- VMware Technology Network
- :
- Digital Workspace
- :
- Horizon
- :
- Dynamic Environment Manager
- :
- Re: O365 Credentials - VMware DEM user settings wi...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
O365 Credentials - VMware DEM user settings with FSLogix office containers
Hello community
We are in the process of designing a new environment on LAB servers for a customer.
Target is to save and manage the user settings through VMware DEM and use FSLogix to save the cached OST file through an office container.
We are running Citrix Virtual Apps and Desktops 7 1912 LTSR with pvs streaming on Hyper-V 2019 with non-persistent Windows 10 1909 VMs. Office has the "shared machine activation" set to 1.
We use a AD user from the LAB with a non related O365 test email address from our company's tenant (might be the source of the problem) with 2FA active .
As a "test" I achieved a working solution with both FSLogix profile container (which we don't want to use in the final design) as well as with VMware DEM going all in on the Import / Export: ([IncludeRegistryTrees] HKCU\Software\ | [IncludeFolderTrees]<AppData>\<LocalAppData>\)
Please note, that I am well aware that this is not the intended way to use VMware DEM , and it was simply to get a confirmed baseline after multiple failures with only a reduces set of settings.
I am strugling now in finding the minimal required settings for VMware DEM to save the user information for the Outlook profile together with the password.
I have tested multiple approaches from which the sum was the following:
#
# Expanded settings for the Microsoft Office 2016/2019/365 Application Templates 'Access', 'Excel', 'OneDrive', 'OneNote', 'Outlook', 'PowerPoint', 'Project', 'Publisher', 'Shared', 'Skype', 'Visio', and 'Word':
#
[IncludeRegistryTrees]
HKCU\Software\Microsoft\Office\16.0\Access
HKCU\Software\Microsoft\Office\16.0\Common
HKCU\Software\Microsoft\Office\16.0\Excel
HKCU\Software\Microsoft\Office\16.0\FirstRun
HKCU\Software\Microsoft\Office\16.0\Groove
HKCU\Software\Microsoft\Office\16.0\Lync
HKCU\Software\Microsoft\Office\16.0\MAPI
HKCU\Software\Microsoft\Office\16.0\Microsoft Office 2016
HKCU\Software\Microsoft\Office\16.0\MS Project
HKCU\Software\Microsoft\Office\16.0\OneNote
HKCU\Software\Microsoft\Office\16.0\Outlook
HKCU\Software\Microsoft\Office\16.0\PowerPoint
HKCU\Software\Microsoft\Office\16.0\Project
HKCU\Software\Microsoft\Office\16.0\Publisher
HKCU\Software\Microsoft\Office\16.0\Registration
HKCU\Software\Microsoft\Office\16.0\SyncCenter
HKCU\Software\Microsoft\Office\16.0\SyncProc
HKCU\Software\Microsoft\Office\16.0\User Settings
HKCU\Software\Microsoft\Office\16.0\Visio
HKCU\Software\Microsoft\Office\16.0\Word
HKCU\Software\Microsoft\Office\16.0\Workspaces
HKCU\Software\Microsoft\Office\Access
HKCU\Software\Microsoft\Office\Common
HKCU\Software\Microsoft\Office\Excel
HKCU\Software\Microsoft\Office\OneNote
HKCU\Software\Microsoft\Office\Outlook
HKCU\Software\Microsoft\Office\PowerPoint
HKCU\Software\Microsoft\Office\Visio
HKCU\Software\Microsoft\Office\Word
HKCU\Software\Microsoft\Shared Tools\Proofing Tools
HKCU\Software\Microsoft\VBA
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
HKCU\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
[ExcludeRegistryTrees]
HKCU\Software\Microsoft\Office\16.0\Common\Identity
[IncludeIndividualRegistryValues]
HKCU\Software\Microsoft\Exchange\Client\Options\PickLogonProfile
[IncludeFolderTrees]
<AppData>\Microsoft\Access
<AppData>\Microsoft\AddIns
<AppData>\Microsoft\Bibliography
<AppData>\Microsoft\Excel
<AppData>\Microsoft\MS Project
<AppData>\Microsoft\Office
<AppData>\Microsoft\Office\16.0\Lync
<AppData>\Microsoft\OneNote
<AppData>\Microsoft\Outlook
<AppData>\Microsoft\Powerpoint
<AppData>\Microsoft\Proof
<AppData>\Microsoft\Publisher
<AppData>\Microsoft\Publisher Building Blocks
<AppData>\Microsoft\Signatures
<AppData>\Microsoft\Spelling
<AppData>\Microsoft\Templates
<AppData>\Microsoft\UProof
<AppData>\Microsoft\Visio
<AppData>\Microsoft\Word
<AppData>\Microsoft\Crypto
<AppData>\Microsoft\Protect
<LocalAppData>\Microsoft\Office\ONetConfig
<LocalAppData>\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
<LocalAppData>\Microsoft\Credentials
<AppData>\Microsoft\Credentials
<LocalAppData>\Microsoft\Office\16.0\Licensing
[IncludeFiles]
<LocalAppData>\Microsoft\Office\Access.officeUI
<LocalAppData>\Microsoft\Office\Excel.officeUI
<LocalAppData>\Microsoft\Office\MSProject.officeUI
<LocalAppData>\Microsoft\Office\olkaddritem.officeUI
<LocalAppData>\Microsoft\Office\olkapptitem.officeUI
<LocalAppData>\Microsoft\Office\olkdlstitem.officeUI
<LocalAppData>\Microsoft\Office\olkexplorer.officeUI
<LocalAppData>\Microsoft\Office\olklogitem.officeUI
<LocalAppData>\Microsoft\Office\olkmailitem.officeUI
<LocalAppData>\Microsoft\Office\olkmailread.officeUI
<LocalAppData>\Microsoft\Office\olkmmsedit.officeUI
<LocalAppData>\Microsoft\Office\olkmmsread.officeUI
<LocalAppData>\Microsoft\Office\olkmreqread.officeUI
<LocalAppData>\Microsoft\Office\olkmreqsend.officeUI
<LocalAppData>\Microsoft\Office\olkpostitem.officeUI
<LocalAppData>\Microsoft\Office\olkpostread.officeUI
<LocalAppData>\Microsoft\Office\olkreportitem.officeUI
<LocalAppData>\Microsoft\Office\olkresenditem.officeUI
<LocalAppData>\Microsoft\Office\olkrespcounter.officeUI
<LocalAppData>\Microsoft\Office\olkresponseread.officeUI
<LocalAppData>\Microsoft\Office\olkresponsesend.officeUI
<LocalAppData>\Microsoft\Office\olkrssitem.officeUI
<LocalAppData>\Microsoft\Office\olkshareitem.officeUI
<LocalAppData>\Microsoft\Office\olkshareread.officeUI
<LocalAppData>\Microsoft\Office\olksmsedit.officeUI
<LocalAppData>\Microsoft\Office\olksmsread.officeUI
<LocalAppData>\Microsoft\Office\olktaskitem.officeUI
<LocalAppData>\Microsoft\Office\OneNote.officeUI
<LocalAppData>\Microsoft\Office\Powerpoint.officeUI
<LocalAppData>\Microsoft\Office\Publisher.officeUI
<LocalAppData>\Microsoft\Office\Visio.officeUI
<LocalAppData>\Microsoft\Office\Word.officeUI
[ExcludeFolderTrees]
<AppData>\Microsoft\Templates\LiveContent
Help is much appreciated
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @B2ITadmin,
I really only know DEM as the product, and hardly anything about managing particular settings, but maybe the following information from Best Practices for Delivering Microsoft Office 365 in VMware Horizon 7 is also useful on Citrix:
Since the Office Container only captures a subset of the user profile, another solution must be used to capture the remaining required data. In addition, the Office Activation data is encrypted via DPAPI and must be decrypted to be used across non-persistent sessions. We can use Dynamic Environment Manager (DEM) to do this. The following locations need to be roamed across non-persistent sessions: <AppData>\Microsoft\Crypto and <AppData>\Microsoft\Protect.
This can be accomplished by either creating a new personalization template and add <AppData>\Microsoft\Crypto and <AppData>\Microsoft\Protect under [IncludeFolderTrees] or by creating a configuration file for the built-in Personal Certificates - AppData NOT redirected. This will save the setting to the profile archive and will be imported on each system with DEM and then the Office Activation data can be decrypted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @DEMdev
Hello community
Thanks for your feedback. I had included those settings already.
I managed to get a step closer through trial and error, not sure if I like the result.
If I also sync the following keys / files, O365 credentials remain:
[IncludeRegistryTrees]
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy
[IncludeFolderTrees]
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
It was also working when I included the common KEY: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion
The test users email address belongs to an unlinked tenant (because this is only a lab environment) and I do have the feeling, that this behaviour might be related to the AD User logged on not being synced to AAD. I guess the in other posts provided information in regards to O365 would suffice when SSO is in place.
The registry key behind HKCU\Software\Classes\Local Settings seems to me, that it is not meant to be synced across different machines, also as I remember, the ID of the Microsoft.AAD.BrokerPlugin changes between OS releases, which would have to be considered between OS rollouts (maybe through conditions).
If anyone has a deeper understanding of the recorded behaviour or what is stored under HKCU\Software\Classes\Local Settings, I'd be interessted to know more.
Thanks