7 minutes reading time (1422 words)

Recipe: Virtualize Edge with App-V

edge

Microsoft released a new Edge Browser based on the Google Engine Chromium a few weeks ago. This will be installed over an existing installation, but can also be installed on server systems that did not have an Edge Browser before. It is interesting that this Edge can be installed without problems on older systems like Server 2012 R2 or Windows 8.1. Nice is that the new Edge-Browser can be virtualized easily with App-V. We have been using an App-V variant of the application since the release and have had no problems with it so far.

Note: The document Virtualizing Edge with App-V is especially thanks to Thorsten @endi24. Thanks for the support! Furthermore I thank @bsplittg for testing the package.

Note2: Ihere is now another article from us with additional informationhere is now another article from us with additional information

The package works on current and on all older Microsoft operating systems when created with a classic (not ADK) sequencer (App-V 5.1). The Edge App-V package can work parallel to an existing Edge. An App-V Edge browser has its own settings, if you like. For example, your own homepage or another search engine. All this is only valid for Windows systems. Because the new Edge-Browser is also available for MacOS!

 You can find this browser as an online installation under:

https://www.microsoft.com/en-us/edge

Or in Germany under:
https://www.microsoft.com/de-de/edge

Furthermore an insider version can be found under:
https://www.microsoftedgeinsider.com/de-de/download/

For us, however, the offline version of the new Edge is most interesting. You can find it here:
https://www.microsoft.com/en-us/edge/business/download

Edge Versionen

Bild2

At the time of this blog, version 81 (Current) is the current "stable" version that we want to use for the App-V package. As a prerequisite for packaging with App-V we recommend offline version of the application. There is currently no MSIX version available for download. Microsoft itself does not seem to rely on the new technology, although Office 365 will be distributed soon. We get a classic MSI package "MicrosoftEdgeEnterpriseX64.msi" for installation. Edge installs itself completely to:

"c:\Program Files x86\Microsoft\Edge"
"c:\Program Files x86\Microsoft\Edge Update"

By default, Microsoft stores user data for Edge under %localappdata%\Microsoft\Edge\User Data This is bad because this is not a roaming path. FSLogix users are off the hook here. For App-V we can include the path in the package. The folder can be changed via a start parameter and redirected to

%AppData% (if needed).

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --user-data-dir=%AppData%\EdgeBusiness.

This will be considered in the sequencing phase. Nevertheless, it is problematic to have these files in the App-V package. If the PackageID changes, App-V will look for files elsewhere and the user will lose his configuration. It is best to exclude AppData and configure the Edge via Group Policy! We leave it here in the package anyway.

Bild3

A 64 bit version of Edge will still be installed after c:\Programm Files (x86)! A DCOM subsystem is found which cannot be virtualized. Mostly they are not needed in the applications.

{1FCBE96C-1697-43AF-9140-2897C7C69767} (LocalService)

When we search for the component, we see that it is the Edge Elevation Service.

Bild4In Chrome, the Elevation_Service is a standalone executable that is installed by the Chrome browser on the user's computer. You can find it at "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.53\elevation_service.exe". This service is used in Chrome to install components and updates that require higher rights. We do not want both in an App-V package. On the contrary - we disable or delete these services.

Edge on Terminal Servers

On a server or desktop where Citrix VDA is installed, starting one of the Edge will result in a white window. This does not happen with the App-V package. If you want to know more about this you can find a blog here:

https://jkindon.com/2019/09/17/deploying-brave-and-microsoft-edge-dev-browsers-in-citrix-cvad-environments/

 There may also be a problem with the Edge Sandbox. Here it can happen that audio (microphone) is not properly supported. This can be disabled using the Edge Group Policies. So far I have heard several statements about this. The problem does not seem to exist generally or is version dependent.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge AudioSandboxEnabled = 0

Or the call (link) with :

-disable-features=AudioServiceSandbox

Edge and FSLogix

We will move the user data from Edge to the roaming part later. Here Microsoft seems to have adopted Crome's bad concept of saving everything to AppDataLocal. FSLogix has no problem here and this part may be ignored.

Profile Management

There is a nice article about profile management here. Among others Citrix Profilemanager and VMWare DEM are discussed. Note that the App-V recipe below redirects everything to %Appdata%. Therefore the paths change. So we rather have to exclude paths. Especially for FSLogix the cache path

Exclusion if saved after AppDataLocal:
Appdata\Local\Microsoft\Edge\User Data\Default\Cache

Exclusion for FSLogix and Microsoft Roaming Profiles when saving to AppData:
Appdata\Roaming\Microsoft\Edge\Default\Cache

Optional:
Appdata\<ROAMING>Microsoft\Edge\User Data\Default\JumpListIconsMostVisited
Appdata\<ROAMING>\ Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed
AppData\<ROAMING>\Microsoft\Edge\User Data\Default\Media Cache

Recommended configuration settings

Services are deactivated:

  • MicrosoftEdgeElevationService: Keeps Microsoft Edge up to update. If this service is disabled, the application will not be kept up to date. "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.53\elevation_service.exe"
  • edgeupdate: Keeps your Microsoft software up to date. If this service is disabled or stopped, your Microsoft software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Microsoft software using it. "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
  • edgeupdatem: Keeps your Microsoft software up to date. If this service is disabled or stopped, your Microsoft software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Microsoft software using it. " C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe“ /medsvc

Bild5SettingsSettings

 Recommended settings can be found under Edge://settings/Profiles.

Bild6

Add more languages if required.Add more languages if required.
Edge://settings/languages

Bild7

New languages (here German & English):

Bild8

Background settingsBackground settings
Edge://settings/System
Edge starts background services after the browser is closed and communicates continuously (as does Chrome). This is undesirable behavior for me. Especially for an App-V package. With terminal servers the configuration has an additional negative effect. Background activities are better deactivated here.

Bild9

The SequencerThe Sequencer

If you want the package to work on older systems you have to use an App-V 5.1 sequencer. For current environments I recommend the sequencer from the ADK 1807.

Exclusion elements (App_V template):

Especially the folder [{ProgramFilesX86}]\Microsoft\Edge\Application\81.0.416.53\Installer can be deleted. Here is a complete setup once again. Other elements are [{SystemX86}], [{Windows}]\Serviceprofiles (services) and [{AppVPackageDrive}]\Boot (why should something be changed on the BCD?).

<?xml version=“1.0“ encoding=“utf-8“?>

<SequencerTemplate xmlns:xsd=“http://www.w3.org/2001/XMLSchema“ xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance“>

<AllowMU>false</AllowMU>

<AppendPackageVersionToFilename>true</AppendPackageVersionToFilename>

<AllowLocalInteractionToCom>false</AllowLocalInteractionToCom>

<AllowLocalInteractionToObject>false</AllowLocalInteractionToObject>

<FullVFSWriteMode>false</FullVFSWriteMode>

<ExcludePreExistingSxSAndVC>false</ExcludePreExistingSxSAndVC>

<FileExclusions>

<string>[{CryptoKeys}]</string>

<string>[{Common AppData}]\Microsoft\Crypto</string>

<string>[{Common AppData}]\Microsoft\Search\Data</string>

<string>[{Cookies}]</string>

<string>[{History}]</string>

<string>[{Cache}]</string>

<string>[{Local AppData}]</string>

<string>[{LocalAppDataLow}]</string>

<string>[{Personal}]</string>

<string>[{Profile}]\Local Settings</string>

<string>[{Profile}]\NTUSER.DAT.LOG1</string>

<string>[{Profile}]\NTUSER.DAT.LOG2</string>

<string>[{Recent}]</string>

<string>[{Windows}]\Debug</string>

<string>[{Windows}]\Logs\CBS</string>

<string>[{Windows}]\Temp</string>

<string>[{Windows}]\WinSxS\ManifestCache</string>

<string>[{Windows}]\WindowsUpdate.log</string>

<string>[{AppVPackageDrive}]\$Recycle.Bin</string>

<string>[{AppVPackageDrive}]\System Volume Information</string>

<string>[{AppData}]\Microsoft\AppV</string>

<string>[{Local AppData}]\Temp</string>

<string>[{ProgramFilesX64}]\Microsoft Application Virtualization\Sequencer</string>

