Great tip from Trond´s website – http://xenapptraining.com
PolicyPak is a Citrix add-on. It dynamically delivers settings and manages the applications you publish and ensures that the settings are maintained. The company’s CTO is Jeremy Moskowitz, well known Group Policy MVP. Here are some videos in his series on PolicyPak & Citrix technologies
PolicyPak software have announced support for managing application policy for applications run under Citrix Application Streaming. This applies for applications run as stream to endpoint (stream to desktop) as well as stream to XenApp server. The link above includes a 15 minute video which is an excellent tutorial on PolicyPak in general and in specific, the linkage of PolicyPak with Citrix App Streaming.
What’s this about?
It comes down to applying Microsoft Group Policy to all applications including Citrix Streamed application and that at least is not new. Citrix App Streaming lets the “policies” keys of AD shine though isolation and applications settings have always been subject to manipulation via application virtualization. This though can require much admin work to get it right, so the bigger item in this is engaging PolicyPak to bring this to a higher level of control and a higher confidence that administrator defined policy will be THE policy in place for the execution of the applications.
Examples of policy things that require more detailed attention include applications that store settings in registry space that App Streaming would by default place into per-user space (masking from AD) as well as applications that store settings in .INI or similar files, where a higher level of control would be needed to pick which settings are in user domain and which are admin mandated. Yes, each of these are solvable with a sufficient level of scripting or isolation rule definition.
PolicyPak makes it easier and provides more detailed control, which is shown nicely in the video.
Good relations are good
Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software reached out to me a couple months ago. He was interested in making this work, but needed some pointers on “best technique”. My contribution very small; it is always impressive to me how sharing a brief time with smart people can multiply into great rewards.
Jeremy understood the layers of glass and how applications can see and not see various parts of the registry and file system based on application virtualization. He needed a technique to reliably enforce the application vision in an App Streaming space, where the PolicyPak software could control this view based upon policy distributed from Active Directory. That is, regardless of all else, allow policy to get through to application execution for Citrix Streamed applications equally to locally installed applications.
Pre-launch scripts were the tool selected and the connection between the profile and the PolicyPak software is done based upon execution of a single script. This occurs on each sandbox create, or the first application launch from each profile, so the group policy applies early and often to force application settings into the application view of the world at the first opportunity.
In the PolicyPak video, at 13:05, Jeremy goes into the small step an administrator must make to connect their Citrix App Streaming profile to the PolicyPak engine. I admire Jeremy’s tecnique for a pre-launch script execution. He implemented it as a single callout to RunDll32 with a call into one of his own PolicyPak DLLs. This limits the maintenance of a script inside the profiles and allows him to have a single place to implement and manage the PolicyPak actions for streamed applications global to the machine installation.
Side note is that he had to include this inclusion of a pre-launch script into each App Streaming profile because App Streaming has no facility for Global Scripts. It should, it doesn’t. Net result is a required addition of a script that does nothing but call a small piece of code inside of PolicyPak. If you have a whole bunch of profiles and want to add the single line PP script to all of them, take a look at the ScriptUtil tool that I wrote for the Citrix Developer Network along with a blog that describes it. This utility is perfect for adding or updating scripts across a whole App Hub.
If you use PolicyPak, you now have the ability to use PolicyPak with Citrix streamed applications. My thanks to Jeremy for implementing this and being an overall fan of my stuff.
For more reading on PolicyPak, check the following links.