![\"VDA](\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2019\/07\/VDA-post-install-script.gif\")
<\/a><\/figure>\n<\/div>\n\n\n<\/p>\n\n\n\n
Disable the Telemetry and VDA Ceip Services<\/strong><\/p>\n\n\n\n The Citrix Telemetry Service is essentially a service for Citrix to collect data so they can more easily see how their customers are using their product(s), which may be good in the long term, but in the short term it doesn’t add any benefit other than utilise CPU\/RAM\/bandwidth and\/or cause delays on boot at the “please wait” or “getting devices ready” points.<\/p>\n\n\n\n VDA 7.12 and newer the Customer Experience Improvement Program (CEIP) is enabled by default. To disable it, we create a registry value HKEY_LOCAL_MACHINE\\SOFTWARE\\Citrix\\Telemetry\\CEIP\\Enabled (DWORD) and set it to 0 (zero). We also disable the CitrixVDACeipService service.<\/p>\n\n\n\n References:<\/p>\n\n\n\n Disable the CtxAppVService<\/strong><\/p>\n\n\n\n The Citrix App-V component software, installed and enabled by default when you install the VDA, was removing existing App-V packages when the Citrix Desktop Service (BrokerAgent) starts prior to the release of 7.15 CU5 and 1909. Whilst there are multiple ways to potentially control this behaviour, it was easier to disable the CtxAppVService service altogether. This is no longer being used, but left here for reference.<\/p>\n\n\n\n Disable the App-V Package Cleanup<\/strong><\/p>\n\n\n\n The App-V packages deployed (pre-cached) to VDAs might be incorrectly removed from the VDAs after a reboot when the service starts. This fix introduces a registry value under “HKEY_LOCAL_MACHINE\\Software\\Citrix\\AppV\\Features” called RedundantPackageCleanup. The value was added from 7.15 CU5 and 1909 to control whether to enable or disable the clean-up. Whilst it is disabled by default, we still add the value and set it to False to ensure it remains disabled. This will reduce risk should the issue regress into new VDA releases.<\/p>\n\n\n\n Disable the Smart Card Services and Launcher<\/strong><\/p>\n\n\n\n I find that if you’re not using the services, disable them. Why have extra processes loaded and running that may cause delays at logon?<\/p>\n\n\n\n Configure the Citrix Desktop Service (BrokerAgent) Startup Type and Scheduled Task<\/strong><\/p>\n\n\n\n I configure the startup type for the Citrix Desktop Service (BrokerAgent) service, and use a script initiated by a Scheduled Task to start it. We do this because the Citrix Desktop Service (BrokerAgent) service starts and registers with the Delivery Controllers before the boot process is complete. Therefore a user can potentially launch an application during the tail end of the boot process. When this happens it potentially fails the session launch amongst other things.<\/p>\n\n\n\n The priority of the scheduled task must be set to normal to prevent it from being queued.<\/p>\n\n\n\n Refer to my article Controlling the Starting of the Citrix Desktop Service (BrokerAgent)<\/a>.<\/p>\n\n\n\n Configure the UviProcessExcludes and hook DLLs (CtxHooks)<\/strong><\/p>\n\n\n\n VDA 7.9 and above utilises Kernel APC (KAPC) Hooking as a replacement of AppInit_DLLs.\u00a0The KAPC Hooking DLL Injection Driver (CtxUvi) verifies that the hook DLLs configuration in the\u00a0registry is not changed at runtime (i.e. HKLM\\SOFTWARE\\Citrix\\CtxHook\\AppInit_DLLs\\<hook name>).\u00a0If a change to the configuration is detected, the CtxUvi driver disables itself until the next\u00a0reboot, resulting in none of the Citrix Hooks being properly loaded. So it is recommended not to\u00a0use Group Policies to control these registry keys and placing them in the master PVS\/MCS image instead. Setting UviEnabled to 1 ensures that the Citrix hooking engine, which is critical to a Citrix session, does not disable itself and cause a grey screen when trying to start a Citrix session on that machine. It can automatically disable itself if there are changes to that key structure after the CtxUvi service has started.<\/p>\n\n\n\n As defined under the $ProcessesToAdd variable, I add the following processes:\u00a0sppsvc.exe,\u00a0RAserver.exe, SelfService.exe, CtxWebBrowser.exe, Receiver.exe, msedge.exe, msedgewebview2.exe,\u00a0AcroCef.exe, RdrCEF.exe, QtWebEngineProcess.exe, chrome.exe, nacl64.exe. StartMenuExperienceHost.exe, msra.exe<\/p>\n\n\n\n The script only appends the first 14 characters of these values, or whatever values are missing, and does not duplicate or wipe an existing value or values in the list. Each VDA version may have a default list. This covers many different known issues across the VDA and process versions documented by Citrix and the various support forums.<\/p>\n\n\n\n References:<\/p>\n\n\n\n Configure the UPMEvent<\/strong><\/p>\n\n\n\n This task was driven by the great documentation from George Spiers<\/a>.<\/p>\n\n\n\n upmEvent.exe needs to run to generate Event ID 1000. This is needed for seeing the logon duration in Citrix Director. If Event ID 1000 is not generated, the logon duration is NULL in the database.