate” then we will check if the old CG is in
use by the current user ($OldConnectionGroupObj.InUseByCurrentUser). If it is then
we must get a list of the virtual processes running, using the Get-AppvVirtualProcess
cmdlet, which belong to the CG packages members and retrieve their process
descriptions in order to present a dialog to the current user informing them to shut
down those applications or allow us to (StopDisableOldConnectionGroup) before
continuing.
60
For internal use only
and Stop and Disable these connections groups. (Note: we cannot update a package
whilst it is a member of any connection group enabled to current user)
We should now be in a position to update the old package with the new.
We will first ensure the old package is not in use by the current user and if it is present a
dialog requesting the application to be shut down before continuing.
We will then add the new package and Mount it for NOTEBOOK.
We do not remove the old package at this time as adding the new package over the top
will result in only the new package additions (deltas) being streamed over the network
and written to disk.
Our next task will be to update any other connection groups we found containing our
old package using the ReCreateFoundConnectionGroups function.
This function iterates through the connection group matches saved earlier, builds a new
CG descriptor xml file for each replacing the old package member with our update
package.
For each package member the ReCreateFoundConnectionGroups function will also call
the GetConnectionGroupPriority function to establish the new Priority for the CG
update.
The descriptor files are created and the connection groups are registered with the client
using the New-AppvConnectionGroupFile function.
Appv5 Workaround/Managed Client Dependency
1. We must stop a connection group before we can update it. If connection group
is found to be in use by the current user then we must present a dialog to the
user before we can stop it in order to warn the user and prevent any loss of
unsaved application data.
2. You must disable for the current user all connection groups a package is a
member of before you can unpublish that package for that same user.
61
For internal use only
Function New-AppvConnectionGroupFile
The purpose of this function is to create the connection group descriptor xml and Add
the connection group to the client.
The following are the function parameters explained.
New-AppvConnectionGroupFile -Path $NewXML -DisplayName $DisplayName -Priority
$Priority -connectiongroupid $connectiongroupid -connectionversionid
$connectionversionid -Packages $Packages | Add-AppvClientConnectionGroup
o -Path – This is the name and path to the new connection group descriptor file
which will contain the details of the connection group.
$CGRepository = $env:ProgramData + "\App-
V\DB_ConnectionGroups"
$NewXML = $CGRepository + "\" + $connectiongroupid + "_" +
$connectionversionid +".xml"
Note the $connectiongroupid is taken from the manifest and the
$connectionversionid is randomly generated by the script.
o -DisplayName – Is the taken directly from the old connectiongroup.
o -Priority – This is returned from GetConnectionGroupPriority function and
incremented by 10.
o -connectiongroupid – This is taken from the old connection group.
o -connectionversionid – Randomly generated by the script
o -Packages – An array containing the all the member packages objects in order of
merge precedence as per the old connection group. The only difference should
be the old package versionid will be swapped with our new packages’ versionid.
We have now reached the point where we have disabled the old version of our
connection group (If this is a CGUpdate). We have also disabled all other connection
groups containing our old package, created new versions of those CG’s (containing our
update package) and Added them to the client.
The final task is to update our own connection group. The reason we handle this
separately is to allow us to cater for any additions/updates to the new manifest version.
E.g a new connection group member or merge order.
We will call the CreateAddConnectionGroupFromManifest function to create our new
connection group.
Function CreateAddConnectionGroupFromManifest
Firstly we must create the connection group child member objects and establish what
the Priority of our new connection group will be.
Retrieve number of child member packages from the ROFS manifest
Create a package object for each child member and save to and array.
The child members as identified from the manifest will only provide a packageid. We will
select the package based on a published package containing this packageid of which
there can be a maximum of one as only one version of a package can be published to a
user at any one time. $package_dep = Get-appvclientpackage -PackageId
$packageid_dep.packageid
If for any reason we do not find a package based on the above search then we will widen
the search to –All packages on the machine and if there are multiple versions returned
then we will select the latest version. $package_dep = Get-appvclientpackage -
62
For internal use only
PackageId $packageid_dep.packageid -All|Sort-Object {$_.Version}|Select-
Object -last 1
The reason we included the above “–All” search was because we discovered that MC7
dependency Unlock actions are sequenced differently for a fresh install compared with
an Uninstall and reinstall of a package. See MC7 flow diagrams. We expect this to be
rarely required.
For each child package object we then must check to see if they are a member of any
connection groups on the client using the function GetConnectionGroupPriority and
if they are we need to record the highest connection group priority in order to ensure
our new connection group is not built with the same priority (Note: If two enabled
connection contain the same member package and the same priority then the common
application will fail to launch). We will increment the priority by 10 off the highest
number returned by all executions of the function.
Function GetConnectionGroupPriority
Get all the connection groups added to the client (Whether enabled to the User or not).
$ConnectionGroupObj = Get-AppvClientConnectionGroup -All
For each connection group found, get all its member packages (whether published to
the user or not)
$CGMembers = (Get-AppvClientConnectionGroup -GroupId $CG.GroupId -
VersionId $CG.VersionId -All).GetPackages()
For each member compare it’s PackageId with the packageId of the child member we
passed to the function.
If we get a match then record the Priority of that connection group.
The function will return the highest priority found or default to a value of 1000 if there
were no matches.
The next step is to build the parameter values we will pass to the New-
AppvConnectionGroupFile function and run it resulting our new connection group
added to the client.
PCMODELTYPE = “RDSAPPLICATIONS”
1. RDSAPPLICATIONS updates are expected to run only within a maintenance window
therefore we assume no users will be logged on and therefore no packages will be in use.
2. The RDSAPPLICATIONS code block again follows a similar pattern to the above with a few
significant exceptions.
63
For internal use only
3. A requirement of the AOD2 platform is to globally publish all App-V 5 packages and globally
enable all connectiongroups globally. Unlike the other platforms we will carry out the
package publishing and Connection group enabling within this script as opposed to the
DB_MC_Unlock_Action.ps1 script which is not run on this platform.
#Add Package
Add-AppvClientPackage -Path $appvfilePath
64
For internal use only
CLINT/ Manifest.xml Details
DB_MC_Update_Action MC7 GUI -
Update
PREPOP -
Update Mandatory
<packageid>
<versionid>
<appvfile>
Optional
<connectiongroupid>
PCMODELTYPE = PCMODELTYPE = <connectiongroup>
Retrieve Manifest.xml details from ROFS
“RDSAPPLICATIONS” “DEFAULT”
Is this a CG
Update? Yes
Yes Is this a CG
Update?
Is the old CG
Yes Exit 1 Yes Exit 1
in use?
Is the old CG No
in use by the
User? Yes
No
No
No Present application list to No
shut down and permission
to continue?
Stop Globally, Disable
Globally & Remove old CG. Stop & Disable old CG for
Delete old CG.xml Current User Only. (If
enabled for User)
Yes
Exit 1
Yes
No No
Store details of all Connection Group
matches (regardless of whether
Enabled to the Current User or not)
No
No
No
No Yes
No
Is this a CG
No
Update?
Create & Add our New
Connection Group (using details
from Manifest)
Yes
65
For internal use only
13.3 DB_MC_Unlock_Action.ps1
3. # Get PCMODELTYPE
As previously defined
4. # Load the machine Manifest.xml to retrieve the AppGroupName in order to locate the
User manifest
The manifest referenced is the User profiled version under “%AppData%\Deutsche
Bank\MC7\ManagedApps\Registry\<AppGroupName>”
$Manifest = $env:appdata + "\Deutsche Bank\MC7\ManagedApps\Registry\"
+ $AppGroupName + "\manifest.xml"
#Package Data
$AppGroupName = $xml.manifest.package.general.group
$AppName = $xml.manifest.package.general.name
$AppVersion = $xml.manifest.package.general.("product-version")
$ManifestVersion = $xml.manifest.package.general.("manifest-version")
#Appv5 Data
#Package Data
$packageid = $xml.manifest.package.appv.packageid
$versionid = $xml.manifest.package.appv.versionid
#Connection Group Data
$connectiongroupid = $xml.manifest.package.appv.connectiongroupid
66
For internal use only
Managed Client Dependency
As this is a User scoped action we have chosen to reference the User profiled
version of the manifest. This will allow us to retrieve details relevant to a particular
user. E.g. On a shared desktop if a package is updated by one user it will allow
another user to remain on the older version until they choose to update via the MC7
console. Note: we must first reference the machine based manifest in order to
retrieve the AppGroupName which will enable us to find the User based manifest.
