Create the User Environment Manager Configuration Share

The User Environment Manager configuration share is a central share on a file server. It contains all the configuration files for personalization and application configuration management. The FlexEngine agent on the managed machine reads configuration data from the User Environment Manager configuration share when a user logs in or logs out of the environment, or when the user opens or closes applications that are configured with DirectFlex.

  1. Starting on the Main Console, double-click Windows Explorer from the task bar

Create a New Folder

  1. Navigate to the C:\
  2. There are existing UEM shares that are part of other User Environment Manager environments
  3. Right-click the empty space in the Explorer window
  4. Select New
  5. Select Folder

Name the Folder

  1. Name the folder UEMSite2

Edit NTFS Permissions on the New Folder

Administrators must have Full Control permissions to this folder in order to create, update, and remove User Environment Manager policy settings

End users must have Read and Execute permissions so the User Environment Manager agent can read policy settings from the folder

Edit Folder Properties

  1. Right-click UEMSite2
  2. Select Properties

Edit Advanced Security Settings

  1. Select Security
  2. Select Advanced

Disable Inheritance

  1. Select Users (CORP\Users)
  2. Select Disable inheritance

The Users (CORP\Users) group has inherited more permissions than are necessary. You need to disable inheritance to allow the removal of the unnecessary permissions.

Inherited Permissions

  1. Select Convert inherited permissions into explicit permissions on this object

Remove Permissions

  1. Be sure the Users entry with Special access permissions is highlighted
  2. Select Remove
  3. Select OK

By removing the Special access permission entry, the Users group will only have Read & execute permissions

Review Administrators permissions

  1. Select Administrators (CORP\Administrators)
  2. Review the permissions, and note the Administrators group already has Full control

Review Users Permissions

  1. Select Users (CORP\Users)
  2. Review the permissions, and note the Users group already has Read & Execute

Note - The List folder contents and Read permissions are automatically selected when choosing Read & execute

Share UEMSite2 Folder

The NTFS permissions have been configured to allow end users and administrators the appropriate level of access to the content in the folder. Because you are relying on NTFS permissions, the share permissions do not need to be restrictive.

  1. Select Sharing
  2. Select Advanced Sharing

Enable Sharing

  1. Select Share this folder
  2. The share name should be automatically populated
  3. Select Permissions

Configure Share Permissions

  1. Select Everyone
  2. Select Change and Read
  3. Select OK

Share permissions will be processed first, granting end users the ability to read and change content on the share. The NTFS permissions you configured previously are more restrictive for the end users, and will therefore prevent end users from making changes to the configuration data.

Complete Sharing Configuration

  1. Select OK

Close UEMSite2 Properties

  1. Select Close

Leave the Explorer Window Open

Leave the Explorer window open to the C:\ of the Main Console as you will use it in the next lesson

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.