- Tactical RMM: Open Source remote monitoring and management for Windows - Thu, Jan 27 2022
- Use OpenSSL-based software XCA as offline root certificate authority for AD Certificate Services - Wed, Jan 27 2021
- Deploy software with WPKG and Active Directory - Tue, Dec 8 2020
Installation
DesktopComposer comprises two programs: an agent that has to be installed on every client machine and an administration program that is installed on the admin machine.
First download the latest release of DesktopComposer from GitHub and install it on your client machines. You can also deploy it silently by launching the setup file with the /VERYSILENT flag.
Then move to your admin machine and install the ComposerAdmin software.
Creating the composition file
Open ComposerAdmin and begin editing your Start menu. As a starting point, you can:
- Import the Start menu of the local computer
- Import the Start menu of a computer in the local network (e.g., your terminal server)
- Create a Start menu from scratch
ComposerAdmin after importing the Start menu from the local machine
As in Windows Explorer, you can edit shortcut properties. In addition, you can:
- Disable shortcut deployment
- Set shortcut deployment to the user's Start menu
- Set shortcut deployment to the user's desktop
You can edit shortcuts as in Windows Explorer
You can set an ACL for every shortcut that is based on user and group membership in your Active Directory.
Every ACL can be disabled or denied if you want to deploy shortcuts for users who are NOT members of the group specified in the ACL.
Set ACL on shortcut
When you have finished editing the Start menu, save the composition file to a location readable by users you wish to deploy (for example, \\mydomain\netlogon\startmenu.dcxml).
Deploy Start menu with Group Policy
First, install the administrative templates provided with ComposerAdmin software. The installer deploys a shortcut for the admx folder (the default location of ADMX files is C:\Program Files\Sequence Software\ComposerAdmin\Tools\ADMX).
Computer policy
In Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups, create a new local group called DesktopComposer Users and add the users or groups to it whose Start menu configuration you want to control with DesktopComposer.
Add users to DesktopComposer local group
User Policy
Open User Configuration > Windows Settings > Scripts (Logon/Logoff) > Logon and add a new logon script:
- Script Name: %PROGRAMFILES%\Sequence Software\Composer Agent\ComposerAgent.exe
- Script Parameters: -compose
This triggers the composition of the Start menu and desktop shortcuts at user logon.
Add logon script
Optionally, open User Configuration > Windows Settings > Scripts (Logon/Logoff)\Logoff and add a new logoff script:
- Script Name: %PROGRAMFILES%\Sequence Software\Composer Agent\ComposerAgent.exe
- Script Parameters: -decompose
This restores the initial Start menu and desktop shortcuts at user logoff.
Next, open User Configuration > Administrative Templates > Sequence Software > DesktopComposer Agent.
DesktopComposer specific group policy settings
- Set Enable Composition Agent to Enabled.
- Set Composition File Location to the composition file previously saved (e.g., \\mydomain\netlogon\startmenu.dcxml).
- Optionally, you can set the Log File Location (e.g., %TEMP%\COMPOSERLOG.LOG) and Log Threshold. By default, it saves logs in %APPDATA%\Desktop Composer.
Testing
Log in with your favorite test user and see whether the Start menu is built according to the settings specified in the composition file.
Testing Start menu deployment
If something goes wrong, check the logs (by default, they are located in %APPDATA%\DesktopComposer) and/or raise the log verbosity.
Further improvements
DesktopComposer is designed for terminal services and VDI clients, so a strict requirement is that the machine is connected to a domain network for the program to work. A cache feature is planned for the upcoming version.
Subscribe to 4sysops newsletter!
The ability to manage and dynamically deploy the tiles of the Start menu is currently under investigation.
Hello Riccardo and welcome to 4sysops crew .)
Interresting tool. A bit cumbersome that it requires intallation on the target machines.
Is is so that the defined start menu items are added to the menu or it completely replaces the default one?
Cheers L
Hi Leos! Glad to be here 🙂
Installation of agent isn’t strictly required, It is just for convenience because the installer does some tasks, like setting ACL on all user’s menu and adding a user group to the system that can be done also in a machine login script GPO (by calling %agentexecutablefullpath% -install).
Start menu items defined in Composition file will replace both the common start menu and user’s start menu. At startup the agent takes a backup of initial user’s start menu, which will be restored at logoff, when agent is called with switch -decompose.
Cheers!
Welcome 🙂
Few more questions please.
1) Icon replacement – in your screen I see 2 default icons – settings and security. Is is something you defined in the tool? The reason Im asking is, if I want user to have things like Calculator, etc, do I need to define them in the composer or the Default Windows things are always available?
2) How the application of the layout works on the target machine if the agent is not installed? In the GPO you configure I see the GPO calls the agent executable as the first step.
Thanks L
1) In this case settings are defined in the tool. Security is a link that unfortunately can’t be overridden. If you want the user to have calculator, notepad, etc… you’ll have to define them in composer.
2) You can avoid agent install by putting the agent folder on an UNC path (i.e. \\mydomain\netlogon\composeragent\ and in the GPO call the executable. But you have to call the after-installation steps of agent in computer logon scripts (i.e. \\mydomain\netlogon\composeragent\composeragent.exe -install ), which creates the DesktopComposer Local user groups and sets ACLs on Common start menu folder.
Clear, thanks.