Note we use the “–All” switch in case the package is not currently published to the
user.
If we are running on the RDSDESKTOPS platform then we will check for an older
version of our package that is published to the current user and assign to an object.
This is necessary as the unlock action may be required to present a dialog to the user
in a certain scenario (see flow diagram)
PCMODELTYPE = “default”
The default code block currently includes all PCMODELTYPE’s except RDSDESKTOPS and
RDSAPPLICATIONS. If the PCMODELTYPE is found to be RDSAPPLICATIONS then we will have
already aborted the script entirely as it is not required to run as global publishing is carried
out at install time for AOD2 platform.
67
For internal use only
Hence the use of the UserIntegrationCheck function which also checks for the
presence of the package integration folder under IntegrationPath =
$env:LOCALAPPDATA + "\Microsoft\AppV\Client\Integration\" + $packageid
If the package does not pass these checks then we will publish the package to the
current user.
Next step is to search the machine for any connection groups containing our package
that may require enabling for the current user.
To achieve this we run the FindEnableConnectionGroups function.
Function FindEnableConnectionGroups
Firstly we use the appv cmdlets to retrieve all the connection groups on the client that
are not enabled to the current user and order them by Priority number.
We then cycle through all the disabled connection groups found checking for the
existence of our package as a member (using package & version id’s).
For each connection group match we then check the published status of each package
member and if all the members are all published to the current user then we enable
that connection group to the user.
Note: Updates or downgrades (roll-back) to a connection group will always require a
new CG to be created with a new versionid and the priority will always be incremented
by 10 off the previous version. It is therefore possible that we can have two connection
groups with exactly the same package members. Because we cycle through enabling the
matched CG’s in ascending order of Priority number the CG that will be last enabled will
be the one with the higher number which will be the last one installed as is required.
The script then completes. Note: MC7 does not accept any return codes for the
UnlockTargets action.
Appv5 Workaround
If however the package is not published to the current user then we take a different
approach to the other platforms.
We next check to see if there is another version of our package in use by the current
user. If there isn’t then we publish the package and run the
FindEnableConnectionGroups function as before.
If however the user is currently running an older version of our package then we must
present a dialog to the user requesting a shutdown of the necessary applications. To
determine what these applications are we must carry out the following.
We will now check to see if our package is in any connection groups that are in use by
the current user and if there are more than one then return connection group with the
lowest priority as this is the connection group virtual environment the package will be
launched into. To retrieve this info we must run the Get-
InUseConnectionGroupLowPriority function.
If no connection group objects are returned from this function then we will run the
OldPkgDialogShutdown function which will present the following dialog to the user
requesting a shut-down of the application. Note: There are no options to cancel this
action. This was necessary to ensure the dialog does continuously pop-up every time
the unlock action is executed. Once the new package is published to the user it will not
present the pop-up again due to the code logic.
69
For internal use only
If we discovered that our old package was currently running inside a connection group
VE we will then determine which virtual applications are running inside this CG VE and
present this application list using the GenerateFormBig function. Again note the user
will have no option to cancel this dialog action.
Once the requested applications are closed down we will then publish the package to
the current user.
Next step is again to search the machine for any connection groups containing our
package that may require enabling for the current user.
To achieve this we run the FindEnableConnectionGroups function.
70
For internal use only
DB_MC_Unlock_Action
Update (m/c Repair (user User re-added
MC7 Install Action
scope) scope Only) to Package AD
Group
Manifest.xml Details
Mandatory
<packageid>
<versionid>
<appvfile>
Retrieve Manifest.xml details from Optional
%AppData%\Deutsche Bank\MC7\ <connectiongroupid>
ManagedApps\Registry\<group>\ <connectiongroup>
Abort (Exit 0)
No
Yes
Yes
Publish Package to No
User
Request user to shut down relevant apps
in order to continue. (no option to
Loop through all connection groups Loop through all connection groups
disabled to the current user for a disabled to the current user for a Publish Package to
match with our package. match with our package. User
Yes Yes
Yes Yes
Enable Connection Group for current user Enable Connection Group for current user
71
For internal use only
13.4 DB_MC_Lock_Action.ps1
3. # Get PCMODELTYPE
As previously defined
4. # Load the machine Manifest.xml to retrieve the AppGroupName in order to locate the
User manifest
As previously defined
Note we use the “–All” switch in case the package is not currently published to the
user.