<\/p>\n\n\n\n For a default location:<\/p>\n\n\n\n References:<\/p>\n\n\n\n Update the BrokerAgent.exe.config file<\/strong><\/p>\n\n\n\n I was testing a config change in a large multi-domain environment by changing the allowNtlm=”false” setting to allowNtlm=”true” in the BrokerAgent.exe.config file. Leaving the UpdateBrokerAgentConfig variable set to False will not apply this change. However, I’ve left the code in the script for future reference in case the BrokerAgent.exe.config file needs to be modified again as it took a while to figure out the best way to manipulate this XML file.<\/p>\n\n\n\n Enables the SaveRsopToFile registry value<\/strong><\/p>\n\n\n\n This checks for the SaveRsopToFile registry value, and then sets it to 1, which enables it. This addresses a bug with 7.15 LTSR CU6 [LCM-8201] with a change of security model where the rsop.gpf is either missing or 0 bytes and therefore the applied policies do not appear in Director under Session Details, providing misleading information. We apply it at post install instead of Group Policy to ensure this fix has been applied before the CitrixCseEngine (Citrix Group Policy Engine) service starts. Leaving the EnableSaveRsopToFileValue variable set to False in the script will not apply this registry change. However, I’ve left the code in the script for future reference in case there is code regression and this needs to be applied again.<\/p>\n\n\n\n Reference: https:\/\/support.citrix.com\/article\/CTX286890<\/a><\/p>\n\n\n\n Here is the \n\tVDA-PostInstall.ps1\t(1973 downloads\t)\n<\/a>\n script:<\/p>\n\n\n Enjoy!<\/p>\n","protected":false},"excerpt":{"rendered":" Updated 31st March 2026 Whilst some of these items can be excluded from the Virtual Delivery Agent (VDA) installation, checking and managing them in a post install script ensures we have consistency between all installations and VDA versions. All these actions need to take place in the base image, hence why they are managed in a … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[14,388,35,5,91,38,242],"tags":[534,563,416,535,567,566,565,564,570,617,571,569,562,848,849,896,536,568],"class_list":["post-2015","post","type-post","status-publish","format-standard","hentry","category-citrix","category-mdt","category-os-tuning","category-scripting","category-vdi","category-xenapp","category-xendesktop","tag-brokeragent","tag-brokeragent-exe-config","tag-citrix","tag-citrix-desktop-service","tag-ctxappvservice","tag-ctxuvi","tag-kapc","tag-kernel-apc","tag-post-install","tag-saversoptofile","tag-scheduled-task","tag-telemetry","tag-upmevent","tag-uvienabled","tag-uviprocesexcludes","tag-uvistatusdisabled","tag-vda","tag-vda-ceip"],"aioseo_notices":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/2015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/comments?post=2015"}],"version-history":[{"count":5,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/2015\/revisions"}],"predecessor-version":[{"id":3593,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/2015\/revisions\/3593"}],"wp:attachment":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/media?parent=2015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/categories?post=2015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/tags?post=2015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n
\n
\n
\n<#\n This script will configure some of the Citrix VDA post install tasks by:\n - Disabling the Telemetry Service\n - Disabling the VDA Ceip Service\n - Disabling the CtxAppVService (from 7.14 to 7.15 CU4\/1906)\n - Disabling the App-V Package Cleanup (from 7.15 CU5\/1909)\n - Disabling the Smart Card Services and Launcher\n - Configuring the Citrix Desktop Service (BrokerAgent) Scheduled Task\n - Configuring the UviProcessExcludes\n - Configuring the CtxHooks\n - Configuring the UPMEvent\n - Updating the BrokerAgent.exe.config file\n - Enables the SaveRsopToFile registry value if it exists\n\n Note that although some of these items can be disabled\/removed\/excluded during\n the VDA installation, actioning them here ensures we have consistency between\n installations and VDA versions.\n\n Script name: VDA-PostInstall.ps1\n Release 2.5\n Written by Jeremy Saunders (jeremy@jhouseconsulting.com) 2nd February 2018\n Modified by Jeremy Saunders (jeremy@jhouseconsulting.com) 31st March 2026\n#>\n\n#-------------------------------------------------------------\n\n# Set Powershell Compatibility Mode\nSet-StrictMode -Version 2.0\n\n# Enable verbose, warning and error mode\n$VerbosePreference = 'Continue'\n$WarningPreference = 'Continue'\n$ErrorPreference = 'Continue'\n\n$StartDTM = (Get-Date)\n\n#-------------------------------------------------------------\n\n# Set the actions this script will take...\n\n$DisableTelemetryService = $True\n$DisableVDACeipService = $True\n$DisableCtxAppVService = $False\n$DisableAppVPackageCleanup = $True\n$DisableSmartCardServicesAndLauncher = $False\n$ConfigureBrokerAgentService = $True\n$ConfigureUviProcessExcludes = $True\n$ConfigureCtxHooks = $True\n$ConfigureUPMEvent = $False\n$UpdateBrokerAgentConfig = $False\n$EnableSaveRsopToFileValue = $False\n\n#------------------------------------\n\n$Vendor = "Citrix"\n$Product = "VDA"\n$Version = "Post Install"\n$LogPS = "${env:SystemRoot}" + "\\Temp\\$Vendor $Product $Version PS Wrapper.log"\n\nStart-Transcript $LogPS\n\n# Bypass the "Open File Security Warning" dialog box.