Environment Manager
This page refers to an older version of the product.View the current version of the User Help.
Advanced Configuration Settings
In this section:
Configuration Settings
Enable Logon Sub-triggers
In Environment Manager 8.5, a new Logon trigger structure was introduced replacing the single Logon trigger with three sub-triggers. This increases efficiency and speeds up logon times as Environment Manager actions can be configured to run at their most appropriate point during the user logon process:
- Pre-Session - Actions take effect before terminal services is notified of the logon. Registry, Group Policy and Environment actions are compatible with this sub-trigger. During the upgrade, actions which were previously in the Logon Environment tab are moved here.
- Pre-Desktop - Actions take effect when the user logs on to the system but before the desktop shell has started. During the upgrade, actions which were previously in the Logon trigger are moved here.
- Desktop Created - Actions take effect after the desktop shell and Explorer has started. To improve efficiency and logon times, any non-critical Logon actions should be added to this trigger, for example, mapping drives and printers.
Change the Logon Sub-trigger Setting
- Select the Policy Configuration navigation button.
- On the Manage ribbon, select Advanced Settings.
- Select the Configuration Settings tab.
- Apply the Enable logon sub-triggers option as required.
For the setting to take effect on managed endpoints, the Environment Manager Agent must be restarted.
Enable logon sub-triggers is applied by default for new configurations. When upgrading configurations, you are asked if you want to upgrade to the sub-triggers model or keep the single Logon trigger.
The graphic below show a single configuration before and after the Logon trigger upgrade:
After enabling Logon sub-triggers:
- Logon Condition 1 has been moved from the Logon Environment tab to a new Pre-Trigger node beneath the Pre-Session trigger
- Nodes 1, 2, 3 and 4 have been moved from the Logon node to the Pre-Desktop trigger
- The Desktop Created sub-trigger has been added
For layered configurations, each layer must be upgraded individually or in bulk using the BatchConfigTool before being added back to the upgraded base configuration.
If a configuration already includes nodes converted from triggers, they will revert to sub-triggers when enabled.
The Pre-Session sub-trigger is only compatible with Registry, Group Policy and Environment actions. When a node is converted back to the Pre-Session trigger, non-compatible actions are removed.
When you disable sub-triggers, a node structure is automatically created to replicate the sub-triggers.
The option to use the single logon trigger is included to enable backwards compatibility. Functionality reverts to that of the 8 FR4 release and all changes to this feature made since 8.5 are excluded.
The graphic below show the same configuration before and after Logon sub-nodes have been disabled.
After disabling sub-triggers:
- Nodes 1, 2, 3 and 4 have been moved from the Pre-Desktop sub-trigger to being direct child nodes of the Logon trigger.
- Any nodes, actions and conditions in the Pre-Session and Desktop Created sub-triggers are moved to newly created nodes of the same name.
- Any actions which are moved to the newly created DesktopCreated node run before the desktop is displayed to users.
When switching from sub-triggers to the single Logon node, we recommend that you review the actions in the Pre-Session node for Environment actions which would be better placed in the Logon trigger Environment tab.
See Trigger Environment.
Change the Sub-trigger Setting
- On the Manage ribbon, select Advanced Settings.
- Select the Configuration Settings tab.
- Apply the Enable logon sub-triggers option as required.
- Enable logon sub-triggers is applied by default for new configurations. When upgrading configurations, you are asked if you want to upgrade to the sub-triggers model or keep the single Logon trigger.
For the setting to take effect on managed endpoints, the Environment Manager Agent must be restarted.
Mid-session Config Changes
Define when changes to the configuration are delivered to users. On the Manage ribbon, select Advanced Settings > Configuration Settings. Apply the Enable logon sub-triggers option as required:
- Immediately - Changes are implemented as soon as the configuration is pushed out to endpoints. Unapply actions are also executed immediately,
- At logon - When the updated configuration is deployed, changes are implemented the next time a user logs on, before the User Logon triggers are fired. Unapply actions work as normal - executed at logoff.
- At startup - When the updated configuration is deployed, changes are implemented the next time the endpoint is started, before the Computer Startup trigger is fired. Unapply actions work as normal - executed at the next restart.
For new configurations the default setting is At logon. However, for upgraded configurations the Immediate setting will be applied to preserve the behavior of pre-8.5 configurations.
Network Events
Define when the Network Connected and Network Disconnected triggers are fired. The following options are available:
- Enabled - The Network Connected and Network Disconnected triggers fire when each network adapter establishes or disconnects a connection, regardless of whether a connection to the same network already exists.
- Disabled - The Network Connected trigger fires when the first network adapter establishes a connection to the network. The Network Disconnected trigger fires when the last network adapter disconnects a connection to the network. Each trigger will fire only once for each network.
For new configurations the setting is enabled. However, for upgraded configurations the setting is disabled to preserve the behavior of pre-8.6 configurations.
For the setting to take effect on managed endpoints, the Environment Manager Agent must be restarted
Caution: Enabling this option increases the number of network events. We recommended that conditions are used to restrict actions based upon network connection attributes.
Folder Copy Actions
Define the behavior for Folder Copy actions that are running at logoff. The following options are available:
- Enabled - Folder Copy actions that are running at logoff are resumed at the next user logon.
- Disabled - Folder Copy actions that are running at logoff are not resumed at the next user logon.
Custom Settings
Configure additional settings which will be applied on managed endpoints when an Environment Manager configuration is deployed. Settings such as the default node timeout can be configured in the console, removing the need to manually set the appropriate registry keys.
