[WEM Agent cloud integration issue]

You need to allow the VDAs to talk to the wem cloud service, they do not proxy via the cloud connectors 

[Upgrade Citrix UPM]

If you are using Studio then the policy engine will be updated automatically by the upgrade process

 

No difference for the VDA - You can read up on the upgrade process for Citrix on the documentation site, but the VDA upgrade utility is pretty smart and will tell you what's there and what will be upgraded

[Upgrade Citrix UPM]

Always upgrade UPM, 99% of the time it will be handled as part of the VDA upgrade process

 

Make sure to go and update the ADMX files accordingly if you are using GPO to drive UPM

[Purpose of VHDX and O365]

9 hours ago, Thierry DEVIDAL said:

Because for me, in cloud-base env, the dekstop client should be only be a "viewer"

Not really how it works unless you operate in online mode and have acceptable performance when making queries across the web - rarely OK

 

most environments still operate in cached mode, meaning that now you have an OST and index to deal with. If you don't persist these, the experience sucks. You cannot in a supported fashion redirect them to a network location, and using file based profiles is not really going to cut the mustard. Hence container/VHDX technology to make things work 

[Is there a way to utilize 3rd party application redirection]

could they be using local app access? https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/general-content-redirection/laa-url-redirect.html

[Can WEM be used to apply permissions on folders and registry entries?]

WEM would fail to set permissions via an external task as it executes in the user context.

 

You would be best suited to using a traditional GPO and alter the permissions on the directory via that method - tried, proven, easy to track back through

https://www.lepide.com/how-to/assign-permissions-to-files-folders-through-group-policy.html

 

[Bloomberg API add-in]

if its just a standard add-in then the normal rules apply with excel regardless of how its published

[VDA2203 CU1 Upgrade for 32bit Systems(Win10)]

time to start looking at something like an AppCure to start getting those apps out of the OS

[Citrix on-premises to cloud question]

The Cloud solution is perfectly suited to managing multiple domains - so without more context i really couldn't see a reason not to keep it simple

[Citrix on-premises to cloud question]

You will need cloud connectors in the domain where the VDA registers - you cannot traverse trusts with Cloud Connectors when DaaS needs to lookup users 

 

If you have a domain where there are just users, then you can deploy either Cloud Connectors (Windows) OR Cloud Connector Appliances which will allow the DaaS Service to understand users in the trusted domains

[Browser used for WEM Transformer]

Have put this over to the WEM team to have a look at

[Citrix MCS use existing Azure Shared Image Gallery]

yup, that's always been there, it pulls it from the source sig and puts it into its own ? 

[Citrix DasS on Azure: FSLogix Profile Management]

have fun - good scale project

[My users profiles are huge and growing]

There are many references to all of these scenarios online, Citrix document this stuff pretty well where they can, otherwise you can google for community recommendations

 

For Teams - https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#profile-management-recommendations

 

For Chome - https://docs.citrix.com/en-us/profile-management/current-release/integrate/google-chrome.html

 

For Edge -> start with Chrome and Adapt

 

On 3/20/2023 at 10:33 AM, Mark Ellis1709163820 said:

Clear out these directories with a logout script.  (This is because the exclusion policy won't get rid of existing cached files.)

This is not entirely true, look at the logon exclusion check policy, UPM will clear up after itself based on what you tell it to do https://docs.citrix.com/en-us/profile-management/current-release/configure/include-and-exclude-items/enable-logon-exclusion-check.html

[Can you stream a template/mandatory profile?]

I used WEM but it doesn't come into play for profile management in any of my projects, thats always handled by policy

 

Yes, Sorry its the SyncHkuWithHkcu feature https://techzone.vmware.com/resource/windows-os-optimization-tool-vmware-horizon-guide#controlling-common-options

[Can you stream a template/mandatory profile?]

you can simplify this entirely if you do NOT need a profile, then your best bet is to optimize the default user profile and simply use local profiles

 

My suggestion here would be to use the vmware optimization tool (yes yes I know this is Citrix but the vmware tool is better out of the box) and use the "sync to default user profile" feature (which is awesome)

 

We use local profiles in benchmarking scenarios and can easily get 5-6 second logons with this model using the above logic

[Identify Disconnected sessions then reboot VDIs]

There you go, you can use the same logic without an export/import directly in your script to just pull the machines into an array, and then loop through the array

 

$Criteria = "Get your list of machines here"

 

then something like 

 

foreach ($computer in $Criteria) {
	write-host "computer Name is: $($computer.Name)"
	New-BrokerHostingPowerAction -Action TurnOff -MachineName $computer.Name
}

 

[GPO policies - MMC crashes when I try to view Legacy policies - So I want to migrate them to Studio]

There is a bit of a trick here which can help, if you have studio and GPO MMC installed on the same box, they appear to call the same location for templates.

