The Desktop FilesThe Microsoft Desktop Optimization Pack

Wes Miller

This column is based on prerelease elements of the Microsoft Desktop Optimization Pack. All information herein is subject to change.

Since the beginning of the Software Assurance (SA) licensing program several years ago, Microsoft has continuously sought to add features to SA so that customers would find increasing value over time. In addition to providing upgrades for Microsoft products included in the license, the company has sought to provide

products and technologies (Windows® PE was one of the first, for example) that can help an organization improve its experience with Windows, Office, and other Microsoft software.

The focus of many of these tools and programs has been for Microsoft to provide additional capabilities to reduce the overall cost of ownership of Windows, Office, and other Microsoft applications included in an organization’s SA coverage.

Microsoft acquired several companies in 2006 that all had similar agendas: to reduce the cost of ownership and complexity associated with managing and repairing Windows and Windows-based applications. Microsoft has combined a number of these newly acquired technologies into a new product offering, available as a value-add to customers who have SA. Technologies from Softricity, DesktopStandard, AssetMetrix, and Winternals Software will be available over the coming year as components of the Microsoft® Desktop Optimization Pack (MDOP). Additionally, MDOP will include a component that Microsoft built internally, called Microsoft System Center Desktop Error Monitoring.

As for savings, Microsoft estimates that MDOP can help save your organization anywhere from $100 to $500 per year per desktop, depending on the best practices you implement when using MDOP. More information about MDOP is available online at

Goals of the Microsoft Desktop Optimization Pack

The main goal for MDOP is, in short, to allow Microsoft to provide new management technologies on a more agile schedule, rather than being tied to new operating system releases. Granted, Microsoft wants to ensure that the time gap that existed between Windows XP and Windows Vista™ doesn’t occur again. But by providing tools in a predictable timeframe between releases, MDOP will allow Microsoft to flexibly meet the needs of its users, and this will allow enterprise customers to maximize the value of their software investments.

To help enterprises become more agile, Microsoft has sought out a strategy that can help customers move to a more dynamic infrastructure—dynamic, that is, in the sense Microsoft defines with its Dynamic Systems Initiative (DSI). For more information on DSI, read the information available at

But enough with the high-level strategy. Let’s take a look at each of the five technologies included in MDOP:

  • SoftGrid Application Virtualization
  • Asset Inventory Service
  • Diagnostics and Recovery Toolset
  • Advanced Group Policy Management
  • System Center Desktop Error Monitoring

SoftGrid Application Virtualization

SoftGrid Application Virtualization, which was acquired from Softricity, provides, as its name implies, application virtualization. When I first started digging into SoftGrid, I realized that it is what application publishing for Windows 2000 IntelliMirror® should have been. Why? Because applications aren’t published to clients, they are entirely virtualized. This allows applications to be easily made available on client (or Terminal Server) systems. Just as importantly, applications can be centrally managed and even recalled or updated as needed. Compared with the traditional model of MSIs and transforms, the SoftGrid model makes application deployment significantly less painful and less risky.

One way to think of SoftGrid is in the sense of a virtual image. You may be familiar with the concept of a disk image used to deploy Windows (and often applications within it) to systems. SoftGrid, in essence, takes the application and packages it into an application image, rather than an entire OS image.

SoftGrid Application Virtualization comprises three key components: application virtualization, application delivery, and central management console.

Application virtualization itself is composed of virtual representations of the Windows file system (including system files), the Windows registry, fonts, .ini files, COM/DCOM objects, services, kernel objects (semaphores, mutexes), named objects, and namespaces of all components.

