By Josh Spencer, Architect, End-User-Computing Technical Marketing, VMware
With significant contributions from
Stéphane Asselin, Lead Senior End-User-Computing Architect, Customer Success Team, VMware
Jim Yanik, Senior Manager, End-User-Computing Technical Marketing, VMware
Pim Van De Vis, Product Engineer, User Environment Manager, Research & Development, VMware
In Part 1 of this two-part blog-post series, we presented an overview of how to implement Microsoft mandatory profiles. In Part 2, we present specific examples of using VMware User Environment Manager to provide flexibility for end users, while controlling profile growth and keeping login times low.
Review of Mandatory Profiles
With mandatory profiles, user configuration changes to the desktop apply only for the duration of that Windows session. When the user logs out, changes are discarded. The following illustrates some of the advantages and disadvantages of mandatory profiles:
- Consistent user experience, no matter what changes are made by the user.
- Minimal troubleshooting of user profiles.
- Possible shorter login and logout times.
- None of the personalization changes made by users are saved.
- Creating a usable and customized mandatory profile requires a high level of skill.
- Scripting is often necessary to create shortcuts, drive mappings, and other customizations.
Complementing Mandatory Profiles with VMware User Environment Manager
For additional detail, as well as information about using VMware User Environment Manager with other types of profiles, see Installing and Configuring VMware User Environment Manager.
When using User Environment Manager with mandatory profiles, you can address the previously mentioned disadvantages by leveraging one or more of the following capabilities. VMware User Environment Manager replaces several third-party tools and manual processes with a simple and intuitive management interface.
1. Select the settings that users are allowed to personalize within their environment.
Important: Only settings explicitly defined in User Environment Manager are managed, or preserved, from session to session. Settings that you choose not to manage with User Environment Manager are discarded upon logout. End users have the ability to customize some aspects of their profile, without compromising login speed and profile stability.
2. Configure specific settings for applications or Windows settings by using the predefined settings feature of User Environment Manager.
By using predefined settings, you do not need to customize a mandatory profile. A mandatory profile that is based on the default user profile is sufficient.
IT can provide a customized user experience based on a user’s requirements, without complicated application repackaging or scripting. User Environment Manager conditions and condition sets enable granular control over the user experience. They can be used to apply initial settings, or enforce specific settings.
3. Customize the user environment by creating shortcuts, drive mappings, and so on.
A wide range of user environment settings can be applied in a dynamic fashion. From mapping a printer when a specific application is launched, to disabling clipboard redirection for remote VDI users, IT has full control over the user experience from a single management console.
In the next section, we combine examples from the previous steps to demonstrate a comprehensive profile management solution using mandatory profiles and User Environment Manager.
VMware User Environment Manager Use Case Examples
Next, you see how easy it is to configure User Environment Manager as a complement to mandatory profiles. Perhaps what impresses us most about User Environment Manager is how much power and capability are available in such an easy-to-install-and-use tool. We are not covering the User Environment Manager installation in this post, but instead highlighting specific features that address the limitations of mandatory profiles. If you want to install User Environment Manager so you can test the following, or test your own use cases, refer to these resources:
- VMware User Environment Manager Deployed in 60 Minutes or Less
- VMware User Environment video series on YouTube
Select the Settings That Users Are Allowed to Personalize Within Their Environments
As discussed earlier, a mandatory profile discards the changes made to a user’s profile. In this use case, we need to provide personalization for our Graphic Design department. The goal here is to preserve Internet Explorer settings such as a custom home page and IE Favorites.
When VMware User Environment Manager is initially installed, the Management console reflects that no components of the user environment are being managed. In Figure 1, we see the Personalization tab, with no config files defined. At this point, the mandatory profile is working exactly as expected.
Figure 1: VMware User Environment Manager – Manager Console with the Personalization Tab Active
Config files are created from templates called Common Setting, provided by VMware User Environment Manager, or manually provided by the administrator. Here we use a Windows Common Setting template to create a config file so Internet Explorer settings can be managed.
Figure 2: Config File Creation Wizard with “Use a Windows Common Setting” Selected
From a variety of included templates, we select Internet Explorer – Personal settings for this config file.
Figure 3: Config File Creation Wizard with “Internet Explorer – Personal settings” Selected
Now, choose where to store the config file. In this case, we created a subfolder under General, titled Windows Settings, to store this config file.