 

So you can take your GPO nested Citrix Policy and create a template for each one. Then you can go into studio, hit refresh, and you should see those templates available, from there you can create a new Policy mirroring the old

 

It doesn't handle filters and assignments though

[Identify Disconnected sessions then reboot VDIs]

If you already have the list of VDI's you want to reboot, this isn't working? https://developer-docs.citrix.com/projects/citrix-virtual-apps-desktops-sdk/en/latest/Broker/New-BrokerHostingPowerAction/

[WEM Feature Request Check Action Values for Cache update]

This has been around for a while, but there are native options to fix it in the product

 

I wrote a script here https://jkindon.com/selective-deletion-of-the-wem-actions-tracking-cache/ which has morphed its way into the product set natively - look at "Allow Users to Reset Actions". Users can self service via the agent, or admins can drive the bus from the console

 

Versioning is a good idea though as slapping the key slaps everything without any form of check

[VDA registers with the wrong DDC]

On 3/8/2023 at 2:52 AM, Joel Girard1709163585 said:

In over 25 years of working in IT and GPO's, I've never come across a GPO with a 'phantom' setting.

 

Our industry is the gift that keeps giving ?

[What does "Run Once" mean?]

14 hours ago, Almir Ramic said:

Im a bit late...

juuuuuust a little ?

https://jkindon.com/selective-deletion-of-the-wem-actions-tracking-cache/

 

There is a new feature based off the above post as part of the product now ?

https://docs.citrix.com/en-us/workspace-environment-management/current-release/user-interface-description/advanced-settings.html#ui-agent-personalization <- look at "Allow Users to Reset Actions"

[Citrix DasS on Azure: FSLogix Profile Management]

2 hours ago, Suman Kumar Saurabh1709163824 said:

Thank you James for your response. Could you please share any reference article to read about Azure NetApp files handle capacity specifically for FSLogix. 

We are going to use Azure NetApp in production, currently using Azure files until storage team give us NetApp.

 

I am still not sure how to handle multiple files/volume and distribute users dynamically with simple approach. Security is not in the favor of creating multiple OUs and we need to define VHDX location of multiple file share/ volumes for 10,000 machines residing in single OU. I read one of article published by James-rankin about powershell script but that script re-write registry all the time when it runs. 

 

I am wondering how other people are handling this ?

Whilst this is a Microsoft AVD article, the concepts here are very relevant.

https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix 

 

Specifically, for ANF

https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#azure-netapp-files-best-practices

 

https://learn.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile

 

For the user distribution side of things, I re-wrote that script a couple of years back to make it more robust and flexible, same concept, different code (better code). The logic here is distribution based on available capacity - but I don't think that is the best logic for your deployment (pretty sure my code is in production in the environment referenced in Rankins article)

https://github.com/JamesKindon/Citrix/blob/master/FSLogix/DistributeContainerShares.ps1

 

I don't know why security are involved or having any form of say based on an OU or AD group layout, this has nothing to do with security, it's about architecture and providing an appropriate distribution of users. FSLogix has the ability to user per user/group based deployments as per Carl initial link -> not sure why that wouldn't be followed or would be of concern

[Printer mappings-Excluded actions]

9 hours ago, rmccart859 said:

Thanks that has fixed my issue. The printers now appear under the 'applied actions' tab.

Do you happen to know how to enable the system tray icon?

Advanced Settings -> Configuration -> Agent Service Options -> Launch Agent at Logon

[Printer mappings-Excluded actions]

43 minutes ago, rmccart859 said:

My users don't have a WEM agent icon in the system tray. Is there a way to do it centrally form the WEM server? 

Would make it a lot easier if you enabled it, as you can then get users to do it selectively. From the console, find your agents, right click and reset actions from there - but it will tackle anyone on the target agent