Azure Windows Server Desktop Experience

Posted by

Introduction

The following instructions will help you build and configure Windows Server 2008 for use as a basic desktop.

Building and Deploying the VM

  • Go to the Azure Portal Login Page: https://portal.azure.com/.  You will need to use a Microsoft account.  Create an account and login.
  • If you have a Microsoft Azure Passcode, enter it here: http://www.microsoftazurepass.com.  Remember to have a Microsoft account already registered before entering the passcode.  In addition, the passcodes seem to work more consistently if the email address used was not previously associated with a passcode.
  • From the Services menu to the left, select “Virtual machines”.azure-vm-menu
  • From the Virtual machines sub-menu, select the “+Add” button.azure-vm-add
  • In the “Search Virtual Machines” box, enter “Windows Server 2008 R2 SP1” and select the machine where Microsoft is listed as the Publisher.azure-vm-win2008
  • With Windows Server 2008 R2 SP1 selected, set the deployment model be “Resource Manager” and click on the “Create” button.azure-vm-win2008-create
  • Enter in the requested information, set a complex password and ensure you choose the proper subscription.  Since this is likely your first Azure VM, create a new Resource Group and name it as you wish.  In addition, select a location closest to you for this initial setup.azurer-vm-step1
  • After you click “OK”, you will then need to choose the size of your virtual machine.  You will be presented with a set of choices with varying options and combinations of CPU cores, RAM, disk space, etc.  For an simple desktop, select “DS1_V2 Standard”.  Click on the “Select” button.azure-vm-step2.png
  • The defaults are acceptable as most of the resources are new.   Click on the “OK” button.azure-vm-step3
  • Finally, the configuration will be validated.  Correct any errors identified and click on the “OK” button to build and deploy the virtual machine.azure-vm-step4
  • At this point, Azure is deploying your virtual machine.  It does take a few minutes to deploy.  Monitor your dashboards and messages for notification that the deployment is complete.azure-vm-deploy
  • After the desktop is deployed, you will be presented with the overview of your running virtual machine and the related statistics.  Explore all the statistics and settings available to you.MyDesktop-Essentials

Connecting to the Virtual Machine

By default, Remote Desktop Services is made available to enable you to connect to the Windows virtual machine you just created.  When you click on the “Network Interfaces” menu item for you virtual machine, you will see the information relating to the public and private IP addresses assigned to your virtual machine.

MyDesktop-Network

In order to connect to this virtual machine, you will need a Windows remote desktop client.  It is recommended you use the default applications from Microsoft which supports both Windows and the Apple MacOS.

Next, select the “Overview” menu item and click on the “Connect” button.  This will download a “*.rdp” file which contains the configuration to connect to your virtual machine.

Open your RDP client and open/import/load the RDP configuration you just downloaded.  Establish an RDP session with the credentials you used to setup your machine above.  Once connected, you will be presented with a dialog box presenting “Initial Configuration Tasks”.

MyDesktop-init-tasks

The first thing you should do is click on “Download and install updates” to ensure your virtual machine has the latest patches.  Install all recommended patches.  You may be required to restart the virtual machine to apply all patches.  Reconnect to your virtual machine before proceeding by downloading and loading the “*.rdp” as described above.  This is necessary since your virtual machine is setup with a dynamic IP address by default.  Therefore, its IP likely changed after every restart.  After you connect to the virtual machine again, continue to configuring it with the desktop experience.

Configuring the Desktop Experience

By default, Windows Server 2008 is setup with the essential tools and interface necessary to operate as a server.  Extraneous applications that consumers usually have installed on their Windows 7 desktops are not installed by default on Windows server operating systems.  The Windows Server 2008 Desktop Experience feature enables you to install a variety of Windows 7 features on your server running Windows Server 2008.

Microsoft provides step-by-step instruction on how to configure the Desktop Experience here: Desktop Experience Overview.  Essentially, “[y]ou can install or uninstall Desktop Experience using the Initial Configuration Tasks Wizard or Server Manager.

To install Desktop Experience using the Initial Configuration Tasks Wizard

  1. In the Customize This Server section, click Add features.
  2. Select the Desktop Experience check box, and then click Next.
  3. Complete the wizard by clicking Install.

To install Desktop Experience using Server Manager

  1. Open Server Manager: click Start, point to Administrative Tools, and click Server Manager.

You can also open Server Manager by typing the following at a command prompt:
servermanager.msc

  1. In the Features Summary section, click Add features.
  2. Select the Desktop Experience check box, and then click Next.
  3. Complete the wizard by clicking Install.

You can uninstall Desktop Experience at any time by using either method above to start the Add Features Wizard. When the wizard opens, clear the Desktop Experience check box, click Next, and then click Remove to complete the wizard.”

Before you begin going to your favorite websites for news, research, social network and tools you will need to disable the enhance security features of the only web browser on the server that this time, Internet Explorer.  These security features are intended provide stricter security controls to reduce the risk of the server being compromised by casual web browsing activity and all the risks associated (e.g. malvertising, downloading malware, visiting questionably site, executing client-side malicious ActiveX code, etc.).

The blog post here provides a good description of how to disable Internet Explorer Enhanced Security Configuration: https://blogs.technet.microsoft.com/chenley/
2011/03/10/how-to-turn-off-internet-explorer-enhanced-security-configuration/
.

Essentially, you open up Server Manager and scroll to the Security Information section.  To the right of that section, click on the Configure IE ESC link to bring up a dialog box to disable IE ESC for the respective users.

MyDesktop-ie-esc

MyDesktop-ie-esc-disable.png

Final Steps

At this point, you have the canvas of a Windows Desktop-experience machine that is operating in the Azure cloud.  Remember it is a Windows Server 2008 operating system which means compatibility with all Windows 7 applications is not guaranteed.  You will still need to configure, manage and maintain the system to ensure security.  In addition, be aware that there is essentially no perimeter security protecting the workstation.  Install host-based protections on this workstation including antivirus, host-based intrusion prevention and others.

Lastly, remember that you are charged for every minute this workstation is running.  To control and manage your monthly costs, make sure you turn-off the virtual machine whenever you are not using it.

Advertisements