Update of the article to the Workspace Environment Management Version 1906.
In the third part of the series about the WEM Administration Console, I give you an insight into the menu items Active Directory Objects, Transformer Settings and Advanced Settings.
Active Directory Objects
You use this Menu Item to specify the users, computers, groups and organizational units managed by Workspace Environment Management.
Here you can add users and groups to assign actions later via the menu item Assignments.
With Item Priority, you configure priority between different groups and user accounts. In case of conflict (for example, when mapping network drives), the group or user account with the higher priority will win out.
Item State enabled or disabled a user/group and if it disabled, it is not available to assign actions to.
With Machines you can add OU or Computers to the current site (configuration set). Only computers/OUs listed here are managed by Workspace Environment Management.
When agents on these computers register with the infrastructure server it sends them the necessary machine-dependent settings for the configuration set.
Active Directory search timeout is a time period (msec) for Active Directory searches to be performed before they time out. The default value is 1000 msec.
I recommend using a timeout value of at least 500 msec to avoid timeouts before searches complete.
These options allow you to configure the Transformer feature. Transformer allows agents to connect as web/application launchers which redirect users to the configured remote desktop or StoreFront interface.
Use Transformer to convert any Windows PC into a high performance thin client using a fully reversible kiosk mode.
These settings control the appearance and basic settings for Transformer. Citrix do not support running Transformer on Windows Server OS.
You should activate Enable Transformer then configure your Web Interface/StoreFront address that machines will automatically browse to upon logon to Windows.
You can also configure the appearance of Transformer allowing you to add a system clock, language selection, enable windowed mode etc.
If you disable this option, none of the settings in either the General or Advanced pages are processed.
The Change Unlock Password option allows you to specify the password that can be used to unlock the user’s environment by pressing Ctrl+Alt+U.
This is designed to allow administrators and support agents to troubleshoot the user environment without restrictions.
Here you can add a bunch of websites that allows any user to launch that website through Transformer.
You can use the navigation buttons to go back and forth between visited sites. Navigation buttons must be enabled in the General Settings, as they are disabled by default.
If Enable Tool List is activated, this option adds a list of tools (CMD, Services.msc etc.) to the kiosk interface.
With Add you can enter a name and the path of the program. You can configure it to Autolaunch and Maximize At Start.
With the Advanced Settings you can configure Process Launcher and personalize Transformer.
On the Advanced node the Process Launcher tab allows you to enable Process Launcher.
Doing this disables Transformer mode and launches a specified process of your choice.
In this example I have specified that MSTSC launches when a user logs on to their desktop. If a user closes the application or kills the process off, the process re-launches.
Advanced & Administration Settings
The Advanced & Administration Settings tab allows you to further personalise the Transformer program. Here you can hide buttons such as restart options and the home button.
You can also disable unlock ability so that CRL+ALT+U does not unlock the PC/Kiosk restrictive view.
Logon/Logoff & Power Settings
Here you can configure Windows auto-logon, so that when your PC powers on it is automatically logged on, then the kiosk window opens.
You can also configure actions to occur when your remote session ends and power actions to shut down a PC at a specific time etc.
These settings modify how and when the agent processes actions (like applications etc.) or the Agent UI looks like. Important is here, to disabling the action process you not need. This will reduce the processing and logon time.
These options control basic agent behavior like Agent Start Up or Reconnect behavior.
Here you can check or uncheck the processing of actions at the user logon. Disabling of the unneeded processing will reduce logon overhead and boost overall agent processing time.
The Agent Service Actions are:
- Launch Agent at Logon
- Launches the agent at logon
- Launch Agent at Reconnect
- Launches the agent if a user reconnects to a published Desktop
- Launch Agent for Admins
- Launches the agent even for administrators
- Agent Type
- UI (GUI) or CMD (no GUI)
- Enable (Virtual) Desktop Compatibility
- Leave this enabled when using physical desktops or VDI
- Execute Only Cmd Agent in Published Applications
- Launches the agent in command line mode (CMD) when launching a published application, even if in Agent Type UI is selected
- If you enable this setting, there is no way to hide the CMD window.
- If you are wanting to hide any sort of interaction with the user in published applications, but not so much in published desktops, then you are better to use the Hide Agent Splashscreen in Published Applications setting found in UI Agent Options (UI Agent Personalization).
These settings determine whether or not the agent performs an environment cleanup (delete Desktop Shortcuts, Network Drives or Printers) on refresh.
Under Printers deletion at startup you can also disable deleting of Auto-created Printers and printers in the list Specific Printers.
On the Agent Options tab, you can specify under Agent Logs where agent logging will reside and activate the Debug Mode for the Agent.
The other options are:
- Enable Offline Mode
- Allows the agent to use the local cache, in the event, access to the WEM Infrastructure Services server is lost. This is on by default.
- Use Cache Even If Online
- The agent always reads its settings and actions from its cache (which is built whenever the agent service cycles).
- Refresh Settings
- The agent triggers a Windows refresh (for desktop, system settings etc.) when an agent refresh occurs.
- Depending on the OS you are working with, the option to refresh appearance can result in issues with legacy applications, such as flashing or blinking screens, warped graphics in multi-windowed published apps etc.
- Refresh On Environmental Setting Change
- When an environmental setting is changed the Agent will trigger a Windows refresh.
- Async Printers Processing
- The agent processes printers asynchronously from other actions.
- Async Network Drives Processing
- Same as above, only for network drives.
- Initial Environment Cleanup
- This option you are very wary of, particularly if you are implementing WEM into an existing environment.
- This option basically looks at the differences with what you have told WEM to build, and what exists, and deletes the differences (ALL Differences!).
- It also seen that it destroy the WinX shortcuts for the start menu in windows server 2016.
- Initial Desktop UI Cleanup
- Is kind of a less aggressive tact and just cleans the desktop rather than everything.
- Check Application Existence
- The agent checks that an application is available to the user/group before creating a shortcut to that application.
- Expand App Variables
- If enabled, variables (Actions/Environment Variables) are expanded by default.
- Enable Cross Domain User Group Search
- The agent queries user groups in all Active Directory domains. This is an extremely time-intensive process which should only be selected if necessary.
- Broker Service Timeout (ms)
- The timeout value after which the agent switches to its own cache, when it fails to connect to the infrastructure service.
- Directory Service Timeout (ms)
- The timeout value for directory services on the Agent Host machine, after which the agent uses its own internal cache of user group associations.
- Network Resources Timeout
- The timeout value for resolving network resources (network drives or file/folder resources located on the network), after which the agent considers the action has failed.
- Agent Max Degree of Parallelism
- The maximum number of threads the agent can use. Default value is 0 (as many threads as physically allowed by the processor), 1 is single-threaded, 2 is dual-threaded, etc.
- In most cases this value does not need changing.
- Enable Notifications
- If enabled, the agent displays notification messages on the agent host when the connection to the infrastructure service is lost or restored.
- Citrix recommends that you do not enable this option on poor-quality network connections. Otherwise, connection state change notifications might appear frequently on the endpoint (agent host).
If Agent Actions Enforce Execution is enabled, the agent automatically updates the actions in the current session(Otherwise only during logon or reconnect etc.).
With Unassigned Actions Revert Processing, the agent deletes all unassigned actions during the current session the next time it is refreshed.
The Automatic Refresh (UI Agent Only) settings allow you to specify whether and at what intervals the agent is automatically refreshed.
As with other processing options, disabling unnecessary options will reduce efforts and speed up logon.
On the Reconnection Actions tab similar to the processing options on the Main Configuration tab you can allow or disallow processing of certain or all actions when a user reconnects to the user environment.
On the Advanced Processing tab, as with Agent Actions Enforce Execution (under the Advanced Options tab), the processing of actions is activated during the current session.
The special case here, however, is that the filters set under Filters are also reprocessed with every update.
So if we have set a filter that will only display a specific application when the client is on the net 172.10.9.x. However, if the client travels from the internal network to the external network (not 172.10.9.x) without a reconnect, the application will continue to be displayed without Enforce Application Filters Processing Option enabled.
But if we activate the option and it comes to the automatic refresh, the filters are considered again and the application disappears.
The Service Options tab allows you to specify how often the agent will refresh the cache (15 min default), how often the agent will refresh its SQL connection and other options such as enabling debug mode for the agent and setting a delay on the agent executable launch on a desktop.
You can also exclude the agent from running for specific groups of users.
It’s important to activate Bypass ie4unit Check, otherwise the Agent Host service will wait for ie4unit. This setting forces the Agent Host service to not wait for ie4uinit and speed up the logon.
The Console Settings tab allows you to exclude drive letters when creating drive assignments which may help prevent a WEM administrator using a drive letter that is used globally for something else for example.
Use this tab to add StoreFront stores to the Workspace Environment Management configuration. You can then assign an Applications Action tab to define shortcuts to applications from in that those stores.
For Transformer kiosk enabled machines, assigned StoreFront Applications Actions appear in the Applications tab in the Transformer kiosk.
Configuring UI Agent Personalization
The UI Agent Personalization tab simply allows you to adjust the look and feel of the agent, helpdesk and self-service tools running on VDA.
You can prevent users from managing printers and applications etc. through the agent. These options apply to the session agent in UI mode only. They do not apply to the session agent in CMD mode.
UI Agent options
These settings let you customize the appearance of the session agent (in UI mode only) in the user’s environment.
- Custom Background Image Path
- If entered, will display a custom image when the session agent launches/refreshes, rather than the Citrix Workspace Environment Management logo. The image used must be accessible from the user environment. It is recommended you use a 400*200px .bmp file.
- Loading Circle Color
- Allows you to modify the color of the loading circle to fit your custom background.
- Text Label Color
- Allows you to modify the color of the loading text to fit your custom background.
- UI Agent Skin
- Allows you to select a preconfigured skin for dialogs and the self-service tool (for printers / applications). The splash screen (see above) will not be changed.
- Hide Agent Splashscreen
- If enabled, hides the splash screen when the session agent is loading/refreshing. This takes effect after the session agent has refreshed while the setting is enabled.
- Hide Agent Icon in Published Applications
- If enabled, published applications do not show the Citrix Workspace Environment Management session agent.
- Hide Agent Splashscreen in Published Applications
- If enabled, hides the session agent splash screen for published apps running through it.
- Only Admins Can Close Agent
- If enabled, only administrators can shut down the Citrix Workspace Environment Management session agent.
- Allow Users to Manage Printers
- If enabled, users can access the Citrix Workspace Environment Management session agent Manage Printers menu to assign a default printer and modify print preferences.
- Allow Users to Manage Applications
- If enabled, users can access the Citrix Workspace Environment Management session agent Manage Applications menu to manage where their application shortcuts are created.
- Shortcuts created in self-healing mode cannot be deleted using this menu.
- Prevent Admins to Close Agent
- If enabled, administrators cannot shut down the Citrix Workspace Environment Management session agent.
- Enable Applications Shortcuts
- If enabled, users can run applications from the Manage Applications menu.
- Disable Administrative Refresh Feedback
- When Administrators force a session agent to refresh from the Administration Console, this options prevents a notification tooltip appearing in the user environment.
You can set help links and allow users to take a screen capture including the option to send the screen capture via email to support.
Power Saving can allow the agent to shut down the device it is running on after a specified time or when the machine is idle for so many seconds.