Advanced Configuration Settings

In this section:

Logon sub-triggers

Environment Manager provides three logon sub-triggers. This enables flexibility and allows you to create fast logon times as Environment Manager actions can be configured to run at their most appropriate point during the user logon process:

  • Pre-Session - Actions take effect before terminal services is notified of the logon. Registry, Group Policy and Environment actions are compatible with this sub-trigger.
  • Pre-Desktop - Actions take effect when the user logs on to the system but before the desktop shell has started.
  • Desktop Created - Actions take effect after the desktop shell and Explorer has started. To improve efficiency and logon times, any non-critical Logon actions should be added to this trigger, for example, mapping drives and printers.

Early releases of Environment Manager (v8.4 SP4 and earlier) included a single logon trigger only, and although not widely recommended, it remains supported if required.

Mid-session config changes

This setting allows you to determine when configuration changes are delivered to users.

From the Manage ribbon, select Advanced Settings > Configuration Settings.

Select the Mid-session config changes option as required:

  • Immediately - Changes are implemented as soon as the configuration is pushed out to endpoints. Unapply (or revert) actions are also executed immediately.
  • At logon - When the updated configuration is deployed, changes are implemented the next time a user logs on, before the User Logon triggers are fired. Unapply actions work as normal - executed at logoff.
  • At startup - When the updated configuration is deployed, changes are implemented the next time the endpoint is started, before the Computer Startup trigger is fired. Unapply actions work as normal - executed at the next restart.

The default setting is At logon.
Note, to preserve the original behavior, the Immediately setting is applied to configurations upgraded from v8.4 SP4.

If using cache roaming with mid-session configuration changes you will need to set the PreventUnapplyOnConfigChange registry key on all endpoints. Refer to Cache Roaming for further information.

Network Events

This setting controls when the Network Connected and Network Disconnected events are handled.

From the Manage ribbon, select Advanced Settings > Configuration Settings.

Select or clear the Network events checkbox as required:

  • Enabled - The Network Connected and Network Disconnected triggers fire when each network adapter establishes or disconnects a connection, regardless of whether a connection to the same network already exists.
  • Disabled - The Network Connected trigger fires when the first network adapter establishes a connection to the network. The Network Disconnected trigger fires when the last network adapter disconnects a connection to the network. Each trigger will fire only once for each network.

The default setting is Enabled.
Note, to preserve the original behavior, the setting is disabled in configurations upgraded from earlier versions of Environment Manager.

For the setting to take effect on managed endpoints, the Environment Manager Agent must be restarted.

To control the number of network events, we recommend conditions are applied to restrict actions based upon network connection attributes.

Folder Copy Actions

This setting determines whether folder copy actions that are interrupted at logoff are resumed at next user logon.

From the Manage ribbon, select Advanced Settings > Configuration Settings.

Select or clear the Folder copy actions checkbox as required:

  • Enabled - Folder copy actions that are running at logoff are resumed at the next user logon.
  • Disabled - Folder copy actions that are running at logoff are not resumed at the next user logon.

Undo Action Sequencing

To view this setting, you may need to increase the size of the Advanced Settings dialog.

The setting allows you to define whether user actions on Logoff, Session Disconnect and Network Disconnect triggers are executed before undo (revert or unapply) actions.

Undo actions are added by the console to reverse the effect of certain user actions at logoff. For example, mapping printers is the undo action when ‘unmap at logoff’ is set.

The following options are available:

Enabled - The agent executes any user actions on the trigger before any undo actions.

Disabled - Actions execute in parallel

To maintain legacy behavior the default setting is Disabled.

Custom Settings

Configure additional settings which will be applied on managed endpoints when an Environment Manager configuration is deployed. Settings such as the default node timeout can be configured in the console, removing the need to manually set the appropriate registry keys (see also Node Management).

If a Custom Setting is added, it will be created on endpoints or override any existing setting. Custom Settings can be configured to apply the default value for that setting or to use the value you assign it; both will override existing settings.

If a Custom Setting is not added, that setting will not exist unless it is already configured on the endpoint, in which case that value is used.

When upgrading a configuration, a setting which already exists on an endpoint will be overwritten by the value of the corresponding Custom Setting.

Manage Custom Settings

  1. Select the Policy Configuration navigation button.
  2. From the Manage ribbon, select Advanced Settings.

    The Advanced Configuration Settings dialog opens. select the Custom Settings tab.

  3. Click Add. The Custom Settings dialog opens.
  4. Select the setting(s) you want to configure and click OK. Multiple settings can be selected using the Ctrl and Shift keys or all settings can be added by pressing Ctrl + A.

