Windows 10 vdi

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
replace.me › blogs › ras › windowsvdi. Recommended settings and configuration to minimize overhead for Windows 10 () desktops used as VDI images.
 
 

 

DaaS | Desktop as a Service | DaaS Provider | Lowest Cost DaaS.Recommended configuration for VDI desktops | Microsoft Docs

 

Many services that may seem like good candidates to disable are set to manual service start type. This means that the service will not automatically start and is not started unless process or event triggers a request to the service being considered for disabling.

Services that are already set to start type manual are usually not listed here. You can enumerate running services with this PowerShell sample code, outputting only the service short name:. The following table contains some services that may be considered to disable in virtual desktop environments:.

To learn more, see this article. This user service is used for Game Recordings and Live Broadcasts. CaptureService CaptureService Enables optional screen capture functionality for applications that call the Windows.

Capture API. OneCore capture service: enables optional screen capture functionality for applications that call the Windows. Capture API For more information, see this article. Optimize drives defragsvc Helps the computer run more efficiently by optimizing files on storage drives.

Virtual desktop solutions do not normally benefit from disk optimization. The “drives” are often not traditional drives and often just a temporary storage allocation.

Diagnostic Execution Service DiagSvc Executes diagnostic actions for troubleshooting support Disabling this service disables the ability to run Windows diagnostics Diagnostic Execution Service. Connected User Experiences and Telemetry DiagTrack This service enables features that support in-application and connected user experiences.

Additionally, this service manages the event driven collection and transmission of diagnostic and usage information used to improve the experience and quality of the Windows Platform when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. Consider disabling if on disconnected network. If this service is stopped, diagnostics will no longer function. Disabling this service disables the ability to run Windows diagnostics.

For more information, see this article. Device Setup Manager DsmSvc Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly. Virtual desktop environments very closely control what software is installed and maintain that consistency across the environment. Data Usage service DusmSvc Network data usage, data limit, restrict background data, metered networks.

Windows Mobile Hotspot Service icssvc Provides the ability to share a cellular data connection with another device. This service is started on demand and if disabled then installations will not function properly. Consider disabling this service on non-persistent virtual desktop, leave as-is for persistent virtual desktop solutions.

Geolocation Service Lfsvc Monitors the current location of the system and manages geofences a geographical location with associated events. If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.

This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. TO learn more, see this article. MessagingService MessagingService Service supporting text messaging and related functionality. This is a “per-user service”, and as such, the template service must be disabled. UWP Mail and other applications dependent on this functionality will not work properly when this service is not running.

If you stop or disable this service, contacts might be missing from your search results. Power Power Manages power policy and power policy notification delivery. Virtual machines have virtually no influence on power properties. If this service is disabled, power management and reporting are not available. May not need this service for payments, in the enterprise environment. May not need this service, if other tools are used for messaging, such as Teams, Skype, or other.

Superfetch generally does not improve performance in virtual desktop environments for various reasons. The underlying storage is often virtualized and possibly striped across multiple drives. In some virtual desktop solutions the accumulated user state is discarded when the user logs off.

The SysMain feature should be evaluated in each environment. If stopped, your devices will not be able to download and install the latest updates. Virtual desktop devices are often carefully managed with respect to updates. Servicing is usually performed during maintenance windows. In some cases, an update client may be utilized, such as SCCM.

The exception would be security signature updates, that would be applied at any time, to any virtual desktop device, so as to maintain up-to-date signatures. If you disable this service, test to ensure that security signatures are still able to be installed.

If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. If this service is stopped, any diagnostics that depend on it will no longer function. Disabling this service disables the ability to run Windows diagnostics Windows Error Reporting WerSvc Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered.

Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly, and results of diagnostic services and repairs might not be displayed. With virtual desktop environments, diagnostics are often performed in an “offline” scenario, and not in mainstream production.

In addition, some customers disable WER anyway. WER incurs a tiny amount of resources for many different things, including failure to install a device, or failure to install an update. Windows Search WSearch Provides content indexing, property caching, and search results for files, e-mail, and other content.

Disabling this service prevents indexing of e-mail and other things. Test before disabling this service. If this service is stopped, some applications may not operate correctly. If this service is stopped, game save data will not upload to or download from Xbox Live. XboxLive application programming interface. These services run in the security context of the user account – this provides better resource management than the previous approach of running these kinds of services in Explorer, associated with a preconfigured account, or as tasks.

For more information, see Per-user services in Windows. If you intend to change a service start value, the preferred method is to open an elevated. For more information, see SC. Like other items in Windows, ensure an item is not needed before disabling a scheduled task.

Some tasks in virtual desktop environments, such as StartComponentCleanup , may not be desirable to run in production, but may be good to run during a maintenance window on the “gold image” reference image. The following list of tasks includes tasks that perform optimizations or data collections on computers that maintain their state across reboots. When a virtual desktop device reboots and discards all changes since last boot, optimizations intended for physical computers are not helpful.

You can get all the current scheduled tasks, including descriptions, with the following PowerShell code:. There are several tasks that can’t be disabled with a script, even when run on an elevated command prompt.

The recommendations here, and in the GitHub scripts do not attempt to disable tasks that cannot be disabled with a script. Whether from Microsoft Update, or from your internal resources, apply available updates including Windows Defender signatures. This is a good time to apply other available updates including Microsoft Office if installed, and other software updates.

If PowerShell will remain in the image you can download the latest available help for PowerShell by running the command Update-Help. At some point during the image optimization process available Windows updates should be applied.

There is a setting in Windows 10 update settings that can provide additional updates. This would be a good setting in case you are going to install Microsoft applications such as Microsoft Office to the base image.

That way Office is up to date when the image is put in service. There are also. NET updates and certain third-party components such as Adobe that have updates available through Windows Update. One very important consideration for non-persistent virtual desktop devices is security updates, including security software definition files. These updates may be released once or more times per day. For Windows Defender it may be best to allow the updates to occur, even on non-persistent virtual desktop environments.

The updates are going to apply nearly every time you sign in, but the updates are small and should not be a problem. The same may be true for third-party definition files.

Modern versions of Office such as Office update through their own mechanisms when directly connected to the Internet, or through management technologies when not.

Windows is configured by default to collect and save diagnostic data. The purpose is to enable diagnostics, or to record data if further troubleshooting is necessary. Automatic system traces can be found at the location depicted in the following illustration:. Others, such as the WiFiSession trace can be stopped. To stop a running trace under Event Trace Sessions , right-click the trace and then select Stop.

Use the following procedure to prevent the traces from starting automatically on startup:. The following table lists some system traces that you should consider disabling in your virtual desktop environments:. For greater details about how to optimize Windows Defender in a virtual desktop environment, check out the Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure VDI environment.

The above article contains procedures to service the “gold” virtual desktop image, and how to maintain the virtual desktop clients as they are running.

To reduce network bandwidth when virtual desktop devices need to update their Windows Defender signatures, stagger reboots, and schedule reboots during off hours where possible. The Windows Defender signature updates can be contained internally on file shares, and where practical, have those files shares on the same or close networking segments as the virtual desktop devices. There are some registry settings that can increase network performance.

This is especially important in environments where the virtual desktop device or physical computer has a workload that is primarily network-based. The settings in this section are recommended to tune performance for the networking workload profile, by setting up additional buffering and caching of things like directory entries and so on.

Some settings in this section are registry-based only and should be incorporated in the base image before the image is deployed for production use. The following settings are documented in the Performance tuning guidelines for Windows Server Applies to Windows The default is 0.

By default, the SMB redirector throttles throughput across high-latency network connections, in some cases to avoid network-related timeouts. Setting this registry value to 1 disables this throttling, enabling higher file transfer throughput over high-latency network connections.

Consider setting this value to 1. The default is 64 , with a valid range of 1 to This value is used to determine the amount of file metadata that can be cached by the client. Increasing the value can reduce network traffic and increase performance when many files are accessed. Try increasing this value to The default is 16 , with a valid range of 1 to This value is used to determine the amount of directory information that can be cached by the client.

Increasing the value can reduce network traffic and increase performance when large directories are accessed. Consider increasing this value to The default is , with a valid range of 1 to This value is used to determine the amount of file name information that can be cached by the client.

Increasing the value can reduce network traffic and increase performance when many file names are accessed. The default is This parameter specifies the maximum number of files that should be left open on a shared resource after the application has closed the file.

Where many thousands of clients are connecting to SMB servers, consider reducing this value to Registry-only settings can be configured by using Windows PowerShell as well, as in the following example:.

Microsoft has released a baseline, created using the same procedures as the Windows Security Baselines , for environments that are either not connected directly to the Internet, or wish to reduce data sent to Microsoft and other services.

The Windows Restricted Traffic Limited Functionality Baseline settings are called out in the group policy table with an asterisk. The optimization scripts on Github. Disk cleanup settings and are in the Settings category “System” called “Storage. You can disable Storage Sense in the Settings menu under Storage. Here are suggestions for various disk cleanup tasks. These should all be tested before implementing:.

Storage Sense may be utilized manually or automatically. For any questions or concerns about the information in this paper, contact your Microsoft account team, research the Microsoft virtual desktop IT Pro blog , post a message to Microsoft Virtual Desktop forums , or contact Microsoft for questions or concerns. If you would like to enable the use of Windows Update after disabling it, as in the case of persistent virtual desktop, follow these steps:.

It can be deferred for this many days to any non-zero value, such as , , and so on. If you need additional help with troubleshooting sysprep, check out Sysprep fails after you remove or update Microsoft Store apps that include built-in Windows images.

Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Table of contents Exit focus mode. Table of contents. Note The settings in this article can be applied to other Windows 10 installations, such as version , physical devices, or other virtual machines.

Note There is a set of scripts available at GitHub. Note Windows 10 performs a set of maintenance tasks, automatically, on a periodic basis. Note If you’re using the scripts from GitHub, you can easily control which apps are removed before running the script. Note There are several tasks that can’t be disabled with a script, even when run on an elevated command prompt. Note Some settings in this section are registry-based only and should be incorporated in the base image before the image is deployed for production use.

Note Disk cleanup settings and are in the Settings category “System” called “Storage. Submit and view feedback for This product This page.

View all page feedback. In this article. User cannot change location This is set to prevent the right-hand side pop-up when a new network is detected. Disabled Settings will not contact Microsoft content services to retrieve tips and help content.

Enabled This setting allows you to force a specific default lock screen and logon image by entering the path location of the image file. The same image will be used for both the lock and logon screens. Enabled With this policy setting enabled, automatic learning stops, and any stored data is deleted. Users cannot configure this setting in Control Panel. Enabled With this policy setting enabled, the computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server.

Enabled With this policy setting enabled, the computer will no longer cache downloaded files and offer them to its peers. Disabled With this selection disabled, BranchCache is turned off for all client computers where the policy is applied. Disabled With this setting disabled, Windows does not connect to an online font provider and only enumerates locally installed fonts. Enabled This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety and will cause all dependent applications to stop working.

Network Connectivity Status Indicator There are other settings in this section that can be used in isolated networks. Enabled This Policy setting enables you to specify passive polling behavior. Disabled This policy setting determines whether the Offline Files feature is enabled.

Enabled With this setting enabled, and set to “Disabled State”, no Teredo interfaces are present on the host. Allow Windows to automatically connect to suggested open hot spots, to networks shared by contacts, and to hot spots offering paid services. Disabled This policy setting determines whether users can enable the following WLAN settings: “Connect to suggested open hotspots,” “Connect to networks shared by my contacts,” and “Enable paid services.

Enabled If you choose the “Force Deny” option, Windows apps are not allowed to access cellular data and users cannot change it. Enabled With this policy setting enabled, applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs. Enabled With this policy setting enabled, an error report is not sent when a generic driver is installed.

Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point. Enabled With this policy setting enabled, Windows does not create a system restore point when one would normally be created. Enabled This policy setting allows you to prevent Windows from retrieving device metadata from the Internet.

Enabled This policy setting allows you to turn off “Found New Hardware” balloons during device installation. Enabled These settings provide control over whether or not short names are generated during file creation. Disabled This policy setting determines whether the Windows device is allowed to participate in cross-device experiences continue experiences.

Enabled This policy setting specifies whether “Events. Enabled Turns off data sharing from the handwriting recognition personalization tool. Enabled This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards. Enabled This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.

Enabled This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.

Enabled The Windows Customer Experience Improvement Program CEIP collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Enabled This policy setting controls whether or not errors are reported to Microsoft. Enabled This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present. Enabled With this setting enabled, the welcome screen is hidden from the user logging on to a Windows device.

The Windows Defender signature updates can be contained internally on file shares, and where practical, have those files shares on the same or close networking segments as the VDI virtual machines. See the paper listed at the beginning of this section for much more information about optimizing Windows Defender with VDI. This is especially important in environments where the VDI or physical computer has a workload that is primarily network based.

The settings in this section bias performance to favor networking, by setting up additional buffering and caching of things like directory entries and so on.

Note that some settings in this section are registry-based only and should be incorporated in the base image before the image is deployed for production use. The following settings are documented in the Windows Server Performance Tuning Guideline information, published on Microsoft.

Applies to Windows The default is 0. By default, the SMB redirector throttles throughput across high-latency network connections, in some cases to avoid network-related timeouts.

Setting this registry value to 1 disables this throttling, enabling higher file transfer throughput over high-latency network connections, so you should consider this setting. The default is 64 , with a valid range of 1 to This value is used to determine the amount of file metadata that can be cached by the client. Increasing the value can reduce network traffic and increase performance when many files are accessed.

Try increasing this value to The default is 16 , with a valid range of 1 to This value is used to determine the amount of directory information that can be cached by the client.

Increasing the value can reduce network traffic and increase performance when large directories are accessed. Consider increasing this value to The default is , with a valid range of 1 to This value is used to determine the amount of file name information that can be cached by the client. Increasing the value can reduce network traffic and increase performance when many file names are accessed.

The default is This parameter specifies the maximum number of files that should be left open on a shared resource after the application has closed the file. Where many thousands of clients are connecting to SMB servers, consider reducing this value to You can configure registry-only settings by using Windows PowerShell as well, as in the following example:.

Microsoft has released a baseline created using the same procedures as the Windows Security Baselines , for environments that are either not connected directly to the Internet, or want to reduce data sent to Microsoft and other services. Disk cleanup can be especially helpful with master image VDI implementations. After the master image is prepared, updated, and configured, one of the last tasks to perform is disk cleanup. The Disk Cleanup wizard built into Windows can help clean up most potential areas of disk space savings.

The Disk Cleanup wizard is no longer being developed. Windows will use other methods to provide disk cleanup functions. Here are suggestions for various disk cleanup tasks. You should test these before implementing any of them:. Run the Disk Cleanup wizard elevated after applying all updates. You can automate this process with Cleanmgr. This option sets registry values that can be used later to automate disk cleanup, using every available option in the Disk Cleanup wizard.

If you set more options, or all options, those options are recorded in the registry, according to the index value provided in the previous command Cleanmgr. In this example, we use the value 11 as our index, for a subsequent automated disk cleanup procedure. After running Cleanmgr. You can select every option, and then select OK. You will notice that the Disk Cleanup wizard just disappears. However, the settings you selected are saved in the registry, and can be invoked by running Cleanmgr. Clean up Volume Shadow Copy storage, if any is in use.

To do this, run the following commands in an elevated prompt:. If the output from these commands is No items found that satisfy the query. You can use following sample PowerShell code to assist in removing OneDrive from the image:.

For any questions or concerns about the information in this paper, contact your Microsoft account team, research the Microsoft VDI blog, post a message to Microsoft forums, or contact Microsoft for questions or concerns. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.

Table of contents Exit focus mode. Table of contents. Note Settings recommended here can be applied to other installation of Windows 10, version , including those on physical or other virtual devices. Note Windows 10 performs a set of maintenance tasks automatically, on a periodic basis. You can view all the categories of maintenance that take place automatically with this PowerShell command: Get-ScheduledTask?

Note In this table of group policy settings, items marked with an asterisk are from the Windows Restricted Traffic Limited Functionality Baseline. Note The Disk Cleanup wizard is no longer being developed.

Submit and view feedback for This product This page. View all page feedback. In this article. Disabled Settings will not contact Microsoft content services to retrieve tips and help content. Enabled This policy setting controls whether the lock screen appears for users.

Enabled This setting lets you specify the default lock screen and logon image shown when no user is signed in, and also sets the specified image as the default for all users–it replaces the default image. A low resolution, non-complex image would cause less data transmitted over the network each time the image is rendered. Enabled If you enable this policy setting, automatic learning stops, and any stored data is deleted.

Users cannot configure this setting in Control Panel. Disabled Windows does not connect to an online font provider and only enumerates locally installed fonts. Network Connectivity Status Indicator Note that there are other settings in this section that can be used in isolated networks. Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services.

Disabled Connect to suggested open hotspots , Connect to networks shared by my contacts , and Enable paid services will be turned off and users on this device will be prevented from enabling them.

Enabled If you enable this policy setting, applications and system features will not be able to receive notifications from the network from WNS or by using notification-polling APIs.

Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point. Prevent Windows from sending an error report when a device driver requests additional software during installation. Disabled Disables web-to-app linking and http s URIs will be opened in the default browser instead of starting the associated app. Disabled The Windows device is not discoverable by other devices, and cannot participate in cross-device experiences.

Enabled If you enable this policy setting, all Windows Update features are removed. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.

