XenApp 6 Tuning Group Policy for Windows 2008 R2

24 Flares Twitter 12 Facebook 8 Google+ 3 Pin It Share 0 LinkedIn 1 Email -- Buffer 0 24 Flares ×

gpmc 091 300x214 XenApp 6 Tuning Group Policy for Windows 2008 R2

I have posted a new Tuning Policy for Citrix XenApp 6 available in the Download section of this blog. Most of the registry keys have been imported from the previous Terminal Server & XenApp Tuning Tips Group Policy v1.1. There are some Group Policy Best Practices templates around, but the power of mine are that they are ready to go. There are no extra configuration required.

Remember that UPHClean is natively embedded into Windows 2008 and later and it’s recommended to Disable Data Execution Prevention on Windows 2008. This can be done with this command : bcdedit.exe /set {current} nx AlwaysOff

Change log :

  • Moved keys from HKLMSoftware to HKLMSOFTWAREWow6432Node
  • Added more StubPath’s to speed up the profile creation for new users
  • Added instructions on How To Import the settings in GPMC within the zip file
  • Deleted “WFDontAppendUserNameToProfile
  • Deleted “NoRemoteChangeNotify

Resources :

Note :

Please note that these policy’s are provided “as is” and that using these is at your own risk. Please feel free to leave comments below regarding bugs & suggested improvements in future releases.

41 Responses to XenApp 6 Tuning Group Policy for Windows 2008 R2

  1. Martin Berard says:

    Can you explain why you remove those two keys. Should we keep them if we apply those hotfix from Microsoft to optimized things up?

    • Trond Eirik Haavarstein says:

      Hi Martin,

      The first policy only applies to mandatory profile for Windows 2003. The reason why I removed “NoRemoteChangeNotify” is simple. You could get some better network performance on WAN, but the user experience gets worse. If this setting is on and the user creates a document on a network drive, he’ll need to press F5 to see the document.

  2. Wizard says:

    When I try to import the gpo I get a version error.

    • Trond Eirik Haavarstein says:

      Hi Martin,

      Are you following the instructions in the pdf that’s included in the zip file ? Make sure to do this with GPMC on a Windows 2008 Server.

  3. Derek M says:

    Looks like you need to change the default domain parameter for you location. Just a note for people wanting to use this out of the box.

    • Trond Eirik Haavarstein says:

      Hi Derek,

      Yeah, that’s correct, maybe I missed mention it in the documentation. I will check it up, thanks for the comment.

  4. Mark B says:

    Hi,

    I’m implementing this template and running into a few questions maybe other users have too.
    I will state them below:

    =
    Settings: KeepAliveTime, KeepAliveInterval, TCPMaxDataRetransmissions

    ?: Are hardcoded according to this blog and cannot be changed via registry

    http://blogs.technet.com/b/nettracer/archive/2010/06/03/things-that-you-may-want-to-know-about-tcp-keepalives.aspx
    =
    =
    Setting: LargeSystemCache

    ?: I read it might produce unstable systems. Is this true?
    =
    =
    Setting: IOPageLockLimit

    ?: Doesn’t seem to do anything from W2K SP1

    http://www.msfn.org/board/topic/25684-registry-myths-%231-iopagelocklimit/
    =
    =
    Settings: LanManServer

    ?: Don’t they have only a positive result when they are set on fileservers etc. as well?
    =

    • Trond Eirik Haavarstein says:

      Thanks for posting Mark,

      I don’t have to many XA6 solutions running so we have to see what other of the Citrix Community users are coming up with. That being said I’ve not experienced any problems with these settings, more on XA6 that have some bugs…

  5. Fredrik says:

    @Mark B,
    Nice to see someone doing their homework.
    As you’ve found – TCP keepalives are hardcoded.
    IOPageLockLimit does jack shit.

    Lanmanserver settings are good in WS 2000/2003 begin_of_the_skype_highlighting              2000/2003      end_of_the_skype_highlighting, solves freezes in TS (logon/off) MS KB 324446. But I bet that it is unnecessary in 2008, will look into deeper some time.

    LargeSystemCache won’t give you unstable systems, this is the key for the Memory usage setting in System Options/Performance; enabled prioritizes System cache, disabled prioritizes Programs. In a multi user environment you’d rather set this to System cache as in the adm…

  6. Michael says:

    Hi, just curious as to how the importable settings you’ve facilitated compare to the following updated article based on the post you listed as a reference:

    http://www.citrixtools.net/en/Articles/articleType/ArticleView/articleId/5610/Windows-2008-R2-Remote-Desktop-and-XenApp-6-Tuning-Tips-Update.aspx

    • Trond Eirik Haavarstein says:

      Hi Michael,

      The policy have not been updated since its release in July, so the content on Pierre’s site is more up to date (December 2010).
      The best thing would be to sort the registry keys and check them one by one. Still my policy would save you a lot of time.

