13: How to install the PolicyPak Cloud Client for use in an Azure Virtual Desktop image

The goal of this article is to define the steps needed to install the PolicyPak Cloud (PPC) client on the Azure Virtual Desktop (AVD) Master Desktop Image so that machines created using this image automatically register to the correct PPC computer (company) group or groups at startup, and then unregister from the PPC portal at shutdown.

OPTION 1: SYSPREP (Recommended Method)

Stage PPC Client on the Master Desktop Image then register PPC Client at Startup and unregister PPC Client at Shutdown.

Note: For Persistent VMs skip the "Unregister PPC Client at shutdown" section (steps 4-7) as they are not needed for Persistent VMs.
 

Once logged into the Master Desktop Image perform the following steps:

1. Create a folder called "PPC Client" under the root of the C: drive on the Master Desktop Image.

2. Download the required PolicyPak Cloud Client MSI package (version 20.5.2449.838 or higher) to the Master Desktop Image, and save it under the "C:\PPC Client" folder on the Master Desktop Image.

   The required PPC client version (20.5.2449.838 or higher) can be found within your PPC Portal at the following page https://cloud.policypak.com/ManageCustomer/UserList under the "Downloads" section, by clicking on the "Download other versions" link at the bottom of the page.

   

3. On the Master Desktop Image while logged in as a local administrator, install the PolicyPak Cloud Client MSI that you saved under "C:\PPC Client", by using MSIEXEC and including the relevant JOINTOKEN string for your environment.

   For Example:

   msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN=" AZAEllLPLTY9XKUA3CYO+ths=" /qn

   For more information on creating and using a JOINTOKEN to automatically assign computers to computer groups in PPC please see this video KB: https://kb.policypak.com/kb/article/911-policypak-cloud-automatically-join-groups-with-jointoken/
   
   Note: For Persistent VMs skip steps 4-7 below.

Unregister PPC Client at shutdown (required for Non-Persistent VMs):

4. Next, within the "C:\PPC Client" directory create a text file called shutdown.ps1

5. Run PowerShell ISE as Administrator then edit the C:\PPC Client\Shutdown.ps1 file, add the following commands to the script then save the file.

   Set-ExecutionPolicy Unrestricted -force
PPCloud.exe /sysprep /nextstartwhenuserlogsin /JOINTOKEN:AZAEllLPLTY9XKUA3CYO+ths=

   Tip: To see details on PPCloud.exe switches run "PPCloud /?" from CMD.

   

6. Next, run "GPEDIT.MSC" and add an entry under Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) Select the shutdown.ps1 file for the PowerShell Shutdown script, then click "OK" to save the settings.

   

7. If you like you can reboot the Master Desktop image machine at this point and login as a regular user account to verify that everything works, (i.e., the computer is unregistered at shutdown from the PPC portal and then re-registered at login, and also shows up under the correct computer groups).
8. If everything worked then go ahead and Log Off of the Master Desktop Image machine and then set it as the image to be used for new AVD VMs. If any of the steps above were unsuccessful, or if you need assistance with any of these steps, please contact Support.

OPTION 2: Install PPC Client at Startup and Uninstall PPC Client at shutdown.

Once logged into the Master Desktop Image perform the following steps:

1. Create a folder called "PPC Client" under the root of the C: drive on the Master Desktop Image.

2. Download the required PolicyPak Cloud Client MSI package (version 20.5.2449.838 or higher) to the Master Desktop Image, and save it under the "C:\PPC Client" folder on the Master Desktop Image.

   The required PPC client version (20.5.2449.838 or higher) can be found within your PPC Portal at the following page https://cloud.policypak.com/ManageCustomer/UserList under the "Downloads" section, by clicking on the "Download other versions" link at the bottom of the page.

   

3. On the Master Desktop Image while logged in as a local administrator, install the PolicyPak Cloud Client MSI that you saved under "C:\PPC Client", by using MSIEXEC and including the relevant JOINTOKEN string for your environment.

   For Example:

   msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN="AZAEllLPLTY9XKUA3CYO+ths=" /qn

   For more information on creating and using a JOINTOKEN to automatically assign computers to computer groups in PPC please see this video KB: https://kb.policypak.com/kb/article/911-policypak-cloud-automatically-join-groups-with-jointoken/

   OPTIONAL: Run "PPCloud /sync" from a command prompt to verify that you see the correct groups assigned. In my example I am using a JOINTOKEN for a computer group called "Testing" so I see the following when I run "PPCloud /sync".

   

   Note: All Computers in PPC will be members of the group "All" in addition to any other groups they are added to.

4. Next, within the c:\PPC Client directory create 2 empty text files, one called Startup.bat and the other called shutdown.bat.

5. Next, edit startup.bat using notepad adding the command line below, remembering to substitute the MSI name and JOINTOKEN in the example below with the corresponding values needed for your environment before saving and closing the file.

   msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN="AZAEllLPLTY9XKUA3CYO+ths=" /qn

   

6. Next, edit the shutdown.bat file adding the command line below, remembering to substitute the MSI name in the example below with the corresponding value needed for your environment before saving and closing the file.

   msiexec /x "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi"

   

7. Next, run "GPEDIT.MSC" and add an entry under Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) Select the startup.bat file for Startup script and select the shutdown.bat for the Shutdown script, then click "OK" to save the settings.

   

   

   
    

8. At this point the Master Desktop image should already be registered in the PPC Portal, I recommend launching the PPC portal to verify that the machine is listed under the correct computer groups.
9. Once this is verified, run the shutdown.bat file manually (right-click bat file and choose Run as Administrator) then verify that the PPC Client is uninstalled successfully from the Master Desktop Image machine, check under Programs and Features to make sure PolicyPak Cloud Client is not present, etc. Then also check in the PPC portal, look under the All group to ensure the machine was unregistered successfully.
10. Afterward, run the startup.bat file manually (as Administrator) to reinstall the PPC client, then verify that the PPC Client is installed successfully on the Master Desktop Image machine, check under Programs and Features to make sure PolicyPak Cloud Client is present, etc. Then also check in the PPC portal, look under the All group and any other groups that the machine should be listed under to ensure the machine was registered successfully.
11. If both the install on the Master Desktop Image machine and the re-register to PPC portal were successful, then perform one last test by shutting down and restarting the machine while monitoring the PPC portal to watch the machine get unregistered at shutdown and re-registered at startup. Once the machine is restarted login and run "PPCloud /sync" to verify correct groups are shown and also that sync is successful.
12. At this point, if everything worked go ahead and shutdown the Master Desktop Image machine and set it as the image to be used for new AVD VMs. If any of the steps above were unsuccessful or if you need assistance with any of these steps, please contact Support.
     

Troubleshooting:

If you receive the following error message below, please revisit Option 1 or Option 2 above and ensure that you have followed all steps exactly.

Could not sync with the cloud.
A network error occurred during sending RegisterComputer to https://cloudsvc.policypak.com/Services/Registration:
Keyset does not exist.

If you receive a blank screen at login on the Master image machine or VDI, you can try logging out and back in, or you can try the following to see if it resolves the issue.

Using GPEDIT.MSC verify that the following setting "Run startup scripts asynchronously" is enabled under Local Computer Policy > Administrative Templates > System.