- Created by Lisa Brown on Sep 01, 2025
Summary
XTIUM requires the following best practices be implemented with DaaS, ensuring best user experience and supportability. As the client administrator, you are responsible to understand and implement all or some of the policies below, based on your specific requirements.
XTIUM service delivery requires that the following be setup, configured and tested prior to entering a UAT phase of the project. Long term XTIUM support and SLA's will be contingent upon the client environment being in compliance with the following recommendations and best practices.
Recommended Best Practices and Policies:
Disabling Windows Feature Updates
A feature update is when Windows 10 version 1903 is upgraded to the next feature release of Windows 10 1909. This update process can impact performance and functionality of your desktops for many reasons such as 3rd party vendors who needs to test the update from Microsoft before they will deploy their own update. Disabling the Windows feature update reduces the impact of this process and maintains the stability of your DaaS platform.
Applications and Load Over Time - Memory Requirements Will Grow
Memory resources are a driving factor in the performance of your DaaS seat. It is important to recognize that over time as you add new applications that were not part of the initial design requirements, less free memory (RAM) can constrain performance. Specifically, Real Time Audio Video collaboration tools will see a performance decrease as memory is consumed by additional applications. See the Real Time Audio Video Collaboration Tools section below for more details.
It is recommended that before you add new applications or software to check with XTIUM to see if any changes to the DaaS seat resources are necessary.
Real Time Audio Video Collaboration Tools
Real Time Audio Video (RTAV) collaboration has become a standard tool for every business. It is important to recognize that the manufacturer's recommendation to use RTAV tools like Microsoft Teams and Zoom is to run them locally from the users endpoint. XTIUM deploys our vendor's RTAV optimizations in order to provide the best RTAV possible outside of running from the local endpoint. RTAV will have performance and feature limitations running in DaaS when compared to to running them from your local machine. We have detailed our experience with RTAV in virtualized environments here for your reference to help you select the best DaaS seat option.
Group Policy Objects
GPOs are settings within Microsoft's OS that define what a system will look like and how it will behave for a defined group of users. For example, GPOs enable control over a user's ability to access restricted files, run 3-D graphics, deploy new software, run background processes and limit a user's access to applications like the payroll software.
XTIUM has provided the following GPOs to provide the best user experience:
Microsoft Teams Optimization
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Microsoft Teams Optimization
- XTIUM can provide the needed admx/adml files if these options are missing.- The ADMX files would get copied into your “Policy Definitions” folder
- The ADML files would get copied into your “Policy Definitions\en-US” folder
 
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Policies -> Administrative Templates -> VMware View Agent Configuration → VMware HTML5 Features → VMware WebRTC Redirection Features- Enable Media Optimization for Microsoft Teams- Enabled
 
 
- Enable Media Optimization for Microsoft Teams
 
- Computer Configuration -> Policies -> Administrative Templates -> VMware View Agent Configuration → VMware HTML5 Features → VMware WebRTC Redirection Features
IE Graphics Optimization
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - IE Graphics Optimization
- Right-click the GPO that you created for the group policy settings and select Edit.- User Configuration -> Preferences -> Windows Settings -> Registry- Action: Create
- Hive: HKEY_CURRENT_USER
- Key Path: Software\Microsoft\Internet Explorer\Main
- Value Name: UseSWRender
- Value Type: REG_DWORD
- Value Data: 00000001
- Base: Hexadecimal
 
 
- User Configuration -> Preferences -> Windows Settings -> Registry
Chrome Graphics Optimization
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Chrome Graphics Optimization
- XTIUM can provide the needed admx/adml files- Copy CHROME.ADMX into your “Policy Definitions” folder
- Copy CHROME.ADML into your “Policy Definitions\en-US” folder
 
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Polices -> Administrative Templates -> Google - > Google Chrome- Use hardware acceleration when available: Disabled
 
 
- Computer Configuration -> Polices -> Administrative Templates -> Google - > Google Chrome
Chrome - Disable Software Reporter Tool
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Chrome Disable Software Reporter Tool
- Right-click the GPO that you created for the group policy settings and select Edit.
- Computer Configuration -> Preferences -> Windows Settings -> Registry- Registry Key 1:- Action: Create
- Hive: HKEY_LOCAL_MACHINE
- Key Path: Software\Policies\Google\Chrome
- Type: DWORD
- Name: ChromeCleanupEnabled
- Value: 0
 
- Registry Key 2:- Action: Create
- Hive: HKEY_LOCAL_MACHINE
- Key Path: Software\Policies\Google\Chrome
- Type: DWORD
- Name: ChromeCleanupReportingEnabled
- Value: 0
 
 
- Registry Key 1:
Office 2016/2019/365 Graphics Optimization
- NOTE: This GPO is version specific. If using an older version of office, the appropriate ADMX/ADML files would be required.
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Office 2016/2019/365 Graphics Optimization
- XTIUM can provide the needed admx/adml files- Copy all office ADMX files into your “Policy Definitions” folder
- Copy all office ADML files into your “Policy Definitions\en-US” folder
 
- Right-click the GPO that you created for the group policy settings and select Edit.- User Configuration -> Policies -> Administrative Templates -> Microsoft Office 2016 -> Miscellaneous- Do not use hardware graphics acceleration: Enabled
 
 
- User Configuration -> Policies -> Administrative Templates -> Microsoft Office 2016 -> Miscellaneous
Microsoft Edge Graphics Optimization
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 – Microsoft Edge Graphics Optimization
- XTIUM can provide the needed admx/adml files. Download Microsoft Edge for Business - Microsoft - Copy msedge.admx, msedgeupdae.admx, and msedgewebview2.admx into your “Policy Definitions” folder
- Copy msedge.adml, msedgeupdae.adml, and msedgewebview2.adml into your “Policy Definitions\en-US” folder
 
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Policies -> Administrative -> Microsoft Edge
- User Hardware Acceleration when available- Disabled
 
 
Windows 10 Device Registration
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Windows 10 Device Registration
- XTIUM can provide the needed admx/adml files if these options are missing.- The ADMX files would get copied into your “Policy Definitions” folder
- The ADML files would get copied into your “Policy Definitions\en-US” folder
 
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Device Registration- Register domain-joined computers as devices- Enabled
 
 
- Register domain-joined computers as devices
- Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update- Do not connect to any Windows Update Internet Locations- Disabled
 
 
- Do not connect to any Windows Update Internet Locations
 
- Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Device Registration
Disable Peer to Peer Windows Updates
- Create new GPO under the OU with the desktops in it with the name: XTIUM- DaaS 3 - Windows Update Delivery Optimization
- Right-click the GPO that you created for the group policy settins and select Edit.- Computer Configuration -> Policies → Administrative Templates → Windows Components → Delivery Optimization- Edit Download Mode- Enabled
- HTTP only (0)
 
 
- Edit Download Mode
 
- Computer Configuration -> Policies → Administrative Templates → Windows Components → Delivery Optimization
Allow Windows Store Apps to Auto Update
- Create new 7GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Windows Store Apps
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Preferences -> Windows Settings -> Registry- Action: Delete
- Hive: HKEY_LOCAL_MACHINE
- Key Path: Software\Policies\Microsoft\WindowsStore
- Value Name: AutoDownload
 
 
- Computer Configuration -> Preferences -> Windows Settings -> Registry
DaaS Windows Updates
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Windows Updates
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration → Policies →  Administrative Templates →  Windows Components →  Windows Updates → Windows Updates for Business- Select when Preview Builds and Feature Updates are received: Enabled- Select the Windows readiness level for the updates you receive: Semi-annual Channel
- After a Preview Build or Feature Update is released, defer receiving it for this many days: 366
 
