[Can WEM be used to apply permissions on folders and registry entries?]

WEM would fail to set permissions via an external task as it executes in the user context.

 

You would be best suited to using a traditional GPO and alter the permissions on the directory via that method - tried, proven, easy to track back through

https://www.lepide.com/how-to/assign-permissions-to-files-folders-through-group-policy.html

 

[Bloomberg API add-in]

if its just a standard add-in then the normal rules apply with excel regardless of how its published

[VDA2203 CU1 Upgrade for 32bit Systems(Win10)]

time to start looking at something like an AppCure to start getting those apps out of the OS

[Citrix on-premises to cloud question]

The Cloud solution is perfectly suited to managing multiple domains - so without more context i really couldn't see a reason not to keep it simple

[Citrix on-premises to cloud question]

You will need cloud connectors in the domain where the VDA registers - you cannot traverse trusts with Cloud Connectors when DaaS needs to lookup users 

 

If you have a domain where there are just users, then you can deploy either Cloud Connectors (Windows) OR Cloud Connector Appliances which will allow the DaaS Service to understand users in the trusted domains

[Browser used for WEM Transformer]

Have put this over to the WEM team to have a look at

[Citrix MCS use existing Azure Shared Image Gallery]

yup, that's always been there, it pulls it from the source sig and puts it into its own ? 

[Citrix DasS on Azure: FSLogix Profile Management]

have fun - good scale project

[My users profiles are huge and growing]

There are many references to all of these scenarios online, Citrix document this stuff pretty well where they can, otherwise you can google for community recommendations

 

For Teams - https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#profile-management-recommendations

 

For Chome - https://docs.citrix.com/en-us/profile-management/current-release/integrate/google-chrome.html

 

For Edge -> start with Chrome and Adapt

 

On 3/20/2023 at 10:33 AM, Mark Ellis1709163820 said:

Clear out these directories with a logout script.  (This is because the exclusion policy won't get rid of existing cached files.)

This is not entirely true, look at the logon exclusion check policy, UPM will clear up after itself based on what you tell it to do https://docs.citrix.com/en-us/profile-management/current-release/configure/include-and-exclude-items/enable-logon-exclusion-check.html

[Can you stream a template/mandatory profile?]

I used WEM but it doesn't come into play for profile management in any of my projects, thats always handled by policy

 

Yes, Sorry its the SyncHkuWithHkcu feature https://techzone.vmware.com/resource/windows-os-optimization-tool-vmware-horizon-guide#controlling-common-options

[Can you stream a template/mandatory profile?]

you can simplify this entirely if you do NOT need a profile, then your best bet is to optimize the default user profile and simply use local profiles

 

My suggestion here would be to use the vmware optimization tool (yes yes I know this is Citrix but the vmware tool is better out of the box) and use the "sync to default user profile" feature (which is awesome)

 

We use local profiles in benchmarking scenarios and can easily get 5-6 second logons with this model using the above logic

[Identify Disconnected sessions then reboot VDIs]

There you go, you can use the same logic without an export/import directly in your script to just pull the machines into an array, and then loop through the array

 

$Criteria = "Get your list of machines here"

 

then something like 

 

foreach ($computer in $Criteria) {
	write-host "computer Name is: $($computer.Name)"
	New-BrokerHostingPowerAction -Action TurnOff -MachineName $computer.Name
}

 

[GPO policies - MMC crashes when I try to view Legacy policies - So I want to migrate them to Studio]

There is a bit of a trick here which can help, if you have studio and GPO MMC installed on the same box, they appear to call the same location for templates.

 

So you can take your GPO nested Citrix Policy and create a template for each one. Then you can go into studio, hit refresh, and you should see those templates available, from there you can create a new Policy mirroring the old

 

It doesn't handle filters and assignments though

[Identify Disconnected sessions then reboot VDIs]

If you already have the list of VDI's you want to reboot, this isn't working? https://developer-docs.citrix.com/projects/citrix-virtual-apps-desktops-sdk/en/latest/Broker/New-BrokerHostingPowerAction/

[WEM Feature Request Check Action Values for Cache update]

This has been around for a while, but there are native options to fix it in the product

 

I wrote a script here https://jkindon.com/selective-deletion-of-the-wem-actions-tracking-cache/ which has morphed its way into the product set natively - look at "Allow Users to Reset Actions". Users can self service via the agent, or admins can drive the bus from the console

 

Versioning is a good idea though as slapping the key slaps everything without any form of check

[VDA registers with the wrong DDC]

On 3/8/2023 at 2:52 AM, Joel Girard1709163585 said:

In over 25 years of working in IT and GPO's, I've never come across a GPO with a 'phantom' setting.