Enabled If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities.

NOTE: Only use this policy if you have an alternate means to the latest certificate revocation list. Enabled This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator NCSI to determine whether your computer is connected to the Internet or to a more limited network As part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address.

If you enable this policy setting, NCSI does not run either of the two active tests. Disabled If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers NOTE : Consider this setting very carefully. Windows devices that are joined to a domain should use NT5DS.

Enabled If you enable this policy setting, the advertising ID is turned off. Apps can’t use the ID for experiences across apps. Enabled If you choose the Force Deny option, Windows apps are not allowed to access account information and employees in your organization cannot change it.

Enabled If you choose the Force Deny option, Windows apps are not allowed to access the call history and employees in your organization cannot change it. Enabled If you choose the Force Deny option, Windows apps are not allowed to access contacts and employees in your organization cannot change it.

Enabled If you choose the “Force Allow” option, Windows apps are allowed to access email and employees in your organization cannot change it. Enabled If you choose the Force Deny option, Windows apps are not allowed to access location and employees in your organization cannot change it.

Enabled If you choose the Force Deny option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. Enabled If you choose the Force Deny option, Windows apps are not allowed to access notifications and employees in your organization cannot change it.

Enabled If you choose the Force Deny option, Windows apps are not allowed to access tasks and employees in your organization cannot change it. Enabled If you choose the Force Deny option, Windows apps are not allowed to access the calendar and employees in your organization cannot change it. Enabled If you choose the Force Deny option, Windows apps are not allowed to access the camera and employees in your organization cannot change it.

Enabled If you choose the Force Deny option, Windows apps are not allowed to access the microphone and employees in your organization cannot change it. Enabled If you choose the Force Deny option, Windows apps are not allowed to access trusted devices and employees in your organization cannot change it. In the Home page area, enter the URL for the web site you want users to see as the home page in browsers. This could be a web site for your company or you can set it to a blank home page by entering about:blank.

In the Browsing history area, select the check box for Delete browsing history on exit. In the Choose or customize a power plan area, click the down arrow for Show additional plans , and then select the radio button for High performance. This setting will have very little impact on the VDI host. In Control Panel, click System to open the System control panel. In the right pane, click Advanced system settings.

In the dialog that opens, click the Advanced tab. In the Performance area, click the Settings button, then on Visual Effects tab in the dialog that opens, select the Adjust for best performance radio button. Click OK to save and exit.

To edit Group Policy settings, press the Windows button and type group policy or gpedit. In the dialog that opens, in the Network location area, select the radio button for User cannot change location. Click the OK button to save. Collapse Windows Settings , and then expand Administrative Templates. Click or expand Network , and then adjust each setting as follows by double-clicking it, then selecting the radio button for the indicated value and clicking the OK button:.

Collapse Network , and then expand System. Adjust each setting as follows double-clicking it, then selecting the radio button for the indicated value and clicking the OK button:. Expand Filesystem , double-click NTFS , double-click Short name creation options , select the radio button for Enabled , and then use the Options pull-down menu to select Disable on all volumes.

Collapse Filesystem , and then expand Internet Communication Management. Click Internet Communication settings. Adjust each setting as follows by double-clicking it, then selecting the radio button for Enabled , and then clicking the OK button:.

Click Power Management and then double-click Select an active power plan. Select the radio button for Enabled , and then use the Options pull-down menu to select High Performance. Click Recovery , and then double-click Allow restore of system to default state. Select the radio button for Enabled , and then click the OK button to save. Expand Troubleshooting and Diagnostics. For each of the following settings areas, click it, then double-click Configure Scenario Execution Level , select the radio button for Disabled , and then click the OK button to save:.

Collapse System , and then expand Windows Components. Adjust each setting as follows by double-clicking it, then selecting the radio button for the indicated value and clicking the OK button:.

At the same level as the Internet Explorer settings you just adjusted in the preceding table, note another level of folders ranging from Accelerators to Toolbars.

Open the Delete Browsing History folder, double-click Allow deleting browsing history on exit , select Enable , and then click OK to save and exit. Double-click Internet Settings , double-click Advanced Settings , and then adjust the settings in the subfolders as follows:.

Go back up to the level of Internet Explorer , then double-click Internet Settings. In this folder, set these two settings under AutoComplete to Enabled :. Go back up four levels to Windows Components , double-click Location and Sensors , and then set these three settings to Enabled for each, click OK to save and exit :.

In the left pane, click Maps , set these settings to Enabled ; for each, then click OK to save and exit:. Using the left pane, enter each of the following settings subfolders and adjust the individual settings as follows:.

Using the left pane, click Administrative Templates and then enter each of the following settings subfolders and adjust the individual settings as follows:.

There are a number of Microsoft Store apps that you might want to remove from the VDI image; removing them will decrease CPU usage and conserve disk space. Good candidates for removal include:. To customize the default user profile used for creating VDI images, use the built-in Administrator account.

Then log in to the Administrator account to complete the following steps. Don’t remove system apps such as the Store app. They are difficult to reinstall. Other apps are easily reinstallable from the Store. Skip to main content.

 
 

RDS Windows 10 VDI licensing – Microsoft Q&A.Download a Windows virtual machine – Windows app development | Microsoft Developer

 
 

VDI environments usually use a base operating system image, which then becomes the basis for the desktops subsequently presented to the users for work. The non-persistent type does not preserve changes to the VDI desktop operating system from one session to the next. To the user this desktop is little different than other virtual or physical device, other than it is accessed over a network.

The optimization settings would take place on a reference device. A VM is an ideal place to build the image, because you can save the state, make checkpoints and backups can be made, and other useful tasks. Start by installing default operating system on the base VM, and then optimize the base VM for VDI use by removing unneeded apps, installing Windows updates, installing other updates, deleting temporary files, applying settings, etc.

