If you are planning to set up the Cloud Provider Pack and use the app orchestration technology, be sure to follow the administrator guide to make sure you have all of the prerequisites covered beforehand. This is critical to ensuring a successful deployment of the app orchestration components.

One of the more tedious parts of setup is ensuring you have a GPO configured to enable PowerShell remoting with all of the right settings for the domain where app orchestration will work its magic. Of course, we are not content until we have removed all of the tedious parts! To that end, I have created a script to automate the creation of a GPO with all of the necessary settings. That script is available here:


To run this script, download and extract it to a directory on your computer. Open a PowerShell prompt and check out the options:

Get-Help .\New-CtxCloudAppManagementGPO.ps1 -detailed

If you run the script without arguments, it will create a GPO in your current domain but not link it to any organizational units. You can inspect the GPO by hand if you like, before you link it.

There is one known issue: the GPO created by this script will enable the WinRM service, as required. You can verify this by opening the GPO in GPEdit, then navigating to Computer Configuration > Policies > Windows Settings > Security Settings > System Services, opening up the Windows Remote Management item, and verifying that the service startup policy is set to Automatic. However, in the GPO Settings report in GPMC, this setting does not show up. If you know how to resolve this issue, I would love to hear your feedback!