Create the User Environment Manager Profile Archives Share

The profile archives share stores the personal settings for users as FlexEngine creates a subfolder for each user. The share contains User Environment Manager profile archives, which are ZIP files. FlexEngine reads personal user settings from the profile archives share when a user logs in to the environment or launches a DirectFlex-enabled application. FlexEngine writes the modified settings when the user logs out, or closes a DirectFlex-enabled application.

You should use a share that is dedicated to the profile archives. A dedicated share improves performance, simplifies configuring the User Environment Manager SyncTool, and makes it easier to configure permissions for the Helpdesk Support Tool.

Create a New Folder

  1. Right-click the empty space in the Explorer window
  2. Select New
  3. Select Folder

Name the Folder

  1. Name the folder UEMSite2Profiles

Edit NTFS Permissions on the New Folder

Setting the following NTFS security permissions on the profile archives share automatically creates a folder for each user on first login and limits the user to their own folder

  • For User Environment Manager administrators: Full control, applied to this folder, sub folders, and files
  • For End users: Create folders and append data, applied to this folder only
  • For Creator owner: Full control, applied to sub folders and files only

The minimum share permissions for all users should be Change and Read

Edit Folder Properties

  1. Right-click UEMSite2Profiles
  2. Select Properties

Edit Advanced Security Options

  1. Select Security
  2. Select Advanced

Disable Inheritance

  1. Select Users (CORP\Users)
  2. Select Disable inheritance

The Users (CORP\Users) group has inherited more permissions than are necessary. You need to disable inheritance to allow the removal of the unnecessary permissions.

Inherited Permissions

  1. Select Convert inherited permissions into explicit permissions on this object

Remove Special Access Permission Entry

  1. Be sure the Users entry with Special access permissions is highlighted
  2. Select Remove
  3. Select Apply

By removing the Special access permission entry, the Users group will only have Read & execute permissions

Add Permission

  1. Select Add

Select a Principal

  1. Select Select a principal

Search for Principal

  1. Enter text creator owner
  2. Select Check Names
  3. Select OK

Applies To

  1. Click the drop-down menu Applies to:
  2. Select Subfolders and files only

Configure Permissions

  1. Select the box next to Full control
    Note -
    The remaining permissions will automatically be selected
  2. Select OK

Edit Existing Permission for CORP\Users

  1. Select the remaining Users (CORP\Users) permission entry

Advanced Permissions

  1. Select This folder only from the Applies to: drop-down menu
  2. Select Show advanced permissions

Configure Advanced Permissions

  1. Select Clear all
  2. Select only the Create folders / append data option
  3. Select OK

Apply Changes

  1. Select Apply

Review Configured NTFS Permissions

  1. Review the configured permissions for each of the three principals
  2. Select OK

The permissions should match the requirements listed in the beginning of this lesson:

  • For User Environment Manager administrators: Full control, applied to this folder, sub folders, and files
  • For End users: Create folders and append data, applied to this folder only
  • For Creator owner: Full control, applied to sub folders and files only

Share the UEMSite2Profiles Folder

The NTFS permissions have been configured to allow end users and administrators the appropriate level of access to the content in the folder. Because you are relying on NTFS permissions, the share permissions do not need to be restrictive.

Advanced Sharing

  1. Select Sharing
  2. Select Advanced Sharing

Enable Sharing

  1. Select Share this folder
  2. The share name should be automatically populated
  3. Select Permissions

Configure Share Permissions

  1. Select Everyone
  2. Select Change and Read
  3. Select OK

Share permissions will be processed first, granting end users the ability to read and change content on the share. The NTFS permissions you configured previously are more restrictive for the end users, and will therefore prevent end users from making changes to the configuration data.

Complete Sharing Configuration

  1. Select OK

Close UEMSite2Profiles Properties

  1. Select Close

Keep Explorer Window Open

 You have successfully created and configured the User Environment Manager Config and Profile Archives shares

Leave the Explorer window open as you will use it in the next lesson

 

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.