It’s important that you don’t confuse SoftGrid virtualization with how Windows Vista UAC performs redirection. With UAC, when an application attempts to write to or modify protected areas of the registry or file system, it is redirected to a user-specific view of the registry and file system. SoftGrid, on the other hand, uses a concept of truly virtualizing the application to the operating system—including all registry and file system components that make it up. But the elegance of SoftGrid is that it isn’t a single blob that defines an application. Instead, it consists of:

  • An SFT file of up to 4GB. This contains one or more applications and all of their dependencies except Windows dependencies, which are expected to be on the destination systems.
  • An OSD file of approximately 2KB. This contains a definition of how the application can be requested and executed. You can think of the OSD file as an EXE.
  • An ICO file of about 24KB. This is effectively a shortcut to launch the application.
  • An SPRJ file of about 13KB. This is used by the sequencer (the core of SoftGrid) to publish, open, update, and repair existing packages.

A comprehensive diagram of how SoftGrid Application Virtualization works is available at the Web site products/architecture.asp.

A huge advantage of the SoftGrid solution is that a central management console (see Figure 1) can be used to determine which applications are available for a given Active Directory® user or set of users. Those applications can then be quickly streamed to users on demand via an industry standard streaming protocol. Once installed, the applications behave as if they are locally installed, they honor user customizations (even via Roaming User Profiles), and they function even when clients are disconnected from the network. Administrators can even stop applications from being available—dynamically or automatically (after a set time, for example).

Figure 1 SoftGrid Management Console

Figure 1** SoftGrid Management Console **

Most importantly, because of the way applications are deployed, an entire application does not need to be made available. Instead, only the pieces needed to run the application being used by the user are downloaded. Imagine a scenario where all of Microsoft Office is made available as a package. If a user only runs Word, only the necessary components to run it are downloaded—not the pieces needed to run Excel®, PowerPoint®, and so on. As soon as the user runs one of those applications—Excel, for example—its associated components are pulled down as needed.

What's in ERD?

  • Command prompt
  • Explorer
  • Search
  • Notepad
  • Solution Wizard
  • Administrative Tools: Autoruns, Disk Management, Event Viewer, Registry Editor, Services and Drivers, System Information
  • Networking Tools: File Sharing, Map Network Drive, TCP/IP Configuration
  • System Tools: Crash Analyzer, Disk Commander, DiskWipe, FileRestore, Hotfix Uninstall, Locksmith, System File Repair, System Restore

Another component of SoftGrid is its ability to do automatic metering and license checking. This helps you remain in compliance with your software licensing without needing additional software.

Almost any application can be virtualized. The key exceptions are Internet Explorer® and other Windows components (including hotfixes and service packs), antivirus software, and device drivers. If you are interested in digging deeper into how SoftGrid works and exploring what it can do, I recommend checking out the whitepaper available at

Advanced Group Policy Management

DesktopStandard made a name for itself by developing tools that bridged some of the weak links in Group Policy. By offering the tool formerly known as GPOVault in MDOP—now known as Advanced Group Policy Management—Microsoft has provided customers with a great tool that can take GPO from powerful (and sometimes dangerous) to a much more refined and controlled process.

If you are familiar with the fundamentals of source control software, imagine Advanced Group Policy Management as source control for your Active Directory Group Policies. (See Figure 2 for a screenshot of the Advanced Group Policy Management console.) Administrators check out existing policy revisions, make changes, and check them back in, auditing the results using Group Policy Management Console-like reports. Once the administrator is satisfied that the desired policy state has been reached, he can commit the changes and make them live. Like good source control software, when something does go wrong, the changes can be quickly and safely rolled back to an earlier revision without any of the guesswork that would usually occur in such a process.

Figure 2 Advanced Group Policy Management console

Figure 2** Advanced Group Policy Management console **

Another key aspect of this process is the ability to edit policies offline, rather than requiring changes to be made to all online, active systems. This allows for isolated testing of changes before changes are made across the domain or OU.

Finally, through a role-based model, Advanced Group Policy Management allows changes to be driven through a designed workflow process. By creating roles (such as editor, reviewer, and approver), an admin can ensure that a process is put in place that will allow changes to be made in a controlled manner. Thus, when the implementer believes that the change is ready to be committed, he can have a strong change-control mechanism to ensure that knee-jerk GPO changes do not occur without appropriate approval.