      Please let me know if you find any new or modified registry keys that I should add to the policy. Currently I have no time to do this since I’m working hard on releasing my Citrix XenApp 6 Video Training Course.

  7. Mike says:

    Just noticed a new updated “date” for this Sep 2011. Version is the same. Doest it mean there were updates to it?

  8. Ken says:

    I’m setting up a new XenApp 6.5 farm and using all server 2008 R2 64 bit policies. Will I be able to use this GPO out of the box?

  9. Claudio says:

    Hiya

    I’m using this GPO policies on XA65 Win2k8R2 but have problems with one of these settings when mapping network drive (Webdav). Connection works fine (authentication) but browsing the webdav structure doesn’t work. I always get reconnected to the starting point showing the root folder structure.
    Disabling this GPO makes everything work ok. Any idea which of all these reg changes i should change? Using Webdav to a box.com account.
    Thx //(laudio

  10. Chris says:

    Applied to a XenApp 6.5 server, absolutely no changes to registry occurred. No errors in the event logs.

  11. Emile Risberg says:

    Hi,

    As someone already mentioned the GPO refers to a test domain and needs to be changed when importing the settings. Is this done by using a migration table in GPMC or do you have any other tips?

    /Emile

  12. Brett Hill says:

    Hello Trond,
    Thank you for the preference export! I found a bug, I believe. Policy Preference #62 (Suppression Policy) has the wrong path (by one character).
    The path I imported was:
    *\shellex\PropertySheetHandlers\{883373C3-BF89-11S1-BE35-080036B11A03}
    It should be:
    *\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}

    Reference: http://support.microsoft.com/kb/829700/EN-US

    Kind Regards,
    Brett

  13. Chris says:

    I’m looking at all the registry settings in the XenApp Tuning Policy. Why is there repeat entries? Should I delete them and just leave one? Thanks.

  14. Klawal says:

    I am just curious but apply the policy to my XenApp 6.5 2008 R2 servers there seem to be an error when users launch an application “you cannot access published resources because your encryption level is not fips”.

  15. Kevin says:

    Is there an updated version of this policy available with the changes mentioned above or any other changes?

    Thanks.

  16. Kevin says:

    Thanks. Will do.

  17. Jeff Hayes says:

    Hello Eirik,

    I was wondering your opinion on Windows 2008 R2 Operating Systems and DEP and how it should be set? At the beginning of this thread, you mention….”and it’s recommended to Disable Data Execution Prevention on Windows 2008. ” I assume there you are speaking of R1 for windows 2008.

    I seem to be having some issues with Java.exe crashing on some terminal servers and it possibly might be DEP related.

    Thanks,

    Jeff

    Thanks,

    Jeff

  18. Lee says:

    When trying to import into GPO Mgmt. it tells me there is no backup and I cannot proceed….help

    • Please check the documentation that’s part of the download for the instructions.

      • Lee says:

        Thank you! I managed to extract it again and import it successfully.

        Anyone else using this policy for XenApp 6.5 that can offer feedback? I currently have it being tested on on of our Citrix servers.

  19. Lee says:

    I noticed the following additional registry mods were not present and recommended by Citrix on a Windows 2008 R2 server:

    HKEY_CURRENT_USER\Software\Microsoft\
    Windows\CurrentVersion\Explorer\VisualEffects
    “VisualFXSetting”=dword:00000003

    HKEY_CURRENT_USER\Control
    Panel\Desktop\WindowMetrics
    “MinAnimate”=”0″

    HKEY_CURRENT_USER\Software\Microsoft\Windo
    ws\CurrentVersion\Explorer\Advanced
    “ListviewAlphaSelect”=dword:00000000
    “TaskbarAnimations”=dword:00000000
    “ListviewWatermark”=dword:00000000
    “ListviewShadow”=dword:00000000

    HKEY_CURRENT_USER\Control Panel\Desktop
    “FontSmoothing”=”0″
    “UserPreferencesMask”=binary:90,12,01,80 ,10,00,00,00

    Citrix KB Doc: http://support.citrix.com/servlet/KbServlet/download/29413-102-705928/XA%20-%20Windows%202008%20R2%20Optimization%20Guide.pdf.pdf

Leave a reply

Name: Email:
24 Flares Twitter 12 Facebook 8 Google+ 3 Pin It Share 0 LinkedIn 1 Email -- Buffer 0 24 Flares ×