\n# For more information refer to http:\/\/support.microsoft.com\/kb\/889815\n$env:SEE_MASK_NOZONECHECKS = 1 \n\n# Get the current script path\n$ScriptPath = {Split-Path $MyInvocation.ScriptName}\n$ScriptPath = $(&$ScriptPath)\n\n# Push the current location onto a location stack and then change the current location to the location specified\nPush-Location "$ScriptPath"\n\n#------------------------------------\n\n$BrokerAgentexeExists = $False\n$ServiceExists = $False\n\nIf (TEST-PATH "${env:ProgramFiles}\\Citrix\\Virtual Desktop Agent\\BrokerAgent.exe") {\n $BrokerAgentexeExists = $True\n write-verbose "The Citrix `"BrokerAgent.exe`" executable was found" -verbose\n} else {\n write-warning "The Citrix `"BrokerAgent.exe`" executable does not exist" -verbose\n}\nif (Get-Service -Name "BrokerAgent" -ErrorAction SilentlyContinue) {\n $ServiceExists = $True\n write-verbose "The `"Citrix Desktop Service`" service was found" -verbose\n} else {\n write-warning "The `"Citrix Desktop Service`" service does not exist" -verbose\n}\n\nIf ($BrokerAgentexeExists -eq $False -AND $ServiceExists -eq $False) {\n write-warning "No actions will be performed." -verbose\n $DisableTelemetryService = $False\n $DisableVDACeipService = $False\n $DisableCtxAppVService = $False\n $DisableAppVPackageCleanup = $False\n $DisableSmartCardServicesAndLauncher = $False\n $ConfigureBrokerAgentService = $False\n $ConfigureUviProcessExcludes = $False\n $ConfigureCtxHooks = $False\n $ConfigureUPMEvent = $False\n $UpdateBrokerAgentConfig = $False\n $EnableSaveRsopToFileValue = $False\n}\n\n#------------------------------------\n\n# The Citrix Telemetry Service is essentially a service for Citrix to collect data so they can more easily see how\n# their customers are using their product(s), which may be good in the long term, but in the short term it doesn't\n# add any benefit other than utilise CPU\/RAM\/bandwidth and\/or cause delays on boot at the "please wait" or "getting\n# devices ready" points.\n# - https:\/\/support.citrix.com\/article\/CTX212998\n# - https:\/\/discussions.citrix.com\/topic\/379694-provisioned-server-2012-r2-images-stuck-at-getting-devices-ready\/#entry1936442\n# - https:\/\/discussions.citrix.com\/topic\/380372-vda-upgrade-cmdlet\/#entry1938844\n# Note that it defaults to "Automatic (Delayed Start)"\n# VDA 7.12 and newer the Customer Experience Improvement Program (CEIP) is enabled by default. To disable it, we create\n# a registry value HKEY_LOCAL_MACHINE\\SOFTWARE\\Citrix\\Telemetry\\CEIP\\Enabled (DWORD) and set it to 0 (zero). We also\n# disable the CitrixVDACeipService service.\n\nIf ($DisableTelemetryService -eq $True) {\n write-verbose "Disabling the Citrix Telemetry Service" -verbose\n Invoke-Command {cmd \/c sc.exe config CitrixTelemetryService start= disabled} | out-null\n}\nIf ($DisableVDACeipService -eq $True) {\n write-verbose "Disabling the Citrix CEIP Service for VDA Service" -verbose\n Invoke-Command {cmd \/c sc.exe config CitrixVDACeipService start= disabled} | out-null\n $Path = "HKLM:\\SOFTWARE\\Citrix\\Telemetry\\CEIP"\n $KeyExists = $False\n $ErrorActionPreference = "stop"\n try {\n Get-Item -Path "$Path" | Out-Null\n $KeyExists = $true\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ($KeyExists -eq $False) {\n New-Item -Path "$path" -Force | Out-Null\n }\n write-verbose "Disabling the Citrix CEIP automatic enrolment" -verbose\n Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Citrix\\Telemetry\\CEIP" -Name Enabled -Type DWORD -Value 0 -Force\n}\n\n# Possible results using the sc.exe command line tool:\n# [SC] ChangeServiceConfig SUCCESS\n# [SC] OpenSCManager FAILED 5: Access is denied.\n# [SC] OpenSCManager FAILED 1722: The RPC server is unavailable." --> Computer shutdown\n# [SC] OpenService FAILED 1060: The specified service does not exist as an installed service." --> Service not installed\n\n#------------------------------------\n\n# The Citrix App-V component software, installed and enabled by default when you install the VDA, was removing existing App-V packages\n# when the Citrix Desktop Service (BrokerAgent) starts prior to the release of 7.15 CU5 and 1909. Whilst there are multiple ways to\n# potentially control this behaviour, it was easier to disable the CtxAppVService service altogether. This is no longer being used,\n# but left here for reference.\n\nIf ($DisableCtxAppVService -eq $True) {\n write-verbose "Disabling the CtxAppVService Service" -verbose\n Invoke-Command {cmd \/c sc.exe config CtxAppVService start= disabled} | out-null\n}\n\n#------------------------------------\n\n# The App-V packages deployed (pre-cached) to VDAs might be incorrectly removed from the VDAs after a reboot when the service starts.\n# This fix introduces a registry value under "HKEY_LOCAL_MACHINE\\Software\\Citrix\\AppV\\Features" called RedundantPackageCleanup.\n# The value was added from 7.15 CU5 and 1909 to control whether to enable or disable the clean-up. Whilst it is disabled by default,\n# we still add the value and set it to False to ensure it remains disabled. This will reduce risk should the issue regress into new\n# VDA releases.\n\nIf ($DisableAppVPackageCleanup -eq $True) {\n write-verbose "Disabling the automatic cleanup of App-V packages" -verbose\n $Path = "HKLM:\\Software\\Citrix\\AppV\\Features"\n $KeyExists = $False\n $ErrorActionPreference = "stop"\n try {\n Get-Item -Path "$Path" | Out-Null\n $KeyExists = $true\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ($KeyExists -eq $False) {\n New-Item -Path "$path" -Force | Out-Null\n }\n write-verbose "Disabling the Citrix CEIP automatic enrolment" -verbose\n Set-ItemProperty -Path "HKLM:\\Software\\Citrix\\AppV\\Features" -Name "RedundantPackageCleanup" -Type STRING -Value "False" -Force\n}\n\n#------------------------------------\n\n# Disable the Citrix Smart Card Services and and remove the Launcher from the Run key to speed up the logon process.\n# - Disable the Citrix Smart Card Certificate Propagation Service (workstation VDA only)\n# - Disable the Citrix Smart Card Removal Policy Service (workstation VDA only)\n# - Disable the Citrix Smart Card Service\n# - Remove the Citrix Virtual Smart Card launcher from the Run key.\n# It is set to the following by default:\n# - C:\\Program Files\\Citrix\\Virtual Smart Card\\Citrix.Authentication.VirtualSmartcard.Launcher.exe\n\nIf ($DisableSmartCardServicesAndLauncher -eq $True) {\n write-verbose "Disabling the Citrix Smart Card Certificate Propagation Service" -verbose\n Invoke-Command {cmd \/c sc.exe config CtxSCardCertPropSvc start= disabled} | out-null\n\n write-verbose "Disabling the Citrix Smart Card Removal Policy Service" -verbose\n Invoke-Command {cmd \/c sc.exe config CtxSCardRemovalPolicySvc start= disabled} | out-null\n\n write-verbose "Disabling the Citrix Smart Card Service" -verbose\n Invoke-Command {cmd \/c sc.exe config CtxSmartCardSvc start= disabled} | out-null\n\n write-verbose "Removing the Citrix Virtual Smart Card launcher from the Run key" -verbose\n $path = "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"\n $value = "Citrix Virtual Smart Card"\n $ValueExist = $False\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "$Path" | Select-Object -ExpandProperty "$Value") -ne $null) {\n $ValueExist = $True\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ($ValueExist) {\n Remove-ItemProperty -path "$path" -name "$value" -Force\n }\n\n}\n\n#------------------------------------\n\n# Configure the start method for the Citrix Desktop Service (BrokerAgent) service\n# We do this because the Citrix Desktop Service (BrokerAgent) service starts and registers with the Delivery Controllers before the boot\n# process is complete. Therefore a user can potentially launch an application during the tail end of the boot process. When this happens\n# it potentially fails the session launch amongst other things.\n\nIf ($ConfigureBrokerAgentService) {\n # As documented here: https:\/\/www.jhouseconsulting.com\/2019\/03\/04\/controlling-the-starting-of-the-citrix-desktop-service-brokeragent-1894\n # This implements a delay for the VDA registration process.\n\n # Copy the script into place\n $Scripts = "$env:SystemDrive\\Scripts"\n If (-not(Test-Path -Path "$Scripts")) {\n New-Item -Path "$Scripts" -ItemType Directory | Out-Null\n }\n\n # Push the current location onto a location stack and then change the current location to the location specified\n Push-Location "$ScriptPath"\n\n $CreateTask = $True\n $DisableService = $True\n If (Test-Path -path "$ScriptPath\\StartCitrixDesktopService.ps1") {\n copy-item -path ".\\StartCitrixDesktopService.ps1" -Destination "$Scripts" -Recurse -Force -Verbose\n } Else {\n $CreateTask = $False\n $DisableService = $True\n write-warning "The StartCitrixDesktopService.ps1 script is missing!" -verbose\n }\n\n # Change the current location back to the location most recently pushed onto the stack\n Pop-Location\n\n # Disable the Service\n If ($DisableService) {\n write-verbose "Set the Citrix Desktop Service (BrokerAgent) to Disabled" -verbose\n Invoke-Command {cmd \/c sc.exe config BrokerAgent start= disabled} | out-null\n }\n\n # Create the Scheduled Task\n If ($CreateTask) {\n write-verbose "Creating a Scheduled Task to start the Citrix Desktop Service (BrokerAgent) via a script" -verbose\n\n # The name of the scheduled task\n $taskName = "Start the Citrix Desktop Service"\n\n # The task description\n $taskDescription = "This task is created to enable and start the Citrix Desktop Service"\n\n # We delay the task by x minutes to give the Session Host a chance to complete it's startup process before allowing the BrokerAgent to register\n $AddDelayTrigger = $False\n $DelayedStartInMinutes = 2\n\n # The Task Action command\n #$TaskCommand = "${env:SystemRoot}\\system32\\WindowsPowerShell\\v1.0\\powershell.exe"\n $TaskCommand = @(Get-Command powershell.exe)[0].Definition\n\n # The script to be executed\n $TaskScript = "$Scripts\\StartCitrixDesktopService.ps1"\n\n # The Task Action command argument\n #$TaskArguments = '-Executionpolicy bypass -Command "& ' + " '" + $TaskScript + "'"\n $TaskArguments = '-Executionpolicy bypass -Command "& ' + " '" + $TaskScript + "'" + '"'\n\n # Create the TaskService object.\n Try {\n [Object] $service = new-object -com("Schedule.Service")\n If (!($service.Connected)){\n Try {\n $service.Connect()\n # Get a folder to create a task definition in\n # This is actually the %SystemRoot%\\System32\\Tasks folder.\n $rootFolder = $service.GetFolder("\\")\n\n # Delete the task if already present\n $ScheduledTasks = $rootFolder.GetTasks(0)\n $Task = $ScheduledTasks | Where-Object{$_.Name -eq "$TaskName"}\n If ($Task -ne $Null){\n Try {\n $rootFolder.DeleteTask($Task.Name,0)\n # 'Success'\n }\n Catch [System.Exception]{\n # 'Exception Returned'\n }\n } Else {\n # "Task Not Found"\n }\n\n # Create the new task\n $taskDefinition = $service.NewTask(0)\n\n # Create a registration trigger with a trigger type of (8) at startup\n $triggers = $taskDefinition.Triggers\n $trigger = $triggers.Create(8)\n If ($AddDelayTrigger) {\n # The delay time in minutes before the task runs once it's been triggered\n $trigger.Delay = "PT${DelayedStartInMinutes}M"\n }\n $trigger.Id = "BootTriggerId"\n $trigger.Enabled = $true\n\n # Create the action for the task to execute.\n $Action = $taskDefinition.Actions.Create(0)\n $Action.Path = $TaskCommand\n $Action.Arguments = $TaskArguments\n $Action.WorkingDirectory = ""\n\n # Register (create) the task.\n $Settings = $taskDefinition.Settings\n # Set the Task Compatibility to V2 (Windows 7\/2008R2)\n $Settings.Compatibility = 3\n # The default task priority 7 (below normal), so we set this back to normal\n $Settings.Priority = 6\n $Settings.AllowDemandStart = $true\n $Settings.StopIfGoingOnBatteries = $false\n $Settings.DisallowStartIfOnBatteries = $false\n\n $regInfo = $taskDefinition.RegistrationInfo\n $regInfo.Description = $taskDescription\n $regInfo.Author = $Env:Username\n\n # Note that the task is created as an XML file under the %SystemRoot%\\System32\\Tasks folder\n # 6 == Task Create or Update\n # 5 == A Local System, Local Service, or Network Service account is being used as a security context to run the task.\n\n $rootFolder.RegisterTaskDefinition($taskName, $taskDefinition, 6, "System", $null , 5) | out-null\n write-verbose "- Scheduled Task Created Successfully" -verbose\n $rootFolder.GetTasks(0) | Where-Object{$_.Name -eq "$TaskName"} | ForEach-Object {\n write-verbose "- Disabled task" -verbose\n $_.Enabled = $False\n }\n }\n Catch [System.Exception]{\n write-warning "- Scheduled Task Creation Failed" -verbose\n }\n }\n }\n Catch [System.Exception]{\n write-warning "- Scheduled Task Creation Failed" -verbose\n }\n }\n} Else {\n If ($ServiceExists) {\n write-verbose "Set the Citrix Desktop Service (BrokerAgent) service to Automatic (Delayed Start)" -verbose\n # This will delay the VDA Registration after a reboot so that it will start about 2 minutes after the last "Automatic" service has started.\n Invoke-Command {cmd \/c sc.exe config BrokerAgent start= delayed-auto} | out-null\n }\n}\n\n#------------------------------------\n\n# XenDesktop\/XenApp VDA 7.9 and above utilises Kernel APC Hooking as a replacement of AppInit_DLLs.\n# The KAPC Hooking DLL Injection Driver (CtxUvi) verifies that the hook DLLs configuration in the\n# registry is not changed at runtime (i.e. HKLM\\SOFTWARE\\Citrix\\CtxHook\\AppInit_DLLs\\<hook name>).\n# If a change to the configuration is detected, the CtxUvi driver disables itself until the next\n# reboot, resulting in none of the Citrix Hooks being properly loaded. So it is recommended not to\n# use Group Policies to control these registry keys and placing them in the master PVS\/MCS image.\n\n# As defined under the $ProcessesToAdd variable, I add the following processes: sppsvc.exe,\n# RAserver.exe, SelfService.exe, CtxWebBrowser.exe, Receiver.exe, msedge.exe, msedgewebview2.exe,\n# AcroCef.exe, RdrCEF.exe, QtWebEngineProcess.exe, chrome.exe, nacl64.exe, StartMenuExperienceHost.exe\n\n# The script only appends the first 14 characters of these values, or whatever values are missing,\n# and does not duplicate or wipe an existing value or values in the list. Each VDA version may have\n# a default list. This covers many different known issues across the VDA and process versions\n# documented by Citrix and the various support forums.\n\n# References:\n# - https:\/\/support.citrix.com\/article\/CTX220418\n# - https:\/\/support.citrix.com\/article\/CTX226605\n# - https:\/\/support.citrix.com\/article\/CTX223973\n# - https:\/\/support.citrix.com\/article\/CTX465105\n# - https:\/\/support.citrix.com\/external\/article\/CTX581047\/the-rightclick-does-not-work-on-the-star.html\n# - https:\/\/support.citrix.com\/external\/article\/CTX692398\/start-menu-may-stop-responding-if-decemb.html\n\nIf ($ConfigureUviProcessExcludes) {\n\n $ProductVersion = (Get-Item "${env:ProgramFiles}\\Citrix\\Virtual Desktop Agent\\BrokerAgent.exe").VersionInfo.ProductVersion\n [int]$ProductVersionMajor = $ProductVersion.Split('.')[0]\n [int]$ProductVersionMinor = $ProductVersion.Split('.')[1]\n $ContainsGPU = $False\n Try {\n $ContainsGPU = ((Get-WmiObject -Query "SELECT * FROM Win32_PNPEntity WHERE DEVICEID LIKE '%VEN_10DE%'").Manufacturer -eq "NVIDIA")\n }\n Catch {\n #\n }\n $ProductType = (Get-WMIObject Win32_OperatingSystem).ProductType\n\n If (($ProductVersionMajor -eq 7 -AND $ProductVersionMinor -ge 9) -OR $ProductVersionMajor -gt 7) {\n # Prevent the CtxUvi Driver disabling.\n Set-ItemProperty -Path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\CtxUvi" -Name "UviEnabled" -Value 1 -Type DWord -Force\n Set-ItemProperty -Path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\CtxUvi" -Name "UviStatusDisabled" -Value 0 -Type DWord -Force\n\n # Add a list of processes to the UviProcesExcludes registry value under the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CtxUvi\n # Add the full process here, but the code will only add the first 14 characters to the UviProcesExcludes registry value.\n $ProcessesToAdd = @("sppsvc.exe","RAserver.exe","SelfService.exe","CtxWebBrowser.exe","Receiver.exe","msedge.exe","msedgewebview2.exe","AcroCef.exe","RdrCEF.exe","QtWebEngineProcess.exe","chrome.exe","nacl64.exe","StartMenuExperienceHost.exe")\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\CtxUvi" | Select-Object -ExpandProperty "UviProcessExcludes") -ne $null) {\n $UviProcessExcludes = (Get-ItemProperty -Path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\CtxUvi" -Name "UviProcessExcludes").UviProcessExcludes\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n $AddUviProcessExcludes = $False\n write-verbose "Checking the UviProcessExcludes value..." -verbose\n If (!([String]::IsNullOrEmpty($UviProcessExcludes))) {\n write-verbose "- The current values are: `"$UviProcessExcludes`"" -verbose\n ForEach ($ProcessToAdd in $ProcessesToAdd) {\n If ($ProcessToAdd.Length -gt 14) {\n $ProcessToAdd = $ProcessToAdd.SubString(0,14)\n }\n If ($UviProcessExcludes -like "*$ProcessToAdd*") {\n write-verbose "- The $ProcessToAdd process has already been added" -verbose\n } Else {\n write-verbose "- The $ProcessToAdd process is being added to the string" -verbose\n $UviProcessExcludes = $UviProcessExcludes + $ProcessToAdd + ";"\n $AddUviProcessExcludes = $True\n }\n }\n } Else {\n ForEach ($ProcessToAdd in $ProcessesToAdd) {\n If ($ProcessToAdd.Length -gt 14) {\n $ProcessToAdd = $ProcessToAdd.SubString(0,14)\n }\n $AddUviProcessExcludes = $True\n If ([String]::IsNullOrEmpty($UviProcessExcludes)) {\n $UviProcessExcludes = $ProcessToAdd + ";"\n } Else {\n $UviProcessExcludes = $UviProcessExcludes + $ProcessToAdd + ";"\n }\n }\n }\n If ($AddUviProcessExcludes) {\n write-verbose "- Setting the new values: `"$UviProcessExcludes`"" -verbose\n Set-ItemProperty -path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\CtxUvi" -name "UviProcessExcludes" -value "$UviProcessExcludes" -Type STRING -Force\n }\n }\n}\n\nIf ($ConfigureCtxHooks) {\n If ($ContainsGPU -AND $ProductType -eq 3) {\n Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Citrix\\CtxHook\\AppInit_Dlls\\Graphics Helper" OpenCL -Value 1 -Type DWord -Force\n Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Wow6432Node\\Citrix\\CtxHook\\AppInit_Dlls\\Graphics Helper" OpenCL -Value 1 -Type DWord -Force\n Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Citrix\\CtxHook\\AppInit_Dlls\\Graphics Helper" CUDA -Value 1 -Type DWord -Force\n Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Wow6432Node\\Citrix\\CtxHook\\AppInit_Dlls\\Graphics Helper" CUDA -Value 1 -Type DWord -Force\n Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Citrix\\CtxHook\\AppInit_DLLs\\Multiple Monitor Hook" EnableWPFHook -Value 1 -Type DWord -Force\n Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Wow6432Node\\Citrix\\CtxHook\\AppInit_DLLs\\Multiple Monitor Hook" EnableWPFHook -Value 1 -Type DWord -Force\n }\n}\n\n#------------------------------------\n\n# This task was driven by the great documentation from George Spiers (https:\/\/www.jgspiers.com\/).\n# upmEvent.exe needs to run to generate Event ID 1000. This is needed for seeing the logon duration in\n# Citrix Director. If Event ID 1000 is not generated, the logon duration is NULL in the database.\n\n# For a default location:\n# - VDA 7.15 and lower it is under the run key, which was a bad idea as documented by George, so we move\n# the Citrix UPMEvent.exe process from the 'Run' key to a Scheduled Task so that it starts up faster\n# and improves the logon time as recorded in Citrix Director. We also append the .exe to the upmEvent\n# process to avoid quirky issues where the file cannot be found. One added configuration process I do\n# here is set the priority of the scheduled task to normal.\n# - VDA 7.16 to 7.18 it is under the userinit key. This change results in upmEvent.exe running much\n# quicker than previous versions because Citrix have allowed Winlogon to run the .exe, moving\n# upmEvent.exe away from the Run registry key.\n# - VDA 1808 and above the upmEvent is processed by the Citrix Profile Management service. So if it\n# exists under the Run registry key, a logon script or Scheduled Task, it should be removed. If not,\n# it can create a timing conflict (race condition) where it may result with a logon session getting\n# stuck with a black screen.\n\n# References:\n# - https:\/\/www.jgspiers.com\/citrix-director-reduce-logon-times\/\n# - https:\/\/www.jgspiers.com\/reduce-citrix-director-interactive-session-ti\n\nIf ($ConfigureUPMEvent) {\n\n $ProductVersion = (Get-Item "${env:ProgramFiles}\\Citrix\\Virtual Desktop Agent\\BrokerAgent.exe").VersionInfo.ProductVersion\n [int]$ProductVersionMajor = $ProductVersion.Split('.')[0]\n [int]$ProductVersionMinor = $ProductVersion.Split('.')[1]\n\n $AddToUserinit = $True\n\n $upmEventEXE = "${env:ProgramFiles}\\Citrix\\Virtual Desktop Agent\\upmEvent.exe"\n\n If (TEST-PATH "$upmEventEXE") {\n\n $path = "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"\n $value = "Citrix UPM UserMsg"\n $ValueExist = $False\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "$Path" | Select-Object -ExpandProperty "$Value") -ne $null) {\n $ValueExist = $True\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ($ValueExist) {\n write-verbose "Removing `"Citrix UPM UserMsg`" (upmEvent.exe) from the Run key" -verbose\n Remove-ItemProperty -path "$path" -name "$value" -Force\n }\n\n If ($ProductVersionMajor -eq 7 -AND ($ProductVersionMinor -ge 15 -AND $ProductVersionMinor -lt 19)) {\n\n If ($AddToUserinit) {\n write-verbose "Adding the upmEvent.exe process to the Userinit registry value" -verbose\n # Add the upmEvent.exe to the Userinit value.\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" | Select-Object -ExpandProperty "Userinit") -ne $null) {\n $Userinit = (Get-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" -Name "Userinit").Userinit\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n\n $AddUserinit = $True\n write-verbose "Checking the Userinit value..." -verbose\n If ($Userinit -ne $Null -AND $Userinit -ne "") {\n write-verbose "- The current values are: `"$Userinit`"" -verbose\n If ($Userinit -like "*upmEvent*") {\n write-verbose "- The upmEvent.exe process has already been added" -verbose\n $AddUserinit = $False\n } Else {\n $Userinit = $Userinit + "$upmEventEXE wait,"\n }\n } Else {\n $Userinit = "$upmEventEXE wait,"\n }\n If ($AddUserinit) {\n write-verbose "- Setting the new values: `"$Userinit`"" -verbose\n Set-ItemProperty -path "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" -name "Userinit" -value "$Userinit" -Type STRING -Force\n }\n\n } Else {\n\n write-verbose "Creating a Scheduled Task to start the upmEvent.exe process" -verbose\n\n # The name of the scheduled task\n $TaskName = "Citrix UPMEvent"\n\n # The task description\n $TaskDescription = "We move the Citrix UPMEvent.exe process from the 'Run' key to a Scheduled Task so that it starts up faster and improves the logon time as recorded in Citrix Director."\n\n # The Task Action command\n $TaskCommand = """${env:ProgramFiles}\\Citrix\\Virtual Desktop Agent\\upmEvent.exe"""\n\n # The Task Action command argument\n $TaskArguments = "wait"\n\n # Create the TaskService object.\n Try {\n [Object] $service = new-object -com("Schedule.Service")\n If (!($service.Connected)){\n Try {\n $service.Connect()\n\n # Get a folder to create a task definition in\n # This is actually the %SystemRoot%\\System32\\Tasks folder.\n $rootFolder = $service.GetFolder("\\")\n\n # Delete the task if already present\n $ScheduledTasks = $rootFolder.GetTasks(0)\n $Task = $ScheduledTasks | Where-Object{$_.Name -eq "$TaskName"}\n If ($Task -ne $Null){\n Try {\n $rootFolder.DeleteTask($Task.Name,0)\n # 'Success'\n }\n Catch [System.Exception]{\n # 'Exception Returned'\n }\n } Else {\n # "Task Not Found"\n }\n\n # Create the new task\n $taskDefinition = $service.NewTask(0)\n\n # Create a registration trigger with a trigger type of (9) LogonTrigger\n $triggers = $taskDefinition.Triggers\n $trigger = $triggers.Create(9)\n $trigger.ExecutionTimeLimit = "PT30M"\n $trigger.Enabled = $true\n\n # Create the action for the task to execute.\n $Action = $taskDefinition.Actions.Create(0)\n $Action.Path = $TaskCommand\n $Action.Arguments = $TaskArguments\n\n $taskPrincipal = $taskDefinition.Principal\n # Must be a valid user account or group.\n # Here we use BUILTIN\\Users so that it runs for all users.\n # BUILTIN\\Users translates to a SID of S-1-5-32-545\n $taskPrincipal.GroupID = "BUILTIN\\Users"\n $taskPrincipal.RunLevel = 0\n\n # Register (create) the task.