Asset Inventory Service

The Asset Inventory Service, composed of technology that Microsoft obtained through the acquisition of AssetMetrix, is a very powerful inventorying and asset management solution. Unlike the other components of MDOP, AIS employs a hosted Web model. AIS uses a very low-footprint, low-bandwidth agent, which can either run one time or at periodic intervals, allowing an administrator to look for applications by searching an incredibly extensive Microsoft-hosted database of over 400,000 applications to determine which are installed on client systems. AIS can then take this rolled-up data and reconcile it with your purchased licenses to ensure compliance and reduce waste due to license over-purchasing.

Some administrators may initially be hesitant to use AIS given that it is a hosted model outside of the firewall and it inventories internal systems for installed software. But it’s important to understand the extensive work that Microsoft has done to ensure organizational privacy, beginning with rewriting core components of the application that makes up AIS. There is no tying of individual computer data back to any organizational data. Microsoft will also be certifying the data transfer technology with a third party to ensure that customers are comfortable with the model being used by AIS.

Diagnostics and Recovery Toolset

As you may know (if you’ve ever read the bio on my columns over the past several months), I was a member of Winternals when it was acquired by Microsoft. I was the Product Manager over most of the Winternals products during my tenure there, including the Winternals Administrator’s Pak. This was the predecessor to the Microsoft Diagnostics and Recovery Toolset (DaRT). While some of the tools that previously existed in the Administrator’s Pak are not included in DaRT, the key components that comprised the ERD Commander product are still available.

The goal of DaRT is to provide a set of tools that can help you diagnose system problems—even if a system is not booting properly. And you can often repair those problems offline.

ERD Commander utilizes Windows PE to boot a system that is not booting or is not booting normally. Under a custom Windows Explorer-like user interface, a set of tools are available. Two of these tools, Crash Analyzer and FileRestore, are available for online use as well. However, these must be installed on every system that you wish to run them on if you are not using ERD Commander for offline diagnostics or recovery.

The DaRT version of ERD Commander is shown in Figure 3. A list of the tools included in the ERD Commander component can be found in the sidebar. With the exception of the Explorer tool, the first five tools listed are the same applications you would use on a normal Windows installation. Explorer is, as is the Start Menu application it is launched from, a specialized (smaller) version developed to be run under Windows PE.

Figure 3 ERD Commander

Figure 3** ERD Commander **

Autoruns is a tool, derived from a Sysinternals tool of the same name, which lets you see all applications that are set to start when the system boots or a user logs on. Disk Management, Event Viewer, Services and Drivers, and System Information are tools that live within a common user interface and provide comparable experiences to similarly named tools under Windows. Services and Drivers is particularly useful in that it can help you get a system booting when the system is failing due to a device driver or service that is not working correctly. Finally, the Windows Registry Editor is included so that you can manipulate the registry of an offline system.

Networking is also available under ERD Commander. Though the system is automatically configured via DHCP, you can set a static IP address using the TCP/IP Configuration applet. Regardless of whether you use DHCP or static IP addressing, you can either map a network drive and copy files to or from the downed system or use File Sharing to turn the system into a file server so that you can then use a working system to copy files off of the failing system.

Finally, a collection of miscellaneous tools are also included. Crash Analyzer uses the Debugging Tools for Windows (which must be downloaded and installed separately—they are free, but are updated often) to diagnose the cause of a crash. You can either run it offline under ERD Commander if the system is not booting or copy a DMP file to a running system with DaRT installed and diagnose it there. Once pinned down, if the culprit is a new service or driver, you can use the Services and Drivers tool to disable it and see if the system returns to functioning normally.

Disk Commander can help you recover a partition that has been accidentally deleted or damaged as well as a group of files or a directory that has been deleted. On the opposite end of the spectrum, DiskWipe allows you to complete a DoD-compliant disk or volume erasure. FileRestore allows you to (either online or offline) recover a single file that may have been accidentally deleted. Bear in mind that the type of file and the time/disk activity since deletion will affect the recoverability, regardless of the tool you use.

