You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

13: How to install the PolicyPak Cloud Client for use in a Windows Virtual Desktop image

The goal of this article is to define the steps needed to install the PolicyPak Cloud (PPC) client on the Windows Virtual Desktop (WVD) Master Desktop Image, so that machines created using this image automatically register to the correct PPC computer (company) group or groups at startup, and then unregister from the PPC portal at shutdown.

OPTION 1: Install PPC Client at Startup and Uninstall PPC Client at shutdown.

Once logged into the WVD Master Desktop Image perform the following steps:

  1. Create a folder called "PPC Client" under the root of the C: drive on the Master Desktop Image.
  2. Download the required PolicyPak Cloud Client MSI package (version 20.5.2449.838 or higher) to the Master Desktop Image, and save it under the "C:\PPC Client" folder on the Master Desktop Image.

    The required PPC client version (20.5.2449.838 or higher) can be found within your PPC Portal at the following page https://cloud.policypak.com/ManageCustomer/UserList under the "Downloads" section, by clicking on the "Download other versions" link at the bottom of the page.

  3. On the Master Desktop Image while logged in as a local administrator, install the PolicyPak Cloud Client MSI that you saved under "C:\PPC Client", by using MSIEXEC and including the relevant JOINTOKEN string for your environment.

    For Example:
    msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN="AZAEllLPLTY9XKUA3CYO+ths=" /qn

    For more information on creating and using a JOINTOKEN to automatically assign computers to computer groups in PPC please see this video.

    OPTIONAL: Run "PPCloud /sync" from a command prompt to verify that you see the correct groups assigned. In my example I am using a JOINTOKEN for a computer group called "Testing" so I see the following when I run "PPCloud /sync".

    Note: All Computers in PPC will be members of the group "All" in addition to any other groups they are added to.

  4. Next, within the c:\PPC Client directory create 2 empty text files, one called Startup.bat and the other called shutdown.bat.
  5. Next, edit startup.bat using notepad adding the command line below, remembering to substitute the MSI name and JOINTOKEN in the example below with the corresponding values needed for your environment before saving and closing the file.

    msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN="AZAEllLPLTY9XKUA3CYO+ths=" /qn

  6. Next, edit the shutdown.bat file adding the command line below, remembering to substitute the MSI name in the example below with the corresponding value needed for your environment before saving and closing the file.

    msiexec /x "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi"

  7. Next, run "GPEDIT.MSC" and add an entry under Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) Select the startup.bat file for Startup script and select the shutdown.bat for the Shutdown script, then click "OK" to save the settings.

  8. At this point the Master Desktop image should already be registered in the PPC Portal, I recommend launching the PPC portal to verify that the machine is listed under the correct computer groups.
  9. Once this is verified, run the shutdown.bat file manually (right-click bat file and choose Run as Administrator) then verify that the PPC Client is uninstalled successfully from the Master Desktop Image machine, check under Programs and Features to make sure PolicyPak Cloud Client is not present etc. Then also check in the PPC portal, look under the All group to ensure the machine was unregistered successfully.
  10. Afterward run the startup.bat file manually (as Administrator) to reinstall the PPC client, then verify that the PPC Client is installed successfully on the Master Desktop Image machine, check under Programs and Features to make sure PolicyPak Cloud Client is present etc. Then also check in the PPC portal, look under the All group and any other groups that the machine should be listed under to ensure the machine was registered successfully.
  11. If both the install on Master Desktop Image machine and the re-register to PPC portal were successful, then perform one last test by shutting down and restarting the machine while monitoring the PPC portal to watch the machine get unregistered at shutdown and re-registered at startup. Once the machine is restarted login and run "ppcloud /sync" to verify correct groups are shown and also that sync is successful.
  12. At this point if everything worked go ahead and shutdown the Master Desktop Image machine and set as the image to be used for new WVD VMs. If any of the steps above were unsuccessful or if you need assistance with any of these steps please contact support.


