How to Remote to a Cloud DDC
Allocate a Domain-Joined Windows System
Perform the following on a system that doesn’t have any Citrix components installed. The system should be domain joined and the user who logs on to the system is authorized to run GPMC. Do not install Citrix components using the DaaS meta-installer. Install each required Microsoft and Citrix components individually, as per the steps below.
Install Visual C++ Runtimes
On a clean Windows system without any Citrix components installed, install Microsoft Visual C++ runtimes. Both x64 and x86 versions are required. You should see the following in your list of installed programs.
The MSI files for these two modules can be found under the SupportVcRedist folder in the ISO image. The file names are VC_redist.x64.exe and VC_redist.x86.exe, as shown below:
The files can also be downloaded at https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170
Enable Group Policy Management
Make sure feature Group Policy Management is enabled on your system. If your system is a Windows server, launch Server Manager, click on Add roles and features and follow the wizard to the Features page, and make sure Group Policy Management is checked, as seen below:
Install Citrix Group Policy Management
Install CitrixGroupPolicyManagement_x64.msi, which can be downloaded online at https://www.citrix.com/downloads/citrix-cloud/product-software/xenapp-and-xendesktop-service.html. There are many download links here, scroll down to Group Policy, as seen below.
After the MSI is installed, something similar to the following should be seen in your installed list of programs:
Install Citrix Remote PowerShell SDK
Download the DaaS Remote PowerShell SDK from https://www.citrix.com/downloads/citrix-cloud/product-software/xenapp-and-xendesktop-service.html. You need to sign in using your Citrix cloud account to access the page. There are many download links on this page, scroll down to Virtual Apps and Desktops Remote PowerShell SDK (or recently renamed to DaaS Remote PowerShell SDK), as seen below:
Download the file, which should be named as CitrixPoshSdk.exe, and install it. After the installation, you should see the following in the list of installed programs:
Note: If you need to uninstall the SDK, it may hang. After couple of minutes, just close the uninstall window. This is a known issue.
Use GPMC to Manage Domain Policies
With all the necessary Microsoft and Citrix modules installed and the Group Policy Management feature enabled on your Windows server, you will be able to use GPMC to manage domain GPOs and the Citrix policies defined in the domain GPOs. By using remoting, you will be able to add delivery group and tag filters in your policies. The delivery groups and tags are those that have been defined in your remote cloud site. To manage your domain GPO, run GPMC.msc and select a GPO to edit. Under both Computer Configuration and User Configuration, expand the Policies folder and there should be a Citrix Policies folder. Click on Citrix Policies and the same authentication dialog should be displayed. After you log on with your account, you should see something similar to the following:
A cloud authentication dialog should be displayed, as seen below:
Authenticate using your credentials, and after you log on successfully, you’ll be presented with a list of customers you can access, as seen below:
Choose the custom you want to manage. Then in the rest of the GPMC session, when you select delivery groups or tags, they are always obtained from this customer.
If you edit a policy and add a delivery group filter, you should be able to enumerate the delivery groups defined in your remote cloud site, for example:
Use the Citrix Group Policy PowerShell Provider
After the Visual C++ runtimes, the DaaS Remote PowerShell SDK, and the Citrix Group Policy Management MSI are all installed, the Citrix Group Policy PowerShell Provider can be used to remotely connect to a cloud DDC and you will be able to manage your cloud site policies using PowerShell provider commands. First, add the snapin by running the command
PS C:> Add-PSSnapin Citrix.Common.GroupPolicy |
And then mount a provider drive. Make sure the value of the -Controller parameter is localhost. No -BearerToken parameter is needed.
PS C:> New-PSDrive -PSProvider CitrixGroupPolicy -Name Site -Root -Controller localhost |
At the New-PSDrive command, a cloud authentication dialog should be displayed, as seen below:
Authenticate using your credentials, and after you log on successfully, you’ll be presented with a list of customers you can access, as seen below:
Choose the customer you want to manage. Then in your PowerShell window, you should see you have your drive mounted. In this example, your drive name is Site. Then you can use PowerShell provider commands to manage policies. For more information on using the provider, please see https://developer-docs.citrix.com/projects/citrix-daas-sdk/en/latest/group-policy-sdk-usage/#citrix-group-policy-provider.