Citrix XenApp 7.6, Provisioning Services 7.6 and the XenDesktop Setup Wizard with Boot Device Manager

I have written several articles about using the Provisioning Services (PVS) XenDesktop Setup Wizard with XenDesktop. Now I wanted to find out if the Wizard would also work with XenApp 7.6. Another item I wanted to test was using Boot Device Manager (BDM) only.

Introduction

As with most things involving XenApp and or PVS, there is NO one way or one right way to do anything. This article will give you detailed information on the process I worked out and documented.

Many XenApp/XenDesktop projects I work on now, excluding HP Moonshot, do not use DHCP Options 66/67, PXE or TFTP. For that reason, I wanted to document using BDM only for this process.

I am using components that come with XenApp/XenDesktop 7.6 Long Term Service Release (LTSR):

  • PVS 7.6.1.8
  • XenApp 7.6
  • StoreFront 3.0.1.56
  • Virtual Delivery Agent 7.6.300

This process should also work for PVS and XenApp versions 7.7 and 7.8.

Assumptions:

  1. PVS 7.6.1.8 is installed, configured and a farm created.
  2. XenApp 7.6 is installed and a Site created and configured.
  3. Hosting resources are configured in Studio.
  4. PXE, TFTP and DHCP Options 66/67 are all disabled.

Lab Setup

All servers in my lab are running Microsoft Windows Server 2012 R2 fully patched. The lab consists of:

  • 1 PVS 7.6 server
  • 1 XenApp 7.6 Controller running Studio
  • 1 SQL 2014 SP1 Server
  • 1 Windows Server 2012 R2 with Update VM

I am using XenServer 6.5 SP1 fully patched for my hosting environment.

Figures 1 through 3 show PVS configured not to use DHCP Options 66/67, PXE or TFTP.

Figure 1

Figure 1

Figure 2

Figure 2

Figure 3

Figure 3

The Hosting Resources are configured in Studio as shown in Figure 4.

Figure 4

Figure 4

To start off, in my lab I created my Organization Unit (OU) structure in Active Directory (AD) for my domain, WebstersLab.com, as shown in Figure 5.

Figure 5

Figure 5

Most organizations that use XenApp to serve virtual desktops and applications require that Event Logs persist between reboots or the security team sits in the corner crying. Other items that may need to persist between server/VM reboots are antivirus definition files and engine updates. To accomplish these a Group Policy with Preferences is used. The Write Cache drive is always created as Drive D. The Group Policy with Preferences is linked at the OU that will contain the computer accounts created by the XenDesktop Setup Wizard. These are the settings in the policy used for this lab.

  • Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes: Enabled
  • Computer Configuration\Policies\Administrative Templates\System\Group Policy\Configure user Group Policy loopback processing mode: Enabled, Replace
  • Computer Configuration\Policies\Administrative Templates\Windows Components\Event Log Service\Application\Control the location of the log file: Enabled Path: d:\eventlogs\application.evtx
  • Computer Configuration\Policies\Administrative Templates\Windows Components\Event Log Service\Security\Control the location of the log file: Enabled Path: d:\eventlogs\security.evtx
  • Computer Configuration\Policies\Administrative Templates\Windows Components\Event Log Service\System\Control the location of the log file: Enabled Path: d:\eventlogs\system.evtx
  • Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connection\Allow users to connect remotely by using Remote Desktop Services: Enabled
  • Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing\Use the specified Remote Desktop license servers: RDS License Server Name
  • Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender\Turn off Windows Defender: Enabled
  • Computer Configuration\Preferences\Windows Settings\Folders:
    • New\Folder
    • Action: Update
    • Path: d:\eventlogs
  • Computer Configuration\Preferences\Control Panel Settings\Local Users and Groups:
    • New\Local Group
    • Group name: (selected from dropdown list) Remote Desktop Users (built-in)
    • Delete all member users: Not selected
    • Delete all member groups: Not selected
    • Add members: Group(s) that need access to XenApp servers (for my testing I used Domain Users)
  • Computer Configuration\Preferences\Control Panel Settings\Power Options
    • Power Plan Name: High Performance
    • Action: Update
    • Make this the active Power Plane: Enabled
    • When computer is:              Plugged in           Running on batteries
    • Require a password on wakeup:  No                   No
    • Turn off hard disk after:      Never                Never
    • Sleep after:                   Never                Never
    • Allow hybrid sleep:            Off                  Off
    • Hibernate after:               Never                Never
    • Lid close action:              Do nothing           Do nothing
    • Power button action:           Shutdown             Shutdown
    • Start menu power button:       Do nothing           Do nothing
    • Link State Power Management:   Off                  Off
    • Minimum processor state:       100%                 100%
    • Maximum processor state:       100%                 100%
    • Turn off display after:        Never                Never
    • Adaptive display:              On                   On
    • Critical battery action:       Do nothing           Do nothing
    • Low battery level:             After 10 minutes     After 10 minutes
    • Critical battery level:        After 5 minutes      After 5 minutes
    • Low battery notification:      Off                  Off
    • Low battery action:            Do nothing           Do nothing
  • User Configuration\Policies\Administrative Templates\Start Menu and Taskbar
    • Remove Notifications and Action Center : Enabled
    • Remove the Security and Maintenance icon: Enabled
    • Turn off all balloon notifications: Enabled
    • Turn off automatic promotion of notification icons to the taskbar: Enabled
    • Turn off feature advertisement balloon notifications: Enabled
    • Turn off notification area cleanup: Enabled
  • User Configuration\Preferences\Windows Settings\Drive Maps:
    • New\Mapped Drive
    • Location: Leave empty
    • Label as: Leave empty
    • Existing: D [comment – this will hide the write cache drive]
    • Hide/Show this drive: Hide
    • Hide/Show all drives: No change
  • User Configuration\Preferences\Windows Settings\Drive Maps:
    • New\Mapped Drive
    • Location: Leave empty
    • Label as: Leave empty
    • Existing: E [comment – this will hide the CD/DVD drive]
    • Hide/Show this drive: Hidelog
    • Hide/Show all drives: No change

These settings will:

  • Disable machine account password changes
  • Enable loopback replace mode
  • Create the EventLogs folder on drive D (the Write Cache drive)
  • Redirect the Application, Security and System event logs to the new D:\EventLogs folder
  • Enable to connect using Remote Desktop Services
  • Configure server for High Performance power settings
  • Set the Remote Desktop Services license server
  • Turn off Windows Defender
  • Add a group to the Remote Desktop Users group
  • Turns off several items from the Start Menu and Taskbar
  • Hides drives D and E

About Carl Webster

Webster is a Sr. Solutions Architect for Choice Solutions, LLC and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

View all posts by Carl Webster

No comments yet.

Leave a Reply