 
- Select when Preview Builds and Feature Updates are received: Enabled
 
- Computer Configuration → Policies →  Administrative Templates →  Windows Components →  Windows Updates → Windows Updates for Business
RMM Windows Firewall Exceptions
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Windows Firewall
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration →  Polices →  Administrative Templates →  Network → Network Connections → Windows Defender Firewall → Domain Profile- Windows Defender Firewall: Allow inbound file and printer sharing exception : Enabled- Allow unsolicited incoming messages from these IP addresses: 10.200.1.0/24
 
- Windows Defender Firewall: Allow ICMP exceptions: Enabled- Options: Allow inbound echo request
 
- Windows Defender Firewall: Allow inbound remote administration exception: Enabled- Allow unsolicited incoming messages from these IP addresses: 10.200.1.0/24
 
 
- Windows Defender Firewall: Allow inbound file and printer sharing exception : Enabled
 
- Computer Configuration →  Polices →  Administrative Templates →  Network → Network Connections → Windows Defender Firewall → Domain Profile
User Group Policy Loopback
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - User Group Policy Loopback
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy- Configure user Group Policy Loopback processing mode: Enabled- Mode: Merge
 
 
- Configure user Group Policy Loopback processing mode: Enabled
 
- Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy
- Ensure this GPO is processed last.
Turn Off Display
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Turn Off Display
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Administrative Templates -> System -> Power Management -> Video and Display Settings- Turn Off the Display (Plugged In): Enabled
- Turn Off the Display (seconds): 0
 
 
- Computer Configuration -> Administrative Templates -> System -> Power Management -> Video and Display Settings
PCoIP - Clipboard Redirection & vSphere Console Access
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 – PcoIP
- XTIUM can provide the needed admx/adml files- Copy PCOIP.ADMX into your “Policy Definitions” folder
- Copy PCOIP.ADML into your “Policy Definitions\en-US” folder
 
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Policies -> Administrative -> Classic -> PCoIP Session Variables -> Overridable Administrator Defaults- Enable access to a PCoIP session from a vSphere console- Enabled
 
- Configure Clipboard Redirection- Enabled
- Enabled in both directions
 
 
- Enable access to a PCoIP session from a vSphere console
 
- Computer Configuration -> Policies -> Administrative -> Classic -> PCoIP Session Variables -> Overridable Administrator Defaults
Blast - Screen Blanking & Clipboard Redirection
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 – Blast
- XTIUM can provide the needed admx/adml files- Copy VDM_BLAST.ADMX into your “Policy Definitions” folder
- Copy VDM_BLAST.ADML into your “Policy Definitions\en-US” folder
 
- Right-click the GPO that you created for the group policy settings and select Edit.- Computer Configuration -> Policies -> Administrative -> Classic -> VMware Blast- Screen Blanking- Disabled
 
- Configure Clipboard Redirection- Enabled
- Enabled in both directions
 
 
- Screen Blanking
 
- Computer Configuration -> Policies -> Administrative -> Classic -> VMware Blast
Outlook - Cached Mode Enabled
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Outlook Cached Mode.
- Right-click the GPO that you created for the group policy settings and select Edit.- User Configuration -> Policies -> Administrative Templates → Microsoft Outlook 2016 → Account Settings → Exchange → Cached Exchange Mode
- Set Cached Exchange Mode Sync Settings to enabled and 3 months unless customer requests longer duration
- Set Use Cached Exchange Mode for new and existing Outlook profiles to enabled.
- User Configuration -> Policies -> Administrative Templates → Microsoft Outlook 2016 → Outlook Options → Delegates
- Set Disable shared mail folder caching to enabled
 
