I was recently asked how to create Citrix policies with PowerShell and I must admit that it took me some time to figure it out. If you search for solutions you get only a few hints on how to do it. The best hint came from Ingmar Verheij (https://www.ingmarverheij.com/set-citrix-policies-via-powershell/) but things changed a little but with the latest XenApp and XenDesktop versions.
Why should we use PowerShell to create Citrix Policies?
Lets start with some words why you should use PowerShell and why you should use Citrix Policies without setting them by Group Policy. PowerShell gives us the possibility to create baseline policies for a whole bunch of customers and you can parameterize your installations or you can recreate your homelab automatically.
And… processing local policies should be much faster (I will recheck that argument shortly by comparing the logon duration between locally set Citrix Policies and GPOs).
Now let me explain how to do it:
First of all switch to the following location (you should be doing this on a Controller):
cd "C:\Program Files (x86)\Citrix\Scout\Current\Utilities"
Then import the PowerShell module:
import-module "C:\Program Files (x86)\Citrix\Scout\Current\Utilities\Citrix.GroupPolicy.Commands.psm1"
Let´s check if it is loaded:
get-module ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Script 0.0 Citrix.GroupPolicy.Commands {Add-CtxGroupPolicyFilter, Export-CtxGroupPolicy, Get-CtxG... Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Con... Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
Looking good. Although the Version 0.0 doesn’t produce much confidence.
Now let´s check what commands are available:
get-command -Module Citrix.GroupPolicy.Commands CommandType Name ModuleName ----------- ---- ---------- Function Add-CtxGroupPolicyFilter Citrix.GroupPolicy.Commands Function Export-CtxGroupPolicy Citrix.GroupPolicy.Commands Function Get-CtxGroupPolicy Citrix.GroupPolicy.Commands Function Get-CtxGroupPolicyConfiguration Citrix.GroupPolicy.Commands Function Get-CtxGroupPolicyFilter Citrix.GroupPolicy.Commands Function Import-CtxGroupPolicy Citrix.GroupPolicy.Commands Function New-CtxGroupPolicy Citrix.GroupPolicy.Commands Function Remove-CtxGroupPolicy Citrix.GroupPolicy.Commands Function Remove-CtxGroupPolicyFilter Citrix.GroupPolicy.Commands Function Set-CtxGroupPolicy Citrix.GroupPolicy.Commands Function Set-CtxGroupPolicyConfiguration Citrix.GroupPolicy.Commands Function Set-CtxGroupPolicyFilter Citrix.GroupPolicy.Commands
We need to create a new PSdrive before we can move on:
new-psdrive -name LocalFarmGpo -psprovider CitrixGroupPolicy -controller localhost \ Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- LocalFa... CitrixGrou... LocalFarmGpo:\
You should name it exactly like shown above (LocalFarmGpo) because for some reason all the functions in the PSM1 module are hardcoded to that PSDrive. Otherwise you will get errors. Here´s the link to the online documentation: https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-5/cds-sdk-wrapper-rho.html.
See if it´s there:
Get-PSDrive Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- Alias Alias C 19,61 40,04 FileSystem C:\ Users\Administrator.MACPRO Cert Certificate \ D FileSystem D:\ Env Environment Function Function HKCU Registry HKEY_CURRENT_USER HKLM Registry HKEY_LOCAL_MACHINE LocalFa... CitrixGrou... LocalFarmGpo:\ LocalGpo CitrixGrou... LocalGpo:\ Templates CitrixGrou... Templates:\ Variable Variable WSMan WSMan XDHyp Citrix.Hyp... XDHyp:\
Now we can check how to create a new Citrix policy:
get-help New-CtxGroupPolicy NAME New-CtxGroupPolicy SYNOPSIS Creates group policies. SYNTAX New-CtxGroupPolicy [-PolicyName] [-Type] [-Description ] [-Enabled ] [-Priority ] [-DriveName ] [-WhatIf] [-Confirm] [] DESCRIPTION This cmdlet creates group policies using the Citrix.Common.GroupPolicy provider. RELATED LINKS Set-CtxGroupPolicy Remove-CtxGroupPolicy REMARKS To see the examples, type: "get-help New-CtxGroupPolicy -examples". For more information, type: "get-help New-CtxGroupPolicy -detailed". For technical information, type: "get-help New-CtxGroupPolicy -full". For online help, type: "get-help New-CtxGroupPolicy -online"
Okay…
Everything is working and we do know how to create a new GPO:
New-CtxGroupPolicy Test-Policy user
Diving into it:
cd LocalFarmGpo:\
We can now jump into user or computer settings.
Set-CtxGroupPolicyConfiguration Test-Policy user SessionClipboardWriteAllowedFormats Enabled
If you only want to see the settings for a specific Policy you can run:
Get-CtxGroupPolicyConfiguration Test-Policy -ConfiguredOnly
If you want to know all the settings you can set, run the following command:
Get-CtxGroupPolicyConfiguration
This is what it looks like:
Here´s a handy little script that manages loading the Module and creating the PSdrive. You can dive directly with it into the local policies:
# Variables for GPO creation $PolicyName = Read-Host "Please insert the name of the local Citrix Group Policy you want to create" $Scope = Read-Host "Please insert the scope of the Policy (user or computer)" # Import the Module import-module "C:\Program Files (x86)\Citrix\Scout\Current\Utilities\Citrix.GroupPolicy.Commands.psm1" # Create the PSDrive new-psdrive -name LocalFarmGpo -psprovider CitrixGroupPolicy -controller localhost \ # Some commands to get you started... # Get the available Policies # Get-CtxGroupPolicy # Create a new Policy # New-CtxGroupPolicy $PolicyName $Scope # Command to retrieve all the configurable items # Get-CtxGroupPolicyConfiguration $obj = Get-CtxGroupPolicyConfiguration $PolicyName $Scope PS C:\> $obj.SessionClipboardWriteAllowedFormats = "Enabled" PS C:\> Set-CtxGroupPolicyConfiguration $obj #> # Configurable Policy Settings
There are tons of configuration items you can configure that way. If you know how to do it it seems like a straight forward process.
Cheers,
Sinisa