VMware Horizon 7.3.2 – Master Virtual Desktop

Last Modified: Dec 15, 2017 @ 7:53 pm


Use this post to build a virtual desktop that will be used as the parent image or source image for additional virtual desktops. There’s a separate article for RDS Session Host.

This post applies to all VMware Horizon versions 7.0 and newer

💡 = Recently Updated



  1. The virtual desktop pools will use the same hardware specs (e.g. vCPUs, memory size, network label) specified on the master virtual desktop. Adjust accordingly.
  2. Set Memory as desired.
  3. For New Hard disk, consider setting Thin provision.
  4. Make sure the virtual desktop is using a SCSI controller.
  5. The master virtual desktop should be configured with a VMXNET 3 network adapter.
  6. When building the master virtual desktop, you will probably boot from an ISO.
  7. Before using View Administrator to create a pool, ensure the CD/DVD drive points to Client Device and is not Connected. The important part is to make sure ISO file is not configured.
  8. There’s no need for the Floppy drive so remove it.
  9. If you have any Serial ports, remove them.
  10. In Device Manager, after installing VMware Tools, make sure the video driver is VMware SVGA 3D.
  11. If not, you can use the driver at C:\Program Files\Common Files\VMware\Drivers\video_wddm.



  • Windows 10 Channels/Versions
  • Partition Alignment. For Windows XP, make sure the partition is aligned. You’ll need to create and partition the disk in advance on another virtual machine and set the partition offset. create partition primary align=1024. Windows 7 doesn’t have this problem.
  • VMware Tools. Install the latest version of VMware Tools and Guest Introspection (formerly known as vShield Endpoint) Driver prior to installing the Horizon 7 Agent.
  • Teradici Audio Driver – https://techsupport.teradici.com/link/portal/15134/15164/Article/1434/Teradici-Virtual-Audio-Driver-1-2-0-Release-Details-15134-1434
  • For the AppVolumes Agent and Imprivata OneSign agent (if applicable), don’t install them until Horizon 7 Agent is installed.

Windows 7 VMXNET 3 Networking Hotfix

For Windows 7 machines:

  1. Ensure the vSphere network port group allows a sufficient number of connected virtual machines.
  2. Make sure Windows 7 Service Pack 1 is installed.
  3. The recommended hotfix for fixing VMXNET 3 is the 3125574 Convenience Rollup.

    1. Run windows6.1-kb3125574-v4-x64.msi.
  4. Or, the minimum hotfix is 2550978 http://support.microsoft.com/kb/2550978.

    1. Run Windows6-1-KB2550978.msu.
  5. Click Yes when asked to install the hotfix.
  6. Click Restart Now.
  7. After installing either hotfix, follow http://support.microsoft.com/kb/315539 to delete ghost NICs.

From Microsoft KB article http://support.microsoft.com/kb/235257: For desktop VMs using VMXnet3 NICs, you can significantly improve the peak video playback performance of your View desktop by simply setting the following registry setting to the value recommended by Microsoft:

  • HKLM\System\CurrentControlSet\Services\Afd\Parameters\FastSendDatagramThreshold to 1500

Windows 7 Black Screen Hotfix

For Windows 7 machines, request and install Microsoft hotfix 2578159: The logon process stops responding in Windows. More info at VMware 2073945 Reconnecting to the VDI desktop with PCoIP displays a black screen.

Windows 7 SHA2 Hotfix

For Windows 7 machines, install Microsoft Security Advisory 3033929, Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2.

Windows 7 Hotfix for AppVolumes

For Windows 7 machines, install the Microsoft hotfix for mountmgr.sys.  More info at VMware 2126775 Logging in to a virtual machine fails or is slow at the Welcome Screen when using VMware AppVolumes,

Power Options

  1. Run Power Options. In Windows 8 and newer, right-click the Start Menu to access Power Options.
  2. Click the arrow to show more plans, and select High performance.
  3. Next to High performance, click Change plan settings.
  4. Change the selection for Turn off the display to Never, and click Save changes.

System Settings

  1. Domain Join. For linked clones, join the machine to the domain.
  2. In System control panel applet (right-click the Start Menu > System), click Remote settings.
  3. Enable Remote Desktop.
  4. Activate Windows with a KMS license if not already activated. Note: only KMS is supported with View Composer.

Windows Profiles v3/v4 Hotfix

Roaming user profiles are tied to the operating system version so profiles on Windows 8.1-based, Windows 10-based, or Windows Server 2012 R2-based computers are incompatible with roaming user profiles in earlier versions of Windows.

Profiles are compatible only between the following client and server operating system pairs:

  • v6 = Windows 10 1607, Windows 10 1703, and Windows Server 2016
  • v5 = Windows 10 1511 and older
  • v4 = Windows 8.1 and Windows Server 2012 R2
  • v3 = Windows 8 and Windows Server 2012
  • v2 = Windows 7 and Windows Server 2008 R2

If Windows 8, install hotfix http://support.microsoft.com/kb/2887239.

If Windows 8.1, ensure update rollup 2887595 is installed. http://support.microsoft.com/kb/2890783

After you apply this update, you must create a registry key before you restart the computer.

  1. Run regedit.
  2. Locate and then tap or click the following registry subkey:
  3. On the Edit menu, point to New, and then tap or click DWORD Value.
  4. Type UseProfilePathExtensionVersion.
  5. Press and hold or right-click UseProfilePathExtensionVersion, and then tap or click Modify.
  6. In the Value data box, type 1, and then tap or click OK.
  7. Exit Registry Editor.

After you configure the UseProfilePathExtensionVersion registry entry, you have to restart the computer. Then, Windows 8.1 creates a user profile and appends the suffix “.v4” to the profile folder name to differentiate it from version 2 of the profile in Windows 7 and version 3 of the profile in Windows 8. Then, Windows 8.1-based computers that have update rollup 2887595 installed and the UseProfilePathExtensionVersion registry entry configured use version 4 of the profile.

Windows 8 creates a new copy of the user profile and appends the suffix “.v3” in the profile folder name to differentiate it from the original version 2 profile for Windows 7. After that, Windows 8-based computers that have this hotfix installed and the UseProfilePathExtensionVersion registry entry configured use the version 3 profile for users.

Install Applications

Install applications locally if you want them to be available on all virtual desktops created based on this master virtual desktop.

Or you can use a Layering product (e.g. VMware App Volumes, Unidesk) or App Streaming (e.g. ThinApp, Microsoft App-V).


VMware Tech Paper Antivirus Considerations for VMware Horizon 7 contains exclusions for Horizon View, App Volumes, User Environment Manager, ThinApp, etc.

Microsoft’s virus scanning recommendations (e.g. exclude group policy files) – http://support.microsoft.com/kb/822158.


Best Practice for running Sophos on virtual systems

Sophos Anti-Virus for Windows 2000+: incorporating current versions in a disk image, including for use with cloned virtual machines


Virtualization best practices for Endpoint Protection 12.1.2 and later

Virtualization best practices for Endpoint Protection 12.1.1 (RU1) and earlier

Symantec Endpoint Protection 12.1 – Non-persistent Virtualization Best Practices

How to prepare a Symantec Endpoint Protection 12.1 client for cloning

Non-persistent desktops:

After you have installed the Symantec Endpoint Protection client and disabled Tamper Protection, open the registry editor on the base image.

  1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\.
  2. Create a new key named Virtualization.
  3. Under Virtualization, create a key of type DWORD named IsNPVDIClient and set it to a value of 1.

To configure the purge interval for offline non-persistent VDI clients:

  1. In the Symantec Endpoint Protection Manager console, on the Admin page, click Domains.
  2. In the Domains tree, click the desired domain.
  3. Under Tasks, click Edit Domain Properties.
  4. On the Edit Domain Properties > General tab, check the Delete non-persistent VDI clients that have not connected for specified time checkbox and change the days value to the desired number. The Delete clients that have not connected for specified time option must be checked to access the option for offline non-persistent VDI clients.
  5. Click OK.

Make the following changes to the Communications Settings policy:

  1. Configure clients to download policies and content in Pull mode
  2. Disable the option to Learn applications that run on the client computers
  3. Set the Heartbeat Interval to no less than one hour
  4. Enable Download Randomization, set the Randomization window for 4 hours

Make the following changes to the Virus and Spyware Protection policy:

  1. Disable all scheduled scans
  2. Disable the option to “Allow startup scans to run when users log on” (This is disabled by default)
  3. Disable the option to “Run an ActiveScan when new definitions Arrive”

Avoid using features like application learning which send information to the SEPM and rely on client state to optimize traffic flow

Linked clones:

To configure Symantec Endpoint Protection to use Virtual Image Exception to bypass the scanning of base image files

  1. On the console, open the appropriate Virus and Spyware Protection policy.
  2. Under Advanced Options, click Miscellaneous.
  3. On the Virtual Images tab, check the options that you want to enable.
  4. Click OK

Trend Micro

Trend Micro Virtual Desktop Support

VDI Pre-Scan Template Generation Tool

Best practice for setting up Virtual Desktop Infrastructure (VDI) in OfficeScan

Frequently Asked Questions (FAQs) about Virtual Desktop Infrastructure/Support In OfficeScan

Horizon Agent

Horizon Agent 7.3.2 Installation

Install Horizon Agent on the master virtual desktop:

  1. Only install Horizon Agent after VMware Tools. If you need to update VMware Tools, uninstall Horizon Agent first, upgrade VMware Tools, and then reinstall Horizon Agent.
  2. Check the video driver to make it is VMware SVGA 3D.
  3. Go to the downloaded Horizon 7.3.2 Agent and run VMware-viewagent-x86_64-7.3.2.exe.
  4. If you want the URL Content Redirection feature, then you must run the Agent installer with the the following switches: /v URL_FILTERING_ENABLED=1
  5. In the Welcome to the Installation Wizard for VMware Horizon Agent page, click Next.
  6. In the License Agreement page, select I accept the terms, and click Next.
  7. In the Network protocol configuration page, select IPv4, and click Next.
  8. In the Custom Setup page, there are several features not enabled. Feel free to enable them.
    1. Horizon 7.2 and newer have VMware Virtualization Pack for Skype for Business. See Configure Skype for Business at VMware Docs for details.
    2. You can install Instant Clone Agent, or View Composer Agent, but not both.

    3. According to Instant-Clone Desktop Pools at VMware Docs, Persona is not supported with Instant Clones.

    4. If you want Scanner Redirection, then enable that feature. Do the same for USB Redirection. Note: Scanner Redirection will impact host density.
    5. Horizon 7.3 adds HTML5 Multimedia Redirection. This feature only works in Google Chrome, by force installing a Chrome plug-in. And it requires a whitelist specified in a group policy. See Configuring HTML5 Multimedia Redirection at VMware Docs.

  9. Click Next when done making selections.
  10. In the Ready to Install the Program page, click Install.
  11. In the Installer Completed page, click Finish.
  12. Click Yes when asked to restart.
  13. For Horizon Persona (not with Instant Clones), enable the Microsoft Software Shadow Copy Provider service. See Windows 10 with Persona management not syncing at VMware Communities.
  14. To verify installation of the URL Content Redirection feature, check for the presence of C:\Program Files\VMware\VMware View\Agent\bin\UrlRedirection.
  15. There’s also a new IE add-on.
  16. URL Content Redirection is configured using group policy.

User Environment Manager Engine

If you are licensed for User Environment Manager (Horizon Enterprise Edition), install the User Environment Manager Engine. Note: UEM 9.1 and newer can also work without Active Directory (Group Policy); see VMware 2148324 Configuring advanced UEM settings in NoAD mode for details.

  1. Make sure Prevent access to registry editing tools is not enabled in any GPO. This setting prevents the FlexEngine from operating properly.
  2. In Windows 8 and newer, open Programs and Features (right-click the Start Menu), and click Turn Windows features on or off.
  3. Select .NET Framework 3.5, and click OK.
  4. Click Download files from Windows Update.
  5. Go to the extracted User Environment Manager 9.2.1 folder, and run VMware User Environment Manager 9.2.1 x64.msi.  💡
  6. In the Welcome to the VMware User Environment Manager Setup Wizard page, click Next.
  7. In the End-User License Agreement page, check the box next to I accept the terms, and click Next.
  8. In the Destination Folder page, click Next.
  9. The Choose Setup Type page appears. By default, the installer only installs the engine. You can click Custom or Complete to also install the console.

  10. In the Choose License File page, if installing on a View Agent, then no license file is needed.
  11. Otherwise, Browse to the license file. Then click Next.
  12. In the Ready to install VMware User Environment Manager page, click Install.
  13. In the Completed the VMware User Environment Manager Setup Wizard page, click Finish.

Unity Touch

With the Unity Touch feature, tablet and smart phone users can quickly navigate to a Horizon View desktop application or file from a Unity Touch sidebar. Although end users can specify which favorite applications appear in the sidebar, for added convenience, administrators can configure a default list of favorite applications.

In the Unity Touch sidebar, the favorite applications and favorite files that users specify are stored in the user’s profile. For non-persistent pools, enable Roaming Profiles.

To set the default list of favorite applications:

  1. Navigate to HKLM\Software\Wow6432Node\VMware, Inc.\VMware Unity
  2. Create a string value called FavAppList.
  3. Specify the default favorite applications using format: path-to-app-1|path-to-app-2|path-to-app-3|…. For example:
Programs/Accessories/Accessibility/Speech Recognition.lnk|Programs/VMware/VMware vSphere Client.lnk|Programs/Microsoft Office/Microsoft Office 2010 Tools/Microsoft Office 2010 Language Preferences.lnk

Unity Touch can be disabled by setting HKEY_LOCAL_MACHINE\Software\VMware,Inc.\VMware Unity\enabled to 0.

For more information, see Configure Favorite Applications Displayed by Unity Touch at VMware Docs.

Direct-Connection Plugin

If you wish to allow direct connections to the Horizon Agent, install the Direct-Connection Plugin. This is not a typical configuration since it allows users to bypass the Horizon Connection Servers, but is useful if you need to restrict a Horizon Agent to only one Horizon Client.

  1. Run the downloaded Direct-Connection Plugin 7.3.2 (VMware-viewagent-direct-connection–x86_64-7.3.2-xxx.exe).
  2. In the Welcome to the Installation Wizard for View Agent Direct-Connection Plugin page, click Next.
  3. In the End-User License Agreement page, select I accept the terms, and click Next.
  4. In the Configuration Information page, click Next.
  5. In the Ready to install View Agent Direct-Connection Plugin page, click Install.
  6. In the Completed the View Agent Direct-Connection Plugin Setup Wizard page, click Finish.
  7. When running the Horizon Client, enter the FQDN or IP address of the Horizon Agent (virtual desktop).

Composer – Rearm

By default, when View Composer creates linked clones and runs QuikPrep, one of the tasks is to rearm licensing. You can prevent rearm by setting the following registry key:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vmware-viewcomposer-ga
    • SkipLicenseActivation  (DWORD) = 0x1

Dynamic PCoIP Policies

If you wish to change PCoIP Policies (e.g. clipboard redirection, client printers, etc.) based on how the user connects, see VMware Blog Post VMware Horizon View Secret Weapon. The article describes configuring VMware Horizon View Script Host service to run a script to change PCoIP configuration based on the Connection Server that the user connected through. Full script is included in the article.

VMware OS Optimization Tool

  1. See VMware Windows Operating System Optimization Tool Guide Technical Paper for details on this tool.
  2. Download the VMware OS Optimization Tool VMware fling.
  3. Run the extracted VMwareOSOptimizationTool.exe.
  4. On the Public Templates tab, update or download templates.
  5. On the Analyze tab, choose a template, and click Analyze.
  6. On the Analyze tab, review the optimizations, and make changes as desired. Then on the bottom left, click Optimize.
  7. Click the FAILED links for more information.
  8. The History tab lets you rollback the optimizations.
  9. The My Templates tab lets you edit the optimizations. You can create your own template, or edit an existing template.

