Hi MSDS

We also have a Win10 floating VDI environment (Horizon 7) and use UEM for usersettings sync. We have Symantec Endpoint Protection 12.1.7061 natively installed in the master image. But for that, we had to do several optimizations:

- Disabled Windows Defender in master image

- After SEP12 installation, automated SEP Patterns update

- Virtual Image Exception: About the Symantec Virtual Image Exception tool

- Prepare master image with ClientSideClonePrepTool.exe for cloning: How to prepare a Endpoint Protection client for cloning

- Individual patterns for more than 100 days (about 50GB storage on the symantec endpoint protection server)

General optimization for master images

- VMware OS Optimization Tool: VMware OS Optimization Tool

As example:

:: ***********************************************************
:: VMware OS Optimization Tool (OSOT)
:: ***********************************************************
SET SourceDir=%~dp0
:: create folder
If not exist "%ALLUSERSPROFILE%\VMware\OSOT\VMware Templates"  md "%ALLUSERSPROFILE%\VMware\OSOT\VMware Templates"
md "%temp%\OSOT"
:: Generate report before optimize
start "before" /WAIT "%SourceDir%VMwareOSOptimizationTool_b1084.exe" -t %SourceDir%Windows10_1.4.xml -r %temp%\OSOT\
:: Optimize mandatory settings
start "mandatory" /WAIT "%SourceDir%VMwareOSOptimizationTool_b1084.exe" -o mandatory -t %SourceDir%Windows10_1.4.xml -v
:: Optimize recommended settings
start "recommended" /WAIT "%SourceDir%VMwareOSOptimizationTool_b1084.exe" -o recommended -t %SourceDir%Windows10_1.4.xml -v
:: Generate report after optimize
start "before" /WAIT "%SourceDir%VMwareOSOptimizationTool_b1084.exe" -t %SourceDir%Windows10_1.4.xml -r %temp%\OSOT\

- Remove AppX

powershell.exe Set-ExecutionPolicy bypass
xcopy /Y "%SourceDir%Remove_AppxProvisionedPackage.ps1" C:\Temp\
powershell.exe -file "C:\Temp\Remove_AppxProvisionedPackage.ps1" -ExecutionPolicy bypass
del /F /Q "C:\Temp\Remove_AppxProvisionedPackage.ps1"

Remove_AppxProvisionedPackage.ps1

Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.3DBuilder*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.BingWeather*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.Getstarted*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.Messaging*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.MicrosoftOfficeHub*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.MicrosoftSolitaireCollection*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.Office.OneNote*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.OneConnect*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.People*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.SkypeApp*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.StorePurchaseApp*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.WindowsAlarms*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.WindowsCamera*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*microsoft.windowscommunicationsapps*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.WindowsFeedbackHub*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.WindowsMaps*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.WindowsSoundRecorder*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.WindowsStore*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.XboxApp*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.XboxIdentityProvider*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.ZuneMusic*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.ZuneVideo*"} | Remove-AppxProvisionedPackage -Online
Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "*Microsoft.Windows.Photos*"} | Remove-AppxProvisionedPackage -Online

- Optimize .net

:: ***********************************************************
:: Optimize .net
:: ***********************************************************
start "opti" /WAIT "%windir%\Microsoft.NET\Framework\v2.0.50727\ngen.exe" executeQueuedItems
start "opti" /WAIT "%windir%\Microsoft.NET\Framework64\v2.0.50727\ngen.exe" executeQueuedItems
start "opti" /WAIT "%windir%\Microsoft.NET\Framework\v4.0.30319\ngen.exe" executeQueuedItems
start "opti" /WAIT "%windir%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" executeQueuedItems

- winsat

:: ***********************************************************
:: winsat
:: ***********************************************************
start "optiwinsat" /WAIT cmd.exe /c winsat formal

- clean up

:: ***********************************************************
:: Delete any existing shadow copies
:: ***********************************************************
vssadmin delete shadows /All /Quiet
:: ***********************************************************
:: delete files in c:\Windows\SoftwareDistribution\Download\
:: ***********************************************************
del %windir%\SoftwareDistribution\Download\*.* /f /s /q
:: ***********************************************************
:: delete hidden install files
:: ***********************************************************
del %windir%\$NT* /f /s /q /a:h
:: ***********************************************************
:: delete prefetch files
:: ***********************************************************
del %windir%\Prefetch\*.* /f /s /q
:: ***********************************************************
:: Defragment the VM disk
:: ***********************************************************
sc config defragsvc start= auto
net start defragsvc
defrag c: /U /V
net stop defragsvc
sc config defragsvc start= disabled

UEM

- Do not set the default Windows Settings "Active Setup". Because this prevents to run all Active Setups at logon. For a roaming profile, that will work but not for UEM only. The user in a floating pool has every logon a "first logon". UEM sync the Active Setup user registry. In Win10, the user will not have any user shell folders. Dont do that 🙂

Mandatory profiles

VMware recomends UEM with mandatory profiles: Creating a mandatory profile for use with VMware User Environment Manager (2127778) | VMware KB

But dont create a mandatory profile the way VMware describe it! Take a look to the Microsoft KB: Create mandatory user profiles (Windows 10)

Then we have a logon time from about 30-40 seconds.

Good luck,

Tschuegy