App Layering

Prepare the OS for layering

You can prepare your operating system for layering at any time, even if the App Layering software has not yet been installed. It is important that you meet all requirements so that the OS layer works correctly in your environment.

Once you have met the requirements and have familiarized yourself with the guidelines for what to include in the OS layer, use the instructions for preparing the OS in your hypervisor environment. If you later expand support to another hypervisor, you can reuse this OS layer by installing the tools for the second hypervisor on the Platform layer that you create for that second environment.

Requirements and recommendations

When preparing an OS image, meet the following requirements and consider the related recommendations.

  • One OS layer (recommended): Ideally, you can create one, generic OS layer and reuse it in all of the layered images you publish. This keeps layer maintainence to a minimum, because App and Platform layers only work with the OS layer used to create them. If you need to support both a desktop and a server OS, you must create an OS layer for each one, along with a set of Platform and App layers for each.
  • Fresh OS image: Start with a fresh image of a supported Windows OS from your hypervisor. This ensures that the image is optimized for your environment.
  • IP address from DHCP: Make sure that the OS image is not in a domain. Ensure that the image gets its IP address from DHCP. Otherwise, you cannot install the App Layering OS Machine Tools. Domain join can be done in the platform layer.
  • Virtual machine is MBR-partitioned: Ensure that the virtual machine for your OS layer is master boot record (MBR) partitioned, rather than GUID partition table (GPT) partitioned. For Hyper-V, the virtual machine must be Gen 1. Once the initial OS layer is created, it can be converted to Gen2 by adding a revision.
  • App Layering OS Machine Tools: Locate the OS Machine Tools in the App Layering installation package.
  • Optimization script for MS Office: If you are going to run MS Office, you must use the optimization script included in the installation package.

Citrix Hypervisor, MS Hyper-V, or VMware vSphere

In the rare case that you need to run Windows Mini Setup, you can edit the unattend.hta file we supply for your needs.

  • Answer file for unattended installation (optional): The answer file is included in the App Layering download.


    Avoid using third-party scripts, because they can change services and features that the App Layering service uses, for example, Universal Plug and Play and the 8.3 file names setting.

What to include in the OS layer

Include the following software and settings in the OS layer:

  • Hypervisor tools: You must include your hypervisor tools in the OS layer. You can upgrade the tools by adding a new version to the layer.


    • When you upgrade the hypervisor tools on the OS layer, test the existing platform layer to see if it needs updating. Depending on the platform and what else is installed on it, you may need to recreate the platform layer.
    • If you are using the same OS layer with multiple hypervisors, it makes sense to install the hypervisor tools in purpose-built platform layers for those given hypervisors.
  • Legacy NIC for Citrix Provisioning for Hyper-V: Include a legacy NIC, if you are using Citrix Provisioning for Hyper-V.
  • .NET Framework v4.0 or later: Include .NET Framework v4.0 or later so that Windows updates are only required on the OS layer. For example, .NET 4.8 is required for Citrix Virtual Apps and Desktops (CVAD) 2303 to add a VDA.
  • .NET Framework 3.5 (when creating an MS Office layer): For ease in updating, install all versions of the .NET Framework on the OS layer before creating the Office layer. If .NET Framework v3.5 is not present when you install Office, Office installs it for you, and it is not recommended to have .NET Framework versions or updates installed in app layers.
  • Disable Windows updates using local GPO: Disable Windows updates on the OS layer, and do so using Local GPO rather than the Windows Update Service.
  • Windows Store app removal: If you remove Windows Store apps, remove them from the OS layer, not on an App layer.
  • Windows activation: Use KMS for Windows Activation. When creating your OS layer, run SetKMSVersion.exe to configure the startup scripts that activate the correct version of Windows.
  • User accounts and groups: Any extra user accounts or groups must be created in the OS layer. Any domain group membership changes must be done through Group Policy.
  • Checkpoints: All checkpoints that you include must be collapsed.
  • Applications that create local users: Include apps that create local users to ensure that changes to local groups and local users are captured, something that is not done on Platform and App layers.

What not to include in the OS layer

Do not include the following software on the OS layer.

  • Provisioning software: Software associated with your Provisioning Service must be installed on your Platform layer, not on the OS layer.
  • Connection broker software: Your connection broker software must also be installed on your Platform layer, not on the OS layer.
  • MS Office and other apps: Do not include MS Office or other applications on the OS layer, except for the few apps that create local users. Generally, applications should be installed on App layers.
  • Diff disk: Do not use a diff disk.
  • Domain join: Do not join the OS layer to an Active Directory domain. Instead, join the domain in the Platform layer. This allows you to use the same OS in different domains.
  • Debug flag: The Debug flag cannot be enabled in any BCD boot entry in your OS layer if you are using Secure Boot. Whether the flag is true or false does not matter; the flag itself cannot be present, as it is known to cause issues.

For detailed steps to prepare the OS, select your hypervisor:

Prepare the OS for layering