Figure 4: Config File Creation Wizard with [General]\Windows Settings to Store Internet Explorer Settings
When complete, the VMware User Environment Manager Management Console reflects the new Windows Settings folder and the IE config file. Internet Explorer settings are now managed by User Environment Manager!
Figure 5: User Environment Manager Management Console, Personalization Tab Selected with General, Windows Settings, and IE Showing
The User Environment Manager Management Console provides the ability to view or edit Import and Export settings of the config file.
While administration is done by way of the User Environment Manager Management Console, the configured settings are stored in an associated INI file, in this case, Internet Explorer Settings.ini.
Figure 6: Import/Export Tab with Internet Explorer Settings.INI
Mandatory profiles continue to be applied to users as they log in, and the default behavior of discarding changes to the profile persists, except for customizations to Internet Explorer settings.
VMware User Environment Manager writes managed profile configuration data to the User Environment Manager Profiles share (UEMprofiles in this case) either when an application is closed (using DirectFlex), or when a user logs out. Before any profiles are managed, this share is empty.
Figure 7: User Environment Manager Profiles Share, Folder Is Empty
Log in to a Windows device where the VMware User Environment Manager agent is installed to trigger the creation of a folder for that user. Note that the jspencer folder was created, along with folders for each user who logged in on a device enabled by User Environment Manager. The Archives folder within the new profile folder is empty because up to this point, no customizations to any profile components managed by User Environment Manager were made.
Figure 8: UEMprofiles with jspencer Folder and Archives Folder Showing
After logging in, Internet Explorer opens, the User Environment Manager – VMware Products wording is added as a favorite, and www.vmware.com is set as the home page.
Figure 9: Adding User Environment Manager – VMware Products as a Favorite and Setting www.vmware.com as Home Page
When the user logs out, the configuration files for IE are copied to the User Environment Manager file share and stored in the user archive as a ZIP file. VMware User Environment Manager creates ZIP files that are optimized both for size and speed of access.
Figure 10: Configuration Files for IE Are Stored in the User Archive as a ZIP File
By inspecting the ZIP file, we can see that only the changed files from the user profile were copied to the User Environment Manager share.
Figure 11: Open the ZIP File to See That Only the Changed Files Were Copied to the User Environment Manager Share
The next time the user logs in to Windows, the mandatory profile is applied. User Environment Manager then processes the Profile Archive for Internet Explorer. User customizations (Favorites and a custom home page in this example) are merged with the user profile.
Using the Predefined Settings Feature of User Environment Manager to Configure Specific Settings for Applications or Windows Settings
Maintaining and updating mandatory profiles can be quite an undertaking. With VMware User Environment Manager, administrators quickly and easily configure predefined settings for application and Windows settings. User Environment Manager includes several application templates for commonly used applications.
Figure 12: Application Templates for Commonly Used Applications
User Environment Manager also provides the option to create custom configurations to accommodate any application. With the help of the User Environment Manager Application Profiler, it is easy to record customized application settings, and apply these settings to one or many users throughout an organization. More information and installation steps for the Application Profiler can be found in the VMware User Environment Manager Application Profiler Administration Guide.
In the following example, we configure predefined settings for Paint.net, and apply those settings to Windows 10 virtual machines (VMs) under specific conditions. When an end user logs in to the VM, the mandatory profile is applied along with the custom Paint.net settings.
We start on a Windows VM with the User Environment Manager Application Profiler installed. Paint.net was installed using default installation settings.
To begin profiling, we launch the Application Profiler and start a new session.
Figure 13: Launching the Application Profiler
Specify the application executable to launch and monitor with the Application Profiler. In this case, we browse to the Paint.net executable.
Figure 14: Browsing to the Paint.net Executable
The User Environment Manager Application Profiler automatically launches Paint.net. At this point, the administrator can make changes such as disabling automatic updates, setting language preferences, and so on. In this case, automatic updates for Paint.net were disabled.
Figure 15: User Environment Manager Application Profiler Automatically Launches Paint.net, with Automatic Updates for Paint.net Disabled
After completing customizations, the application closes and profiling is complete. The administrator has the choice of saving a config file to manage application settings, a Profile Archive file containing predefined settings, or both. The Profile Archive can be edited using the Edit Profile Archive button within the Application Profiler interface.
Figure 16: Edit Profile Archive Button in the Application Profiler Interface
Note: Be aware that editing a Profile Archive ZIP file should be done only from the Application Profiler tool or from the User Environment Manager Management Console. Manually editing the ZIP files from Windows Explorer makes them unreadable to User Environment Manager.
