Provisioning Server: Using Group Policy Preferences to enforce best practices

Group Policy Preferences (GPP) can be used to enforce best practices on Provisioning Servers.

There are a couple of well known registry tweaks that Citrix recommends for Citrix Provisioning Servers. Here’s an example of how you can ensure the registry modifications are added to all of your Citrix Provisioning Servers. (Older operating systems require GPP Client-side extensions and some additional prerequisites.)

The first step is to get all of your Provisioning Servers in an Active Directory OU.

Once you have all the Provisioning Servers in an OU – open Group Policy Management Console (GPMC.msc) and create a new group policy object.

Link the group policy object to the Provisioning Server OU.

Disabling Large Send Offload with Group Policy Preferences

Edit the Group Policy. Expand computer configuration, preferences, windows settings.

Create a new registry item.

Enter the following information and click OK.

Hive: HKEY_LOCAL_MACHINE

Key Path: SYSTEM\CurrentControlSet\Services\BNNS\Parameters

Value Name: EnableOffload

Value Type: REG_DWORD

Value Data: 0

The same can be done to disable TCP Offload.

Create a new registry item.

Enter the following information and click OK.

Hive: HKEY_LOCAL_MACHINE

Key Path: SYSTEM\CurrentControlSet\Services\TCPIP\Parameters

Value Name: DisableTaskOffload

Value Type: REG_DWORD

Value Data: 1

Close GPMC.msc and check the Provisioning Servers. (You might have to wait for Active Directory replication.)

Provisioning Server Verification

No registry value.

Run GPUPDATE and the registry value will appear.

Change the registry value to 0

Run GPUPDATE again and the value will change back to 1

Reboot the Provisioning Servers.

What if the Provisioning Servers are in a “shared” Active Directory OU?

I recommend you separate your Provisioning Servers into a dedicated Active Directory OU. If you can’t – you can use item-level targeting to apply the registry values.

In this example, I’ll assume the OU contains XenApp and Provisioning Servers. I’ll use group policy preference item-level targeting to apply the registry values to the Provisioning Servers and not the XenApp servers.

Open GPMC.msc and edit the group policy.

Edit the group policy and add the registry items (see directions above).

Double click one of the registry items and click the “Common” tab. (You will have to repeat these steps for each registry item. Copy and paste is supported with item-level targeting.**)

Check the box labeled “Item-level targeting” then click “Targeting”.

(I’m going to target based on computer name.)

Click “New Item” and click “Computer Name”.

Enter the computer name

Click “New Item” and click “Computer Name”. Enter the computer name.

Right click “AND the…”, click “Item Options”, click “OR”

Notice the condition changed from “AND” to “OR”

Click OK.

**Apply the same item-level targeting to the remaining registry items.

Close GPMC.msc and check the Provisioning Servers.

Run GPUPDATE and the registry value will appear.

You will need to update the targeting conditions as you add, rename or replace Provisioning servers.

http://www.besthowtoguides.info/how-to-group-policy/