The goal of this article is to define the steps needed to install the PolicyPak Cloud (PPC) client on the Azure Virtual Desktop (AVD) Master Desktop Image so that machines created using this image automatically register to the correct PPC computer (company) group or groups at startup, and then unregister from the PPC portal at shutdown.
Stage PPC Client on the Master Desktop Image then register PPC Client at Startup and unregister PPC Client at Shutdown.
Note: For Persistent VMs skip the "Unregister PPC Client at shutdown" section (steps 4-7) as they are not needed for Persistent VMs.
Once logged into the Master Desktop Image perform the following steps:
Download the required PolicyPak Cloud Client MSI package (version 20.5.2449.838 or higher) to the Master Desktop Image, and save it under the "C:\PPC Client" folder on the Master Desktop Image.
The required PPC client version (20.5.2449.838 or higher) can be found within your PPC Portal at the following page https://cloud.policypak.com/ManageCustomer/UserList under the "Downloads" section, by clicking on the "Download other versions" link at the bottom of the page.
On the Master Desktop Image while logged in as a local administrator, install the PolicyPak Cloud Client MSI that you saved under "C:\PPC Client", by using MSIEXEC and including the relevant JOINTOKEN string for your environment.
For Example:
msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN=" AZAEllLPLTY9XKUA3CYO+ths=" /qn
For more information on creating and using a JOINTOKEN to automatically assign computers to computer groups in PPC please see this video KB: https://kb.policypak.com/kb/article/911-policypak-cloud-automatically-join-groups-with-jointoken/
Note: For Persistent VMs skip steps 4-7 below.
Unregister PPC Client at shutdown (required for Non-Persistent VMs):
Run PowerShell ISE as Administrator then edit the C:\PPC Client\Shutdown.ps1 file, add the following commands to the script then save the file.
Set-ExecutionPolicy Unrestricted -force
PPCloud.exe /sysprep /nextstartwhenuserlogsin /JOINTOKEN:AZAEllLPLTY9XKUA3CYO+ths=
Tip: To see details on PPCloud.exe switches run "PPCloud /?" from CMD.
Next, run "GPEDIT.MSC" and add an entry under Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) Select the shutdown.ps1 file for the PowerShell Shutdown script, then click "OK" to save the settings.
Once logged into the Master Desktop Image perform the following steps:
Download the required PolicyPak Cloud Client MSI package (version 20.5.2449.838 or higher) to the Master Desktop Image, and save it under the "C:\PPC Client" folder on the Master Desktop Image.
The required PPC client version (20.5.2449.838 or higher) can be found within your PPC Portal at the following page https://cloud.policypak.com/ManageCustomer/UserList under the "Downloads" section, by clicking on the "Download other versions" link at the bottom of the page.
On the Master Desktop Image while logged in as a local administrator, install the PolicyPak Cloud Client MSI that you saved under "C:\PPC Client", by using MSIEXEC and including the relevant JOINTOKEN string for your environment.
For Example:
msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN="AZAEllLPLTY9XKUA3CYO+ths=" /qn
For more information on creating and using a JOINTOKEN to automatically assign computers to computer groups in PPC please see this video KB: https://kb.policypak.com/kb/article/911-policypak-cloud-automatically-join-groups-with-jointoken/
OPTIONAL: Run "PPCloud /sync" from a command prompt to verify that you see the correct groups assigned. In my example I am using a JOINTOKEN for a computer group called "Testing" so I see the following when I run "PPCloud /sync".
Note: All Computers in PPC will be members of the group "All" in addition to any other groups they are added to.
Next, edit startup.bat using notepad adding the command line below, remembering to substitute the MSI name and JOINTOKEN in the example below with the corresponding values needed for your environment before saving and closing the file.
msiexec /i "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi" JOINTOKEN="AZAEllLPLTY9XKUA3CYO+ths=" /qn
Next, edit the shutdown.bat file adding the command line below, remembering to substitute the MSI name in the example below with the corresponding value needed for your environment before saving and closing the file.
msiexec /x "C:\PPC Client\PolicyPak Cloud Client for [Customer name] x64.msi"
Next, run "GPEDIT.MSC" and add an entry under Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) Select the startup.bat file for Startup script and select the shutdown.bat for the Shutdown script, then click "OK" to save the settings.
If you receive the following error message below, please revisit Option 1 or Option 2 above and ensure that you have followed all steps exactly.
Could not sync with the cloud.
A network error occurred during sending RegisterComputer to https://cloudsvc.policypak.com/Services/Registration:
Keyset does not exist.
If you receive a blank screen at login on the Master image machine or VDI, you can try logging out and back in, or you can try the following to see if it resolves the issue.
Using GPEDIT.MSC verify that the following setting "Run startup scripts asynchronously" is enabled under Local Computer Policy > Administrative Templates > System.