72
For internal use only
7. # Switch statements based on the PCModeltype
PCMODELTYPE = “default”
The default code block currently includes all PCMODELTYPE’s except RDSDESKTOPS. If the
PCMODELTYPE is found to be RDSAPPLICATIONS then we abort the script entirely as it is not
required to run as global publishing is carried out at install time for AOD2 platform.
Before we can unpublish a package for the user we must first make sure the package is
not a member of any connection groups that are enabled to the user.
To achieve this we will run the IfMemberStopDisableConnectionGroups function.
Function IfMemberStopDisableConnectionGroups
Get all Connections Groups on Client that are enabled to the Current User
Cycle through each connection group and see if there is a member match with our
package (based on packageid & versionid).
If we find a member match then if the connection group is in use we stop it for the
user.
Important Note
This script can run in two scenarios, When a User is removed from
the Application group or when a user initiates an uninstall of the
package. In both of these scenarios we have assumed that it is
acceptable to stop the package without warning.
If the connection group is enabled to the current user then we disable it.
Before we can unpublish a package for the user we must first make
sure the package is not a member of any connection groups that are
enabled to that user. To achieve this we will run the
IfMemberStopDisableConnectionGroups function.
73
For internal use only
DB_MC_Lock_Action
Get PCMODELTYPE
PCMODELTYPE =
“VIRTUALDESKTOP”,
PCMODELTYPE = “DESKTOP”,
“RDSAPPLICATIONS” “RDSDESKTOPS”,
“NOTEBOOK”,,
“BLADEWORKSTATION”
Abort (Exit 0)
IfMemberStopDisableConnectionGroups
If our package is a member of any Connection
groups on the client then force Stop & Disable
them to allow us to Unpublish the package
74
For internal use only
13.5 DB_MC_Repair_Action.ps1
3. # Get PCMODELTYPE
As previously defined
4. # Load the machine Manifest.xml to retrieve the AppGroupName in order to locate the
User manifest
As previously defined
6. # Code Execution
Before we can repair the package we must establish if the package is a member of
any connection groups that are enabled to the current user. If it is then the package
will not be launching in its own virtual environment but in the VE of the connection
group.
If the package is a member of more than one connection group then the application
will be launching in the VE of the enabled connection group with the lowest priority
number (i.e. highest priority).
We will also need to consider the possibility that the package or connection group it
is launched in is in use by the user and present a message dialog where appropriate.
75
For internal use only
In order to get this information we will run the Get-
EnabledConnectionGroupLowPriority function.
Function Get-EnabledConnectionGroupLowPriority
o Get all connection groups, enabled & disabled.
o Cycle through each connection group and test for a match with the package
we are repairing.
o When complete, order the found connection groups by Priority number and
the select the lowest
o Return the connection group object if one found.
If a connection group was returned then we will check if it’s in use by the user.
If it is in use then we must present a dialog to the user containing a list of the
running virtual processes belonging to the connection group members requesting
shut down of them before we can repair. Note: we must stop the package before we
can repair it (potential loss of unsaved data) and also the user should be made
aware that they will lose all application user preferences of not only the package,
but all member packages if it is indeed a connection group we are repairing.
To achieve this we will run the Get-ConnectionGroupRunningProcessList
function to gain the application friendly name list of the connection group members.
Function Get-ConnectionGroupRunningProcessList
o Get a list of the virtual process descriptions for all running virtual processes
who’s VirtualEnvironmentVersion match our connection group versionid and
are running under the users Sid.
o Gather all the application names into an array and return.
Connection Group member Package (parent or child) Repair - (with two CG apps already
launched).
76
For internal use only
If the User chooses to continue then the StopRepair-ConnectionGroup function is
called. This will stop the connection group VE for the User and repair the connection
group for the user.
Script completion
If it was found that the package was not a member of any enabled connection
groups the Repair-Package function would have been called.
Function Repair-Package
o Creates package object and ensures the package is published to the current
user.
o Checks if the package is in use by the user and if so presents a dialog
o If the user chooses to continue then we stop and repair the package for the
User.
o If the package was not in use by the user we will still present a dialog
informing the user
o If the user chooses to continue then we stop and repair the package for the
User.
o We exit the script with a 0 whether a repair has taken place or not.
77
For internal use only
DB_MC_Repair_Action MC7 UI – User initiated Repair
Get PCMODELTYPE
Abort (Exit 0)
Yes
no
No
No
Yes
Stop & Repair Connection
Group for User
no
Yes
No
Yes
Yes
Repair Package for User
78
For internal use only
13.6 DB_MC_Uninstall_Action.ps1
#Package Data
$AppGroupName = $xml.manifest.package.general.group
$AppName = $xml.manifest.package.general.name
$AppVersion = $xml.manifest.package.general.("product-version")
$ManifestVersion = $xml.manifest.package.general.("manifest-version")
#Appv5 Data
$packageid = $xml.manifest.package.appv.packageid
$versionid = $xml.manifest.package.appv.versionid
#Appv5 Connection Group Data
$connectiongroupid = $xml.manifest.package.appv.connectiongroupid
The manifest loaded sits in the same folder from which this script is executed which
will be “C:\ProgramData\Deutsche
Bank\MC7\ManagedApps\Registry\<AppGroupName>”
1.
79
For internal use only
4. # Establish type of uninstall (single Package or Connection Group Parent Package)
If the $connectiongroupid is retrieved from the manifest then we will assume this is
an $IninstallType = “CGUninstall” else it’s a “PKGUninstall”
This $UninstallType value will be used for decision making later.
5. # Get PCMODELTYPE
As previously defined
Note: we use the –All switch above because the Lock action script will have run
before this action and will have already unpublished the package.
If the this is a “CGUninstall” then create the connection group object based on the
following command Get-AppvClientConnectionGroup -GroupId $connectiongroupid -
All
If more than one connection group is found with this connectiongroupid then we
will
MC7 Workaround
When a User initiates an Uninstall from the MC7 console the first action to run is the
Lock action. This will disable to the user all CG’s the package is a member of and then
unpublish the package. We exactly define the package we are removing as we have
possession of the packageId & versionId but defining the connection group proves more
difficult as we only have the groupId to work with. We therefore will remove all
connection groups that contain our package as they are of no use if our package is not
present.
This behaviour differs for mcCLInt Uninstalls as the Lock action will not be run for the
user prior to the Uninstall script executing.
80
For internal use only
8. # Switch statements based on the PCModeltype
PCMODELTYPE = “default”
The default code block currently includes all PCMODELTYPE’s except RDSAPPLICATIONS and
RDSDESKTOPS. If the PCMODELTYPE is found to be RDSDESKTOPS then we abort the script after
logging this fact it’s not supported on this platform.
Function IsPackageConnectionGroupChildMember
o The purpose of this function is to get the Connection group Parent package
Application “friendly” names of all connection groups enabled or disabled that our
package is a child member of and return them (assuming the script is
$UserInitiated). If the action is not $UserInitiated then the function will return just
the number of connection group matches.
o Get all the connection groups on the client enabled or disabled to the current user.
If this is a “CGUninstall” we will exclude our own connectiongroupid from the
search.
o Cycle through each discovered connection group and search its members for a
match with our package based on packageid & versionid.
o Count every CG match and then extract the Parent package Group name from the
connection group name, use this to locate the parent packages manifest.xml in
%ProgramData% to get the application friendly name.
NOTE
Function IsUserInitiated
o The purpose of this function is to determine if the powershell script process is User
initiated i.e. executed by MC7 (mcADA.exe) or not.
81
For internal use only
o If it’s not mcADA.exe then the likelihood is it will be mcCLInt but this is not of
concern as we just need to establish if the action has been initiated by the User via
the MC7 console.
o We will check the parent and grandparent processes running our powershell script
to see if either matches “mcADA”.
o We then set the $UserInitiated variable to $true or $false depending on the result.
$UserInitiated will be used later for decision making. E.g. to decide if we can present
User dialogs.
In order to determine if the execution of this script is User driven via MC7
console or not we check to see if one of the parent/grandparent processes are
mcADA.
If matches were found and the script is $UserInitiated then we will present a dialog to the
User using the GenerateForm function informing them that the Listed connection group
parent applications must to be uninstalled first.
We will then Exit with 1 as we have not removed the package and we must ensure MC7
recognises this fact or else it will remove its package registration and components.
If no connection group matches were found then we execute the RemovePackages function.
Function RemovePackages
o This function will remove all minor versions of our package.
o If the package is in use by anyone we will abort the package removal to prevent loss
of user data. Note: The package will already be stopped for the current user for a
UserInitiated Uninstall as the Lock action will have handled it for the current user.
o If the package is published to the current user then (it won’t be for a $Userinitiated
Uninstall as the Lock action will have unpublished it first) Unpublish the package.
o We have chosen not to repair the package before unpublishing in case the user data
is required on another machine by that user.
82
For internal use only
o Next we remove all versions of the package from the machine using the $PackageId.
o Delete the package local cache folder if its empty
o Default: “$Env:ProgramData + "\App-V\" + $packageid”
o RDSDESKTOPS & RDSAPPLICATIONS: "E:\AppV5Cache\" + $packageid”
Appv5 workaround
After the removal of a package we will delete the package cache if it’s empty as the
appvclient neglects to do so.
a. Default: "%ProgramData%\App-V\<PackageID>"
b. RDSDESKTOPS & RDSAPPLICATIONS: "E:\AppV5Cache\<PackageID>"
If we return to the beginning of this code block and it is confirmed this is a “CGInstall” we
will again run the IsPackageConnectionGroupChildMember function which will return a
list of connection group parent package friendly names or “NoneFound
If no matches were returned then we will call the RemoveConnectionGroups function.
Function RemoveConnectionGroups
o This function will remove all connection groups containing our connectiongroupid.
o If the CG is in use by anyone then we abort the script with Exit code 1 to prevent any
possibility of User data loss.
o If the CG is enabled to the user then disable it. For an MC7 driven uninstall the lock
action will have already disabled the CG but for a mcCLInt removal this may not be
the case.
o Remove all connection groups containing our $GroupId. (If we are removing a
member package then there is no requirement for any CG containing this package to
exist.)
o Delete the connection group descriptor file under $Env:ProgramData + "\App-
V\DB_ConnectionGroups\" + $ConnectionGroupObj.groupid + "_" +
$ConnectionGroupObj.versionid +".xml"
Following this we execute the RemovePackages function which was described earlier.
If matches were found and if the script is $UserInitiated we will present the same dialog as
before to the user and if not we abort the script with Exit code 1.
83
For internal use only
PCMODELTYPE = “RDSAPPLICATIONS”
The code for this platform is essentially the same except we do not offer any user
dialogs as Uninstalls will never be actioned by a User (typically just using mcCLInt).
As all packages are globally published and connection groups are globally enabled on
the AOD2 platform we must consequently globally unpublish packages and globally
disable connections groups as part of this script
PCMODELTYPE = “RDSDESKTOPS”
Package and Connection group removals are not currently supported on this
platform. We log out the following statement. "We don't currently offer
Package Removals on the RDSDESKTOPS platform. Aborting.."
Exit 1
84
For internal use only
DB_MC_Uninstall_Action
PCMODELTYPE =
PCMODELTYPE = “NOTEBOOK”,
“RDSAPPLICATION” “VIRTUALDESKTOP”,
“DESKTOP”
Exit 1
Yes
No No
Yes
Are any connection groups with Are any connection groups with
Yes Exit 1
our connectiongroupid in use? our connectiongroupid in use?
No No
No
85
For internal use only
14 Managed Client Action flow diagrams
The above scripts and the logic contained within them have had to consider the
action sequencing for the existing Managed Client (v7.2 & 7.3).
The following are the action sequencing flow diagrams as discovered during our
testing and for which we have coded the powershell installation scripts.
86
For internal use only
MC 7.2 Install/Update Action
Sequencing
Manifest Manifest
Dependencies? Dependencies?
Yes Yes
No No
87
For internal use only
MC 7.2 Repair Actions
MC7 UI - Repair
Repair Action
– User Scope
Unlock Action
– User Scope
88
For internal use only
MC 7.2 Uninstall Action
& Reinstall
MC7 UI - Uninstall
Lock Action
– User Scope
Uninstall Action
– m/c Scope Only
Yes
Exit
MC7 UI - ReInstall
Install Action
– m/c Scope
Install Action
– user Scope
Unlock Action
– user Scope
89
For internal use only