Though the only change made to the Paint.net configuration was disabling automatic updates, all of the registry values in the registry key HKCU\SOFTWARE\paint.net were captured during the profiling process. The Profile Archive was modified so that the only default settings included are to set the language to English, and to disable automatic updates. All other registry values were manually removed.
Figure 17: Profile Archive Showing Two Default Settings: Language Set to English and Disable Automatic Updates
The Application Profiler output comprises predefined settings in the Profile Archive file (ZIP) and configuration files used to define User Environment Manager behavior (ICO, INI, INI.FLAG).
Figure 18: Predefined Settings in the Profile Archive and Configuration Files
These files are copied to the User Environment Manager Configuration share to make them available to the User Environment Manager Management Console.
By clicking the Refresh Tree icon in the User Environment Manager Management Console, the Application Settings folder structure displays. The Paint.net predefined settings are ready to be applied, and User Environment Manager now manages the user changes to the Paint.net configuration.
Figure 19: Click the Refresh Tree Icon to See the Application Settings Folder Structure
When you configure conditions for the predefined settings, you ensure they are applied only when the end user connects to a VM running Windows 10. Additional predefined settings were added with conditions to open Paint.net in Spanish when client devices are in a specific IP range.
Figure 20: Predefined Settings Were Added to Open Paint.net in Spanish
An end user connects to a Windows 10 VM using View in VMware Horizon 7 from the U.S. corporate office. The Windows 10 condition is met, so User Environment Manager applies the predefined settings for English language and disables automatic updates.
Figure 21: User Environment Manager Applies the Predefined Settings for English Language and Disables Automatic Updates
Later, a user connects to the same VM from the Mexico corporate office. The conditions for both sets of predefined settings are met: Windows 10 for English and IP Range for Spanish, but only the Spanish settings are applied.
Figure 22: Conditions for Both Sets of Predefined Settings Are Met, but Only the Spanish Settings Are Applied
Because the Spanish predefined setting is evaluated last, the English predefined settings are ignored. Regardless of the number of predefined settings that are set, or how many have conditions that are met, only the last one is applied when the application is launched.
Figure 23: Only the Last Predefined Setting Is Evaluated When the Application Is Launched
Customize the User Environment By Creating Shortcuts, Drive Mappings, and So On
Many methods exist to map drives, map printers, and add shortcuts in a Windows environment. VMware User Environment Manager brings all of these functions, and many more, into a single management interface. With dynamic user environment settings, these tasks can be tied to a specific event rather than processing everything at login and slowing it down. Drive mappings are a great example, as it is common to map a number of drives for a given user, and these would typically be processed with a login script.
In this example, we dynamically map a drive to a departmental media share when Paint.net is opened, and disconnect the drive when the application is closed.
From the Personalization tab, the User Environment Settings pane of the application managed by Paint.net lists some dynamic operations we can tie to an application launch. We select Add > Drive Mapping.
Figure 24: The User Environment Settings Pane Displays Some Dynamic Operations to Tie to an Application Launch
We require only a few pieces of data.
Figure 25: The Drive Mapping Settings Are Established
The next time Paint.net is opened, the network drive is dynamically mapped.
Figure 26: The Network Drive Is Dynamically Mapped
The FlexEngine.log file for the end user reflects the drive-mapping operation upon launch.
Figure 27: FlexEngine.log Shows the Drive-Mapping Operation Upon Launch
In addition, the unmap operation upon application exit is specified.
Figure 28: FlexEngine.log Also Shows the Unmap Operation upon Exit
As you can see, combining User Environment Manager with mandatory profiles has many advantages:
- Short login and logout times.
- Consistent user experience, no matter what changes are made by the user.
- Minimal troubleshooting of user profiles.
- Granular control over which personalization changes made by users are saved.
- Simple and quick customization of applications and Windows settings, without having to edit the mandatory profile or write complex scripts.
- Accommodation of any number of customization needs by leveraging conditions and dynamic configurations.
VMware User Environment Manager works with mandatory, roaming, and local profiles, and with virtual, physical, and cloud-based Windows devices. This blog post covers only some VMware User Environment Manager capabilities. We look forward to sharing information about more features such as triggered tasks, application blocking, and Horizon Smart Policies in a future blog-post series.
In the meantime, be sure to check out the VMware User Environment Manager video series to learn more.
Also visit the VMware User Environment Manager Community Forum. It contains some great documents and discussion threads, as well as a variety of templates you can download, created by VMware and customers. If you have created a template of your own, be sure to share it with the community!