Group Policy

After the User Environment Manager agent is installed on a Windows guest OS, it must be configured to use a User Environment Manager environment. The environment settings can be applied using a Group Policy Object (GPO), or using an XML-based configuration file with a feature called NoAD mode.

Using GPOs is common when the User Environment Manager administrator has access to create and manage them. For organizations who have segmented Group Policy management from desktop operations, NoAD mode may be a better fit.

In this lesson you will configure the agent using GPO.

In a later lesson you will configure the agent using NoAD mode.

Copy Administrative Group Policy Templates

The User Environment Manager download bundle includes a number of ADMX and ADML Group Policy templates, which you will import and use to configure the agent.

Windows Run

  1. From the desktop of the Main Console, click Start
  2. Select Run
  1. Enter sysvol
  2. Select OK
  1. Navigate to C:\Windows\SYSVOL\sysvol\corp.local\Policies\PolicyDefinitions

Leave this Explorer window open as you will use it again

Windows Run

  1. From the desktop of the Main Console, click Start
  2. Select Run
  1. Enter c:\tools
  2. Select OK
  1. Navigate to C:\tools\VMware-UEM-9.8\Administrative Templates (ADMX)
  2. Copy all of the .ADMX files from the Administrative Templates (ADMX) folder to the PolicyDefinitions folder

Open the En-US Folder

  1. Open the en-US folder in the Administrative Templates (ADMX) folder
  2. Open the en-US folder in the PolicyDefinitions folder
  3. Copy all of the .ADML files from the Administrative Templates (ADMX)\en-US folder to the PolicyDefinitions\en-US folder

Create Group Policy Object

There are a number of Group Policy settings available with the ADMX templates installed.

You will create a GPO with the minimal settings required to make the User Environment Manager agent work.

Group Policy Management

From the desktop of the Main Console, double-click the Group Policy Management icon

  1. Expand the Group Policy Management structure and select HorizonDesktops

Create GPO

  1. Select Action
  2. Select Create a GPO in this domain, and Link it here...

Name the GPO

  1. Enter UEM in the Name: field
  2. Select OK

Edit New GPO

  1. Right-click the new UEM GPO
  2. Select Edit...

Wait for the Network

  1. Navigate to Computer Configuration\Policies\Administrative Templates\System\Logon
  2. Double-click Always wait for the network at computer startup and logon

Note - This is not a policy made available by the User Environment Manager templates. It is however a good practice to ensure proper functioning of the agent.

Enable Policy

  1. Select Enabled
  2. Select OK

Loopback Processing

  1. Navigate to Computer Configuration\Policies\Administrative Templates\System\Group Policy
  2. Double-click Configure user Group Policy loopback processing mode

Note - This is not a policy made available by the User Environment Manager templates. Loopback processing enables the ability to apply user-based, User Environment Manager policies while applying the GPO to an Active Directory Organizational Unit (OU) containing computer objects.

Enable Policy

  1. Select Enabled
  2. Select OK

Flex Config Files

  1. Navigate to User Configuration\Policies\Administrator Templates\VMware UEM\FlexEngine
  2. Double-click Flex config files

Note - The User Environment Manager agent is also referred to as FlexEngine

Configure Policy

  1. Select Enabled
  2. Enter \\controlcenter\uemsite2\general
  3. Select OK

This policy setting enables FlexEngine and configures the location of the User Environment Manager configuration share you created in a previous lesson

Group Policy Extension

  1. Double-click Run FlexEngine as Group Policy Extension

Enable Policy

  1. Select Enabled
  2. Select OK

It is required to either enable this policy or configure a policy to run FlexEngine as a Logon script. We recommend enabling this policy rather than running FlexEngine as a Logon script.

Select Profile Archives Setting

  1. Double-click Profile archives

Configure Policy

  1. Select Enabled
  2. Enter \\controlcenter\UEMSite2Profiles\%username%\Archives

Be sure to append%username%\Archives to the end of the path so that a unique subfolder can be created for each user. The personal user settings are read from this share at login or at application start and are written back at application exit or at logout.

Logoff Script

  1. Navigate to User Configuration\Policies\Windows Settings\Scripts
  2. Double-click Logoff

Add New Script

  1. Select Add

Configure Script

  1. Script Name: C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe
  2. Script Parameters: -s
  3. Select OK

Close Scripts Windows

  1. Select OK

Conclusion

You have now completed the minimum configuration to use a GPO to enable the User Environment Manager agent.

Feel free to explore the additional policy templates.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.