Use the Enterprise Deployment Tool for the Amazon AppStream 2.0 Client to Install and Configure the Client Remotely
------------------------------------------------------------------
This readme file describes the files that are included with the Enterprise Deployment Tool for the Amazon AppStream 2.0 client and how to install the AppStream 2.0 client and USB driver. It also summarizes the registry keys that you can create to set the start URL for the AppStream 2.0 client and define other client behaviors for your users. Finally, the readme describes how to update the AppStream 2.0 Deployment Tool, USB driver, and client manually. Manual updates are required if you used the Enterprise Deployment Tool to install the AppStream 2.0 client and USB driver for your users and you did not enable automatic client and USB driver updates. For more information, see "Install and Configure the AppStream 2.0 Client" in the AppStream 2.0 Administration Guide: https://docs.aws.amazon.com/appstream2/latest/developerguide/install-configure-client.html.
------------------------------------------------------------------
1.	Download the AppStream 2.0 Client Installation Files and Group Policy ADM file:
Download the Enterprise Deployment Tool .zip file from the bottom right of the AppStream 2.0 supported clients page, at https://clients.amazonappstream.com. The .zip file contains the following three files: 
-	AppStream 2.0 client Installer (AmazonAppStreamClientSetup_<version>.msi) - Installs the AppStream 2.0 client.

-	AppStream 2.0 USB driver installer (AmazonAppStreamUsbDriverSetup_<version>.exe) - Installs the AppStream 2.0 USB driver that is required to use USB devices with applications streamed through AppStream 2.0.

-	AppStream 2.0 client Group Policy administrative template (as2_client_config.adm)  Lets you configure the AppStream 2.0 client through Group Policy.

2.	Install the AppStream 2.0 Client and USB Driver:

After you download the AppStream 2.0 client installation files, you can run the following PowerShell script to install the client and USB driver silently. To run this script, you must be logged into the applicable computer with Administrator permissions. You can also run the script remotely under the SYSTEM account on startup.

Start-Process msiexec.exe -Wait -ArgumentList '/i AmazonAppStreamClientSetup_<version>.msi /quiet'
Start-Process AmazonAppStreamUsbDriverSetup_<version>.exe -Wait -ArgumentList '/quiet'

After you install the Enterprise Deployment tool on users computers, the AppStream 2.0 client is also installed automatically for current users. For new users, the client is installed the first time that they log in to their computer. However, if users uninstall the AppStream 2.0 client, the client isnt installed again until you update the AppStream 2.0 Enterprise Deployment Tool as described in step 10.

3.	Enable Client Users to Access Domains Other than the AppStream 2.0 Domain:
By default, when users open the AppStream 2.0 client, they can connect only to URLs that include the AppStream 2.0 domain or domains that include a DNS TXT record that enables the connection. You can let users access domains other than the AppStream 2.0 domain by doing any of the following:
       -Set the StartUrl registry value to specify a custom URL that users can access, such as the URL for your organizations login portal.
       -Set the TrustedDomains registry value to specify trusted domains that users can access.
       -Create the AS2TrustedDomains DNS TXT record to specify trusted domains that users can access. This method lets you avoid registry changes.
You can use the StartUrl registry value to set a custom URL that is populated in the AppStream 2.0 client when a user launches the client. You can create this HKLM registry key while installing the client so that your users dont need to specify a URL when they launch the client. You can also configure the client to connect to URLs in trusted domains that you specify. For example, you may want to let users connect to any URL in your organizational domain or to any URL in one or more of your IdP domains. When you specify the URL, use the following format: *.example-idp.com. You can specify a list of trusted domains in a comma-separated format. Add this list as a registry value to the AppStream 2.0 TrustedDomains HKLM registry key. We recommend that you create these registry keys and specify the list of trusted domains when you install the AppStream 2.0 client. Or, if you are using Microsoft Active Directory, you can do this through Group Policy. That way, your users can connect to a URL in any trusted domain immediately after the client is installed. 
Finally, you can enable users to connect to any URL in your organizational domain (for example, *.example.com) or to any URL in your IdP domains (for example, *.example-idp.com) by creating a DNS TXT record in that domain. When you create the DNS TXT record, the StartURL or TrustedDomains registry values are not required to allow a user to connect to a URL. You can specify a list of trusted subdomains in a comma-separated format, prefixed with AS2TrustedDomains=. Then, create a DNS TXT record for the appropriate domain. For more information, see Create the AS2TrustedDomains DNS TXT Record to Enable Your Domain for the AppStream 2.0 Client Without Registry Changes in the AppStream 2.0 Administration Guide: https://docs.aws.amazon.com/appstream2/latest/developerguide/install-client-configure-settings.html#create-AS2TrustedDomains-DNS-TXT-record-client.
------------------------------------------------------------------
Configure a start URL for AppStream 2.0 client users
RegKey,RegKeyType,RegKeyValue
StartUrl,String,https://www.example.com #Set this value to define a custom URL that is populated in the AppStream 2.0 client.
------------------------------------------------------------------
Allow trusted domains to be specified in the AppStream 2.0 client
RegKey,RegKeyType,RegKeyValue
TrustedDomains,String,*.example.com, *.aws.example.com, aws.example.com #Set this value to specify a list of trusted domains for the Appstream 2.0 client.
------------------------------------------------------------------
After the AppStream 2.0 client is installed, you can run the following PowerShell script to create these registry keys. Or, you can use the ADM template that is provided in the AppStream 2.0 client Enterprise Deployment Tool to configure the client through Group Policy.

