App Layering 2409

As of release 2409 of application layering Microsoft Edge is now only updated and managed from the OS layer revisions. You must keep Edge up to date when you are updating versions of Windows in the OS layer. Also, if customers had previously deployed Edge in an application layer, that layer can not be used in an image as the version of Edge installed in the layer will be ignored when the image is composited.

 

Ref: https://docs.citrix.com/en-us/citrix-app-layering/4/whats-new.html

• You can only update Microsoft Edge in an OS revision now. If you previously used an application layer to deploy Edge, that layer can’t be used in the image anymore, as Edge updates will be ignored. Make sure to keep Edge up to date when updating Windows versions. [UNI-90502]

Earlier releases of App Layering

There are two types of environments that need to be considered with regards to Microsoft Edge when being used with Citrix App Layering.

• Windows 10 enables and uses Microsoft Edge as the default browser. 
• Server 2016/2019/2022 does not have Microsoft Edge setup by default. 

It is due to these differences that there are two different ways that this configuration with Microsoft Edge would be Supported.

Important Notes:

• Microsoft Edge is embedded in the Window 10 OS and requires itself to be updated in a very aggressive manner.  On the other hand, Microsoft Edge is not deployed by default in all versions of Microsoft desktops which makes the application tricky to be updated by Administrators while not causing pollution (refers to any objects committed to user layer unintentionally) in the User Layer. If the updates are allowed to be written to the User's volume, there is potential to have broken versions of Microsoft Edge due to the mismatch in the expected files.  In order to keep updates from being written into the User's volume, automatic updates need to be prevented from running. 
• This document is geared towards deploying Microsoft Edge in an App Layering environment with full User Layer or with User Personalization Layer (UPL).  Keep in mind that using this method requires the administrator to update Microsoft Edge in the OS Layer revisions as frequently as they would their Windows updates.  Otherwise Microsoft Edge will not update by itself.  
  • This method should never be interpreted as permanently disabling Microsoft Edge or the Microsoft Edge update process, nor should Administrators ever permanently disable Microsoft Edge. Images that only use Elastic Layers must still add the user exclusions to ensure the Microsoft Edge versions that may have been updated in an Application Layer prior to the disabling, will not show up when the Layers are loaded.
  • Images deployed without any Elastic Layering do not have to deal with excluding the files from the user layer, and as such, would skip any actions for creating the User Exclusions and any repair.

Table of Contents:

• Configuring Microsoft Edge for Windows Server with Citrix App Layering
• Configuring Microsoft Edge for Windows 10 with Citrix App Layering
  • Option 1: Configuring Microsoft Edge in the OS Layer
  • Option 2: Configuring Microsoft Edge in the Application Layer
  • Option 3: Configuring Microsoft End in an Elastic Application Layer
• Pollution in the Platform Layer

---

Instructions

​​​Microsoft Server 2016/2019/2022 - Configuring Microsoft Edge for Citrix App Layering

Scenario 1: Microsoft Edge not installed in the OS Layer

• In this scenario, Administrators would treat Microsoft Edge the same way you would treat any other browser and simply let the user install it in their user layer and have them maintain it.

Scenario 2: Microsoft Edge installed and maintained in OS Layer

• This scenario falls into the same category as the Windows 10 .  In that if Microsoft Edge is installed in the OS layer, the admin is responsible for making sure that automatic updates are turned off.  The admin must also deal with pollution in application layers if they were created before disabling the updates.  Finally, the admin will also have to clean up the user layers of the pollution if the user layers were updated before turning off the updates.  Therefore, all the problems are the same as Windows 10, the admins should follow the same steps for Windows 10.

 

Windows 10 - Configuring Microsoft Edge for Citrix App Layering

Note: There are three options for deploying Microsoft Edge on Windows 10, each classified below:
 

Option 1: Configuring Microsoft Edge in the OS layer

Microsoft Edge must be configured such that you turn off automatic updates to prevent application layers from being updated with Microsoft Edge.  Microsoft has outlined the steps for disabling the automatic updates.   See below:

1. Browse to: https://www.microsoft.com/en-us/edge/business/download 
2. Select the Channel/Version, the Build and the Platform.   Then click "Get Policy Files" to download the ADMX/ADML Policy Files for Microsoft Edge
3. Once the zip file is downloaded and unpacked, browse to the folder of the unzipped files. These files will allow the admin to set the values to turn off the automatic updates for Microsoft Edge.  
   • ​​​​​​MicrosoftEdgePolicyTemplates -> Windows-> admx-> msedgeupdate.admx
     • Place the file:  msedgeupdate.admx   to C:\windows\PolicyDefinitions folder
   • MicrosoftEdgePolicyTemplates -> Windows-> admx-> en-US-> msedgeupdate.adml
     • Place the file:  msedgeupdate.adml  to C:\Windows\PolicyDefinitions\en-US folder
4. Turn off the automatic updates for Microsoft Edge via Downloaded Policies:
   • Open Microsoft Group Policy Editor
   • Navigate to Local Computer Policy→Computer Configuration→Administrative Templates→Applications 
   • In the GPO Editor modify the following policy value:
     • Policy Setting Name: Update Policy Override Default
     • Policy Setting Value: Manual Updates Only
5. Disable updates in the Microsoft Edge folder via Downloaded Policies:
   • Open Microsoft Group Policy Editor
   • Navigate to Policy→Computer Configuration→Administrative Templates→Microsoft Edge Update→Applications→Microsoft Edge
   • In the GPO Editor modify the following policy value:
     • Policy Setting Name: Update Policy Override Default
     • Policy Setting Value: Manual Updates Only
6. Disable the scheduled tasks which could also update Microsoft Edge
   • ​​​​​​​
7. Disable the Microsoft Edge Update Services (EdgeUpdatem):
   • ​​​​​​​
   • Once the updates have been disabled, a file needs to be created to exclude/hide any Microsoft Edge updates from any elastic layers as well as to let the User Layer know that it should not persist any of the updates that take place for that layer.   In order to do this, we will take advantage of User Exclusions:
     1. Navigate to the "C:\Program Files\Unidesk\Uniservice\UserExclusions" directory (Create the directory if it doesn't exist already
     2. Create a file in there called EdgeExclusions.txt
     3. Add the following five lines to the file – NOTE:  the \ at the end of the path in each case, which tells the system to exclude the entire directory:​​​​​​​
        • C:\Program Files (x86)\Microsoft\Edge\
        • C:\Program Files (x86)\Microsoft\EdgeCore\
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\
        • C:\Program Files (x86)\Microsoft\EdgeWebView\
        • C:\ProgramData\Microsoft\EdgeUpdate\
8. ​​​​​​​​​​​​​​Once completed, the Image is in a state where the updating of Microsoft Edge is controlled through an OS Layer revision. Administrators are required to update Microsoft Edge on a frequent basis to ensure that Microsoft Edge is running the latest versions for the User Layers. Microsoft Edge should be updated in the OS Layer revision every time a new OS Layer revision is created to update Windows. In the event that Microsoft Edge requires a more immediate update, a new OS layer revision must be created. If Microsoft Edge updated administrators must redeploy images using the OS revision as soon as possible. This can be done with the following steps:
   • Add a version to the OS Layer
   • In the Packaging Machine, check for any updates to Microsoft Edge:
     1. Launch Microsoft Edge
     2. Go to the ‘About Window’ which will trigger the update
     3. The settings will allow Microsoft Edge to be updated without enabling anything else

   

Option 2: Deploying Microsoft Edge in an Application Layer in the image

 

• If electing to use the Application Layer, it's important that the OS Layer is configured using the instructions within Option 1's “Configuring Microsoft Edge in the OS Layer’ steps.  Following the instructions detailed under Option 1 will stop pollution from occurring on all Application Layers.  

Important Notes:

• The layer that is deploying Microsoft Edge needs to be the highest priority layer after the Platform Layer.  The best practices for this design is to create a new Application Layer AFTER you have updated the OS Layer. 
• The new Microsoft Edge Layer much be assigned to the Image Template being deployed
• If you have user layers that have pollution in them from prior versions of the OS Layer, you can use this Layer to run a repair on the user's image.  This Layer will have the correct versions of the common files that can be used to clear out the older revisions.  To learn how to repair a User Layer, please browse to:
  • https://docs.citrix.com/en-us/citrix-app-layering/4/layer/enable-user-layers.html
• For more information, please browse to:
  • https://www.citrix.com/blogs/2020/01/09/the-user-layer-repair-utility-makes-it-easier-to-clean-out-user-layers/

   

Option 3: Deploying Microsoft Edge in an Elastic Application Layer

• Note: The issue with this method is that the UserExclusions will prevent the Layer from ever being used to open the files, which also prevents the user layer from being updated.
  • Administrators would not be able to deploy Microsoft Edge without having to update the image.  If Microsoft Edge is deployed as an Elastic Layer, ensure that the UserExclusions configuration does not have a file/reference in it to exclude Microsoft Edge, as well as having some other mechanism to prevent end users from polluting their User Layer with Microsoft Edge every time they go to check the revision they are running.

   

Pollution in the Platform Layer

• If pollution exists within the Platform Layer, the easiest solution and best practice option is to recreate the platform layer using the new OS revision, created earlier, that disabled the update of Microsoft Edge.
  • The main issue stems from the Platform Layer being always treated as the highest priority Layer.  If there is any pollution in the Platform Layer, that pollution will exist in the files that are written to the Image last and will result in the layer being the latest.
  • If there is no option of re-creating the Platform Layer, there are two options to choose from:
    • Option 1:
      • Update Microsoft Edge in your platform layer and use that layer as your Microsoft Edge layer.  There are no other changes required.​​​​​​​
    • Option 2:
      • Deploy Microsoft Edge as an Elastic Layer. 
      • Note: This action requires removing the EdgeExclusions.txt file and forces the admin to figure out how to prevent users from doing the upgrade on their own whenever they go into the Microsoft Edge's About Menu. This option may require additional Support from the Citrix Support Teams

Reference

• https://docs.citrix.com/en-us/citrix-app-layering/4.html ​​​​​​​
• https://learn.microsoft.com/en-us/deployedge/microsoft-edge-support-lifecycle?view=o365-21vianet

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Steps to configure and/or fix Microsoft Edge in a Citrix App Layering environment in Windows 10 and Microsoft Server OS 2016, 2019, or 2022