\n $Settings = $taskDefinition.Settings\n # Set the Task Compatibility to V2 (Windows 7\/2008R2)\n $Settings.Compatibility = 3\n # The default task priority 7 (below normal), so we set this back to normal\n $Settings.Priority = 6\n $Settings.AllowDemandStart = $true\n $Settings.StopIfGoingOnBatteries = $false\n $Settings.DisallowStartIfOnBatteries = $false\n\n # Note that the task is created as an XML file under the %SystemRoot%\\System32\\Tasks folder\n $regInfo = $taskDefinition.RegistrationInfo\n $regInfo.Description = $TaskDescription\n # 6 == Task Create or Update\n # 3 == LogonTypeInteractive\n $rootFolder.RegisterTaskDefinition($TaskName, $TaskDefinition, 6, '', '', 3) | Out-Null\n write-verbose "- Scheduled Task Created Successfully" -verbose\n }\n Catch [System.Exception]{\n write-warning "- Scheduled Task Creation Failed" -verbose\n }\n }\n }\n Catch [System.Exception]{\n write-warning "- Scheduled Task Creation Failed" -verbose\n }\n }\n } Else {\n # The version of BrokerAgent.exe is not in scope for this fix.\n }\n\n } Else {\n write-verbose "The `"${env:ProgramFiles}\\Citrix\\Virtual Desktop Agent\\upmEvent.exe`" executable does not exist. This" -verbose\n write-verbose "has been written to work with VDA versions 7.7 and above. Earlier version used upmUserMsg.exe included" -verbose\n write-verbose "with Citrix Profile Management located under the `"${env:ProgramFiles}\\Citrix\\User Profile Manager`"" -verbose\n write-verbose "folder instead of UPMEvent.exe included with the VDA binaries." -verbose\n }\n}\n\n#------------------------------------\n\n# I was testing a config change in a large multi-domain environment by changing the allowNtlm="false"\n# setting to allowNtlm="true" in the BrokerAgent.exe.config file. Leaving the UpdateBrokerAgentConfig\n# variable set to False will not apply this change. However, I've left the code in the script for future\n# reference in case the BrokerAgent.exe.config file needs to be modified again as it took a while to\n# figure out the best way to manipulate this XML file.\n\nIf ($UpdateBrokerAgentConfig) {\n $filePath = "${env:ProgramFiles}\\Citrix\\Virtual Desktop Agent"\n $configFile = "BrokerAgent.exe.config"\n $setting = "allowNtlm="\n # This XML file has an unusual format. I found that the only way to successfully read it, was to not cast it as XML.\n # Reading it in using ReadAllText and StreamReader were the only two methods that would not disrupt the format.\n # Then I could simply do a string replace and writing it back out again instead of managing is via the XML nodes and elements.\n $invalidChars = [io.path]::GetInvalidFileNamechars() \n $datestampforfilename = ((Get-Date -format s).ToString() -replace "[$invalidChars]","-")\n $Reader = new-object System.IO.StreamReader("$filePath\\$configFile")\n $content = @()\n While (-not $Reader.EndOfStream) {\n $line = $Reader.ReadLine()\n If ($line -match ([regex]::Escape($setting))) {\n $content += $line.replace("false", "true")\n } Else {\n $content += $line\n }\n }\n $Reader.Close()\n $Reader.Dispose()\n $Writer = new-object System.IO.StreamWriter("$filePath\\$configFile.tmp")\n $Writer.Write(($content | Out-String))\n $Writer.Close()\n $Writer.Dispose()\n Get-ChildItem -path "$filePath\\" | where {$_.Name -eq "$configFile"} | Rename-Item -newname ("$filePath\\$configFile" + "_" + "$datestampforfilename") -force\n Get-ChildItem -path "$filePath\\" | where {$_.Name -eq "$configFile.tmp"} | Rename-Item -newname ("$filePath\\$configFile") -force\n}\n\n#------------------------------------\n\n# This checks for the SaveRsopToFile registry value, and then sets it to 1, which enables it. This\n# addresses a bug with 7.15 LTSR CU6 [LCM-8201] with a change of security model where the rsop.gpf\n# is either missing or 0 bytes and therefore the applied policies do not appear in Director under\n# Session Details, providing misleading information. We apply it at post install instead of Group\n# Policy to ensure this fix has been applied before the CitrixCseEngine (Citrix Group Policy Engine)\n# service starts. Leaving the EnableSaveRsopToFileValue variable set to False in the script will not\n# apply this registry change. However, I've left the code in the script for future reference in case\n# there is code regression and this needs to be applied again.\n# Reference: https:\/\/support.citrix.com\/article\/CTX286890\n\nIf ($EnableSaveRsopToFileValue) {\n $SaveRsopToFileValueExist = $False\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "HKLM:\\SOFTWARE\\Citrix\\GroupPolicy" | Select-Object -ExpandProperty "SaveRsopToFile") -ne $null) {\n $SaveRsopToFileValueExist = $True\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ($SaveRsopToFileValueExist) {\n write-verbose "Enabling the SaveRsopToFile registry value" -verbose\n Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Citrix\\GroupPolicy" -Name SaveRsopToFile -Type DWORD -Value 1 -Force\n } Else {\n write-verbose "The SaveRsopToFile registry value does not exist" -verbose\n }\n}\n\n#------------------------------------\n\n# Change the current location back to the location most recently pushed onto the stack, which will be defined by the $ScriptPath variable\nPop-Location\n\n# Enable File Security \nRemove-Item env:\\SEE_MASK_NOZONECHECKS \n\nWrite-Verbose "Stop logging" -Verbose\n$EndDTM = (Get-Date)\nWrite-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose\nWrite-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose\nStop-Transcript\n<\/pre><\/div>\n\n\n