What's New in Environment Manager?
In addition to code enhancements and bug fixes the following features are included:
Windows 10 Start Menu Builder
This release introduces the Environment Manager Windows 10 Start Menu Builder - a great new feature that provides a matchless solution to deployed Start menu customization.
•It provides the ability to quickly create user-centric menus for different users
•As an administrator, you can customize the UWP and Win32 apps listed, and create a tile layout from just one simple-to-use interface
•You can easily maintain and manage the customized menus as your user needs evolve or when Windows updates result in unwanted changes.
The customized menu is created as an action on a logon trigger and saved as part of the configuration. You can create as many different Start menus as required and deploy them to whichever user groups you specify. The default list of Windows applications available in the Start Menu Builder wizard is supplied by an XML file which can easily be replaced or modified from within the wizard itself.
For more information see Windows 10 Start Menu Builder.
File type exclusions for Windows settings groups
Custom Windows settings enable you to personalize registry keys, particular folders, and files by specifying which of these are to be included (or excluded) from the personalization database. Environment Manager 2020.2 provides an improved user workflow and allows you to exclude specific file types without having to specify their folder path.
Custom Windows settings can be applied to your Windows settings groups and the exclusions honored. The enhancement provides greater flexibility when specifying exclusions, and more targeted results.
See Custom Windows settings for more information.
Sync of Windows Settings over VPN
At logon, a sync of the user’s Personalized Windows Settings preferences is attempted. The result of this sync is dependent upon a stable connection having already been established with the Personalization Server.
As of Environment Manager 2020.2 an Engineering Key is now available which can ensure the timings of the sync and the VPN connection are aligned. This supports delivery of a familiar, personalized user desktop regardless of location and connection type.
Please refer to Enable VPN Sync for WSGs.
Easier Access to Further Information
In addition to this online help system, Ivanti provides a wealth of supporting information in the form of online documents, help videos and curated community articles. In the 2020.2 release we have collated these resources into a summary table and made this available via the Release Notes and from the online Help landing page.
In addition to code enhancements and bug fixes the following features are included:
Environment Manager 2020.1 release has been localized and now supports following 5 languages:
Selection of the language setting required is described in the Language Settings help topic within User Workspace Manager.
Windows Server 2019 support
Environment Manager 2020.1 Personalization Server, Console and Agent Components are now all compatible with Windows Server 2019. For example, additional conditions are available in Policy that check for Windows Server 2019.
For more information on supported software see the Maintained Platforms Matrix.
See Computer Conditions for information on operating system conditions.
Environment Manager 2019.1 SP2 release contains bug fixes and code enhancements. There are no new features.
Toggle the auto copy of VHDs for multiple sessions ON/OFF
In Environment Manager 2018.3, Ivanti introduced the ability to use VHD Cache Roaming to provide users with access to their cache when working across multiple virtual sessions. This enables users within a non-persistent Windows environment to have multiple sessions running at the same time.
However, to provide this multi-session support, a VHD is created for each device logon, with a maximum of 5 VHDs retained per user.
Feedback from certain customers was that this capability was not required by default and so it is now possible to toggle multi-session support ON or OFF, to help reduce disk usage on back-end storage.
For further details see Cache Roaming.
Context sensitive help improvements
The Environment Manager context-sensitive help system has been extended to provide improved access to relevant help topics directly from the console. In addition, anonymous telemetry within the Ivanti help system can provide us with insights into how the system is being used.
Examples of the data gathered include:
•The most visited help pages
•The most searched-for terms
•The navigation paths from specific pages
This data enables us to focus development effort and resource on key areas of the product to help improve features and simplify the user experience.
Group Policy Import Wizard
An intuitive Wizard has been introduced to import Active Directory Group Policy Objects and Group Policy Preferences. The objects are imported and then can be applied as Environment Manager actions. This simplifies the adoption of policy objects and can improve user logon times on the endpoint.
For more information see Group Policy Import.
Override Ivanti Automation Parameters
Environment Manager's integration with Ivanti Automation has been extended. Parameters from individual Tasks and Modules created with Ivanti Automation are now passed to Environment Manager automation actions. Intelligence is built-in to identify and correct out-of-sync parameters between Environment Manager and Ivanti Automation. Where a correction is not possible, the user is alerted.
For more information, see Ivanti Automation.
VHD Cache Roaming - Windows and Outlook Search
The cache roaming feature has been extended to include support for roaming both the Windows and Outlook search indexes. This is achieved using two new built-in templates:
•Outlook Search Template
The Outlook search index is roamed between sessions in both VDI and RDSH on a per-user profile.
•Windows and Outlook Search Template
A system-wide Windows search database can be roamed on a single-user desktop (VDI, kiosk/hotdesk PC)
For more information, see Windows and Outlook Search .
Personalization Database - Azure SQL Compatibility
With this release it is now possible to deploy the Personalisation database as an Azure SQL database. This means you no longer need to use virtual machines to manage your SQL database in Azure.
Configuration and management of the database continues to be done via the Server Configuration Portal (SCP) and support remains for on-premises and Azure virtual machine SQL server installations.
For more information, see Azure SQL as a Service Compatibility
Personalization Template - Roam File Type Associations (Windows 10)
Roam File Type Association Windows 10 using the new built-in Windows Settings Group Template. Persist user default application preferences across sessions ensuring a consistent and familiar User experience regardless of the device.
For more information, see File Type Associations Action.
GeoSync AlwaysOn Support
AlwaysOn support has been added to GeoSync. Previously with SQL Merge Replication, you have needed to disable Replication on the master and all subscribers prior to upgrading to a newer version of Environment Manager. This is not the case with GeoSync, upgrades can be performed with GeoSync in place.
For more information, see GeoSync AlwaysOn Support
OneDrive Cache Roaming
The cache roaming feature has been extended and now includes a built-in template to enable a user's OneDrive cache to be roamed between non-persistent sessions. This benefits organizations using Office 365.
For more information, see OneDrive Cache Roaming.
Concurrent User Access for Office 365 Virtual Containers
It is now possible to use the cache roaming feature to provide users with access to their cache when working across multiple virtual sessions. A typical scenario is where a user is accessing Outlook from multiple virtual sessions.
For more information, see Concurrent users.
Run As or Connect As features - Improved Security
The Run As or Connect As features allow drive mapping and policy actions to be performed using a profile selected from the Run As User Library. The method used to encrypt and decrypt credentials for such user profiles has been improved in 2018.3 to provide far greater security.
A public key and private key pair is now used to encrypt and decrypt Run As credentials:
- The public key is used on the Environment Manager console to encrypt the password
- The private key is required by the agent to decrypt the password. The private key must be installed in the Certificates - Local Computer\Personal\Certificatesfolder on every endpoint being managed
For more information about this feature, see Run As User Library
Integration with Ivanti Automation
This release introduces integration with Ivanti Automation to enable the automated management of tasks. Routine and complex tasks can now be run from within Environment Manager Policy Action. This integration brings together the power of Ivanti Automation and the Environment Manager Policy engine, allowing IT the time to focus on higher priorities.
For more information about this feature, see Automation integration into Environment Manager Policy.
Cache Roaming for Virtual Sessions
Cache Roaming attaches a container to the user’s virtual desktop or session during logon that persists application caches between sessions.
This feature introduces 2 new EM Policy actions:
- VHD Management – to create, attach and detach a container(s) during a user session.
(Note, the ability to detach VHDs on session locked and session disconnected triggers, has subsequently been deprecated in Environment Manager.)
- Cache Roaming – configure locations within the user profile for redirection, either to a container managed with the above action or an alternate folder location
One of the key drivers behind this feature is to support the increasing adoption of Office 365 within the enterprise. Customers can now easily configure roaming between virtual sessions for scenarios, such as Outlook Cached Exchange Mode, using either the “out of box” profile cache options, or alternatively by setting up custom redirections.
For more information, see Cache Roaming for Virtual Sessions.
GeoSync Set-up for existing Subscribers – Improved Workflow
GeoSync enables organizations to synchronize their personalization configuration and/or user settings across multiple locations, all without the requirement for any 3rd party technologies (such as SQL Merge Replication).
10.1 FR4 introduces capabilities to help existing customers who currently maintain multiple ‘stand-alone’ Personalization Databases but wish to move to GeoSync. To enable a smooth transition to a synchronized model, 10.1 FR4 provides customers with a script that can be used to ensure the subscriber database(s) are compatible with their publisher prior to set-up.
For more information, see GeoSync.
Windows 10 Enhancements
As part of our continued focus on Windows 10 adoption, 10.1 FR4 extends existing features in two key areas:
- The File Type Association (FTA) policy action now fully manages default application settings for file types
- User resizing of the Start Menu is now personalized across sessions on Windows 10 1703 (and above)
Microsoft Edge Browser Personalization
As customers continue to progress in their adoption of Windows 10, having the ability to personalize the Edge Browser is something that is key to user experience. Environment Manager now ensures that common browser items such as Favorites, Reading Lists and Browser Settings are persisted for the user between their sessions.
Administrators import our Microsoft Edge Personalization template using the existing console workflow before then assigning to the required Personalization Groups. Although Edge utilises the Universal Web Platform (UWP) associated with Windows Store applications, we ensure that customers can personalize in a similar approach to a standard Win32 application, and provide support for profile archiving and rollback.
For more information, see Application Group Templates.
Users may roam from city to city, or from physical to virtual desktop, but they expect the same personalized experience to follow them. With the release of Environment Manager 10.1 FR2, the new Geo Sync feature provides users with their personalized desktop experience regardless of their corporate location.
Administrators simply configure which users require their settings to be synchronized to which sites and configure a scheduled time for synchronization to occur. For customers who only want to centrally manage EM Personalization configurations and not user data, this can also be easily configured.
Supported by accompanying PowerShell cmdlets and APIs, the setup, configuration and monitoring of the Geo Sync feature can be fully automated to comply with enterprise deployment models.
Until now customers with multiple, geographically-distributed sites have relied on SQL Server Merge Replication for synchronization of Personalization data and configurations, which comes with a range of limitations and complexities. With the Geo Sync feature this functionality is built-in, and only requires SQL Standard Edition.
For more information, see GeoSync.
Endpoint Self Service Tool (ESST) Localization
ESST is a System Tray utility that can be configured per Personalization group to allow End Users to manage their User Personalization data. With the release of FR2, the ESST will now localise French, German and Dutch Languages automatically for the user based on the configured Endpoint locale.
Console Rebrand and Renaming
The Environment Manager Console has been updated to reflect the new company name of Ivanti - see here for more details.
You may still see the ‘AppSense Environment Manager’ name used in certain areas, such as the registry or services. This is to make the transition as least disruptive as possible for existing.
Having made significant changes to the design of the User Workspace Manager consoles in version 10, we have listened to feedback and added a splash of color back into the consoles by refreshing and updating some of the icons used in the Environment Manager console.
Scheduling of Policy Nodes
It is now possible to configure Environment Manager Policy Nodes to additionally also run at a given schedule. This provides Administrators with the flexibility to re-apply or evaluate specific actions or conditions within their configuration at a determined interval without the trigger having to be re-executed.
For example, if an Administrator chose to schedule a Node within the User Pre-Desktop Trigger. It could run both during logon and at the determined schedule irrespective of whether the User had logged off and on again.
By using a similar workflow to the Windows Task Scheduler, we have made it simple for customers to leverage this new functionality as an alternative to complex scripting.
This feature is available for both the User and Computer Policy Triggers.
Video: Node Scheduling
For further information, see Node Scheduling.
Configuration Notes and Comments
Within Environment Manager Policy, Administrators can now annotate their Node Actions and Conditions.
This feature introduces 3 new options:
- Comments within the Policy Node Action pane
- The default Node description is now editable
- A Notes tab has been added to the Policy Node Action view
These are especially useful in environments were multiple administrators will be accessing Policy configurations, allowing for visual tracking of key additional details and updates within the configuration.
Video: Node Descriptions
For further information, see Node Descriptions.
SQL Mirroring Support
Support for SQL Mirroring has been re-instated for 10.1 FR1 release - it was not available in 10.0/10.1. Our best practice for this use case is to utilize SQL Always On. This allows adequate time to make the transition to our best practice.
For more information, see the User Workspace Manager help.
Support for Windows Server 2016
Environment Manager 10.1 Personalization Server, Console, and Agent Components are all compatible with Windows Server 2016 (Server with Desktop Experience installation). For example, additional conditions are available in Policy that check for Windows Server 2016.
Group Policy Action enhancements
The Set Policy dialog has been redesigned for a simpler workflow. The dialog displays more detailed settings, such as the policy category, name, file name, and whether it is enabled. These detailed settings are also available in the report produced by Configuration Profiler. In addition, you can now set a default location that the console will use to store all Group Policy templates. This is useful, for example, if you store Group Policy Objects on a network share and do not want to copy them to the local Policy Definitions folder.
For more information, see Group Policy Actions.
Lockdown for Microsoft Office 2016
Create Environment Manager Lockdown actions on applications in the Office 2016 suite using the updated Microsoft Office Lockdown Wizard.
For more information, see Lockdown Management.
New "Is Older Than" condition for file and folder deletes
A new condition is available for File and Folder Delete actions. Use it specify that files or folders get deleted if an attribute - Created, Last Modified Time, or Last Accessed Time- is older than a certain number of days.
Simplified Triggers for Citrix XenDesktop sessions
XenDesktop sessions now correctly execute the appropriate triggers during Session Lock/Unlock and Disconnect/Connect changes. Previously this required additional configuration.
For more information, see Triggers for XenDesktop Connections and Backwards Compatibility.
Build number option for the operating system condition
The Microsoft update model now uses build numbers to identify feature releases and service packs. When creating a computer operating system rule, you can specify a target build number to be matched or used as the maximum or minimum build release. For example, you can target specific Windows 10 and Windows Server 2016 builds.
For more information see Computer Conditions.
View/Edit functionality is now available in Find and Replace
You can now quickly navigate to specific actions and conditions in a policy that are returned by the Find and Replace search results. Selecting a result and clicking View/Edit immediately opens the item in the appropriate dialog for viewing and editing.
For more information, see Find and Replace.
Support for Windows Server 2016
Environment Manager 10.1 Personalization Server, Console, and Agent Components are all compatible with Windows Server 2016 (Server with Desktop Experience installation). You can install Personalization Server 10.1 on a Windows Server 2016 machine and require no additional configuration than for a Server 2012 install, and out-of-the-box Windows Setting Groups are available for Windows Server 2016. For example, the Windows 10 personalization settings on a user's laptop will be available to that user on a Server 2016 RDP session.
Enhanced shortcut management
When users are roaming between different environments, Personalization now manages and prevents any personalized shortcut links that are not resolvable from appearing in the user’s session.
For more information, see Shortcut Management for Roaming Users.
Personalization Operations Console localization
The Personalization Console is now available in three new UI languages - French, Dutch, and German.
For more information on Personalization Operations, see Personalization Operations Help.