OPTION 2: SYSPREP Method

Stage PPC Client on the Master Desktop Image then register PPC Client at Startup and unregister PPC Client at Shutdown. Note: Authenticated Users will be granted full control to the PPC Client service when using this method.

Once logged into the WVD Master Desktop Image perform the following steps:

  1. Create a folder called "PPC Client" under the root of the C: drive on the Master Desktop Image.
  2. Download the required PolicyPak Cloud Client MSI package (version 20.5.2449.838 or higher) to the Master Desktop Image, and save it under the "C:\PPC Client" folder on the Master Desktop Image.

    The required PPC client version (20.5.2449.838 or higher) can be found within your PPC Portal at the following page https://cloud.policypak.com/ManageCustomer/UserList under the "Downloads" section, by clicking on the "Download other versions" link at the bottom of the page.

  3. On the Master Desktop Image while logged in as a local administrator, install the PolicyPak Cloud Client MSI that you saved under "C:\PPC Client", by using MSIEXEC and including the relevant JOINTOKEN string for your environment.

    For Example:
    msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN="AZAEllLPLTY9XKUA3CYO+ths=" /qn

    For more information on creating and using a JOINTOKEN to automatically assign computers to computer groups in PPC please see this video.

  4. Next, within the c:\PPC Client directory create 2 empty text files, one called Logon.ps1 and the other called shutdown.ps1
  5. Run PowerShell ISE as Administrator then edit the C:\PPC Client\logon.ps1 file, add the following commands to the script then save the file.

    Set-ExecutionPolicy Unrestricted -force
    if (Test-netconnection -Port 443 -ComputerName cloudsvc.policypak.com -InformationAction SilentlyContinue)
    {
    Set-Service -Name PPCloudSvc -StartupType Automatic
    Start-Service -Name "PPCloudSvc"
    Get-Service PPCloudSvc | Select-Object -Property Name, StartType, Status >>"c:\PPC Client\logon.log"
    }

  6. From the same PowerShell ISE session edit C:\PPC Client\Shutdown.ps1, add the following commands to the script, remembering to substitute the JOINTOKEN in the example below with the corresponding values needed for your environment before saving and closing the file.

    Note: The text "jointoken" in the command below must be in lowercase.

    Set-ExecutionPolicy Unrestricted -force
    ppcloud /sysprep /jointoken:AZAEllLPLTY9XKUA3CYO+ths= >>"c:\PPC Client\shutdown.log"
    Set-Service -Name PPCloudSvc -StartupType Disabled
    Get-Service PPCloudSvc | Select-Object -Property Name, StartType, Status >>"c:\PPC Client\shutdown.log"

  7. Next, run "GPEDIT.MSC" and add an entry under Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) Select the shutdown.ps1 file for the PowerShell Shutdown script, then click "OK" to save the settings.

  8. While still in "GPEDIT.MSC" and add an entry under User Configuration > Windows Settings > Scripts (Logon/Logoff) Select the logon.ps1 file for the PowerShell Logon script, then click "OK" to save the settings.

  9. Next download and run Process Explorer from Sysinternals (https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer).

    Within Process Explorer select the process "PPCloudSvc.exe" then right-click and choose "Properties", on the properties screen select the "Services" tab then click on the "Permissions" button on the bottom left of the window. Under the "Security" tab click "Add" then add in the required permissions for the user, or group of users that will be using computers created from this Master Desktop image. To keep things simple, I recommend assigning "Authenticated Users" "Full Control" then clicking "Ok".

  10. If you like you can reboot the Master Desktop image machine at this point and login as a regular user account to verify that everything works, (i.e. the computer is unregistered at shutdown from the PPC portal and then re-registered after login, and shows up under the correct computer groups).
  11. At this point if everything worked go ahead and shutdown the Master Desktop Image machine and set as the image to be used for new WVD VMs. If any of the steps above were unsuccessful or if you need assistance with any of these steps please contact support
  • 883
  • 17-Aug-2020
  • 649 Views