<string>[{Profile}]</string>

<string>[{AppVPackageDrive}]\Boot</string>

<string>[{Windows}]\ServiceProfiles</string>

<string>[{SystemX86}]</string>

<string>[{Quick Launch}]</string>

<string>[{User Pinned}]</string>

<string>[{System}]</string>

<string>[{Common AppData}]</string>

<string>[{ProgramFilesX86}]\Microsoft\Edge\Application\81.0.416.53\Installer</string>

<string>[{Common Programs}]</string>

</FileExclusions>

<RegExclusions>

<string>REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography</string>

<string>REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography</string>

<string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU</string>

<string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU</string>

<string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams</string>

<string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Streams</string>

<string>REGISTRY\MACHINE\SOFTWARE\Microsoft\AppV</string>

<string>REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AppV</string>

<string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\AppV</string>

<string>REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\AppV</string>

</RegExclusions>

<TargetOSes />

</SequencerTemplate>

Delete: all MSI files under C:\Windows\Installer. Attention: do not delete everything. Important exe files, DLLs and icons may be located here.
 

Sequencing instructions (Recipe)

  1.  Reset the App-V Sequencer snapshot. I am using an App-V 5.1 sequencer on Windows 8.1 to get a package that works on older systems.
  2. Copy the installation file to the sequencer (MicrosoftEdgeEnterpriseX64.msi)
  3. Copy the Edge.appvt template Load the template in the sequencer (File/Load template)
  4. "Create new virtual application (default)"
  5. Take the installer MicrosoftEdgeEnterpriseX64.msi
  6. I name the application "Edge_81_ML_x64" (the version number here does not matter. Later updates just need the same PackageID and can get a different name)
  7. Install Edge
  8. Open the C:\ProgramData\Microsoft\Windows\Start Menu\Programs folder and edit the shortcut for Edge. "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --user-data-dir=%AppData%\EdgeFilesBusiness  with --User-Data we define the directory where data is stored. This is by default otherwise %LocalAppData%
  9. Delete the desktop shortcut
  10. Delete services - for this purpose open a command line as "Administrator":
  11. Sc Delete MicrosoftEdgeElevationService
  12. Sc Delete Edgeupdate
  13. sc Delete edgeupdatem

 Bild10

Press the checkbox "Installation is complete" and continue with

The Starting the Edge application is optional (settings become part of the package):

  • Here you can make settings as described under "Recommended configuration settings".
  • Initial launch Disabling the background services
  • Disabling the update search
  • Install additional languages
  • Disable Microsoft Notifications
  • Excluded files and the DCOM component can be ignored "Finish now" and save the package.

If you want to edit the package you can delete the msi packages under c:\Windows\Installer (only those). Otherwise the package is ready to use. Especially the exclusion element "[{ProgramFilesX86}]\Microsoft\Edge\Application\81.0.416.53\Installer" reduces the package size by about 250

MB. Attention firewall settings:

These can be set with a script if required (An example from my German blog: https://www.software-virtualisierung.de/app-v/windows-firewall-ports-automatisch-fuer-ein-app-v-paket-oeffnen.html)

 

Edge Firewall

Further references: https://www.askwoody.com/2020/privacy-update-brave-is-the-most-private-browser-edge-blabs-like-crazy/

SQL Server Management Studio 18.5 (SSMS) App-V Rec...
App-V Link Cleanup Script

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 26 November 2020

Captcha Image

@nickinformation Tweets

My german Blog: 

http://www.software-virtualisierung.de

in 

Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
More information