An in-depth discussion regarding these technologies is outside the scope of this topic, which focuses on the Windows base image settings with reference to other factors in the environment such as host optimization. Other software layers of the VDI solution provide the users easy and seamless access to their assigned VMs, often with a single sign-on solution. Traditional virtual machine, where the VM has its own virtual disk file, starts up normally, saves changes from one session to the next, and is essentially just a normal VM.

The difference is how the user accesses this VM. There might be a web portal the user logs into that automatically directs the user to their one or more assigned VDI VMs. Image-based persistent virtual machine, with personal virtual disks. A VM is created, and one or more virtual disks are created and assigned to this disk for persistent storage.

When the VM is started, a copy of the base image is read into the memory of the VM. At the same time, a persistent virtual disk assigned to that VM, with any previous operating system changes merged through a complex process.

Changes such as event log writes, log writes, etc. In this circumstance, operating system and app servicing might operate normally, using traditional servicing software such as Windows Server Update Services or other management technologies. With image-based non-persistent VDI, the base image is read-only. Activity that occurs during startup and thereafter until the next reboot is redirected to a temporary location.

Usually the users are provided network locations to store their data. In some cases, the user’s profile is merged with the standard VM to provide the user their settings. One important aspect of non-persistent VDI that is based on a single image is servicing. Updates to the operating system are delivered usually once per month. With image-based VDI, there is a set of processes to perform in order to get updates to the image:.

On a given host, all the VMs on that host that are derived from the base image must be shut down or turned off. This means the users are redirected to other VMs. The base image is then opened and started up. All maintenance activities are then performed, such as operating system updates,.

NET updates, app updates, etc. Windows 10 performs a set of maintenance tasks automatically, on a periodic basis.

There is a scheduled task that is set to run at AM local time every day by default. This scheduled task performs a list of tasks, including Windows Update cleanup. You can view all the categories of maintenance that take place automatically with this PowerShell command:. One of the challenges with non-persistent VDI is that when a user logs off, nearly all the operating system activity is discarded. The user’s profile and or state might be saved, but the virtual machine itself discards nearly all changes that were made since the last boot.

Therefore, optimizations intended for a Windows computer that saves state from one session to the next are not applicable. Indexing might be a partial waste of resources, as would be any disk optimizations such as a traditional defragmentation. Windows 10 has a built-in capability called the System Preparation Tool , often abbreviated to “Sysprep”.

The Sysprep tool is used to prepare a customized Windows 10 image for duplication. The Sysprep process assures the resulting operating system is properly unique to run in production. There are reasons for and against running Sysprep. In the case of VDI, you might want the ability to customize the default user profile which would be used as the profile template for subsequent users that log on using this image. You might have apps that you want installed, but also able to control per-app settings.

The alternative is to use a standard. ISO to install from, possibly using an unattended installation answer file, and a task sequence to install applications or remove applications. Tuning Windows 10 network performance by using registry settings. Disk cleanup. One of the goals of a VDI image is to be as small as possible. One way to reduce the size of the image is to remove UWP applications that will not be used in the environment.

With UWP apps, there are the main application files, also known as the payload. There is a small amount of data stored in each user’s profile for application specific settings. There is also a small amount of data in the All Users profile. Connectivity and timing are everything when it comes to UWP app cleanup. If you deploy your base image to either a device with no network connectivity, Windows 10 cannot connect to the Microsoft Store and download apps and try to install them while you are trying to uninstall them.

If you modify your base. WIM before you install, the apps will not be installed to begin with and your profile creation times should be shorter. Later in this section, you’ll find information on how to remove UWP apps from your installation. WIM file. A good strategy for VDI is to provision the apps you want in the base image, then limit or block access to the Microsoft Store afterward.

Store apps are updated periodically in the background on normal computers. The UWP apps can be updated during the maintenance window when other updates are applied. UWP apps that are not needed are still in the file system consuming a small amount of disk space. For apps that will never be needed, the payload of unwanted UWP apps can be removed from the base image using PowerShell commands. In fact, if you remove those from the installation. WIM file using the links provided later in this section, you should be able to start from the beginning with a very slim list of UWP apps.

Run the following command to enumerate provisioned UWP apps from a running Windows 10 operating system, as in this truncated example output from PowerShell:. UWP apps that are provisioned to a system can be removed during operating system installation as part of a task sequence, or later after the operating system is installed. This might be the preferred method because it makes the overall process of creating or maintaining an image modular.

Once you develop the scripts, if something changes in a subsequent build you edit an existing script rather than repeat the process from scratch. Here are some links to information on this topic:. Removing Windows 10 in-box apps during a task sequence. Windows 10 Keeping apps from coming back when deploying the feature update. Each UWP app should be evaluated for applicability in each unique environment. Enable this policy to prevent this experience from launching. When Cortana is off, users will still be able to use search to find things on the device.

NOTE : This setting can be used to limit what types of attachments are previewed, which can also help prevent automatically previewing some potentially dangerous contents types. The default behavior for search is to not index uncached Exchange folders.

Disabling this policy will block any indexing of uncached Exchange folders. Otherwise they are indexed. Disabled by default. Select between 0 and MB. If you enable this setting, the Store application will not offer updates to the latest version of Windows. Additionally, solution information is not available in Security and Maintenance in Control Panel. Windows Installer Control maximum size of baseline file cache 5 Enabled This policy controls the percentage of disk space available to the Windows Installer baseline file cache.

With this policy setting enabled you can modify the maximum size of the Windows Installer baseline file cache. They will not see other types of notifications, such as regular PC or device health information. Enhanced notification messages convey the value and promote the installation and use of optional software.

This policy setting is intended for use in loosely managed environments in which you allow the end user access to the Microsoft Update service. Semi-Annual Channel: Receive feature updates when they are released to the general public. The pause will remain in effect for 35 days from the start time provided. You can defer receiving quality updates for up to 30 days. To prevent quality updates from being received on their scheduled time, you can temporarily pause quality updates.

The pause will remain in effect for 35 days or until you clear the start date field. To resume receiving Quality Updates which are paused, clear the start date field. This does not, however, prevent the user or an application from changing the setting programmatically. With this policy setting enabled, the option will be locked to not offer text predictions.

With this policy enabled, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse. This setting affects all browse displays associated with Active Directory, such as those in Local Users and Groups, Active Directory Users and Computers, and dialog boxes used to set permissions for user or group objects in Active Directory.

Users will see the default lock screen image and will be able to select another image, unless you have enabled the “Prevent changing lock screen image” policy.

Users may still see suggestions and tips to make them more productive with Microsoft features and apps. You should enable this policy setting if your goal is to minimize network traffic from target devices. File Explorer Turn off the caching of thumbnails in hidden thumbs.

If you’re considering disabling system services to conserve resources, make sure the service isn’t a component of some other service. In this paper and with the available GitHub scripts, some services are not in the list because they cannot be disabled in a supported manner. Most of these recommendations mirror recommendations for Windows Server , installed with the Desktop Experience, based on the instructions in Guidance on disabling system services on Windows Server with Desktop Experience.

Many services that may seem like good candidates to disable are set to manual service start type. This means that the service will not automatically start and is not started unless process or event triggers a request to the service being considered for disabling. Services that are already set to start type manual are usually not listed here. You can enumerate running services with this PowerShell sample code, outputting only the service short name:.

The following table contains some services that may be considered to disable in virtual desktop environments:. To learn more, see this article. This user service is used for Game Recordings and Live Broadcasts. CaptureService CaptureService Enables optional screen capture functionality for applications that call the Windows. Capture API. OneCore capture service: enables optional screen capture functionality for applications that call the Windows.

Capture API For more information, see this article. Optimize drives defragsvc Helps the computer run more efficiently by optimizing files on storage drives. Virtual desktop solutions do not normally benefit from disk optimization. The “drives” are often not traditional drives and often just a temporary storage allocation. Diagnostic Execution Service DiagSvc Executes diagnostic actions for troubleshooting support Disabling this service disables the ability to run Windows diagnostics Diagnostic Execution Service.

Connected User Experiences and Telemetry DiagTrack This service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information used to improve the experience and quality of the Windows Platform when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. Consider disabling if on disconnected network.

If this service is stopped, diagnostics will no longer function. Disabling this service disables the ability to run Windows diagnostics. For more information, see this article. Device Setup Manager DsmSvc Enables the detection, download and installation of device-related software.

If this service is disabled, devices may be configured with outdated software, and may not work correctly. Virtual desktop environments very closely control what software is installed and maintain that consistency across the environment. Data Usage service DusmSvc Network data usage, data limit, restrict background data, metered networks. Windows Mobile Hotspot Service icssvc Provides the ability to share a cellular data connection with another device.

This service is started on demand and if disabled then installations will not function properly. Consider disabling this service on non-persistent virtual desktop, leave as-is for persistent virtual desktop solutions. Geolocation Service Lfsvc Monitors the current location of the system and manages geofences a geographical location with associated events.

If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps. TO learn more, see this article. MessagingService MessagingService Service supporting text messaging and related functionality. This is a “per-user service”, and as such, the template service must be disabled. UWP Mail and other applications dependent on this functionality will not work properly when this service is not running.

If you stop or disable this service, contacts might be missing from your search results. Power Power Manages power policy and power policy notification delivery. Virtual machines have virtually no influence on power properties. If this service is disabled, power management and reporting are not available. May not need this service for payments, in the enterprise environment. May not need this service, if other tools are used for messaging, such as Teams, Skype, or other.

Superfetch generally does not improve performance in virtual desktop environments for various reasons. The underlying storage is often virtualized and possibly striped across multiple drives. In some virtual desktop solutions the accumulated user state is discarded when the user logs off.

The SysMain feature should be evaluated in each environment. If stopped, your devices will not be able to download and install the latest updates. Virtual desktop devices are often carefully managed with respect to updates. Servicing is usually performed during maintenance windows. In some cases, an update client may be utilized, such as SCCM. The exception would be security signature updates, that would be applied at any time, to any virtual desktop device, so as to maintain up-to-date signatures.

If you disable this service, test to ensure that security signatures are still able to be installed. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail.

If this service is disabled, any services that explicitly depend on it will fail to start. If this service is stopped, any diagnostics that depend on it will no longer function. Disabling this service disables the ability to run Windows diagnostics Windows Error Reporting WerSvc Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered.

Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly, and results of diagnostic services and repairs might not be displayed.

With virtual desktop environments, diagnostics are often performed in an “offline” scenario, and not in mainstream production. In addition, some customers disable WER anyway. WER incurs a tiny amount of resources for many different things, including failure to install a device, or failure to install an update.

Windows Search WSearch Provides content indexing, property caching, and search results for files, e-mail, and other content. Disabling this service prevents indexing of e-mail and other things. Test before disabling this service.

If this service is stopped, some applications may not operate correctly. If this service is stopped, game save data will not upload to or download from Xbox Live. XboxLive application programming interface. These services run in the security context of the user account – this provides better resource management than the previous approach of running these kinds of services in Explorer, associated with a preconfigured account, or as tasks. For more information, see Per-user services in Windows.

If you intend to change a service start value, the preferred method is to open an elevated. For more information, see SC. Like other items in Windows, ensure an item is not needed before disabling a scheduled task. Some tasks in virtual desktop environments, such as StartComponentCleanup , may not be desirable to run in production, but may be good to run during a maintenance window on the “gold image” reference image. The following list of tasks includes tasks that perform optimizations or data collections on computers that maintain their state across reboots.

When a virtual desktop device reboots and discards all changes since last boot, optimizations intended for physical computers are not helpful. You can get all the current scheduled tasks, including descriptions, with the following PowerShell code:.

