Citrix PVS 7.6 Install – Part 5: Group Policy for PVS Target Devices

This is part 5 in the Citrix Provisioning Services 7.6 installation and configuration guide. In this article we be configuring a new group policy object (GPO) that will need to be applied to all PVS target machines.

Quick Links

Here are the links to each of the articles that make up this series:

Step-by-Step Guide

We will need to create a Group Policy Object that applies certain settings to PVS Target Devices only. These settings include disabling the AD machine account password change, as this will be handled by the PVS server. In addition it includes redirecting the Event Logs to the persistent local drive (i.e. D:\). To do this, complete the following steps:

1. Log onto your Domain Controller (or a machine with AD tools installed) as a domain administrator

2. Launch Active Directory Users and Computers

3. Create a new OU that will contain all of your PVS Target Devices’ AD Computer Accounts

Note: We are creating a new OU so that it will be easy to apply the Group Policy to just the PVS Target Devices and not any other machines. If you are using PVS with multiple images and would like to seperate your PVS Target Devices into seperate OUs then this is not a problem, as you can easily link and existing GPO to mulitple OUs.

4. Move the PVS Capture VM AD computer account (i.e. WP-CTXAPP-V02) into the new OU you created

5. Here is the OU I created called “PVS Servers” with the PVS target device AD computer account as a member

6. Close Active Directory Users and Computers

7. Launch Group Policy Management and navigate to the new OU you created (i.e. PVS Servers)

8. Right-click the OU and select “Create a GPO in this domain, and Link it here”

9. From the New GPO dialog box, enter a name for the GPO and click OK

10. Right-click the new GPO and select Edit

11. Disable Active Directory Machine Account password changes (as this will be handled by the Citrix PVS 7.6 server)

To do this, complete the following:

  1. Navigate to Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Local Policies >> Security Options
  2. Double click the “Domain member: Disable machine account password changes” policy
  3. Enable the policy
  4. Click OK to the policy dialog box to save changes

12. Redirect the Event Logs to the D: drive

To do this, complete the following:

  1. Navigate to Computer Configuration >> Policies >> Administrative Templates >> Windows Components >> Event Log Service >>
  2. Double click the “Control the location of the log file” policy
  3. Enable the policy and configure it to point to D:\Event_Log_name.evtx
  4. Click OK to the policy dialog box to save changes
  5. Repeat the steps above for each of the Event Logs (i.e. Application, Security, Setup, and System)

13. Close the GPO and exit Group Policy Management

14. Reboot the PVS Capture VM (i.e. WP-CTXAPP-V02) and ensure the GPO was applied

To check what GPOs have been applied to a machine, complete the following:

  1. Log into the PVS Capture VM as an administrator
  2. Launch Command Prompt (Admin)
  3. Run “gpresult /r” from the command prompt
  4. Check the Computer Settings >> Applied Group Policy Objects to ensure the GPO was applied (see screenshot below as an example)

Next article…

The next article coming up in the series is: Citrix PVS 7.6 Install & Configuration Guide – Part 6: Preparing for Image Capture.

Comments

  1. Do know if there are any specific steps that need to be done when configuring PVS in seperate domain than its target devices? I found ctx134971 but it does not give any steps on regarding PVS and i didn’t find anything in the PVS support documentation. Please send me any links you may have on the topic or any advise on how to do it.

    1. Hi Jim,

      Sorry about the delay in reply, I have had some personal circumstances recently that I have had to deal with. To be honest I have never seen an implementation like that and I have never tried it myself. I think the issue you will have is that PVS manages the AD computer account for the targets, so I would say that would need to be in the same domain.

      Sorry I couldn’t be of more help
      Luca

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.