Continuing our technical deep dive series on the Workspace Cloud – Applications and Desktops service, here is a blog from one of our star engineers, Daniel Seltzer.

As a next step towards simplification, we are introducing Remote Powershell SDK. You can now perform operational tasks even without logging into the user interface. Administrators can now automate operations such as creation of machine catalogs and delivery groups in the same way it’s done with XenApp and XenDesktop.

However, there are subtle differences.

The Workspace Cloud Connector and the Resource Location(s) are in different locations and cannot directly communicate with each other. Therefore, it is not possible to use the existing PowerShell SDK because the machine would not be able to resolve the AdminAddress location.

For example, in order to get a list of your broker machines, you would normally type:

Get-BrokerMachine –AdminAddress <ddc address>

However, for the Remote PowerShell SDK, you will omit the -AdminAddress, so the command would just be:


Get started with PowerShell

Download the Remote PowerShell SDK for Applications and Desktops Service from:

Simply run the installer of the Remote PowerShell SDK on a machine joined to the same domain as Virtual Delivery Agents (VDAs) in your resource location.

How do I authenticate from PowerShell?

There are two ways to do this:

  1. Type: Get-CWCAuthentication
  2. Run a command or script that does not use AdminAddress in its call

Either method will prompt an authentication display. Simply enter your email address and password and your commands and scripts will work for 24 hours. After 24 hours, you will be asked to authenticate again.

What do I have to do to get my existing scripts to run in the Applications and Desktops Service?

As stated before, putting in –AdminAddress will send the command to the address specified. In order to send commands to the connector, you will need to omit any reference to –AdminAddress in your existing scripts. Once all references to –AdminAddress are removed, you will be able to run your scripts as you normally would.

What is a common use case example of what I can do with Remote PowerShell SDK in Applications and Desktops Service?

Many admins will probably want to set up their catalogs, apps, and users using PowerShell.  Here is a sample script for doing this:

$users = “xd.local\Domain Users”

$TSVDACatalogName = “TSVDA”


$TSVDAMachineName = “xd\ds-tsvda2”

#Create TSVDA Catalog

$brokerUsers = New-BrokerUser -Name $users

$catalog = New-BrokerCatalog -Name $TSVDACatalogName -AllocationType “Random” -Description $TSVDACatalogName -PersistUserChanges “OnLocal” -ProvisioningType “Manual” -SessionSupport “MultiSession” -MachinesArePhysical $true

#Add TSVDA Machine to Catalog

$BrokeredMachine = New-BrokerMachine -MachineName $TSVDAMachineName -CatalogUid $catalog.uid

#Create new desktops & apps delivery group

$dg = New-BrokerDesktopGroup -Name $TSVDADGName -PublishedName $TSVDADGName -DesktopKind “Shared” -SessionSupport “MultiSession” -DeliveryType DesktopsAndApps -Description $TSVDADGName

#Create notepad application

New-BrokerApplication -ApplicationType HostedOnDesktop -Name “Notepad” -CommandLineExecutable “notepad.exe” -DesktopGroup $dg

#Assign users to applications and desktops

New-BrokerEntitlementPolicyRule -Name $TSVDADGName -DesktopGroupUid $dg.Uid -IncludedUsers $brokerUsers -description $TSVDADGName

New-BrokerAccessPolicyRule -Name $TSVDADGName -IncludedUserFilterEnabled $true -IncludedUsers $brokerUsers -DesktopGroupUid $dg.Uid -AllowedProtocols @(“HDX”,”RDP”)

New-BrokerAppEntitlementPolicyRule -Name $TSVDADGName -DesktopGroupUid $dg.Uid -IncludedUsers $brokerUsers -description $TSVDADGName

#Add machine to delivery group

Add-BrokerMachine -MachineName $TSVDAMachineName -DesktopGroup $dg

Are there restrictions to what I can run?

Certain cmdlet types have been disabled to maintain the integrity and security of the Cloud control plane:

  • Limited access to database operations
  • DDC site membership
  • Licensing
  • Delegated administrator permissions
  • StoreFront cluster operations
  • Configuration logging

For further details on this topic, read the documentation at