Tutorial 1 - 10 min activityTechnical Introduction to User Environment Manager and Its Features
Tutorial 2 - 4 min activityComponents and Architecture of User Environment Manager
Tutorial 3 - 22 min activityInstallation
Tutorial 4 - 13 min activityInitial Configuration Using an Active Directory Group Policy Object
Tutorial 5 - 14 min activityInitial Configuration Using NoAD Mode
Tutorial 6 - 41 min activityBasic Features
Tutorial 7 - 24 min activityAdvanced Features
Tutorial 8 - 23 min activityHorizon Smart Policies
Tutorial 9 - 4 min activitySummary and Next Steps
Technical Introduction to User Environment Manager and Its Features
Technical Introduction to User Environment Manager and Its Features
VMware User Environment Manager™ delivers personalization and centrally managed policy configurations across virtual, physical, and cloud-based Windows desktop environments. IT administrators control which settings users are allowed to personalize, and administrators can map environmental settings such as network drives and location-specific printers.
User-specific Windows desktop and application settings can be applied in the context of client device, location, or other conditions. Policies are enforced when users log in, launch an app, reconnect, or when some other triggering event occurs.
User Environment Manager also has a feature for configuring folder redirection for storing personal user data, including documents, pictures, and so on.
Purpose of This Tutorial
The Quick-Start Tutorial for User Environment Manager helps you evaluate User Environment Manager by providing a discussion of the product and offering practical exercises. This Overview is first in the series of articles within the Quick-Start Tutorial and introduces User Environment Manager and its benefits, features, components, and architecture. Other articles in the tutorial offer hands-on exercises to set up your own proof-of-concept environment.
Important: This tutorial is designed for evaluation purposes only, based on using the minimum required resources for a basic deployment, and does not explore all possible features. This evaluation environment should not be used as a template for deploying a production environment. To deploy a production environment, see the User Environment Manager Documentation.
This tutorial is intended for IT administrators and product evaluators who are familiar with VMware vSphere® and VMware vCenter Server®. Familiarity with networking and storage in a virtual environment, Active Directory, identity management, and directory services is assumed. Knowledge of other technologies, such as VMware Horizon® 7 is also helpful.
Packaging and Licensing
User Environment Manager can be used as a standalone product, to manage applications and Windows environment settings, or it can be used in conjunction with other VMware components. For example, User Environment Manager is a key component of JMP, the next generation of desktop and application delivery. JMP (pronounced jump), which stands for Just-in-Time Management Platform, represents capabilities in VMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops and Apps in a flexible, fast, and personalized manner.
User Environment Manager can manage applications installed in the base image of a virtual desktop machine or RDSH server, and it can manage applications provided by VMware App Volumes™. User Environment Manager also includes Horizon Smart Policies, for integrating with Horizon 7 and Horizon Apps. For more information, see the VMware Workspace ONE and VMware Horizon Packaging and Licensing guide.
Following are descriptions of the core features and capabilities of User Environment Manager. In subsequent articles of this Quick-Start Tutorial, you will walk through some of these features and some advanced features, including application blocking, and privilege elevation, which allows end users to install and run applications that normally require administrator privileges.
Centralized and Simplified Management of Windows Environments
With User Environment Manager, you can configure settings and conditions in the Management Console, and the User Environment Manager agent on virtual desktops and RDSH servers can read and apply the settings. For configuring User Environment Manager, you have the flexibility of configuring policies by using any of the following strategies:
- Using an Active Directory Group Policy Object with the VMware-supplied administrative templates.
- Specifying command-line options to use with the FlexEngine executable, which is the User Environment Manager agent.
- Editing the XML Flex configuration file for User Environment Manager. This strategy is called NoAD mode.
You can also use a single instance of the User Environment Manager Management Console to manage multiple User Environment Manager environments.
Dynamic, Contextual Policy Management
With User Environment Manager, you can specify the conditions under which an end user gets certain features, such as the ability to disable saving files to a USB device when outside the corporate network, or other security-related features. You can also configure triggering tasks to determine when to check for certain conditions, such as at login time. For more information, see the blog post Using VMware User Environment Manager to Manage User Profiles with Context-Based Settings.
Consistent User Experience Across Devices and Locations
With User Environment Manager, end users can roam between disparate devices while preserving custom application settings and Windows personalization settings. When a user logs in to a virtual desktop or application, User Environment Manager reads the profile archive file for that user's profile and can, for example, display the desktop background or application settings that the user saved during the last session, regardless of whether the actual endpoint device was a desktop computer at work or an iPad at home.
