image In most cases it is recommended to use the MED-V Server Configuration utility (%PROGRAMFILES%\Microsoft Enterprise Desktop Virtualization\ServerSettings.exe) to make configuration changes to the MED-V Policy Server, but there are some circumstances in which you will have to make modifications to the configuration file that controls the server settings (serversettings.xml). Those reasons include:

  • Multi-Server Deployment/Provisioning
  • Currently the serversettings.exe (MED-V Server Configuration Manager) is not supported on Windows Server 2008 R2 X64 edition.  The only supported way is to modify the serversettings.xml file located in C:\Program Files\Microsoft Enterprise Desktop Virtualization\Servers.

NOTE: This feature will be addressed in a future service pack

The following sections correlate the settings in the XML configuration file with its location in the MED-V Server Configuration Manager user interface. We recommend you make these changes using NOTEPAD or a text editor. Please do not use an application such as wordpad or Microsoft Word as this can malform the XML file.

Client Connections Tab

The following Tags correlate with the options that can be set under the "Client Connections" tab.

<HttpPort>

If configuring the server for unencrypted connections, specify this tag with the port. The default is 80.

<SslPort>

If configuring the server for encrypted connections, specify this tag with the port. The default is 443.

 <EncryptionMode>

This should be set to either None, Optional, or Required.

None = means only HTTP connections will be allowed. Requires <HttpPort> to also be configured.

Optional = means both HTTP and HTTPS connections will be allowed. Requires both <HttpPort> and <SslPort> to also be configured. <SslCertificateThumbprint> will also need to be configured for SSL.

Required = means only HTTPS connections will be allowed. Requires <SslPort> to also be configured as well as the <SslCertificateThumbprint>

Images Tab

The following Tags correlate with the options that can be set under the "Images" tab.

<VmsDirectory>

This is the directory for the Virtual Machines for the Policy Server. The default is C:\MED-V Server Images.

<VmsServerBaseUrl>

This is the location of the URL for the path for Image upload and download (Image Distribution Server location.) There is no default.

Permissions

The following Tags correlate with the options that can be set under the "Permissions" tab. When you give a user permission to manage the MED-V server, you must specify several tags.

<LoginList>

This represents the section heading where the entries have to be added.

<LoginUserEntity Sid="SID"> - where SID is the actual SID of the user or group.

Each entry is identified by the <LoginUserEntity> tag. Each entry also needs to contain the following additional tags

<EntityType>

Type of security entity either user or group.

<Name>

The user name or group name.

<HasChangePermission>

This determines whether the management access will be read-only or whether changes can be made. The values are either true or false.

Here is an example of a <LoginList> section that grant read-only access to Everyone, grants change permissions to specific users, and read-only permissions to two groups.

<LoginList>
<LoginUserEntity Sid="S-1-1-0">
<EntityType>Group</EntityType>
<Name>Everyone</Name>
<HasChangePermission>false</HasChangePermission>
</LoginUserEntity>
<LoginUserEntity Sid="S-1-5-21-124525095-708259637-1543119021-630690">
<EntityType>User</EntityType>
<Name>CONTOSO\steveth</Name>
<HasChangePermission>true</HasChangePermission>
</LoginUserEntity>
<LoginUserEntity Sid="S-1-5-21-124525095-708259637-1543119021-209603">
<EntityType>User</EntityType>
<Name>CONTOSO\sbucci</Name>
<HasChangePermission>true</HasChangePermission>
</LoginUserEntity>
<LoginUserEntity Sid="S-1-5-21-124525095-708259637-1543119021-802833">
<EntityType>User</EntityType>
<Name>CONTOSO\jalanis</Name>
<HasChangePermission>true</HasChangePermission>
</LoginUserEntity>
<LoginUserEntity Sid="S-1-5-21-2127521184-1604012920-1887927527-5291531">
<EntityType>Group</EntityType>
<Name>CONTOSO\medvse</Name>
<HasChangePermission>false</HasChangePermission>
</LoginUserEntity>
<LoginUserEntity Sid="S-1-5-21-2127521184-1604012920-1887927527-5301847">
<EntityType>Group</EntityType>
<Name>CONTOSO\medvsee</Name>
<HasChangePermission>false</HasChangePermission>
</LoginUserEntity>
</LoginList>

Reports

The following Tags correlate with the options that can be set under the "Reports" Tab.

<DatabaseUsername>

This is only needed if you are authenticating using SQL authentication.

<DatabasePassword>

This is only needed if you are authenticating using SQL authentication.

<DatabaseEnabled>

If Reporting is enabled, set this to true. Otherwise, set it to false.

<DatabaseConnectionStringFormat>

This should correlate with the format normally placed in the user interface. It should contain the following options:

Data Source: The destination of the SQL Server configured for reporting.

Initial Catalog: The destination database

Integrated Security: Whether mixed mode authentication is enabled.

The following example uses a remote SQL Server instance named MEDV on SQL Server SQLSERVER01. The destination database is medv and Windows Integrated Security is used:

Data Source=SQLSERVER01\MEDV;Initial Catalog=medv;Integrated Security=True

Other Options

There are a couple of additional options which cannot be set in the user interface:

<ChangePasswordEnabled>

Determines whether a user has the option to change their password if expiry is hit when trying to log on to the workspace. By default, this is set to true.

<SslCertificateThumbprint>

This is the certificate thumbprint. You can find this by double clicking on the certificate (either on the filesystem or mmc window), going to the Details tab, and scrolling down to the Thumbprint value.

Hope this helps,

Steve Thomas | Senior Support Escalation Engineer