Table of Contents
Update of the article to the Workspace Environment Management Version 1906.
Here is the first small roundup of the WEM Administration Console and their underlaying setting options.
Supported operating systems:
- Windows 10 version 1607 and newer, 32- and 64-bit
- Windows Server 2012 R2 Standard and Datacenter editions
- Windows Server 2016 Standard and Datacenter editions
- Windows Server 2019 Standard and Datacenter editions
- minimum dual core processor
- 2 GB RAM
- 40 MB of available disk space (100 MB during install).
The Configuration Sets are your configuration boundary for WEM computer settings.
- Performance Management/Optimization Settings
- Profile Management (UPM, Persona, USV, etc.)
- Application Security Profiles (AppLocker)
But also boundaries for WEM user settings.
- Actions (Applications, Printers, External Tasks)
- Folder Redirection (USV)
There are some scenarios that cause you to create several configuration sets for your environment:
- Different machine sizes (CPU and RAM), which in turn require different performance optimizations
- Different profile and USV requirements, such as multi-site configuration
The main categories
- Configure applications, registry entries, printers etc.
- Filter actions based on rules and conditions
- Assign created actions to configured users
- System Optimization
- Configure fast logoff, CPU, I/O and memory management
- Policies and Profiles
- Configure Universal Profile Management, Microsoft User State Virtualization and Environmental Settings
- Configure Application Security for the end-user activity
- Active Directory Objects
- Import users, groups and computers from Active Directory
- Transformer Settings
- Configure the Transformer feature that convert any Windows PC into a high performance thin client using a fully reversible kiosk mode
- Advanced Settings
- Agent logging options, printer processing, network drive clean-up options etc.
- Configure WEM administrators, manage agents etc.
- Login, boot, user and device reports
With the sub-items in Actions different things can be assigned to the user.
The Action Groups feature lets you define a group of actions (Applications, Printers etc.), that you can assign to a user or user group in a single step.
The Action Group list display the list of your existing action groups.
With Add you define the new Action Group with a Name and Description. With Action Group State you can enable or disable the whole Action Group.
After creating the action group, you must select the new action group with a double click. Then you can use the Configuration Panel under Available to assign existing actions.
Under Configured are the actions, that already assigned to the action group you created. You can also configure the options (Shortcut Location, Drive Letter etc.) for each specific action as shown in Assignments.
! Important !
- If you assign an action group, all actions included in it are assigned
- One or more actions might overlap in different action groups. For overlapping action groups, the group that is processed last overwrites groups that were processed earlier (Even if the later processed Action Group has an unassigned action)
When you clone with Copy an action group, you can get the following warning message.
The Actions associated with the Network and Virtual Drives are not cloned unless the Allow Drive Letter Reuse in assignment process option is enabled. To enable that option, go to the Advanced Settings > Configuration > Console Settings tab.
In the New Application window you can specify the application type, which can be one of Installed application, File / Folder, URL or StoreFront store.
Based on the Application Type, you can configure the display name, path to the EXE/Folder/File/URL, parameters and the path of the icon in the start menu.
- Installed application
- Locally installed application executable
- File / Folder
- Target file or folder
- The URL of the application shortcut
- StoreFront store
- The URL of the StoreFront store containing the resource you want to start
- To add an Application entry that is based on a StoreFront store, you must provide valid credentials, so that a list of published applications can be retrieved by Receiver for Windows installed on the WEM administration console machine.
From the Options tab, you can change the icon, the Application State (enabled/disabled) and activate the Maintenance Mode.
If the Maintenance Mode enabled, the icon presents as normal to the user, but with a warning icon beside it and a warning message if the user tries to launch it.
Hotkeys allow users to launch the application using keyboard shortcuts.
Advanced Settings controls how the application will appear when launched such as maximized.
By default, applications appear within the WEM self-service window of the agent however you can disable this using the Do Not Show in Self Services checkbox.
Enable Automatic Self-Healing will recreate application shortcuts if they have been deleted or moved by the user.
To add printers, you can either do so manually or simply connect to a Print Server using the Import Network Print Server wizard.
In the Import Wizard you can enter the Print Server Name and specify Alternate Credentials if the ones you are currently using for the Administration Console do not have the appropriate permissions.
Now you can select one or multiple printers and import them.
You can then edit/add printers changing the Name, Target Path and Printer State (enabled/disabled).
On the Options tab you can activate the Self Healing, what will recreate deleted printer.
With this action we can add Network Drives to the user’s environment.
In the Target Path you can specified the path direct or with variables like %username%.
Furthermore you can specify External Credentials for the connect.
On the Options tab you can activate the Self Healing, what will recreate deleted drives.
With Display Name (also with variables) you can specify the Network Drive name for the explorer.
You can activate the Home Drive Configuration for set the Network Drive as a Home Drive.
Controls the mapping of Virtual Drives. This are Windows virtual drives or MS-DOS device names which map local file paths to drive letters to a local location rather than a UNC Path.
You can specify the Target Path and activate the Home Drive Configuration for set the Virtual Drive as a Home Drive.
Registry Entries can only be created under HKEY_CURRENT_USER (Note that Target Path does not require HKEY_CURRENT_USERS to be entered).
Run Once as the name suggests runs this action once which may be desirable if you have lots of Registry entries as you would not want this key being recreated during every Agent refresh.
This also allows users to change the key values if they prefer an application to behave differently to what the registry key specifies.
The Options tab allows you to specify if you are deleting, creating or setting an existing key..
You also have the option to Import Registry Keys from a reg file.
The adminstration console reads the .reg file and gives you the option to import values of your choice. REG_BINARY values won’t be scanned because WEM does not support creating REG_BINARY keys.
