Lab 13: Setup a group policy for desktops with ADMX templates

Objective and Task:

In this lab, you will deploy the ADMX administrative templates that are supplied as part of the Horizon 8 downloads to domain controllers. You will use them to create a Group Policy Object (GPO) to manage desktop configurations.

  1. Add the ADMX templates to Active Directory.
  2. Create a Group Policy Object (GPO).
  3. Configure the GPO with Horizon Agent for Windows policy settings.
  4. Link the GPO to an Organizational Unit (OU).
Expand or collapse content Task 1: Add the ADMX templates to Active Directory

Locate the ADMX template files in the Resources folder, and copy them to the Central Store on the domain controllers, where ADMX templates are stored for centralized management. In this lab the ControlCenter VM is also your domain controller.

  1. Login to the ControlCenter VM.
    • Username: administrator
    • Password : Pa$$w0rd
  2. Locate the ADMX template files.
    • Open File Explorer on the task bar at the bottom.
    • Select the Resources (S:) drive.
    • Browse to S:\Software\Horizon_2512
    • Locate the file Omnissa-Horizon-Extras-Bundle-2512-8.17.0-XXXXX.zip

You will copy the Horizon Extras Bundle zip file to a local folder on the Domain Controller and extract it there. That minimizes Windows file security checks that, in some environments, can prevent copying files from a network share to the domain repository.

  1. Extract the ADMX templates files from the zip file
    • Copy the file Omnissa-Horizon-Extras-Bundle-2512-8.17.0-XXXXX.zip for the Downloads folder on your ControlCenter.
    • Right-click the zip file in the Downloads folder, select Extract All... and then click Extract.
  2. Copy the ADMX files (these are the actual template files).
    • Navigate to extracted folder that was created in the Downloads folder
    • Select all of files (Do not select the folders).
    • Right-click and select Copy.
  3. Paste the ADMX files into the domain ADMX repository
    • Use Windows Explorer to navigate to the ADMX repository (open this in a new tab or Window) C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions
    • Right-click in the folder and select Paste.
  4. Copy ADML files (these are the language specific help files).
    • Navigate to en-US folder that is in the extracted folder that was created in Downloads.
    • Select all of files.
    • Right-click and select Copy.
  5. Paste the ADML files into the domain repository language folder
    • Use Windows Explorer to navigate to the ADMX repository C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-US
    • Right-click in the folder and select Paste.

If prompted for Replace or Skip files, select Replace the files in the destination.

If your Windows Server uses a language other than English, you would copy the ADML files from the appropriate language folder of the extracted zip file to the corresponding language folder in the domain repository.

In a production environment you would normally have multiple domain controllers and would need to wait for SYSVOL replication to complete (typically 5-15 minutes) before the template files are available on other domain controllers.

Expand or collapse content Task 2: Create a Group Policy Object (GPO)

Outlines the steps to create and configure a new Group Policy Object (GPO).

  1. On the ControlCenter, open the Active Directory Group Policy Management console
    • Use Windows > Server Manager.
    • Use the Tools menu in the top-right, and select Group Policy Management.
  2. Navigate to the Group Policy Objects folder.
    • Navigate to Group Policy Management > Forest: Omnissatraining.com > Domains > omnissatraining.com > Group Policy Objects
  3. Create a new GPO.
    • Right-click on Group Policy Objects and select New.
    • Enter Horizon Agent Policy for the Name.
    • Leave Source Starter GPO as (none)
    • Click OK.
  4. Edit the GPO.
    • Right-click on the newly created GPO Horizon Agent Policy
    • Select Edit
    • The Group Policy Management Editor window opens.
  5. Verify that the Horizon Agent Policy settings are available.
    • For Computer settings, navigate to: Computer Configuration > Policies > Administrative Templates > Omnissa Horizon Agent Configuration
    • For User settings, navigate to: User Configuration > Policies > Administrative Templates > Omnissa Horizon Agent Configuration

You will notice that there are multiple Omnissa Horizon administrative templates available in the Group Policy Editor. Feel free to explore the settings and configurations that are available.

Expand or collapse content Task 3: Configure Agent Policy Settings

There are many settings and configuration options available in the ADMX templates. In this lab you will focus on the Horizon Agent configuration, and set a few example settings.

  1. Navigate to the Horizon Agent Configuration selections for Computer objects.
    • Navigate to Computer Configuration > Policies > Administrative Templates > Omnissa Horizon Agent Configuration.
    • Double click on Agent Configuration in the right-hand pane, to expand it.
  2. Enable Screen-capture Blocking.
    • Right click on Screen-capture Blocking in the right-hand pane, and select Edit.
    • Select Enabled.
    • Click OK.
  3. To configure file transfer.
    • Use the left-hand menu to navigate to Navigate to Computer Configuration > Policies > Administrative Templates > Omnissa Horizon Agent Configuration > Clipboard Redirection.
    • Right click on Configure File Transfer in the right-hand pane, and select Edit.
    • Select Enabled.
    • Under Options, select Enabled both upload and download.
    • Click OK.
  4. Close the Group Policy Management Editor.

Although in this lab you only configured computer settings, you can also apply user configuration in the GPO. When setting user level GPO settings, it is often useful to use GPO loopback processing mode. This is a Group Policy feature that applies user-side policies based on  the computer a user logs into, rather than the user's own location in Active Directory. For more information, see the Microsoft website.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.