Easy Start for Adding Applications and Environment Settings to Manage
User Environment Manager takes a whitelist approach to managing the user profile. Given this design approach, IT must specify which applications and settings will be managed. Although this approach takes a little more work up front, this solution prevents excessive profile growth and profile corruption, enables user settings to roam across Windows versions, and provides IT granular control to manage as much or as little of the user experience as needed.
The Easy Start feature gives you a jumpstart on the whitelist of applications and settings you want to manage. With a click of the Easy Start button, you can manage many common Windows applications, including several versions of Microsoft Office. Many Windows environment settings are also added by Easy Start. You can then easily select an application or Windows setting to review and change the default settings.
Application Templates and Application Profiler
Preserving user-specific application settings and applying or enforcing specific default application settings are key features of User Environment Manager. VMware provides application management templates for commonly used software packages, and the VMware User Environment Manager Community Forum contains many more templates created with an included tool called Application Profiler.
For applications that do not have a corresponding application management template, you can use the Application Profiler, a standalone application that analyzes where an application stores its file and registry configuration. The analysis results in an optimized User Environment Manager Flex configuration file, which you can edit in the Application Profiler or use directly. You can also use Application Profiler to set the initial configuration state of applications.
With User Environment Manager Self-Support, end users can restore application settings from a backup or reset the settings to their defaults.
Helpdesk Support Tool
As a User Environment Manager administrator, you can use Helpdesk Support Tool yourself, or you can make it available to another department that is in charge of providing support in the area of personalization. You can use Helpdesk Support Tool to perform the following tasks:
- Reset one or more profile archives for a user.
- Restore a profile archive backup for a user.
- Open a profile archive for a user in Windows Explorer.
- Edit a profile archive for a user.
- View User Environment Manager agent log files for a user, and search for a specific log string.
- View the total size of profile archives and profile archive backups for a user.
This article explains some of the most popular reasons why enterprises use User Environment Manager.
Saving Users' Settings Across Devices
End users are using more devices than ever before, and expect a consistent user experience when accessing corporate resources. As IT explores virtual desktop infrastructure (VDI), published applications, and even cloud computing to deliver these resources, User Environment Manager provides that consistent user experience through personalization.
Personalization abstracts the settings and preferences from the underlying Windows operating system and applications. End users are free to roam from a physical PC to a VDI desktop, or to a cloud-hosted published application. User Environment Manager persists the look and feel of Windows and applications, providing a superior user experience. Get hands-on in the exercise Test Application Personalization.
Improving Logon Times
Windows logon times directly impact the end-user experience. Whether managing physical or virtual PCs, VDI, or published applications, IT constantly struggles to find a balance between customizing the Windows environment and adding time to the user logon process. Tasks such as mapping printers, mapping drives, and applying policies to manage applications often occur during the user logon process. User Environment Manager uses DirectFlex technology to remove much of this overhead from the user logon process. Instead, these tasks are carried out dynamically, if and when they are needed.
Take an AutoCAD engineer as an example. The engineer has access to a shared drive that contains a variety of drawings, as well as a plotter printer. Using a typical logon script would likely map the drive and printer every time the engineer logs in to Windows, whether AutoCAD is used during the session or not. This process results in added logon time for components that are not used. With DirectFlex, User Environment Manager can dynamically map the drive and printer when AutoCAD is launched, and disconnect them when AutoCAD is closed. By removing such operations from the logon process, logon times for end users can be reduced. Get hands-on in the exercise Configure User Environment Settings.
Managing Least Privileges
User Environment Manager is not just about providing enhancements for end users. Many use cases focus on improving IT operations. For example, privilege management can be a daunting task, and many IT administrators are forced to provide Local Administrator privileges to end users to satisfy application demands.
With User Environment Manager privilege elevation, IT can strategically elevate permissions for application installers, as well as executables for applications already installed that require Local Administrator privileges to run. Elevating privileges for specific executables, while removing Local Administrator privileges from end users, can dramatically reduce the risk of a malware or ransomeware attack on your network. Privilege elevation is a key feature in any privilege management strategy. Get hands-on in the exercise Configure Privilege Elevation.
Providing Desktops Just in Time
As enterprises go down the path of VDI, a common question is whether to provide persistent or non-persistent desktops. Although end users enjoy the flexibility to customize their own, personal, persistent VM, IT often prefers the streamlined management of non-persistent VMs. User Environment Manager is a key component of the VMware Just-In-Time Management Platform (JMP), which provides the best of both worlds. To learn more about JMP, and the benefits User Environment Manager provides with this approach, see Deploying JMP (Just-in-Time Management Platform) in Horizon 7.