With this Action you can add Environment Variables to the user environment.
In Variable Name you can define the functional name and with Variable Value the value of the variable.
In the Options tab you can define the Action Type and the Execution Order.
The Ports feature allows client COM and LPT port mapping.
If you use the Ports feature to manually control the mapping of each port, remember to enable the Client COM port redirection or the Client LPT port redirection policies in Citrix Studio.
By default, COM port redirection and LPT port redirection are prohibited.
Controls the creation and modify of Ini Files.
In Target Path you specify the location and in Target Section the section (If you specify a non-existent section, it will be created) of the .ini File.
Target Value Name and Target Value are self-explanatory.
Controls the execution of External Tasks such as running .cmd scripts or msi packages.
With the Target Path you specify the path to the external task script as it resolves in the user’s environment (! IMPORTANT !).
If you selected Run Hidden, the external task runs in the background and is not shown to the user.
By default, Workspace Environment Management runs an external task every time the agent refreshes.
Tick the Run Once box to make Workspace Environment Management only run the external task once, rather than at every refresh.
If selected Execute Only at Logon, the external task will only be run at logon rather than during every single refresh. This speeds up the agent refresh process, especially if you have many external tasks assigned to your users.
With the button Wait for the Task to Complete the agent waits for the external task to complete.
The Timeout value controls the maximum wait time.
The External Task Execution Order allows you to specify a priority for each individual external task, in case multiple tasks are assigned to one user and some tasks rely on results from others to run successfully.
File System Operations
Here we can copy folders and files to the user’s environment and create directories or symbolic links etc.
Note that you can use variables such as C:\Users\##Username##\ which will expand to the username WEM is running under. This can help when creating/copying files/folders to the user’s profile.
Overwrite Target if Existing toggles whether the file or folder operation overwrites existing files or folders with the same names in the target location. If cleared, and a file or folder with the same name already exists at the target location, the affected files are not copied.
By default, Workspace Environment Management runs a file system operation every time the agent refreshes.
Tick the box Run Once to make Workspace Environment Management only run the operation once, rather than at every refresh.
This speeds up the agent refresh process, especially if you have many file system operations assigned to your users.
On the Options tab you have several Action Types.
Controls the creation of User DSNs (DSN is a string that has an associated data structure used to describe a connection to a data source like SQL).
The DSN Name is the functional name of the user DSN and with Driver you specify the DSN driver.
At present, only SQL server DSNs are supported and therefore you must define your SQL Server with Server Name (Name of the SQL server) and Database Name (Name of the specified database).
Connect Using Specific Credentials allows you to specify credentials with which to connect to the server/database.
Controls the creation of File Associations in the user environment.
Important in this context is that since Windows Server 2012, the FTAs (File Type Associations) are stored only machine-based and with this WEM feature this can be stored again user based.
In File Extension you define the extension used for this file association.
If you select a File Extension from the list, the ProgID field automatically populates (providing that the file type is present on the machine the administration console is running on).
You can also type the extension directly, but then you must also enter the ProgID directly. To discover the ProgID of an installed application, you can use the OLE/COM Object Viewer (oleview.exe), and look in Object Classes/Ole 1.0 Objects.
In Action you select the action type like open, edit or print and in Target application you to specify the executable used with this file extension.
With Command you can specify any specific commands the executable should follow.
The following fields (Set as Default Action, Overwrite and Run Once) are self-explanatory.
Filters contains Rules and Conditions (like Client IP Adress or Group membership etc.), which allow you to make actions available to users.
Conditions are specific triggers which allow you to configure the circumstances under which the agent acts to assign a resource to a user. You first have to define different conditions in order to be able to use them via rules.
Rules are composed of multiple conditions. You use rules to define when an action is assigned to a user.
These conditions are AND statements, not OR statements. Adding multiple conditions requires them all to trigger for the filter to be considered triggered.
Use Assignments to make actions available to your users. This allows you to replace a portion of your users’ logon scripts.
Before assigning actions to users you need to perform the following steps in the order given:
- Configure Users or Groups, see Users in Active Directory Objects
- Define Conditions, see Conditions
- Define Filter Rules, see Rules
- Configure Actions, see Actions
Under User is your list of configured users and groups (from Active Directory Objects).
To simplify assigning actions for all users in Active Directory, use the Everyone default group to assign the actions.
If you assign an Application or an Action Group, with an Application, to the Assigned list, the following option are available:
- Create Desktop
- Create the Icon on the User Desktop
- Create Quick Launch
- Create the Icon on the Quick Launch
- Create Start Menu
- Windows Server 2016 and newer / Windows 10: Create the icon on the Start Menu under the program folder you have specified on the app itself
- Windows Server 2012 & 2012 R2 / Windows 7, 8 & 8.1: Creates the icon in the Apps component of the Start Menu only
- Pin To TaskBar
- Create and pinned a shortcut on the TaskBar
- Pin To Start Menu
- Windows Server 2016 and newer / Windows 10: Creates a shortcut on the right hand side of your start menu as you would expect
Windows Server 2012 & 2012 R2 / Windows 7, 8 & 8.1: Do Nothing
- The Create Start Menu option must enable as well, otherwise the application fails to appear in the Start menu after refreshing the agent
- Windows Server 2016 and newer / Windows 10: Creates a shortcut on the right hand side of your start menu as you would expect
- Auto Start
- Auto Start is set to Disabled by default. If you enable it, it automatically launches when the user log on
If you assign a Drive or an Action Group, with a Drive, to the Assigned list you can choose Filter & Drive Letter with Assign Filter & Drive Letter.
The Actions Modelling Wizard displays the resultant actions for a given user only (it does not work for groups).