{"id":3808,"date":"2012-06-13T12:20:34","date_gmt":"2012-06-13T10:20:34","guid":{"rendered":"https:\/\/ingmarverheij.com\/?p=3808"},"modified":"2012-06-13T12:36:06","modified_gmt":"2012-06-13T10:36:06","slug":"set-citrix-policies-via-powershell","status":"publish","type":"post","link":"https:\/\/ingmarverheij.com\/en\/set-citrix-policies-via-powershell\/","title":{"rendered":"Set Citrix policies via PowerShell"},"content":{"rendered":"

\"\"<\/p>\n

Since Citrix XenApp 6.0 and XenDesktop 5.0 policies are configurable via a new method. As a bonus Citrix made it possible to configure the policies via Group Policy Objects (GPO\u2019s) in Active Directory. <\/p>\n

This is especially useful if you want to set Citrix policies unattended, or automated. This way you can use it in a deployment or incorporate it in your own (provisioning) tool.<\/p>\n

In this article I\u2019ll explain how you can set Citrix XenApp 6.5 policies in a GPO via a PowerShell script from a remote machine. You can execute the commands from any domain joined machine, there\u2019s no need to execute the script from a Citrix server or Active directory Domain Controller.<\/p>\n

<\/p>\n

 <\/p>\n

Prerequisites<\/h2>\n

The Citrix policies in a Group Policy Object (GPO) are configured in a custom interface, supplied by Citrix during installation of XenApp 6.5. To configure the policies from PowerShell the XenApp 6.5 PowerShell SDK needs to be installed on the machine where you\u2019ll be executing the script.<\/p>\n

The XenApp 6.5 PowerShell SDK can be downloaded here<\/a>. I found out it is necessary to execute the installer with elevated rights (Run as Administrator), otherwise no dialog where shown.<\/p>\n

Secondly you need the PowerShell module Citrix.GroupPolicy.Commands.psm1<\/a> (supplied by Citrix) that contains some wrappers around policies. More information about the module can be read here<\/a>.<\/p>\n

 <\/p>\n

Preparation<\/h2>\n

First we need to load the module (Citrix.GroupPolicy.Commands.psm1<\/a>) in the PowerShell script so we can use the functions.<\/p>\n

#Import module\nImport-Module .\\Citrix.GroupPolicy.Commands<\/pre>\n
And add the PowerShell snap-ins from the PowerShell SDK<\/p>\n
#Add PowerShell snapins (if necessary)\nif ( (Get-PSSnapin -Name Citrix.Common.GroupPolicy -ErrorAction SilentlyContinue) -eq $null ) { Add-PSSnapin Citrix.Common.GroupPolicy }\nif ( (Get-PSSnapin -Name Citrix.Common.Commands -ErrorAction SilentlyContinue) -eq $null ) { Add-PSSnapin Citrix.Common.Commands }\nif ( (Get-PSSnapin -Name Citrix.XenApp.Commands -ErrorAction SilentlyContinue) -eq $null ) { Add-PSSnapin Citrix.XenApp.Commands }<\/pre>\n
Now we can connect an object to a Group Policy Object (GPO) to a Windows PowerShell drive<\/a>. <\/p>\n
#Connect PowerShell drive to Citrix domain GPO\nNew-PSDrive -Name CitrixGPO -PSProvider CitrixGroupPolicy -Root \\ -DomainGPO "Citrix GPO" <\/pre>\n
In this example I connect the Windows PowerShell drive CitrixGPO.<\/em>to the domain GPO \u201cCitrix GPO\u201d. <\/p>\n
NOTE: The examples found in the XenApp 6.5 PowerShell SDK referers to the \u2013FarmGPO setting. This setting connects the Windows PowerShell drive to the policy in the farm (instead of a Active Directory GPO) but can only be used from a Citrix XenApp system, not from a remote machine.<\/em><\/p>\n
\"\"<\/a><\/p>\n
After your done with setting Citrix policies you need to remove the Windows PowerShell drive with this command.<\/p>\n
#Close PowerShell Drive from Citrix domain GPO\nRemove-PSDrive -Name CitrixGPO<\/pre>\n
 <\/p>\n
Reading and writing policy objects<\/h2>\n
Multiple Citrix policy objects can reside in a Active Directory Group Policy Object. By default there are two 1) a Computer policy object named \u201cUnfiltered\u201d and 2) a User policy object named \u201cUnfiltered\u201d. <\/p>\n
 <\/h4>\n
Reading<\/h4>\n
In order to change the setting of a policy object you need to read the content of the policy object.<\/p>\n
#Read Citrix user policy\n$objCitrixPolicy = Get-CtxGroupPolicyConfiguration -PolicyName "Unfiltered" -Type user -DriveName CitrixGPO<\/pre>\n
In this example I read the content of the \u201cUnfiltered<\/strong>\u201d policy object of the User <\/strong>configuration from the drive CitrixGPO<\/strong> and place it in the $objCitrixPolicy<\/strong> variable.<\/p>\n
 <\/h4>\n
Writing<\/h4>\n
After you\u2019ve set the settings in the policy object it need to be written to the Active Directory Group Policy Object.<\/p>\n
#Write Citrix user policy\nSet-CtxGroupPolicyConfiguration $objCitrixPolicy -DriveName CitrixGPO<\/pre>\n
In this example I wrote the content of the $objCitrixPolicy <\/strong>variable to the CitrixGPO <\/strong>drive.<\/p>\n
 <\/p>\n
Group Policy Settings<\/h2>\n
The settings in the policy objects that can be configured can be found in the Citrix XenApp 6.5 Commands Reference (found in the start menu after installing the XenApp 6.5 PowerShell SDK). Here you\u2019ll find an item called Group Policy Settings with two nodes: Computer Settings and User Settings.<\/p>\n
All settings that can be configured in a GPO can be found here, including the values you can set. Mainly there are two type of settings, boolean data types and non-boolean data types.<\/p>\n
\"\"<\/a>Boolean data types, like ClientDriveRedirection, are either Allowed or Prohibited. These settings are configured by setting the State object to Enabled or Disabled.<\/p>\n
$objCitrixPolicy.("ClientDriveRedirection").State = "Enabled"<\/pre>\n
 <\/p>\n
\"\"<\/a>Non-boolean data types, like AudioQuality, have multiple values that can be chosen from a dropdown box. These settings are configured by setting State to Enabled and filling the Value field with the appropriate setting which can be found in the Commands Reference.<\/p>\n
$objCitrixPolicy.("AudioQuality").State = "Enabled"\n$objCitrixPolicy.("AudioQuality").Value = 2<\/pre>\n
\"\"<\/a>\"\"<\/a><\/p>\n
 <\/p>\n
If you\u2019re not sure if this is a Boolean data type or not, just check if the Value property equals Null.<\/p>\n
#Set policy setting\nIf ($objCitrixPolicy.("SETTING").Value -ne $null)\n{\n   $objCitrixPolicy.("SETTING").Value = "VALUE"\n   $objCitrixPolicy.("SETTING").State = "Enabled"\n} else \n{\n   $objCitrixPolicy.("SETTING").State = "VALUE"\n}<\/pre>\n
Where SETTING equals the user\/computer setting you want to set and VALUE the value of the setting \"Knipogende<\/p>\n
 <\/p>\n
Clear all existing settings<\/h2>\n
If you want to clear all existing settings in a policy object you can use this script:<\/p>\n
#Clear all existing settings\nforeach ($objCitrixPolicyProperty in @($objCitrixPolicy | Get-Member -Type Properties | Select -Expand Name))\n{\n   $config = $objCitrixPolicy.$objCitrixPolicyProperty\n   if ($config.State -ne $null) { $objCitrixPolicy.($objCitrixPolicyProperty).State = "NotConfigured" }\n}<\/pre>","protected":false},"excerpt":{"rendered":"
Since Citrix XenApp 6.0 and XenDesktop 5.0 policies are configurable via a new method. As a bonus Citrix made it possible to configure the policies via Group Policy Objects (GPO\u2019s) in Active Directory. This is especially useful if you want to set Citrix policies unattended, or automated. This way you can use it in a […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[305,54],"tags":[667,459,458,455,672],"class_list":["post-3808","post","type-post","status-publish","format-standard","hentry","category-xenapp-presentation-server","category-xendesktop","tag-citrix","tag-gpo","tag-policies","tag-posh","tag-powershell"],"_links":{"self":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/3808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/comments?post=3808"}],"version-history":[{"count":4,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/3808\/revisions"}],"predecessor-version":[{"id":3812,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/3808\/revisions\/3812"}],"wp:attachment":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/media?parent=3808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/categories?post=3808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/tags?post=3808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}