Windows GPO Configuration device policy


For this policy to appear in the Citrix Endpoint Management console, provision a Citrix Workspace Environment Management site in Citrix Cloud. Citrix enables this policy automatically. This process may take up to 4 hours.

The Windows GPO Configuration device policy allows you to configure Group Policy Objects (GPOs) for any Windows device supported by Citrix Workspace Environment Management. Endpoint Management pushes the policies to the Citrix Workspace Environment Management (WEM) service. The WEM service then applies the GPOs to devices and their apps by using the WEM agent installed on devices. For information about installing the Workspace Environment Management agent, see Install and configure.

This policy uses all Windows OS ADMX files. If you want to upload a third-party ADMX file, use the App Configuration device policy. For more information on uploading third-party ADMX files, see Application Configuration device policy.

  • You can push GPO configurations to any device that WEM supports, even if Endpoint Management doesn’t support the device natively. For a list of the devices supported, see Operating System requirements.
  • This policy requires that a device has the WEM agent installed and configured. There is no need to MDM or MAM enroll the devices.
  • Endpoint Management pushes GPO settings through the WEM channel. (Microsoft doesn’t support pushing device-level settings through the MDM channel.) Devices which receive the Windows GPO Configuration device policy run in the Endpoint Management mode called WEM. In the Manage > Devices list of enrolled devices, the Mode column for WEM-managed devices lists WEM.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

Windows desktop and tablet settings

This policy allows you to configure GPOs at a device and user level.

Device Policies configuration screen

Select and configure the Windows GPO to deploy to your Windows devices. You can modify Device Configuration and User Configuration. Policies are listed in a tree structure. Click All Settings to display every setting. For information about the settings, download a GPO reference sheet from Microsoft.

To configure a setting, you first enable it. During configuration, Endpoint Management auto-saves the changes so that those settings persist. If you try to leave the page before a setting has been saved, a pop-up message indicates that there are unsaved changes.

If a setting has two options, a radio button selection appears. With more than two options, a menu appears.


If you need to check which settings you configured, you can do the following.

  1. In the Endpoint Management console, open the Windows GPO Configuration policy you want to edit.
  2. Under Devices or Users, select All Settings.
  3. Sort the table by Status, ascending. All unconfigured policies have the status Not Configured. The policies you configure are listed at the top.

Windows GPO Configuration device policy