Prevent Bing as Default Search Engine
- Download and install the latest Microsoft Office 365 Group Policy Templates (ADMX and ADML files)
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Disable Bing
- Right-click the GPO that you created for the group policy settings and select Edit.
- Computer Configuration -> Policies -> Administrative Templates -> Microsoft Office 2016 (Machine) -> Updates
- Look through the list of policies and double-click on the Don't install extension for Microsoft Search in Bing that makes Bing the default the search engine option.
- Select Enabled and then press Apply followed by OK to configure the policy.
Folder Redirection
- Create new GPO Under the OU with the desktops in it with the name: XTIUM - DaaS 3 - Folder Redirection
- Right-click the GPO that you created for the group policy settings and select Edit.- User Configuration -> Policies -> Windows Settings -> Folder Redirection- Favorites (right click the folder)- Setting: Basic (Redirect everyone’s folder to the same location)
- Target Folder Location: Create a folder for each user under the root path
- Root Path: \\server\share
- Options:- Grant user exclusive rights to Favorites: Disabled
- Move the Contents of Favorites to the new location: Enabled
- Also apply redirection policy to Windows 2000 server, Windows…: Disabled
- Policy Removal Behavior: Leave Contents
 
 
- Desktop- Setting: Basic (Redirect everyone’s folder to the same location)
- Target Folder Location: Create a folder for each user under the root path
- Root Path: \\server\share
- Options:- Grant user exclusive rights to Desktop: Disabled
- Move the Contents of Desktop to the new location: Enabled
- Also apply redirection policy to Windows 2000 server, Windows…: Disabled
- Policy Removal Behavior: Leave Contents
 
 
- Documents- Setting: Basic (Redirect everyone’s folder to the same location
- Target Folder Location: Create a folder for each user under the root path
- Root Path: \\server\share
- Options:- Grant user exclusive rights to Documents: Disabled
- Move the Contents of Documents to the new location: Enabled
- Also apply redirection policy to Windows 2000 server, Windows…: Disabled
- Policy Removal Behavior: Leave Contents
 
 
- Downloads- Setting: Basic (Redirect everyone’s folder to the same location)
- Target Folder Location: Create a folder for each user under the root path
- Root Path: \\server\share
- Options:- Grant user exclusive rights to Downloads: Disabled
- Move the Contents of Downloads to the new location: Enabled
- Also apply redirection policy to Windows 2000 server, Windows…: Disabled
- Policy Removal Behavior: Leave Contents
 
 
- Music- Setting: Follow the Documents Folder
 
- Videos- Setting: Follow the Documents Folder
 
- Pictures- Setting: Follow the Documents Folder
 
 
- Favorites (right click the folder)
 
- User Configuration -> Policies -> Windows Settings -> Folder Redirection
File Exclusions for Anti Virus
File Exclusions for Anti Virus
File Exclusions for Anti Virus:
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\User Profile Manager\UserProfileManager.exe
C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
C:\Windows\system32\taskmgr.exe
${WinDir}\SoftwareDistribution\Datastore\DataStore.edb
${WinDir}\SoftwareDistribution\Datastore\Logs\Edb*.jrs
${WinDir}\SoftwareDistribution\Datastore\Logs\Edb.chk
${WinDir}\SoftwareDistribution\Datastore\Logs\Tmp.edb
${windir}\Security\Database\*.edb
${windir}\Security\Database\*.sdb
${windir}\Security\Database\*.log
${windir}\Security\Database\*.chk
${windir}\Security\Database\*.jrs
${windir}\Security\Database\*.xml
${windir}\Security\Database\*.csv
${windir}\Security\Database\*.cmtx
pcoip_server_win32.exe
wssm.exe
VMBlastS.exe
wsnm_jms.exe
vmwareviewclipboard.exe*
outlook.exe*
excel.exe
splwow64.exe
vmtoolsd.exe
C:\Program Files (x86)\VMware\VMware DaaS Agent\service\DaaSAgent.exe
Local Horizon View Client
Local Horizon View Client
Thick Client Requirements:
Minimum Version to support Teams Optimization is v2012 Build 8.1
Thin Client Requirements:
If using a Wyse 5030: The Firmware version must be v8.6_412_3040 in order for Teams Optimization to function
RMM Checks
RMM Checks
RMM allows you to set up periodic checks to ensure optimal performance. We recommend setting these checks for after hours in order to reduce load on the platform. Using any RMM scheduled task. Preexisting IT policies should be reevaluated prior to deploying automated
Client Signature: __________________________________________
Date: _______________________________________________
- No labels