Group Policy
After the User Environment Manager agent is installed on a Windows guest OS, it must be configured to use a User Environment Manager environment. The environment settings can be applied using a Group Policy Object (GPO), or using an XML-based configuration file with a feature called NoAD mode.
Using GPOs is common when the User Environment Manager administrator has access to create and manage them. For organizations who have segmented Group Policy management from desktop operations, NoAD mode may be a better fit.
In this lesson you will configure the agent using GPO.
In a later lesson you will configure the agent using NoAD mode.
Copy Administrative Group Policy Templates
The User Environment Manager download bundle includes a number of ADMX and ADML Group Policy templates, which you will import and use to configure the agent.
Windows Run
- From the desktop of the Main Console, click Start
- Select Run
Navigate to Sysvol
- Enter sysvol
- Select OK
Navigate to PolicyDefinitions
- Navigate to C:\Windows\SYSVOL\sysvol\corp.local\Policies\PolicyDefinitions
Leave this Explorer window open as you will use it again
Windows Run
- From the desktop of the Main Console, click Start
- Select Run
Navigate to C:\tools
- Enter c:\tools
- Select OK
Navigate to Administrative Templates (ADMX)
- Navigate to C:\tools\VMware-UEM-9.8\Administrative Templates (ADMX)
- Copy all of the .ADMX files from the Administrative Templates (ADMX) folder to the PolicyDefinitions folder
Open the En-US Folder
- Open the en-US folder in the Administrative Templates (ADMX) folder
- Open the en-US folder in the PolicyDefinitions folder
- Copy all of the .ADML files from the Administrative Templates (ADMX)\en-US folder to the PolicyDefinitions\en-US folder
Create Group Policy Object
There are a number of Group Policy settings available with the ADMX templates installed.
You will create a GPO with the minimal settings required to make the User Environment Manager agent work.
Group Policy Management
From the desktop of the Main Console, double-click the Group Policy Management icon
Navigate to HorizonDesktops OU
- Expand the Group Policy Management structure and select HorizonDesktops
Create GPO
- Select Action
- Select Create a GPO in this domain, and Link it here...
Name the GPO
- Enter UEM in the Name: field
- Select OK
Edit New GPO
- Right-click the new UEM GPO
- Select Edit...
Wait for the Network
- Navigate to Computer Configuration\Policies\Administrative Templates\System\Logon
- Double-click Always wait for the network at computer startup and logon
Note - This is not a policy made available by the User Environment Manager templates. It is however a good practice to ensure proper functioning of the agent.
Enable Policy
- Select Enabled
- Select OK
Loopback Processing
- Navigate to Computer Configuration\Policies\Administrative Templates\System\Group Policy
- Double-click Configure user Group Policy loopback processing mode
Note - This is not a policy made available by the User Environment Manager templates. Loopback processing enables the ability to apply user-based, User Environment Manager policies while applying the GPO to an Active Directory Organizational Unit (OU) containing computer objects.
Enable Policy
- Select Enabled
- Select OK
Flex Config Files
- Navigate to User Configuration\Policies\Administrator Templates\VMware UEM\FlexEngine
- Double-click Flex config files
Note - The User Environment Manager agent is also referred to as FlexEngine
Configure Policy
- Select Enabled
- Enter \\controlcenter\uemsite2\general
- Select OK
This policy setting enables FlexEngine and configures the location of the User Environment Manager configuration share you created in a previous lesson
Group Policy Extension
- Double-click Run FlexEngine as Group Policy Extension
Enable Policy
- Select Enabled
- Select OK
It is required to either enable this policy or configure a policy to run FlexEngine as a Logon script. We recommend enabling this policy rather than running FlexEngine as a Logon script.
Select Profile Archives Setting
- Double-click Profile archives
Configure Policy
- Select Enabled
- Enter \\controlcenter\UEMSite2Profiles\%username%\Archives
Be sure to append%username%\Archives to the end of the path so that a unique subfolder can be created for each user. The personal user settings are read from this share at login or at application start and are written back at application exit or at logout.
Logoff Script
- Navigate to User Configuration\Policies\Windows Settings\Scripts
- Double-click Logoff
Add New Script
- Select Add
Configure Script
- Script Name: C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe
- Script Parameters: -s
- Select OK
Close Scripts Windows
- Select OK
Conclusion
You have now completed the minimum configuration to use a GPO to enable the User Environment Manager agent.
Feel free to explore the additional policy templates.
0 Comments
Add your comment