Pages

Thursday 19 April 2012

XenApp 6.5 - Enhanced Desktop Experience

Please check out www.kaztechsolutions.co.uk for more of my technical posts, alternately please call us on 01932 268289. 

To deploy hosted desktops with the Windows 7 look and feel and control desktop customization through Group Policy think about using XenApp's 6.5 new feature Enhanced Desktop Experience. 

When you install XenApp 6.5 the Windows Desktop Experience Integration role is installed by default through the Server Role Manager and the installation sequence performs the following tasks. 


  • Adds the Desktop Experience and XPS Viewer features to the Windows server configuration.
  • Moves the Citrix folder items in the Start menu to the Administrative Tools folder (including the Citrix AppCenter).
  • Creates a new Windows Theme file and sets the default wallpaper.
  • Starts the Windows Themes service and configures it to start automatically.
Now to get Enhanced Desktop Experience working do the following

1. First run the Set-ExecutionPolicy AllSigned command within powershell as this will allow you to run the Citrix powershell script that we need to run later.

 2.  Now change your directory to "C:\Program Files (x86)\Citrix\App Delivery Setup Tools\" and once you have changed directory run the following command  .\New-CtxManagedDesktopGPO.ps1 and wait for it to finish.

3.  Once the command has finished you are ready to apply one of the following group polices to the OU that you require.

CtxStartMenuTaskbarUser - Enables the Windows 7 look and feel for published desktops. It also changes the pinned shortcuts on the Taskbar and configures the user's Start menu to match the Windows 7 environment. This GPO includes a script that executes when a user logs on to the server for the first time. To ensure the script executes correctly, the PowerShell execution policy on the server must be set to AllSigned.

CtxPersonalizableUser - Configures the user account that is accessing the XenApp server. It configures Windows policies to limit the available Control Panel applets and restricts users from installing programs, viewing properties, scheduling tasks, or shutting down the server.

CtxRestrictedUser - Includes most of the policies from the CtxPersonalizableUser GPO. Additionally, this GPO configures the Desktop wallpaper policy to prevent users from personalizing their desktops and prevents users from modifying settings for the Start menu and Taskbar.

CtxRestrictedComputer - Configures certain restrictions on the XenApp servers allocated to the tenant. This GPO restricts users from accessing Windows Update or removable server drives.

4.  OK before i apply any of the policies to an OU lets have a look at XenApps standard published desktop that a user would get without these GPO's applied and as you can see its a standard Windows Server 2008 desktop.

5.  Looking at the new GPO's that the powershell script created you can see that its automatically created the 4 GPO (CtxStartMenuTaskbarUser, CtxPersonalizableUser, CtxRestrictedUser, CtxRestrictedComputer).  Now I've applied CtxPersonalizableUser and CtxStartMenuTaskbarUser to the OU that the XA server's are in and if you have another GPO to handle general XA GPO's (in my case the XA Servers GPO) make sure that this GPO has the loopback processing mode enabled and set to replace so that the settings within the CtxPersonalizableUser GPO apply correctly.



 6.  Now as you can see once the GPO's are applied currently to the OU and a user lunches their published desktop you can now see that the Enhanced Desktop Experience is working correctly.


NOTE 1: At first I did have a bit of a problem getting this to actually work currently with a users profile that was already created but after installing this HOTFIX it seemed to work successfully.  If you are still having issues after applying this hotfix try to delete/rename the local profile/roaming/UPM profile and get the user to log in with a fresh profile to test.



10 comments:

  1. Great article. This is the first information that made sense of truly enabling and configuring these features.

    ReplyDelete
  2. This worked great in my test environment. Do you need to run that initial powershell script on every Xenapp Server or just one? It appears that you would have to run it on all of them but the GPOs already exist so I imagine it won't try to overwrite them.

    ReplyDelete
  3. Hi James,

    Sorry for the late reply..... just started a new job and I'm a little snowed under!!!! As these are GPO's that the PS script actually create you dont need to run them on each XA server. After you install XA on a server it creates all the PS scripts you need under C:\Program Files (x86)\Citrix\App Delivery Setup Tools\ and when the GPO run on whatever XA server it will query this location for required PS scripts. have a look at the GPO it creates and you'll see a runonce command that looks towards the above location.

    any questions just ask and again sorry for the late reply.

    ReplyDelete
  4. Quick question, how can you apply the user GPO's to a OU containing Computers. I don't see how this would work. Citrix say to link the Users GPO to the OU containing your users?

    ReplyDelete
  5. Anonymous, your question was answered in point 5. By enabling loopback processing on the policy, this will allow GPO's assigned at a computer OU to apply to the users logging on to it. I personally don't like this method, but it does indeed work.

    ReplyDelete
  6. When we run the Set-ExecutionPolicy AllSigned shall I set it to No or Suspend. Thanks

    ReplyDelete
  7. Hi AKS,

    just use the default option of Yes for this and all should work perfectly.

    Ta
    Will

    ReplyDelete
  8. need some details explanation

    I have xenapp 6.5 server running on windows server 2008 r2. One AD server with domain name test.int

    Xenapp server joined domain with test.int

    I have no issue running on Xenapp 5 previously but now my desktop running on standard Windows Server 2008 desktop like what u upload on your article above

    I need your details explanation on what to do with new GPO (CtxStartMenuTaskbarUser, CtxPersonalizableUser, CtxRestrictedUser, CtxRestrictedComputer).

    I do changed setting for CtxStartMenuTaskbarUser -
    1. Navigate to [User Configuration\policies\Administrative Templates\Control Panel\Personalization]
    2. Click the “load a specific theme” on the right panel
    3. “Enabled” and type in the path “%windir%\Resources\Themes\aero.theme”
    4. Enable User Group Policy Loopback Processing mode for the Terminal Server- Navigate to [Computer Configuration\Policies\Administrative Templates\System\Group Policy], select “User Group Policy Loopback Processing mode” on the right panel and Select “Enabled” and choose “merge” mode

    But my desktop still running on standard wins 2008 desktop

    Ur advice is much appreciated

    thanks

    ReplyDelete
    Replies
    1. Iam in the same situation i ve installed all fixes , deployed anything necessary .. stil got the classique theme !!
      any help please ?

      Delete
  9. cost-effective infrastructure management and application hosting solutions including Managed Hosted Desktops or Desktops as a Service (Daas) at www.clouddesktoponline.com

    ReplyDelete