In the first post in this series we installed and configured the management server and a dummy AD and DNS environment, there was an aside on Certificate services too, this time we will start to configure the Client/ Server communications. so without further ado lets get started.
Now the way to do this easiest way is to use Program Rules. this is a feature set of the windows firewall. a program rule allows traffic for particular programmes. A programme can be identified the by program path and executable name.
To configure this we will need to run through the process twice to configure two different programme rules
1) From the Start menu go into Windows Firewall with Advanced Security. In the Windows Firewall with Advanced Security On the Inbound Rules right click and select New Rule.
Select Program from the radio selections and click Next
2) In the Rule Type select Program and select next, Now in the program path we need to add the following rules for the Management Server
Below aer the default location (Remeber this process is carried out twice, once of each executable:
– %ProgramFiles%\Microsoft System Center App Virt Management Server\App Virt Management Server\bin\sghwdsptr.exe
–%ProgramFiles%\Microsoft System Center App Virt Management Server\App Virt Management Server\bin\sghwsvr.exe
3) Now allow the connection and click next
Check the boxes to configure the profiles which the rules apply. Then click next
4) Finally enter a name for each rule and click Finish!
Once this has been configured your App-V management server will be able to communicate correctly with your App-V clients! The ports will be automatically set depending on what the .exe is listening for.
Next it is time to configure the ADM Template and Group Policy infratructure MS have kindly provided an ADM template to help you with this.
This ADM Template includes:
- New flags that allow overriding the location configured in the Open Software Description (OSD) file for the Application Source Route (ASR), the Icon Source Root (ISR), and the OSD Source Root (OSR) with the registry value located on the client
- New Auto Load settings including when to target apps and what will start an Auto Load
- New Reporting Configuration options
- New Client Logging settings like maximum log size and number of copies to keep
- All permissions settings visible through the App Virtualization Client
- Disconnected Operation configuration
- Client user interface settings that control how the Tray behaves (more on this later)
The ADM Template allows controlling Preferences (not enforced policies). When you import the template, you need to go through the following steps to see it in the Group Policy Editor.
1) First extract the ADM template by running the msi that you download from connect. By default this will go to C:\AppVirtADMTemplate (RC)\AppVirt.adm. I have than copied this adm to c:\windows\system32\inf
2) Load the Group Policy Management Console and where you have your computers that will be used as clients create and link a new group policy and then start to edit the policy
3) Once in the policy confirm that Filter on is not enabled. If the filter is on than there will be a tick box beside it. Make sure there is no tick box like below.
4) Under Computer Settings>Policies>Administrative Templates>Classic Administrative Templates we will find the new App-V preferences.
5) In the Communications settings I want to modify my clients settings for ASR(Application Source Root) to rtsps://PVM_App-V.PVM.internal:322
To modify this double click on the highlighted section and edit the resultant form
Once set, click OK to exit come out of editing the policy and confirm that any Clients will be located into the OU where the policy is applied.
Now why have we enabled this? Well if you have many packages obtained from many different sequence sources all with different server sources, things can soon become fraught. To overcome this you set the ASR to replace what is currently in any preconfigured OSDs. (simples)