If a Custom Setting is added, it will be created on endpoints or override any existing setting. Custom Settings can be configured to use apply the default value for that setting or to use the value you assign it; both will override existing settings.
If a Custom Setting is not added, that setting will not exist unless it is already configured on the endpoint, in which case that value is used.
When upgrading a configuration, a setting which already exists on an endpoint will be overwritten by the value of the corresponding Custom Setting.
Manage Custom Settings
- Select the Policy Configuration navigation button.
-
From the Manage ribbon, select Custom Settings.
The Configure Custom Settings dialog displays.
- Click Add to display the list of custom settings.
-
Select the settings you want to configure and click OK. Multiple settings can be selected using the Ctrl and Shift keys or all settings can be added by pressing Ctrl + A.
The selected settings are added to the Configure Custom Settings dialog.
Settings which are added will be configured on endpoints. Any settings which already exist on an endpoint are used.
- Set the values as required. All settings are initially set as Use Default, deselect the option to update its value. Any updated settings are displayed in bold. If Use Default is selected for a setting, the corresponding key is removed from the registry as it is not required for the default behavior to apply.
- Click OK.
The settings are applied when the configuration is applied to managed endpoints.
Printer Mapping
Setting | Default | Description |
---|---|---|
PrinterErrorCodes |
|
List of error codes separated by a comma. |
AddPrinterSequential | False | Map printer actions can be performed concurrently or sequentially. Updating this setting to True removes issues created when the AddPrinterConnection API call is hit concurrently. |
Certificates
Setting | Default | Description |
---|---|---|
SpoofProfileForWholeSession | False | Windows mandatory profiles have a limitation restricting users from installing and exporting private keys. PFX certificate types contain embedded private keys and cannot be installed when the profile is set to mandatory. This setting changes the session so Windows thinks a roaming profile is being used, allowing users to install PFX certificates with private keys. |
Policy Engine
Setting | Default | Description |
---|---|---|
RegexTimeout | 2000 | Set a timeout limit in milliseconds for invalid regexes which may otherwise evaluate for a long time. |
NodeTimeout | 30000 | Set a limit in milliseconds which is given to nodes to complete before the next node is run. |
TriggerTimeout | Infinite | Set the length of time a trigger is given to complete its processing. If the value is -1 or a value is not present, the timeout will wait forever. |
ShutdownBailTimeout | Infinite | Timeout value in seconds for actions still running at logoff or shutdown. This applies to all running actions regardless of which trigger originally instigated it. This should only be used in for long running threads at logoff or shutdown. |
Active Directory
Setting | Default | Description |
---|---|---|
UseAlternativeUserGroupTest | False |
Specifies that when checking user group membership, it should be dynamic and use the OID_LDAP_MATCHING_RULE_IN_CHAIN filter. If set to true, user group conditions use a more efficient method of lookup which can also reflect group changes during a session. This only works if the Active Directory server is later than Server 2003 R2. |
ADUserGroupMembershipTimeout | 120 | When the UseAlternativeUserGroupTest setting is used, you can specify a timeout value in seconds for the OID_LDAP_MATCHING_RULE_IN_CHAIN query before the request to the personalization server and for policy user group OU Membership conditions. |
System
Setting | Default | Description |
---|---|---|
LegacyAppInit | False | Set this value to True to use AppInit_DLLs value for injecting Environment Manager components into processes during startup. If set to false, DLLs are loaded by a kernel driver. |
EnableNestedComputerGroupQueries | False | Allow the client to query Active Directory for nested computer groups. This setting can affect the performance of the client. |
Shell
Setting | Default | Description |
---|---|---|
CreateSpecialPaths | False | When set to true, the folder exists check is performed on CSIDs. |
End Point Merging
Setting | Default | Description |
---|---|---|
BaseConfigMergeBehavior | Remerge | Controls whether new base configurations override end point layers or are merged with them. Remerge- When a new configuration.aemp is deployed to endpoints, a merge with the existing configurations in the MergeConfigs directory is triggered. The new Merged_Configuration.aemp becomes the live configuration. Replace- When the new configuration.aemp is deployed to endpoints, it replaces the Merged_Configuration.aemp as the live configuration. |
Custom Scripts
Setting | Default | Description |
---|---|---|
PowerShellLoadUserProfile | False |
This setting allows the PowerShell User Profiles to load when PowerShell Custom actions and conditions execute. When set to False, PowerShell is hosted by Environment Manager and is no longer used natively. If the PowerShellRunInHost engineering key is set to set to on, it overrides any setting you have in PowerShellLoadUserProfile and PowerShell will always be hosted by Environment Manager. |
Override XenDesktop Session Connect Triggers
Setting | Default | Description |
---|---|---|
OverrideIcaSessionConnectTriggers | False |
When this setting is enabled and set to True, XenDesktop environments execute the Session Lock/Unlock triggers when a user disconnects/reconnects from their session. This applies to XenDesktop versions 7.6 - 7.8 inclusive. This setting has no affect if users are running XenDesktop 7.9 or later because these versions execute the Disconnect/Reconnect triggers anyway. |
Desktop Refreshes
Setting | Default | Description |
---|---|---|
ExcludedRefreshRegistryKeys | N/A | Exclude named registry keys from being parsed during the desktop refresh setting check. |
Custom Setting and Engineering Key Interaction
PowerShellRunInHost=0 | PowerShellRunInHost=1 | |
---|---|---|
PowerShellLoadUserProfile=0 | Hosted | Hosted |
PowerShellLoadUserProfile=1 | Native | Hosted |
Related topics
Copyright © 2019, Ivanti. All rights reserved.