 

Our industry is the gift that keeps giving ?

[What does "Run Once" mean?]

14 hours ago, Almir Ramic said:

Im a bit late...

juuuuuust a little ?

https://jkindon.com/selective-deletion-of-the-wem-actions-tracking-cache/

 

There is a new feature based off the above post as part of the product now ?

https://docs.citrix.com/en-us/workspace-environment-management/current-release/user-interface-description/advanced-settings.html#ui-agent-personalization <- look at "Allow Users to Reset Actions"

[Citrix DasS on Azure: FSLogix Profile Management]

2 hours ago, Suman Kumar Saurabh1709163824 said:

Thank you James for your response. Could you please share any reference article to read about Azure NetApp files handle capacity specifically for FSLogix. 

We are going to use Azure NetApp in production, currently using Azure files until storage team give us NetApp.

 

I am still not sure how to handle multiple files/volume and distribute users dynamically with simple approach. Security is not in the favor of creating multiple OUs and we need to define VHDX location of multiple file share/ volumes for 10,000 machines residing in single OU. I read one of article published by James-rankin about powershell script but that script re-write registry all the time when it runs. 

 

I am wondering how other people are handling this ?

Whilst this is a Microsoft AVD article, the concepts here are very relevant.

https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix 

 

Specifically, for ANF

https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#azure-netapp-files-best-practices

 

https://learn.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile

 

For the user distribution side of things, I re-wrote that script a couple of years back to make it more robust and flexible, same concept, different code (better code). The logic here is distribution based on available capacity - but I don't think that is the best logic for your deployment (pretty sure my code is in production in the environment referenced in Rankins article)

https://github.com/JamesKindon/Citrix/blob/master/FSLogix/DistributeContainerShares.ps1

 

I don't know why security are involved or having any form of say based on an OU or AD group layout, this has nothing to do with security, it's about architecture and providing an appropriate distribution of users. FSLogix has the ability to user per user/group based deployments as per Carl initial link -> not sure why that wouldn't be followed or would be of concern

[Printer mappings-Excluded actions]

9 hours ago, rmccart859 said:

Thanks that has fixed my issue. The printers now appear under the 'applied actions' tab.

Do you happen to know how to enable the system tray icon?

Advanced Settings -> Configuration -> Agent Service Options -> Launch Agent at Logon

[Printer mappings-Excluded actions]

43 minutes ago, rmccart859 said:

My users don't have a WEM agent icon in the system tray. Is there a way to do it centrally form the WEM server? 

Would make it a lot easier if you enabled it, as you can then get users to do it selectively. From the console, find your agents, right click and reset actions from there - but it will tackle anyone on the target agent

[Printer mappings-Excluded actions]

11 hours ago, rmccart859 said:

Yes I enabled self healing to try to fix the issue, but it hasn't worked

The action has already applied and when it was applied it had no self-healing enable - so it's already done its job

 

in the user session, right click the WEM agent and chose reset actions or whatever it's called, select printers (this will remove tracking status), and then re-process the agent

[How to configure Google Workspace authenticate with Citrix?]

shame - it appears to be dead now, it was working yesterday with SSL errors - must have been brought down

[How to configure Google Workspace authenticate with Citrix?]

NetScaler https://jsconsulting.services/2017/11/12/configure-netscaler-gateway-saml-google-citrix-federated-authentication/

 

Citrix Cloud https://citrixie.wordpress.com/2021/09/15/google-identity-provider-for-citrix-cloud-saml-integration-step-by-step-guide/

[Can you bypass vPrefer for a specific published app?]

Maybe publish the app but restrict it to specific machines using tags?

 

Pretty sure vPrefer configurations override keywords - so might be a bit of work to change things around

[Reconfigure 1912Ltsr VDA delivery controller config setting using powershell]

This can be a weird race condition - are these MCS machines? or manual?

 

I've worked on projects where the quickest path was a startup script which executed a gpupdate to get the latest keys updated, and then a restart of the desktop service does the trick