There are several tasks that can’t be disabled with a script, even when run on an elevated command prompt. The recommendations here, and in the GitHub scripts do not attempt to disable tasks that cannot be disabled with a script. Whether from Microsoft Update, or from your internal resources, apply available updates including Windows Defender signatures.

This is a good time to apply other available updates including Microsoft Office if installed, and other software updates. If PowerShell will remain in the image you can download the latest available help for PowerShell by running the command Update-Help. At some point during the image optimization process available Windows updates should be applied.

There is a setting in Windows 10 update settings that can provide additional updates. This would be a good setting in case you are going to install Microsoft applications such as Microsoft Office to the base image. That way Office is up to date when the image is put in service. There are also. NET updates and certain third-party components such as Adobe that have updates available through Windows Update.

One very important consideration for non-persistent virtual desktop devices is security updates, including security software definition files. These updates may be released once or more times per day. For Windows Defender it may be best to allow the updates to occur, even on non-persistent virtual desktop environments.

The updates are going to apply nearly every time you sign in, but the updates are small and should not be a problem. The same may be true for third-party definition files. Modern versions of Office such as Office update through their own mechanisms when directly connected to the Internet, or through management technologies when not. Windows is configured by default to collect and save diagnostic data. The purpose is to enable diagnostics, or to record data if further troubleshooting is necessary.

Automatic system traces can be found at the location depicted in the following illustration:. Others, such as the WiFiSession trace can be stopped. To stop a running trace under Event Trace Sessions , right-click the trace and then select Stop.

Use the following procedure to prevent the traces from starting automatically on startup:. The following table lists some system traces that you should consider disabling in your virtual desktop environments:. For greater details about how to optimize Windows Defender in a virtual desktop environment, check out the Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure VDI environment.

The above article contains procedures to service the “gold” virtual desktop image, and how to maintain the virtual desktop clients as they are running. To reduce network bandwidth when virtual desktop devices need to update their Windows Defender signatures, stagger reboots, and schedule reboots during off hours where possible.

The Windows Defender signature updates can be contained internally on file shares, and where practical, have those files shares on the same or close networking segments as the virtual desktop devices. There are some registry settings that can increase network performance. This is especially important in environments where the virtual desktop device or physical computer has a workload that is primarily network-based. The settings in this section are recommended to tune performance for the networking workload profile, by setting up additional buffering and caching of things like directory entries and so on.

Some settings in this section are registry-based only and should be incorporated in the base image before the image is deployed for production use. The following settings are documented in the Performance tuning guidelines for Windows Server Applies to Windows The default is 0. If you are interested in increasing your security settings, start with the project known as AaronLocker. For more information, see “AaronLocker” overview.

One of the goals of a VDI image is to be as light as possible. One way to reduce the size of the image is to remove UWP applications that won’t be used in the environment. With UWP apps, there are the main application files, also known as the payload. There is a small amount of data stored in each user’s profile for application specific settings. There is also a small amount of data in the ‘All Users’ profile. Connectivity and timing are important factors when it comes to UWP app cleanup.

If you deploy your base image to a device with no network connectivity, Windows 10 can’t connect to the Microsoft Store and download apps and try to install them while you are trying to uninstall them. This might be a good strategy to allow you time to customize your image, and then update what remains at a later stage of the image creation process.

If you modify your base. WIM before you install, the apps won’t be installed to begin with and your profile creation times will be shorter. Later in this section there is information on how to remove UWP apps from your installation. WIM file. A good strategy for VDI is to provision the apps you want in the base image, then limit or block access to the Microsoft Store afterward.

Store apps are updated periodically in the background on normal computers. The UWP apps can be updated during the maintenance window when other updates are applied. For more information see Universal Windows Platform Apps. UWP apps that are not needed are still in the file system consuming a small amount of disk space. For apps that will never be needed, the payload of unwanted UWP apps can be removed from the base image using PowerShell commands. In fact, if you remove those from the installation.

WIM file using the links provided later in this section, you should be able to start from the beginning with a very slim list of UWP apps. Run the following command to enumerate provisioned UWP apps from a running operating system, as in this truncated example output from PowerShell:.

UWP apps that are provisioned to a system can be removed during operating system installation as part of a task sequence, or later after the operating system is installed.

This might be the preferred method because it makes the overall process of creating or maintaining an image modular. Once you develop the scripts, if something changes in a subsequent build, you edit an existing script rather than repeat the process from scratch. Here are some links to information on this topic:. Removing Windows 10 in-box apps during a task sequence. Windows 10 Keeping apps from coming back when deploying the feature update.

Each UWP app should be evaluated for applicability in each unique environment. You’ll want to install a default installation of Windows 10 , then note which apps are running and consuming memory. For example, you might want to consider removing apps that start automatically, or apps that automatically display information on the Start Menu, such as Weather and News that might not be of use in your environment.

If utilizing the scripts from GitHub, you can easily control which apps are removed before running the script. After downloading the script files, locate the file ‘AppxPackages.

See the section Customization for details. For more information, see the Windows Server powershell forum. To enumerate currently installed Windows Features, run the following PowerShell command:.

Next, you might want to remove the Windows Media Player package. There are two Windows Media Player packages in Windows 10 You can use the built-in Dism.

A Dism. The Windows technology involved is called Features on Demand. Any settings made to this file will be applied to any subsequent user profiles created from a device running this image. You can control which settings to apply to the default user profile, by editing the file ‘DefaultUserSettings.

One setting that you might want to consider carefully, new to this iteration of settings recommendations, is a setting called TaskbarSmallIcons. You might want to check with your user base before implementing this setting. TaskbarSmallIcons makes the Windows Task Bar smaller and consumes less screen space, makes the icons more compact, minimizes the Search interface, and is depicted before and after in the following illustrations:.

Also, to reduce the transmitting of images over the VDI infrastructure, you can set the default background to a solid color instead of the default Windows 10 image. You can also set the logon screen to be a solid color, as well as turn off the opaque blurring effect on logon. The following settings are applied to the default user profile registry hive, mainly in order to reduce animations. If some or all of these settings are not desired, delete the settings not to be applied to the new user profiles based on this image.