In the event that a Windows hotfix or service pack prevents the system from booting normally, you can use Hotfix Uninstall to selectively uninstall one or more hotfixes or service packs. Rebooting is required to complete the process, as Windows doesn’t support the complete offline removal of applications. But it can often get you booting again.

Locksmith was one of the most popular tools included in the ERD Commander toolset at Winternals. It allows you to reset any local user’s password. It does not work on domain controllers and cannot reset any domain user’s password—it is generally used to reset the local administrator’s password when it has been forgotten or the user has left the organization. System File Repair will go through all protected system files and investigate them to see if any are corrupt and replace them as needed. System Restore, as the name implies, lets you roll back or forward to any Windows System Restore point on a Windows XP system. (Windows XP with pre-existing restore points is required to use this functionality.) I am among the many users who have been saved by this unique functionality.

The tools in ERD Commander and DaRT may seem somewhat random, but they are a powerful compilation of utilities that Winternals developed over time. I am sure you will see their value and find them useful in your recovery and troubleshooting tasks.

System Center Desktop Error Monitoring

System Center Desktop Error Monitoring (DEM) provides a fast and easy way for any organization to centralize and diagnose Windows crashes and application hangs. Instead of sending crash and hang reports to Microsoft, DEM uses Group Policy and the built-in Windows Error Reporting to send reports to a server you designate within your organization for diagnosis (and it doesn’t require an additional software agent). All DEM server data is stored in a SQL Server database, so you can easily query the collected data for your own internal applications and reporting. This allows you to diagnose problems within your organization proactively. Using this information, you can mandate reporting of such incidents, discover the most frequent causes of crashes and hangs, and ensure that Windows and application patches are prioritized to minimize or eliminate system downtime.

You can also configure your DEM server to upload the results to Microsoft, as well as to have DEM automatically download the latest troubleshooting data for Microsoft and third party applications. Additional data can be gathered from clients in the event of a crash or hang.

Licensing MDOP

The first requirement for a customer to license MDOP is an existing Microsoft SA agreement. Once in hand, the licensing costs begin at $7 to $10 per desktop. Volume discounts and educational pricing are available.

The MDOP is not available outside of the context of an SA agreement, with one exception: Customers who wish to use SoftGrid technologies with their Terminal Servers (see or SMS (see can do so, and AssetMetrix technologies will be made available in future SMS and System Center Configuration Manager releases.

Availability and Updates

The initial components of MDOP are available today. The components are shipping as follows:

  • SoftGrid has been available from Microsoft since early 2007.
  • The Microsoft DaRT has been available since May 2007.
  • The GPOVault technologies should be available in July 2007.
  • Desktop Error Monitoring should be available in MDOP in July 2007.
  • AssetMetrix technologies should be available in beta in July 2007 and will be available for release in August.
  • An update to the DaRT components is planned for late 2007, with the key enhancement being Windows Vista compatibility.

The plan for future releases of MDOP is to provide enhancements, upgrades, and new features twice yearly.

Direction for MDOP

As mentioned, key components of AssetMetrix technologies will be integrated into future versions of System Center Configuration Manager. In fact, you can expect that over time, as Microsoft evolves the MDOP functionality, some of it will trickle over into the baseline Microsoft deployment, management, and configuration technologies. New technologies (some created by Microsoft, some acquired from other companies), will then be made available in future versions of MDOP. In essence, MDOP will be an evolving package of cutting-edge management and configuration technologies.

Wes Miller is a Development Manager at Pluck in Austin, Texas. Previously, he worked at Winternals Software in Austin and at Microsoft as a Program Manager and Product Manager for Windows. Wes can be reached at

I’d like to express my gratitude to Chad Jones and Gavriella Schuster, Product Managers for the Microsoft Desktop Optimization Pack, for assisting me with this column.

© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.