Migrating GPOs to WEM with Virtual Engine Toolkit

By Brandon Mitchell posted 8 days ago

  

In the past, I’ve spent countless hours trying to translate ADMX/ADML files into corresponding registry settings. So it’s welcome that Citrix WEM Service and WEM v1909 on-premises introduce the ability to migrate GPO settings to WEM. You can read about it here Support for migrating Group Policy Objects (GPOs) from the Citrix docs and here Migrating GPO settings to WEM from James Kindon’s blog. Being able to migrate GPOs to WEM is a step in the right direction, but falls a little short for admins that don’t have access to administer GPOs. One of the use-cases for using WEM is for administrators that don’t have rights to author GPOs. For those that have administrator access to author GPOs, this blog may find you a day late and a dollar short, but I’d like to share with you an alternative using an older but reliable free tool called Virtual Engine Toolkit (VET). VET uses the POL file from either local policy or domain policy and converts either policy into a REG file that can import into a user environment manager like WEM.

After downloading VET, install with the default settings. (Note: You’ll have to register and login to the site to obtain the download.) 

If you’re using a Local Policy copy all desired ADMX files into C:\Windows\PolicyDefinitions if you’re using a Domain Policy copy all desired ADMX files into \\[domain]\SYSVOL\[domain]\policies\PolicyDefinitions.

Make your desired policy changes either via the Local Policy or Domain Policy. You can make as few or as many policy setting as you desire.

tJdhVzXSQMmIINzToiZh_temp.png


If you’re using a Local Policy, locate the POL file here C:\Windows\System32\GroupPolicy\User\Registry.pol

If you’re using a Domain Policy, find the Unique ID for your GPO from the Settings tab of your GPO in the GPMC. Locate the Domain Policy POL file \\[domain]\SYSVOL\[domain]\Policies\[Unique ID]\User\Registry.pol.

Launch VET and navigate to the “Convert POL” tab.

In the “Input Options” section “POL File Location” enter the path for either your local or domain POL file and select “User Policy” as the “Policy Type.”

  • Local Policy POL File Location
  • Domain Policy POL File Location
  • In the “Output Options” supply a “REG File Output Location” and “REG Output Filename.”

Once populated, click the orb button in the lower right to output the registry file.  The REG file will include all settings from either the Local Policy or Domain Policy POL file.


From here follow the same steps you’d follow to import a REG file into WEM.  From the WEM Admin Console navigate to the actions node, select registry, from the ribbon bar select “Import Registry File.”

Browse to the saved REG file, click “Scan” and “Import Selected.”  You’ll be able to add assignments of the registry setting just like any other registry setting.

When compared to the new capabilities of WEM to migrate GPOs to WEM this process falls short as it’s limited to Administrative Templates (ADMX) and cannot import GPPs or other Windows settings like Folder Redirection. This process is great if you don’t have the rights to Domain Policies or you want a quick and dirty way to create a REG file for WEM from a Local Policy. Ultimately, I’d like to see Citrix add the ability to import ADM/ADMX files directly into WEM without the need of importing/exporting or using a third-party tool, but for now at least we have options.

#WEM#GPO​​