$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "StartUrl" -Value "https://www.example.com" -PropertyType String -Force | Out-Null

$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "TrustedDomains" -Value "*.example1.com, *.example2.com, *.aws.example.com, aws.example.com" -PropertyType String Force | Out-Null

4.	Choose Whether to Disable Automatic Updates for the AppStream 2.0 Client:
By default, when a new version of the AppStream 2.0 client is available, the AppStream 2.0 client updates automatically to the latest version. However, you can configure the AutoUpdateDisabled registry value to disable automatic updates by setting the registry value to true. You can create this HKLM registry key when you install the AppStream 2.0 client. That way, the client is not updated automatically whenever a new version is available. 
------------------------------------------------------------------
Allow automatic updates for the AppStream 2.0 client to be disabled
RegKey,RegKeyType,RegKeyValue
AutoUpdateDisabled,String,true/false #Set this value to true to disable automatic updates for the AppStream 2.0 client.
------------------------------------------------------------------
After the AppStream 2.0 client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the ADM template that is provided in the AppStream 2.0 client Enterprise Deployment Tool to configure the client through Group Policy.

$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "AutoUpdateDisabled" -Value "false" -PropertyType String -Force | Out-Null

5.	Choose Whether to Disable Native Application Mode for the AppStream 2.0 Client:
By default, the AppStream 2.0 client can run in either classic mode or native application mode. However, you can configure the NativeAppModeDisabled registry value to disable native application mode by setting the registry value to true. You can create this HKLM registry key when you install the AppStream 2.0 client. If the value is set to true, the client runs in classic mode only.
------------------------------------------------------------------
Allow native application mode for the AppStream 2.0 client to be disabled
RegKey,RegKeyType,RegKeyValue
NativeAppModeDisabled,String,true/false #Set this value to true to disable native application mode for the AppStream 2.0 client.
------------------------------------------------------------------
After the AppStream 2.0 client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the ADM template that is provided in the AppStream 2.0 client Enterprise Deployment Tool to configure the client through Group Policy.

$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "NativeAppModeDisabled" -Value "true" -PropertyType String -Force | Out-Null

6.	Choose Whether to Disable DNS TXT Record Lookup for Domains that are Trusted by the AppStream 2.0 Client:
By default, when users launch the AppStream 2.0 and specify a URL that is not an AppStream 2.0 domain, the AppStream 2.0 client performs a DNS TXT record lookup. However, you can configure the DnsTxtRecordQueryDisabled registry value to disable DNS TXT record lookup by setting the registry value to true. You can create this HKLM registry key when you install the AppStream 2.0 client. If the value is set to true, the client connects only to URLs that are specified by the StartUrl or the TrustedDomains registry keys. For information about how to specify values for these registry keys, see "Install the AppStream 2.0 Client And Customize the Client Experience for Your Users" in the AppStream 2.0 Administration Guide.
------------------------------------------------------------------
Allow DNS TXT record lookup to be disabled for domains trusted by the AppStream 2.0 client RegKey,RegKeyType,RegKeyValue
DnsTxtRecordQueryDisabled,String,true/false #Set this value to true to disable DNS TXT record lookup for domains trusted by the AppStream 2.0 client.
------------------------------------------------------------------
After the AppStream 2.0 client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the ADM template that is provided in the AppStream 2.0 client Enterprise Deployment Tool to configure the client through Group Policy.