    The selected settings are added to the Configure Custom Settings dialog.

    Settings which are added will be configured on endpoints. Any settings which already exist on an endpoint are used.

  5. Set the values as required. All settings are initially set as Use Default, deselect the option to update its value. Any updated settings are displayed in bold. If Use Default is selected for a setting, the corresponding key is removed from the registry as it is not required for the default behavior to apply.
  6. Click OK.

The settings are applied when the configuration is applied to managed endpoints.

Printer Mapping

Setting Default Description
PrinterErrorCodes

 

List of error codes separated by a comma.
AddPrinterSequential False Map printer actions can be performed concurrently or sequentially. Updating this setting to True removes issues created when the AddPrinterConnection API call is hit concurrently.

Certificates

Setting Default Description
SpoofProfileForWholeSession False Windows mandatory profiles have a limitation restricting users from installing and exporting private keys. PFX certificate types contain embedded private keys and cannot be installed when the profile is set to mandatory. This setting changes the session so Windows thinks a roaming profile is being used, allowing users to install PFX certificates with private keys.

Policy Engine

Setting Default Description
RegexTimeout 2000 Set a timeout limit in milliseconds for invalid regexes which may otherwise evaluate for a long time.
NodeTimeout 30000 Set a time, in milliseconds, which determines the default timeout for all nodes. This timeout controls the delay after which any children of that node are run.
TriggerTimeout Infinite Set the length of time a trigger is given to complete its processing. If the value is not present, the timeout will wait forever.
ShutdownBailTimeout Infinite Timeout value in milliseconds for actions still running at logoff or shutdown. This applies to all running actions regardless of which trigger originally instigated it. This should only be used in for long running threads at logoff or shutdown.

Default Timeout Settings

Default timeouts are set for triggers, nodes, conditions and logon actions. If a timeout limit is exceeded, the configuration element still runs to completion but is considered a fail and therefore child nodes do not run.

Active Directory

Setting Default Description
UseAlternativeUserGroupTest False

Specifies that when checking user group membership, it should be dynamic and use the OID_LDAP_MATCHING_RULE_IN_CHAIN filter. If set to true, user group conditions use a more efficient method of lookup which can also reflect group changes during a session.

This only works if the Active Directory server is later than Server 2003 R2.

ADUserGroupMembershipTimeout 120 When the UseAlternativeUserGroupTest setting is used, you can specify a timeout value in seconds for the OID_LDAP_MATCHING_RULE_IN_CHAIN query before the request to the personalization server and for policy user group OU Membership conditions.

System

Setting Default Description
LegacyAppInit False Set this value to True to use AppInit_DLLs value for injecting Environment Manager components into processes during startup. If set to false, DLLs are loaded by a kernel driver.
EnableNestedComputerGroupQueries False Allow the client to query Active Directory for nested computer groups. This setting can affect the performance of the client.

Shell

Setting Default Description
CreateSpecialPaths False When set to true, the folder exists check is performed on CSIDs.

End Point Merging

Setting Default Description
BaseConfigMergeBehavior Remerge Controls whether new base configurations override end point layers or are merged with them. Remerge- When a new configuration.aemp is deployed to endpoints, a merge with the existing configurations in the MergeConfigs directory is triggered. The new Merged_Configuration.aemp becomes the live configuration. Replace- When the new configuration.aemp is deployed to endpoints, it replaces the Merged_Configuration.aemp as the live configuration.

Custom Scripts

Setting Default Description
PowerShellLoadUserProfile False

This setting allows the PowerShell User Profiles to load when PowerShell Custom actions and conditions execute. When set to False, PowerShell is hosted by Environment Manager and is no longer used natively.

If the PowerShellRunInHost engineering key is set to set to on, it overrides any setting you have in PowerShellLoadUserProfile and PowerShell will always be hosted by Environment Manager.

Override XenDesktop Session Connect Triggers

Setting Default Description
OverrideIcaSessionConnectTriggers False

When this setting is enabled and set to True, XenDesktop environments execute the Session Lock/Unlock triggers when a user disconnects/reconnects from their session.

This applies to XenDesktop versions 7.6 - 7.8 inclusive. This setting has no affect if users are running XenDesktop 7.9 or later because these versions execute the Disconnect/Reconnect triggers anyway.

Desktop Refreshes

Setting Default Description
ExcludedRefreshRegistryKeys N/A Exclude named registry keys from being parsed during the desktop refresh setting check.

Custom Setting and Engineering Key Interaction

  PowerShellRunInHost=0 PowerShellRunInHost=1
PowerShellLoadUserProfile=0 Hosted Hosted
PowerShellLoadUserProfile=1 Native Hosted

Related topics