The goal with these settings is to enable the following equivalent settings:. For Windows 10, version , the following are the optimization settings applied to the default user profile registry hive to optimize performance:. In the local policy settings, you might want to disable images for backgrounds in VDI. If you do want images, you might want to create custom background images at a reduced color depth to limit network bandwidth used for transmitting image information.

If you decide to specify no background image in local policy, you might want to set the background color before setting local policy, because once the policy is set, the user has no way to change the background color. It might be better to specify ” null ” as the background image. There is another policy setting in the next section on not using background over Remote Desktop Protocol sessions. If the equivalent settings are not specified in any other way, such as group policy, the settings would still apply.

The following settings were chosen to not counter or conflict with any setting that has anything to do with security. These settings were chosen to remove settings or disable functionality that might not be applicable to VDI environments. We recommend using a low resolution, non-complex image so less data is transmitted over the network each time the image is rendered. If you enable this policy setting, automatic learning stops, and any stored data is deleted.

Users can’t configure this setting in Control Panel. Windows doesn’t connect to an online font provider and only enumerates locally-installed fonts. Disable passive polling check box Enabled. Use this setting if you’re on an isolated network or using a static IP address. Offline files Allow or disallow use of Offline Files. In the disabled state, no Teredo interfaces are present on the host.

The Connect to suggested open hotspots , Connect to networks shared by my contacts , and Enable paid services are turned off, but users on this device can enable them. If you enable this setting, apps and system features won’t be able to receive notifications from the network from WNS or by using notification-polling APIs. Enabled Device installation Prevent device metadata retrieval from the Internet Enabled Device installation Prevent Windows from sending an error report when a device driver requests additional software during installation Enabled Device installation Turn off Found New Hardware balloons during device installation.

Turns off web-to-app linking and http s URIs are opened in the default browser instead of starting the associated app. The Windows device is not discoverable by other devices, and can’t participage in cross-device experiences.

If you enable this policy setting, all Windows Update features are removed. Windows automatic updating is also disabled; you’ll neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.

If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer won’t contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities. NOTE: Only use this policy if you have an alternate means to the latest certificate revocation list. This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator NCSI to determine whether your computer is connected to the Internet or to a more limited network As part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address.

If you enable this policy setting, NCSI does not run either of the two active tests. With this setting enabled, the background image shows without blur. If you disable or do not configure this policy setting, the local computer clock doesn’t synchronize time with NTP servers. NOTE: Consider this setting very carefully.

Windows devices that are joined to a domain should use NT5DS. Virtual machines sometimes use “enhancements” or “integration services”. If you enable this policy setting, the advertising ID is turned off. Apps can’t use the ID for experiences across apps. If you choose the Force Deny option, Windows apps are not allowed to access account information and employees in your organization cannot change it.

If you choose the Force Deny option, Windows apps are not allowed to access the call history and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access contacts and employees in your organization cannot change it. If you choose the Force Allow option, Windows apps are allowed to access email and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access location and employees in your organization cannot change it.

If you choose the Force Deny option, Windows apps are not allowed to access messaging and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access notifications and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access tasks and employees in your organization cannot change it.

If you choose the Force Deny option, Windows apps are not allowed to access the calendar and employees in your organization can’t change it. If you choose the Force Deny option, Windows apps are not allowed to access the camera and employees in your organization can’t change it.

Collapse Windows Settings , and then expand Administrative Templates. Click or expand Network , and then adjust each setting as follows by double-clicking it, then selecting the radio button for the indicated value and clicking the OK button:.

Collapse Network , and then expand System. Adjust each setting as follows double-clicking it, then selecting the radio button for the indicated value and clicking the OK button:. Expand Filesystem , double-click NTFS , double-click Short name creation options , select the radio button for Enabled , and then use the Options pull-down menu to select Disable on all volumes. Collapse Filesystem , and then expand Internet Communication Management.

Click Internet Communication settings. Adjust each setting as follows by double-clicking it, then selecting the radio button for Enabled , and then clicking the OK button:. Click Power Management and then double-click Select an active power plan. Select the radio button for Enabled , and then use the Options pull-down menu to select High Performance.

Click Recovery , and then double-click Allow restore of system to default state. Select the radio button for Enabled , and then click the OK button to save. Expand Troubleshooting and Diagnostics. For each of the following settings areas, click it, then double-click Configure Scenario Execution Level , select the radio button for Disabled , and then click the OK button to save:.

Collapse System , and then expand Windows Components. Adjust each setting as follows by double-clicking it, then selecting the radio button for the indicated value and clicking the OK button:. At the same level as the Internet Explorer settings you just adjusted in the preceding table, note another level of folders ranging from Accelerators to Toolbars.

Open the Delete Browsing History folder, double-click Allow deleting browsing history on exit , select Enable , and then click OK to save and exit. Double-click Internet Settings , double-click Advanced Settings , and then adjust the settings in the subfolders as follows:.

Go back up to the level of Internet Explorer , then double-click Internet Settings. In this folder, set these two settings under AutoComplete to Enabled :. Go back up four levels to Windows Components , double-click Location and Sensors , and then set these three settings to Enabled for each, click OK to save and exit :.

In the left pane, click Maps , set these settings to Enabled ; for each, then click OK to save and exit:. Using the left pane, enter each of the following settings subfolders and adjust the individual settings as follows:. Using the left pane, click Administrative Templates and then enter each of the following settings subfolders and adjust the individual settings as follows:. There are a number of Microsoft Store apps that you might want to remove from the VDI image; removing them will decrease CPU usage and conserve disk space.

Good candidates for removal include:. To customize the default user profile used for creating VDI images, use the built-in Administrator account. Then log in to the Administrator account to complete the following steps. Don’t remove system apps such as the Store app. They are difficult to reinstall. Other apps are easily reinstallable from the Store. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.