Additional Optimizations

Additional Windows 10 Optimizations

Additional Windows 7 Optimizations

Microsoft has compiled a list of links to various optimization guides.

It’s a common practice to optimize a Windows 7 virtual machine (VM) template (or image) specifically for VDI use. Usually such customizations include the following.

  • Minimize the footprint, e.g. disable some features and services that are not required when the OS is used in “stateless” or “non-persistent” fashion. This is especially true for disk-intensive workloads since disk I/O is a common bottleneck for VDI deployment. (Especially if there are multiple VMs with the same I/O patterns that are timely aligned).
  • Lock down user interface (e.g. optimize for specific task workers).

With that said the certain practices are quite debatable and vary between actual real-world deployments. Exact choices whether to disable this or that particular component depend on customer requirements and VDI usage patterns. E.g. in personalized virtual desktop scenario there’s much less things to disable since the machine is not completely “stateless”. Some customers rely heavily on particular UI functions and other can relatively easily trade them off for the sake of performance or standardization (thus enhance supportability and potentially security). This is one of the primary reasons why Microsoft doesn’t publish any “VDI Tuning” guide officially.

Though there are a number of such papers and even tools published either by the community or third parties. This Wiki page is aimed to serve as a consolidated and comprehensive list of such resources.

Daniel Ruiz XenDesktop Windows 7 Optimization and GPO’s Settings

Microsoft Whitepaper Performance Optimization Guidelines for Windows 7 Desktop Virtualization


  1. Make sure the master virtual desktop is configured for DHCP.
  2. If connected to the console, run ipconfig /release.
  3. Run antivirus sealing tasks:
  4. Login Base Image Script Framework (BIS-F) automates many image sealing tasks. The script is configurable using Group Policy.  💡
  5. Shutdown the master virtual desktop.
  6. Edit the Settings of the master virtual machine and disconnect the CD-ROM. Make sure no ISO is configured in the virtual machine.
  7. Take a snapshot of the master virtual desktop. View Composer requires a snapshot.

Related Pages

23 thoughts on “VMware Horizon 7.3.2 – Master Virtual Desktop”

  1. Carl, When using Horizon View 7.2 and Windows 10, we have been previously unable to use persistent disks with the Windows 10 linked clones. This has caused tremendous stability issues on a day to day basis due to the mandatory usage of roaming profiles which does not address all issues of ours. Do we know if there is a workaround or if this has been resolved as it is causing a tremendous problem for one of my customers? Thank you!

  2. Hey Carl, I also wanted to point out the Windows 7 Black Screen Hotfix you have linked above is broken. Has been for some time now. Actually, the LINK isn’t broken, but the download button once you get to the page you linked is broken. Perhaps Microsoft removed it? Just and FYI. Thank you for all you do!

    1. Windows? Or Office? In both cases, KMS is the answer. For Office 365 click-to-run, you’ll want Shared Computer Activation.

  3. Hi,

    We have an issue with a USB redirected device. We have installed the driver package for the Philips Speechmike on the Parent VM and snapshotted it, but when we deploy clones of it and the users plug in the USB device the desktop sees it for the first time and loads the drivers and then asks for a reboot.

    As we have lots of desktops and users this gets frustrating.

    Is there a way to connect the USB device the Parent VM before snapshotting it?


    1. The article says “In Horizon 7.0, instant clones have the following restrictions:”. I assume the restrictions also apply to 7.1?

  4. Hi, Carl. I have problems with a Windows 7 VM. I installed the Horizon Agent and the Horizon Direct Connetion Plugin, but when I try to connect from a Horizon View Client or from a ThinClient, I get a black screen.
    I have installed the fixes, and all possible updates but I still do not have good results. How can i fix this.


  5. Hi Carl,
    I have seen here you suggesting to install Windows 7 Hotfixes. Is it needed for Windows 10 master VM?

    1. Windows 10 gets Hotfixes through Windows Update. Windows 7 does not. But the important ones should have been fixed in Windows 10.

    1. I think you have to exclude usrclass.dat* from your roaming profiles. James Rankin has good info on how to roam the Start Menu in various UEM products.

Leave a Reply