WVD client gpo

%3CLINGO-SUB%20id%3D%22lingo-sub-2355343%22%20slang%3D%22en-US%22%3EWVD%20client%20gpo%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2355343%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20kind%20of%20GPO%20to%20manage%20WVD%20client%20settings%3F%20for%20example%2C%20we%20have%20a%20use%20case%20that%20requires%20users%20to%20be%20moved%20from%20various%20resources%20groups%20time%20to%20time%20depending%20on%20their%20role.%20(for%20example%2C%20customer%20doesn't%20want%20corporate%20users%20to%20have%20remote%20access%20outside%20of%20work%20so%20there%20is%20a%20Azure%20policy%20set%20to%20prohibit%20a%20certain%20pool%20from%20being%20available%20outside%20certain%20IP's)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Enow%20if%20the%20user%20is%20permitted%20to%20work%20remotely%20for%20a%20period%20of%20time%2C%20they%20are%20removed%20from%20being%20assigned%20to%20a%20given%20host%20pool%20and%20assigned%20to%20a%20different%20one.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ehowever%2C%20the%20WVD%20client%20doesn't%20do%20well%20with%20this%20change%20unless%20the%20user%20actually%20unsubscribes%20and%20re%20subscribes%20to%20get%20the%20updated%20icons.%20A%20simple%20refresh%20doesn't%20work.%20if%20they%20don't%20do%20this%2C%20the%20old%20icon%20is%20still%20there%20and%20they%20can%20launch%20it%20but%20they%20will%20get%20errors%20trying%20to%20get%20profiles%20to%20load.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20need%20to%20try%20to%20improve%20this%20clunky%20behavior%20for%20such%20use%20cases%20to%20work%20well.%20any%20ideas%3F%20we%20were%20hoping%20to%20see%20if%20there%20is%20a%20GPO%20that%20can%20force%20updates%20of%20wvd%20client%2C%20force%20auto%20refresh%20times%2C%20force%20unsubscribe%20if%20there%20is%20a%20change%20in%20assignment%20to%20a%20host%20pool%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2357809%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20client%20gpo%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2357809%22%20slang%3D%22en-US%22%3EFor%20these%20scenario%20I%20do%20instruct%20the%20users%20to%20re-subscribe%20to%20get%20the%20correct%20icons.%3CBR%20%2F%3EIf%20you%20would%20like%20to%20get%20a%20more%20hacky%20way%20to%20prevent%20these%20user%20to%20get%20a%20particuliar%20set%20of%20VM.%3CBR%20%2F%3EThe%20only%20thing%20that%20it%20comes%20in%20my%20mind%20is%20using%20a%20Site-To-Site%20VPN%20using%20the%20standard%20RDP%20app%20for%20the%20highly%20secured%20VMs%20and%20use%20the%20WVD%20client%20for%20remote%20workers.%3CBR%20%2F%3EYou%20will%20still%20have%20to%20manage%20groups%20and%20you%20might%20need%20to%20add%20some%20secuirty%20layers%20to%20prevent%20remote%20users%20to%20jump%20from%20one%20pool%20the%20another.%3CBR%20%2F%3E%3CBR%20%2F%3EAsking%20users%20to%20re-subscribre%20is%20way%20easier%20in%20my%20opinion.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2370955%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20client%20gpo%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2370955%22%20slang%3D%22en-US%22%3ESeems%20like%20the%20new%20client%20version%20gives%20you%20some%20options%20in%20regards%20to%20automatically%20subscribing%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-desktop-services%2Fclients%2Fwindowsdesktop-whatsnew%23updates-for-version-122060-insider%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-desktop-services%2Fclients%2Fwindowsdesktop-whatsnew%23updates-for-version-122060-insider%3C%2FA%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Is there any kind of GPO to manage WVD client settings? for example, we have a use case that requires users to be moved from various resources groups time to time depending on their role. (for example, customer doesn't want corporate users to have remote access outside of work so there is a Azure policy set to prohibit a certain pool from being available outside certain IP's)

 

now if the user is permitted to work remotely for a period of time, they are removed from being assigned to a given host pool and assigned to a different one.

 

however, the WVD client doesn't do well with this change unless the user actually unsubscribes and re subscribes to get the updated icons. A simple refresh doesn't work. if they don't do this, the old icon is still there and they can launch it but they will get errors trying to get profiles to load.

 

we need to try to improve this clunky behavior for such use cases to work well. any ideas? we were hoping to see if there is a GPO that can force updates of wvd client, force auto refresh times, force unsubscribe if there is a change in assignment to a host pool?

2 Replies

For these scenario I do instruct the users to re-subscribe to get the correct icons.
If you would like to get a more hacky way to prevent these user to get a particuliar set of VM.
The only thing that it comes in my mind is using a Site-To-Site VPN using the standard RDP app for the highly secured VMs and use the WVD client for remote workers.
You will still have to manage groups and you might need to add some security layers to prevent remote users to jump from one pool the another.

Asking users to re-subscribre is way easier in my opinion.

Seems like the new client version gives you some options in regards to automatically subscribing:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdeskto...