What's New in Environment Manager?
Run As or Connect As features - Improved Security
The Run As or Connect As features allow drive mapping and policy actions to be performed using a profile selected from the Run As User Library. The method used to encrypt and decrypt credentials for such user profiles has been improved in 2018.3 to provide far greater security.
A public key and private key pair is now used to encrypt and decrypt Run As credentials:
- The public key is used on the Environment Manager console to encrypt the password
- The private key is required by the agent to decrypt the password. The private key must be installed in the Certificates - Local Computer\Personal\Certificatesfolder on every endpoint being managed
For more information about this feature, see Run As User Library
Version 10.1 FR4
Cache Roaming for Virtual Sessions
Cache Roaming attaches a container to the user’s virtual desktop or session during logon that persists application caches between sessions.
This feature introduces 2 new EM Policy actions:
- VHD Management – to create, attach and detach a container(s) during a user session
- Cache Roaming – configure locations within the user profile for redirection, either to a container managed with the above action or an alternate folder location
One of the key drivers behind this feature is to support the increasing adoption of Office 365 within the enterprise. Customers can now easily configure roaming between virtual sessions for scenarios, such as Outlook Cached Exchange Mode, using either the “out of box” profile cache options, or alternatively by setting up custom redirections.
For more information, see Cache Roaming for Virtual Sessions.
GeoSync Set-up for existing Subscribers – Improved Workflow
GeoSync enables organizations to synchronize their personalization configuration and/or user settings across multiple locations, all without the requirement for any 3rd party technologies (such as SQL Merge Replication).
10.1 FR4 introduces capabilities to help existing customers who currently maintain multiple ‘stand-alone’ Personalization Databases but wish to move to GeoSync. To enable a smooth transition to a synchronized model, 10.1 FR4 provides customers with a script that can be used to ensure the subscriber database(s) are compatible with their publisher prior to set-up.
For more information, see GeoSync.
Windows 10 Enhancements
As part of our continued focus on Windows 10 adoption, 10.1 FR4 extends existing features in two key areas:
- The File Type Association (FTA) policy action now fully manages default application settings for file types
- User resizing of the Start Menu is now personalized across sessions on Windows 10 1703 (and above)
Version 10.1 FR3
Microsoft Edge Browser Personalization
As customers continue to progress in their adoption of Windows 10, having the ability to personalize the Edge Browser is something that is key to user experience. Environment Manager now ensures that common browser items such as Favorites, Reading Lists and Browser Settings are persisted for the user between their sessions.
Administrators import our Microsoft Edge Personalization template using the existing console workflow before then assigning to the required Personalization Groups. Although Edge utilises the Universal Web Platform (UWP) associated with Windows Store applications, we ensure that customers can personalize in a similar approach to a standard Win32 application, and provide support for profile archiving and rollback.
For more information, see Application Group Templates.
Version 10.1 FR2
Users may roam from city to city, or from physical to virtual desktop, but they expect the same personalized experience to follow them. With the release of Environment Manager 10.1 FR2, the new Geo Sync feature provides users with their personalized desktop experience regardless of their corporate location.
Administrators simply configure which users require their settings to be synchronized to which sites and configure a scheduled time for synchronization to occur. For customers who only want to centrally manage EM Personalization configurations and not user data, this can also be easily configured.
Supported by accompanying PowerShell cmdlets and APIs, the setup, configuration and monitoring of the Geo Sync feature can be fully automated to comply with enterprise deployment models.
Until now customers with multiple, geographically-distributed sites have relied on SQL Server Merge Replication for synchronization of Personalization data and configurations, which comes with a range of limitations and complexities. With the Geo Sync feature this functionality is built-in, and only requires SQL Standard Edition.
For more information, see GeoSync.
Endpoint Self Service Tool (ESST) Localization
ESST is a System Tray utility that can be configured per Personalization group to allow End Users to manage their User Personalization data. With the release of FR2, the ESST will now localise French, German and Dutch Languages automatically for the user based on the configured Endpoint locale.
Version 10.1 FR1
Console Rebrand and Renaming
The Environment Manager Console has been updated to reflect the new company name of Ivanti - see here for more details.
You may still see the ‘AppSense Environment Manager’ name used in certain areas, such as the registry or services. This is to make the transition as least disruptive as possible for existing.
Having made significant changes to the design of the User Workspace Manager consoles in version 10, we have listened to feedback and added a splash of color back into the consoles by refreshing and updating some of the icons used in the Environment Manager console.
Scheduling of Policy Nodes
It is now possible to configure Environment Manager Policy Nodes to additionally also run at a given schedule. This provides Administrators with the flexibility to re-apply or evaluate specific actions or conditions within their configuration at a determined interval without the trigger having to be re-executed.
For example, if an Administrator chose to schedule a Node within the User Pre-Desktop Trigger. It could run both during logon and at the determined schedule irrespective of whether the User had logged off and on again.
By using a similar workflow to the Windows Task Scheduler, we have made it simple for customers to leverage this new functionality as an alternative to complex scripting.
This feature is available for both the User and Computer Policy Triggers.
For further information, see Node Scheduling.
Configuration Notes and Comments
Within Environment Manager Policy, Administrators can now annotate their Node Actions and Conditions.
This feature introduces 3 new options:
- Comments within the Policy Node Action pane
- The default Node description is now editable
- A Notes tab has been added to the Policy Node Action view
These are especially useful in environments were multiple administrators will be accessing Policy configurations, allowing for visual tracking of key additional details and updates within the configuration.
For further information, see Node Descriptions.
SQL Mirroring Support
Support for SQL Mirroring has been re-instated for 10.1 FR1 release - it was not available in 10.0/10.1. Our best practice for this use case is to utilize SQL Always On. This allows adequate time to make the transition to our best practice.
For more information, see the User Workspace Manager help.
Support for Windows Server 2016
Environment Manager 10.1 Personalization Server, Console, and Agent Components are all compatible with Windows Server 2016 (Server with Desktop Experience installation). For example, additional conditions are available in Policy that check for Windows Server 2016.
Group Policy Action enhancements
The Set Policy dialog has been redesigned for a simpler workflow. The dialog displays more detailed settings, such as the policy category, name, file name, and whether it is enabled. These detailed settings are also available in the report produced by Configuration Profiler. In addition, you can now set a default location that the console will use to store all Group Policy templates. This is useful, for example, if you store Group Policy Objects on a network share and do not want to copy them to the local Policy Definitions folder.
For more information, see Group Policy Actions.
Lockdown for Microsoft Office 2016
Create Environment Manager Lockdown actions on applications in the Office 2016 suite using the updated Microsoft Office Lockdown Wizard.
For more information, see Lockdown Management.
New "Is Older Than" condition for file and folder deletes
A new condition is available for File and Folder Delete actions. Use it specify that files or folders get deleted if an attribute - Created, Last Modified Time, or Last Accessed Time- is older than a certain number of days.
Simplified Triggers for Citrix XenDesktop sessions
XenDesktop sessions now correctly execute the appropriate triggers during Session Lock/Unlock and Disconnect/Connect changes. Previously this required additional configuration.
For more information, see Triggers for XenDesktop Connections and Backwards Compatibility.
Build number option for the operating system condition
The Microsoft update model now uses build numbers to identify feature releases and service packs. When creating a computer operating system rule, you can specify a target build number to be matched or used as the maximum or minimum build release. For example, you can target specific Windows 10 and Windows Server 2016 builds.
For more information see Computer Conditions.
View/Edit functionality is now available in Find and Replace
You can now quickly navigate to specific actions and conditions in a policy that are returned by the Find and Replace search results. Selecting a result and clicking View/Edit immediately opens the item in the appropriate dialog for viewing and editing.
For more information, see Find and Replace.
Support for Windows Server 2016
Environment Manager 10.1 Personalization Server, Console, and Agent Components are all compatible with Windows Server 2016 (Server with Desktop Experience installation). You can install Personalization Server 10.1 on a Windows Server 2016 machine and require no additional configuration than for a Server 2012 install, and out-of-the-box Windows Setting Groups are available for Windows Server 2016. For example, the Windows 10 personalization settings on a user's laptop will be available to that user on a Server 2016 RDP session.
Enhanced shortcut management
When users are roaming between different environments, Personalization now manages and prevents any personalized shortcut links that are not resolvable from appearing in the user’s session.
For more information, see Shortcut Management for Roaming Users.
Personalization Operations Console localization
The Personalization Console is now available in three new UI languages - French, Dutch, and German.
For more information on Personalization Operations, see Personalization Operations Help.
Was this article useful?
The topic was:
Not what I expected
Copyright © 2018, Ivanti. All rights reserved.