Citrix Endpoint Management

Windows GPO Configuration device policy

The Windows GPO Configuration device policy allows you to:

  • Use the Endpoint Management console to import Group Policy Objects (GPOs) and deploy them to Windows 10 devices.
  • Configure GPOs for any Windows device supported by Citrix Workspace Environment Management.
  • Configure GPOs at a device and user level.

Import GPOs for deployment to Windows 10 devices

Rather than relying on an AD administrator to use the Group Policy Management console to manage GPOs, you can import and deploy GPOs through the Endpoint Management console.

To create a backup of your GPOs in Endpoint Management:

  1. Request that your AD administrator export GPOs from the Group Policy Management console and provide the files to you.
  2. In the Endpoint Management console, go to Configure > Device Policies and create a Windows GPO Configuration policy.
  3. Click Upload, locate the file, and then click Open to import the file.

    Device Policies configuration screen

    For information about configuring GPOs, see in this article, Windows desktop and tablet settings.

Configure GPOs for deployment to Citrix Workspace Environment Management

The Windows GPO Configuration device policy allows you to configure GPOs for any Windows device supported by Citrix Workspace Environment Management (WEM). Endpoint Management pushes the policies to the Citrix WEM service. The WEM service then applies the GPOs to devices and their apps by using the WEM agent installed on devices.

For information about installing the Workspace Environment Management agent, see Install and configure.

This policy uses all Windows OS ADMX files. If you want to upload a third-party ADMX file, use the App Configuration device policy. For more information on uploading third-party ADMX files, see Application Configuration device policy.

  • You can push GPO configurations to any device that WEM supports, even if Endpoint Management doesn’t support the device natively. For a list of the devices supported, see Operating System requirements.
  • This policy requires that a device has the WEM agent installed and configured. There is no need to MDM or MAM enroll the devices.
  • Endpoint Management pushes GPO settings through the WEM channel. (Microsoft doesn’t support pushing device-level settings through the MDM channel.) Devices which receive the Windows GPO Configuration device policy run in the Endpoint Management mode called WEM. In the Manage > Devices list of enrolled devices, the Mode column for WEM-managed devices lists WEM.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

Windows desktop and tablet settings

This policy allows you to configure GPOs at a device and user level.

Device Policies configuration screen

Select and configure the Windows GPO to deploy to your Windows devices. You can modify Device Configuration and User Configuration. Policies are listed in a tree structure. Click All Settings to display every setting. For information about the settings, download a GPO reference sheet from Microsoft.

To configure a setting, you first enable it. During configuration, Endpoint Management auto-saves the changes so that those settings persist. If you try to leave the page before a setting has been saved, a pop-up message indicates that there are unsaved changes.

If a setting has two options, a radio button selection appears. With more than two options, a menu appears.

Note:

If you need to check which settings you configured, you can do the following.

  1. In the Endpoint Management console, open the Windows GPO Configuration policy you want to edit.
  2. Under Devices or Users, select All Settings.
  3. Sort the table by Status, ascending. All unconfigured policies have the status Not Configured. The policies you configure are listed at the top.

Windows GPO Configuration device policy