$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "DnsTxtRecordQueryDisabled" -Value "true" -PropertyType String -Force | Out-Null

7.	Choose Whether to Allow Users to Upload Diagnostic Logs and Minidumps on Demand for the AppStream 2.0 Client
By default, the AppStream 2.0 client allows users to upload diagnostic logs and minidumps (error reports) on demand to AppStream 2.0 (AWS). Users can send diagnostic logs to AppStream 2.0 (AWS) before they sign in to an AppStream streaming session by selecting the Send Diagnostic Logs link on the bottom of the AppStream 2.0 client sign-in page. If they experience an issue during an AppStream 2.0 streaming session, they can choose Send Diagnostic Logs from the Profiles menu in the upper right of the AppStream 2.0 session window. If an exception occurs or the AppStream 2.0 client stops responding, users are prompted to choose whether they want to upload the minidump and associated logs. You can configure the UserUploadOfClientLogsAllowed registry value to disable these behaviors by setting the registry value to 'false'. You can create this HKLM registry key when you install the AppStream 2.0 client. If the value is set to 'false', the Send Diagnostic Logs link and menu option do not display for users. In addition, users are not prompted to choose whether to upload the minidump and associated logs if an exception occurs or if the client stops responding.
------------------------------------------------------------------
Allow users to enable uploads of diagnostic logs and minidumps for the AppStream 2.0 client RegKey,RegKeyType,RegKeyValue
UserUploadOfClientLogsAllowed,String,true/false #Set this value to false to disable user uploads of diagnostic logs and minidumps in the AppStream 2.0 client.
------------------------------------------------------------------
After the AppStream 2.0 client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the ADM template that is provided in the AppStream 2.0 client Enterprise Deployment Tool to configure the client through Group Policy.

$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "UserUploadOfClientLogsAllowed" -Value "false" -PropertyType String -Force | Out-Null

8.	Choose Whether to Disable Local Printer Redirection for the AppStream 2.0 Client:
By default, the AppStream 2.0 client allows users to redirect print jobs from their streaming applications to a printer that is connected to their local computer. However, you can configure the PrinterRedirectionDisabled registry value to disable local printer redirection by setting the registry value to true. You can create this HKLM registry key when you install the AppStream 2.0 client. If the value is set to true, the client does not redirect print jobs from users streaming applications to a printer that is connected to their local computer.
------------------------------------------------------------------
Allow local printer redirection for the AppStream 2.0 client to be disabled
RegKey,RegKeyType,RegKeyValue
PrinterRedirectionDisabled,String,true/false #Set this value to true to disable printer redirection for the AppStream 2.0 client
------------------------------------------------------------------
After the AppStream 2.0 client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the ADM template that is provided in the AppStream 2.0 client Enterprise Deployment Tool to configure the client through Group Policy.

$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "PrinterRedirectionDisabled" -Value "true" -PropertyType String -Force | Out-Null

9.	Choose Whether to Disable Smart Card Redirection for the AppStream 2.0 Client:
By default, smart card redirection is enabled for the AppStream 2.0 client. With smart card redirection, client users can sign in to their streaming applications by using a smart card that is connected to their local computer. The client redirects the smart card API calls from users' streaming applications to their local smart card. You can disable smart card redirection by setting the value for the SmartCardRedirectionDisabled registry key to 'true'. You can create this HKLM registry key when you install the AppStream 2.0 client. If the value is set to 'true', users cannot sign in to their streaming applications by using a smart card that is connected to their local computer, and the client does not redirect smart card API calls from users' streaming applications to their local smart card.
------------------------------------------------------------------
Allow smart card redirection for the AppStream 2.0 client to be disabled
RegKey,RegKeyType,RegKeyValue
SmartCardRedirectionDisabled,String,true/false #Set this value to true to disable smart card redirection for the AppStream 2.0 client
------------------------------------------------------------------
After the AppStream 2.0 client is installed, you can run the following PowerShell script to create this registry key. Or, you can use the ADM template that is provided in the AppStream 2.0 client Enterprise Deployment Tool to configure the client through Group Policy.

$registryPath="HKLM:\Software\Amazon\AppStream Client"
New-Item -Path "HKLM:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "SmartCardRedirectionDisabled" -Value "true" -PropertyType String -Force | Out-Null

10.	Configure Additional AppStream 2.0 Client Behaviors for Your Users:

The AppStream 2.0 client uses the following HKCU registry keys to configure the following behaviors:

-	AppStream 2.0 client End-User License Agreement (EULA) acceptance
-	AppStream 2.0 client EULA version accepted
-	Diagnostic logging for the AppStream 2.0 client
-	Automatic updates for the USB driver that is used to pass USB drivers to AppStream 2.0
-	Disabling hardware rendering in the AppStream 2.0 client
-	Setting custom folder paths for file system redirection in the AppStream 2.0 client
You can create these registry keys when you install the AppStream 2.0 client so that your users dont need to specify these values the first time they launch the client. 
------------------------------------------------------------------
a.	AppStream 2.0 client EULA acceptance
RegKey,RegKeyType,RegKeyValue
EULAAccepted,String,true/false #Set this value to true to accept the AppStream 2.0 client EULA on behalf of your users.
------------------------------------------------------------------
b.	AppStream 2.0 client EULA version accepted
RegKey,RegKeyType,RegKeyValue
AcceptedEULAVersion,String,1.0 #The version of the EULA that is accepted. If the current version of the AppStream 2.0 client EULA is different than the version of the EULA that is accepted, users are prompted to accept the current version of the EULA.
------------------------------------------------------------------
c.	Diagnostic logging for the AppStream 2.0 client
RegKey,RegKeyType,RegKeyValue
DiagnosticInfoCollectionAllowed,String,true/false #Set this value to true to enable AppStream 2.0 to collect diagnostic logs from the AppStream 2.0 client.
------------------------------------------------------------------
d.	Automatic USB driver updates
RegKey,RegKeyType,RegKeyValue
USBDriverOptIn,String,true/false #Set this value to true to enable AppStream 2.0 to update drivers automatically for qualified USB devices.
------------------------------------------------------------------
e.	Disable hardware rendering in the AppStream 2.0 client
RegKey,RegKeyType,RegKeyValue
HardwareRenderingEnabled,String,true/false #Set this value to false to disable hardware rendering in the AppStream 2.0 client.
------------------------------------------------------------------
f.	Define custom folder paths for file system redirection in the AppStream 2.0 client
RegKey,RegKeyType,RegKeyValue
FileRedirectionCustomDefaultFolders,String,%USERPROFILE%\Desktop|%USERPROFILE%\Documents|%USERPROFILE%\Downloads # The custom folder paths for file system redirection in the AppStream 2.0 client. You must specify at least one folder path. Separate multiple folder paths by using '|'. 
------------------------------------------------------------------

After the AppStream 2.0 client is installed, you can run the following PowerShell script to create these registry keys. If you dont want to create all of the registry keys, modify the script as needed to create only the registry keys that you want. Or, you can use the ADM template that is provided in the AppStream 2.0 client Enterprise Deployment Tool to configure the client through Group Policy.

$registryPath="HKCU:\Software\Amazon\AppStream Client"
New-Item -Path "HKCU:\Software\Amazon" -Name "AppStream Client" -Force
New-ItemProperty -Path $registryPath -Name "EULAAccepted" -Value "true" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "AcceptedEULAVersion" -Value "1.0" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "DiagnosticInfoCollectionAllowed" -Value "true" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "USBDriverOptIn" -Value "true" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "HardwareRenderingEnabled" -Value "true" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $registryPath -Name "FileRedirectionCustomDefaultFolders" -Value "%USERPROFILE%\Desktop|%USERPROFILE%\Documents|%USERPROFILE%\Downloads" -PropertyType String -Force | Out-Null

11.	Updating the AppStream 2.0 Enterprise Deployment Tool, Client, and USB Driver Manually:
By default, the AppStream 2.0 client and USB driver are updated automatically when a new client version is released. However, if you used the Enterprise Deployment Tool to install the AppStream 2.0 client for your users and you disabled automatic updates, you must update the AppStream 2.0 Enterprise Deployment Tool, client, and USB driver manually. To do so, run the following PowerShell commands to perform the required tasks on users computers. To run these commands, you must be logged in to the applicable computer with Administrator permissions. You can also run the script remotely under the SYSTEM account on startup.
#1. Uninstall the AppStream 2.0 Enterprise Deployment Tool silently.
Start-Process msiexec.exe -Wait -ArgumentList '/x AmazonAppStreamClientSetup_<existing_version>.msi /quiet'
#2. Uninstall the AppStream 2.0 USB driver silently
Start-Process -Wait AmazonAppStreamUsbDriverSetup_<existing_version>.exe -ArgumentList '/uninstall /quiet /norestart'
#3. Uninstall the AppStream 2.0 client silently.
Start-Process "$env:LocalAppData\AppStreamClient\Update.exe" -ArgumentList '--uninstall'
Please note, that client uninstall process also removes the registry keys used for client configuration and will need to be recreated once the client is reinstalled.
#4. Clean the application installation directory.
Remove-Item -Path $env:LocalAppData\AppStreamClient -Recurse -Confirm:$false Force 
#5. Restart the computer.
Restart-Computer
#6. Install the latest version of the AppStream 2.0 Enterprise Deployment Tool silently.
Start-Process msiexec.exe -Wait -ArgumentList '/i AmazonAppStreamClientSetup_<new_version>.msi /quiet'
#7. Install the latest version of the AppStream 2.0 USB driver silently.
Start-Process AmazonAppStreamUsbDriverSetup_<new_version>.exe -Wait -ArgumentList '/quiet'
