Set Citrix policies via PowerShell

Written by Ingmar Verheij on June 13th, 2012. Posted in XenApp (Presentation Server), XenDesktop

Since Citrix XenApp 6.0 and XenDesktop 5.0 policies are configurable via a new method. As a bonus Citrix made it possible to configure the policies via Group Policy Objects (GPO’s) in Active Directory.

This is especially useful if you want to set Citrix policies unattended, or automated. This way you can use it in a deployment or incorporate it in your own (provisioning) tool.

In this article I’ll explain how you can set Citrix XenApp 6.5 policies in a GPO via a PowerShell script from a remote machine. You can execute the commands from any domain joined machine, there’s no need to execute the script from a Citrix server or Active directory Domain Controller.

 

Prerequisites

The Citrix policies in a Group Policy Object (GPO) are configured in a custom interface, supplied by Citrix during installation of XenApp 6.5. To configure the policies from PowerShell the XenApp 6.5 PowerShell SDK needs to be installed on the machine where you’ll be executing the script.

The XenApp 6.5 PowerShell SDK can be downloaded here. I found out it is necessary to execute the installer with elevated rights (Run as Administrator), otherwise no dialog where shown.

Secondly you need the PowerShell module Citrix.GroupPolicy.Commands.psm1 (supplied by Citrix) that contains some wrappers around policies. More information about the module can be read here.

 

Preparation

First we need to load the module (Citrix.GroupPolicy.Commands.psm1) in the PowerShell script so we can use the functions.

And add the PowerShell snap-ins from the PowerShell SDK

Now we can connect an object to a Group Policy Object (GPO) to a Windows PowerShell drive.

In this example I connect the Windows PowerShell drive CitrixGPO.to the domain GPO “Citrix GPO”.

NOTE: The examples found in the XenApp 6.5 PowerShell SDK referers to the –FarmGPO setting. This setting connects the Windows PowerShell drive to the policy in the farm (instead of a Active Directory GPO) but can only be used from a Citrix XenApp system, not from a remote machine.

After your done with setting Citrix policies you need to remove the Windows PowerShell drive with this command.

 

Reading and writing policy objects

Multiple Citrix policy objects can reside in a Active Directory Group Policy Object. By default there are two 1) a Computer policy object named “Unfiltered” and 2) a User policy object named “Unfiltered”.

 

Reading

In order to change the setting of a policy object you need to read the content of the policy object.

In this example I read the content of the “Unfiltered” policy object of the User configuration from the drive CitrixGPO and place it in the $objCitrixPolicy variable.

 

Writing

After you’ve set the settings in the policy object it need to be written to the Active Directory Group Policy Object.

In this example I wrote the content of the $objCitrixPolicy variable to the CitrixGPO drive.

 

Group Policy Settings

The settings in the policy objects that can be configured can be found in the Citrix XenApp 6.5 Commands Reference (found in the start menu after installing the XenApp 6.5 PowerShell SDK). Here you’ll find an item called Group Policy Settings with two nodes: Computer Settings and User Settings.

All settings that can be configured in a GPO can be found here, including the values you can set. Mainly there are two type of settings, boolean data types and non-boolean data types.

Boolean data types, like ClientDriveRedirection, are either Allowed or Prohibited. These settings are configured by setting the State object to Enabled or Disabled.

 

Non-boolean data types, like AudioQuality, have multiple values that can be chosen from a dropdown box. These settings are configured by setting State to Enabled and filling the Value field with the appropriate setting which can be found in the Commands Reference.

 

If you’re not sure if this is a Boolean data type or not, just check if the Value property equals Null.

Where SETTING equals the user/computer setting you want to set and VALUE the value of the setting Knipogende emoticon

 

Clear all existing settings

If you want to clear all existing settings in a policy object you can use this script:

Ingmar Verheij

At the time Ingmar wrote this article he worked for PepperByte as a Senior Consultant (up to May 2014). His work consisted of designing, migrating and troubleshooting Microsoft and Citrix infrastructures. He was working with technologies like Microsoft RDS, user environment management and (performance) monitoring. Ingmar is User Group leader of the Dutch Citrix User Group (DuCUG). RES Software named Ingmar RES Software Valued Professional in 2014.

More Posts - Website

Follow Me:
TwitterLinkedInGoogle Plus

Tags: , , , ,

Comments (10)

  • Chris
    17 May 2013 at 21:09 |

    This works manually in a script that I am using to audit the GPOs. It doesn’t work as a scheduled task.
    I am getting this error message.
    New-PSDrive : A parameter cannot be found that matches parameter name ‘DomainGPO’.
    At line:1 char:77
    + New-PSDrive -Name CitrixGPO -PSProvider CitrixGroupPolicy -Root \ -DomainGPO <<<< "XA65_GLOBAL_QA_CITR
    IXSETTINGS"
    + CategoryInfo : InvalidArgument: (:) [New-PSDrive], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.NewPSDriveCommand

    • Ingmar Verheij
      7 June 2013 at 16:28 |

      With what user are you running the scheduled task?
      The user should be a domain user and have the PowerShell applets available.

  • Tony
    10 June 2013 at 21:44 |

    I am trying to set sessionprinters in a policy using the following command Set-CtxGroupPolicyConfiguration -PolicyName Test2SessionPrintPolicy1 -Type user -Configuration SessionPrinters -Value “\\PrintServerName\PrinterName”. This works fine but I am unable to add more than one printer. If I run that same command with a different printer name it overwrites the first printer. Is there anyway around this. The command does not like it when i try to put two printers in the same line. I tried separating the two with , or ; ” ” but nothing seems to work.

    • Ingmar Verheij
      11 June 2013 at 20:24 |

      Can you try this:

      Set-CtxGroupPolicyConfiguration -PolicyName Test2SessionPrintPolicy1 -Type user -Configuration SessionPrinters\Values\1 -Value “\\PrintServerName\PrinterName1″

      Set-CtxGroupPolicyConfiguration -PolicyName Test2SessionPrintPolicy1 -Type user -Configuration SessionPrinters\Values\2 -Value “\\PrintServerName\PrinterName2″

      • Tony
        12 June 2013 at 15:09 |

        Got the following error trying the command

        Invalid configuration name
        At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Citrix.GroupPolicy.Commands\Citrix.GroupPolicy.Commands.psm1:657
        char:21
        + throw “Invalid configuration name”
        + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : OperationStopped: (Invalid configuration name:String) [], RuntimeException
        + FullyQualifiedErrorId : Invalid configuration name

  • Walter
    16 October 2014 at 15:11 |

    Any idea how this works in XA/XD 7.6? Some cmdlets are gone in this version, e.g. Set-CtxGroupPolicyConfiguration no longer works.

  • David
    12 December 2014 at 05:50 |

    If anyone can help or still watching this, I have a list of printer policies and would like to quickly move them up or down in priority…What is the command to look at one and then maybe move them… Also is there a command to list for printing the policies what computer (or user) is associated with that policies and the printers that they get? Thanks.

  • 10 April 2015 at 15:59 |

    Hi,

    Thanks for the article do you know if you should be able to run these commands from a PowerShell remoting session? Citrix implies that you can’t but it seems to work.

    I’m not sure what the “double hop” issue would be reading the local farm GPO when using PowerShell remoting?

    I’m not quite sure where it’s reading the LocalFarmGpo from, I assume the datastore database..?

    Thanks,

    Dave

  • bharath`
    28 July 2017 at 14:31 |

    This can be used to edit existing policy or create new policy.
    what is the approach for importing group policy template and create policy out of it.

Leave a comment

*

Donate

%d bloggers like this: