Create the User Environment Manager Configuration Share
The User Environment Manager configuration share is a central share on a file server. It contains all the configuration files for personalization and application configuration management. The FlexEngine agent on the managed machine reads configuration data from the User Environment Manager configuration share when a user logs in or logs out of the environment, or when the user opens or closes applications that are configured with DirectFlex.
Navigate to Windows Explorer on the Main Console
- Starting on the Main Console, double-click Windows Explorer from the task bar
Create a New Folder
- Navigate to the C:\
- There are existing UEM shares that are part of other User Environment Manager environments
- Right-click the empty space in the Explorer window
- Select New
- Select Folder
Name the Folder
- Name the folder UEMSite2
Edit NTFS Permissions on the New Folder
Administrators must have Full Control permissions to this folder in order to create, update, and remove User Environment Manager policy settings
End users must have Read and Execute permissions so the User Environment Manager agent can read policy settings from the folder
Edit Folder Properties
- Right-click UEMSite2
- Select Properties
Edit Advanced Security Settings
- Select Security
- Select Advanced
Disable Inheritance
- Select Users (CORP\Users)
- Select Disable inheritance
The Users (CORP\Users) group has inherited more permissions than are necessary. You need to disable inheritance to allow the removal of the unnecessary permissions.
Inherited Permissions
- Select Convert inherited permissions into explicit permissions on this object
Remove Permissions
- Be sure the Users entry with Special access permissions is highlighted
- Select Remove
- Select OK
By removing the Special access permission entry, the Users group will only have Read & execute permissions
Review Administrators permissions
- Select Administrators (CORP\Administrators)
- Review the permissions, and note the Administrators group already has Full control
Review Users Permissions
- Select Users (CORP\Users)
- Review the permissions, and note the Users group already has Read & Execute
Note - The List folder contents and Read permissions are automatically selected when choosing Read & execute
Share UEMSite2 Folder
The NTFS permissions have been configured to allow end users and administrators the appropriate level of access to the content in the folder. Because you are relying on NTFS permissions, the share permissions do not need to be restrictive.
Navigate to Advanced Sharing
- Select Sharing
- Select Advanced Sharing
Enable Sharing
- Select Share this folder
- The share name should be automatically populated
- Select Permissions
Configure Share Permissions
- Select Everyone
- Select Change and Read
- Select OK
Share permissions will be processed first, granting end users the ability to read and change content on the share. The NTFS permissions you configured previously are more restrictive for the end users, and will therefore prevent end users from making changes to the configuration data.
Complete Sharing Configuration
- Select OK
Close UEMSite2 Properties
- Select Close
Leave the Explorer Window Open
Leave the Explorer window open to the C:\ of the Main Console as you will use it in the next lesson
0 Comments
Add your comment