Jump to content
Welcome to our new Citrix community!
  • "The Users Configuration has been Manually Modified and Cannot be Changed by Studio" (Citrix Cloud Virtual Apps & Desktops Service)


    kunalnrnd.png.04fb79c85161293ac1757388f1ea17f0.png by Kunal N

    Infrastructure as Code is the new way of deploying a fully working Citrix environment, if you have tried configuring a new Delivery Group on Citrix Cloud Studio using only PowerShell, then you most likely have run into the following error message: "The users configuration has been manually modified and cannot be changed by studio"


    Depending on whether you plan to deploy Apps & Desktops or just Apps or just Desktops, you need to set new entitlement policy. I'll go through the script in detail below, I am using the Remote PowerShell SDK to run the below scripts from my machine:

    asnp citrix.* //  This will load the PowerShell module.

    Get-XdAuthentication //  Prompts users for CAS credentials, and must be done once per PowerShell session. If you want to bypass the prompt, you can use Set-Xdcredentials and define the parameters, use get-help set-xdcredentials -full within PowerShell to check out parameters and examples. 


    Alternatively, you can also create a new API Client:


    Go to Cloud.citrix.com

    Go to Identity and Access Management

    Go to API Access

    Enter the name of an API key in "Name your Secure Client" and click on "Create" and note down the information and reference it using the below cmdlet:


    Set-XDCredentials -StoreAs default -ProfileType CloudApi -CustomerId #### -APIKey ##### -SecretKey #####


    Follow the below cmdlet to create a Delivery Group, choose the right options depending on the type of Delivery Group you want to setup:


    New-BrokerDesktopGroup -Name 'DeliveryGroupName' -DesktopKind Shared -SessionSupport MultiSession -DeliveryType AppsOnly -Enabled $true -MinimumFunctionalLevel L7_7 -PublishedName 'DG Name' -MachineLogOnType ActiveDirectory


    In the above cmdlet, you will choose "-Delivery type Desktops&Apps" if you want to publish desktops as well.


    The below cmdlet adds a brokered machine to the Delivery Group:


    Add-BrokerMachine -MachineName "domain\machinename" -DesktopGroup "Delivery Group Name"


    Now for the next set of cmdlets, you need to define two broker access policy rules ViaAG & NotViaAG, please follow the below set of cmdlets:


    $Uid = Get-BrokerDesktopGroup -Name "DeliveryGroupName" | Select-Object -ExpandProperty Uid

    New-BrokerAccessPolicyRule -Name 'DeliveryGroupName_AG' -Enabled $true -AllowedProtocols @("HDX","RDP") -AllowedUsers Filtered -AllowRestart $true -AllowedConnections ViaAG -IncludedSmartAccessFilterEnabled $true -IncludedUserFilterEnabled $true -DesktopGroupUid $Uid


    New-BrokerAccessPolicyRule -Name 'DeliveryGroupName_Directt' -Enabled $true -AllowedProtocols @("HDX","RDP") -AllowedUsers Filtered -AllowRestart $true -AllowedConnections NotViaAG -IncludedSmartAccessFilterEnabled $true -IncludedUserFilterEnabled $true -DesktopGroupUid $Uid


    Once the policy has been created, you can assign users by using the below cmdlets:


    Set-BrokerAccessPolicyRule -Name 'DG_IAQ_INTG_AG' -AddIncludedUsers ("domain\user")


    Set-BrokerAccessPolicyRule -Name 'DG_IAQ_INTG_Direct' -AddIncludedUsers ("domain\user")


    Depending on whether you are publishing apps and desktops or only apps, you will need to define AppEntitlement policy as well, using the below cmdlets:


    New-BrokerAppEntitlementPolicyRule -Name 'DeliveryGroupName' -Enabled $true -LeasingBehavior Allowed -SessionReconnection Always -IncludedUserFilterEnabled $false -DesktopGroupUid $Uid


    Post which you can publish the application using the below cmdlet, in the below example we are publishing a simple Notepad application:


    New-BrokerApplication -Name "Notepad" -ApplicationType HostedOnDesktop -DesktopGroup "DeliverGroupName" -CommandLineExecutable "Notepad.exe"


    Once you have modified and executed the above commands as per your environment, you should be able to add and remove users from the Studio GUI in the Citrix Cloud portal. Please feel free to add comments or reach out to me if you need help with the script. I spent a lot of time with Citrix support on this. It is always a good practice to deploy a delivery group using the GUI and getting the information about the Delivery Group using PowerShell to get the exact parameters.


    User Feedback

    Recommended Comments

    There are no comments to display.

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...