Azure Virtual Desktop – Problems Attempting Locked down Exam Environment
I am attempting to build an Azure Virtual Desktop that will be used for an Exam Environment. The physical workstations are thin clients that auto-direct to RDP and access our AVD environment. Using a Windows11+Office365 image, I created a basic image. I added shortcuts to the desktop (Word, Excel, PowerPoint, a web shortcut)
I want a non-persistent desktop that does not pull any information from a user’s account. Not OneDrive, not Teams, no roaming files. It will pass-through the user’s credentials for obtaining a Office license and nothing more. All internet will be blocked, and only a couple of sites will be accessed.
All lockdown settings are handled through GPO (GPO settings File). **not shown in the file is the usage of Teams where I used a fake tenant ID so it was impossible to loadlink MSTeams. But to block OneDrive as indicated in the file, I did use the correct tenant ID.
Does it work? Yes. But it has issues loading up.
When you attempt to sign in, it will take exactly 10min ‘Preparing Windows’.
Once this completes, in the bottom left corner is a minimized DOS window. When you restore this window it shows it’s attempting to run UsrLogon.cmd but has the error “The command prompt has been disabled by your administrator. Press any key to continue…”, which when done takes you to the desktop.
Lastly, the weblink is created for the student to upload their exam to our CRM when completed. When you access this weblink it opens with “Welcome-new-device is blocked” and you have to use TaskManager to kill Edge, and then restart it so it will then properly access the CRM site.
While this does work as intended once you get to this point, it’s an unnecessary delay. Especially when attempting to take an exam.
I need help trying to identify those (3) problems;
– Why is it taking 10 minutes to prepare windows, and how do you make it stop doing that?
– Why is the usrlogon.cmd failing to run (and I don’t appear to need it, so how to stop it completely?)
– What GPO did I miss with Edge to not have that ‘welcome new deviceuser’ to appear and just load the website I want.
I am attempting to build an Azure Virtual Desktop that will be used for an Exam Environment. The physical workstations are thin clients that auto-direct to RDP and access our AVD environment. Using a Windows11+Office365 image, I created a basic image. I added shortcuts to the desktop (Word, Excel, PowerPoint, a web shortcut)I want a non-persistent desktop that does not pull any information from a user’s account. Not OneDrive, not Teams, no roaming files. It will pass-through the user’s credentials for obtaining a Office license and nothing more. All internet will be blocked, and only a couple of sites will be accessed.All lockdown settings are handled through GPO (GPO settings File). **not shown in the file is the usage of Teams where I used a fake tenant ID so it was impossible to loadlink MSTeams. But to block OneDrive as indicated in the file, I did use the correct tenant ID. Does it work? Yes. But it has issues loading up. When you attempt to sign in, it will take exactly 10min ‘Preparing Windows’.Once this completes, in the bottom left corner is a minimized DOS window. When you restore this window it shows it’s attempting to run UsrLogon.cmd but has the error “The command prompt has been disabled by your administrator. Press any key to continue…”, which when done takes you to the desktop.Lastly, the weblink is created for the student to upload their exam to our CRM when completed. When you access this weblink it opens with “Welcome-new-device is blocked” and you have to use TaskManager to kill Edge, and then restart it so it will then properly access the CRM site. While this does work as intended once you get to this point, it’s an unnecessary delay. Especially when attempting to take an exam. I need help trying to identify those (3) problems;- Why is it taking 10 minutes to prepare windows, and how do you make it stop doing that?- Why is the usrlogon.cmd failing to run (and I don’t appear to need it, so how to stop it completely?)- What GPO did I miss with Edge to not have that ‘welcome new deviceuser’ to appear and just load the website I want. Read More
