2024.3 Release Notes
Release notes for versions prior to 2024.3 are available on the Environment Manager Community Page.
Components in this release
Component |
Version |
---|---|
Environment Manager Agent |
10.14.0.0 |
Environment Manager Server |
10.14.0.0 |
Environment Manager Console |
10.14.0.0 |
Database Schema |
10.4.220 |
Important upgrade information
This upgrade section contains functionality changes that have been introduced in Management Center v10.1 or above. Any information that is new to this release is specifically listed as Environment Manager 2024.3.
When upgrading server and database infrastructure it is best to upgrade by no more than two major versions in each step. Upgrading three or four versions in one operation is not a method that has been tested and could produce unexpected behavior.
For further details relating to upgrades and compatibility please refer to the following Ivanti Community article.
Windows Server
Environment Manager 2024.3 Personalization Server requires Windows Server 2012 R2 SP1 or above. Microsoft mainstream support for both Windows Server 2008 and R2 ended on 13 January 2015, and we support Windows Server 2008 R2 beyond this date on a best-efforts basis.
Windows client
Support for Windows XP, Windows Vista, and Windows Server 2008 has been deprecated for the Environment Manager Agent, therefore the Environment Manager 10.x Agent now requires Windows 7 SP1 or above and Windows Server 2008 R2 SP1 or above. Microsoft extended support for Windows XP ended on 8 April 2014, and mainstream support for Windows Vista ended on 10 April 2012.
In addition, both Windows 7 SP1 and Windows Server 2008 R2 SP1 must be updated to support SHA-256.
For details on SHA-256 requirements, please refer to this Ivanti Community article.
SQL Server
Support for SQL Server 2008 and 2008 R2 has ended. The Environment Manager 10.x Personalization Server requires SQL Server 2012 SP2 or above. Microsoft mainstream support for SQL Server 2008 and R2 ended on 8 July 2014.
Please refer to 2024.3 Release Notes for further details.
Product licensing
Environment Manager 10.x and above requires a v2 product license key, and this key must be deployed to all endpoints to which the Environment Manager v10.x Agent is deployed. The new license key can be installed alongside the existing 8.x license key and should be deployed at the same time or before the Environment Manager Agent is deployed. The new license key is deployable via Management Center 10.x and is available from Ivanti Licensing Support.
For further information on Licensing queries, refer to this Ivanti Community article.
User personalization data
Introduced in Environment Manager 10.0, Personalization Groups are no longer used as a container for user personalization data. Personalization Groups are now only used for assigning settings to users. If a user falls into a different Personalization Group due to a membership rule changes, or Personalization Group hierarchy changes, or because Active Directory changes, their personalization data moves with them automatically.
During the upgrade process, user personalization data that may have been orphaned due to user movement between Personalization Groups in the past will be merged. Where there is a conflict, the most recent user personalization data will be used. Pre-upgrade SQL scripts are included with the Personalization Server installation package to show the impact of any changes prior to upgrade.
File-based registry (FBR)
Environment Manager 8.x utilized a file-based registry (FBR) to personalize virtualized registry keys and values. In version 10.x, the FBR mechanism has been replaced with registry hives for efficiency and performance. FBR files created in 8.x versions of Environment Manager will not be upgraded until the global setting.
UpgradeFbrToHive is set to True. Once the UpgradeFbrToHive has been set to True (Not Reversable), the FBR files on the endpoints will be converted to registry hives at next logon or application launch. The old FBR files will remain in place for a period of at least 30 days, after which time they will be deleted if they have not been accessed by version 8.x agents.
For customers who want to stage the implementation of the New Registry Hive format from 8.x, you could first enable the UpgradeFbrToHive setting to True after Server Upgrade to 10.1 FR1 and then target specific Endpoints for 10.1 FR1 Agent deployment in controlled manner (via our Management Center for example).
Please note that in this scenario, if a user roams between 8.x and 10.1 FR2 Agents, the 8.x Agent will continue using the Legacy FBR and the user settings are partitioned between 8.x FBR & 10.x Hive formats.
Personalization Operations
If you are upgrading from an older version of Personalization Operations, please note that some updates to the software affect HTML files which may have an extended cache expiry time. To force a full refresh following upgrade, users are advised to refresh their browser's cache. From the Personalization Operations console, press Ctrl + F5.
SQL Server Certificate validation for Personalization Server
The Server Configuration Portal (SCP) now enables greater security for communications between the Personalization Server and its respective SQL Server instance. This is set up when creating the database connection in the portal, and existing connections may be changed to use these options. The options are shown as checkboxes, and they are:
-
Encrypt Connection - all data transfers between the server and SQL are encrypted. This might have a performance impact
-
Validate Server Certificate - the Personalization Server must trust the certificate that SQL Server uses for encryption, that is, the SQL certificate must be signed by a root certificate in the Personalization Server’s trusted root store. Also, the DNS name on the certificate must match the name used by Personalization Server for the SQL instance.
The ‘Validate Server Certificate’ option also requires ‘Encrypt Connection’ to be set on.
The SCP checks for a valid server certificate when ‘Validate’ is selected and will use these options to communicate with SQL server when setting up.
Without these options only SQL login messages are encrypted, and if SQL authentication is used there is a risk that a spoofed certificate used in an exploit may reveal login details to the database. In this case it is recommended that windows authentication be used for the configuration and service accounts.
For setup via PowerShell cmdlets, the default security remains the same (for backward compatibility), but relevant cmdlets have the new parameters -ValidateServerCertificate and -EncryptConnection added to support the new feature.
On setup, the Personalization Server will use these options for all communications with SQL Server.
New Features and Product Updates
To learn more about the latest features and improvements, please navigate to the "What's New" page in our product's online help documentation.
Customer bugs fixed
Article ID |
Title |
---|---|
Environment Manager system messages are not being suppressed. |
|
Profile migration fails to import or export application groups. |
|
Error displays when moving computer trigger nodes. |
|
Environment Manager Policy configuration takes a long time to save. |
|
Environment Manager "unmap printer" action not working. |
|
Environment Manager 2024.1 Agent increases logon time for large configurations. |
|
Service account incorrect variances in Server Configuration Portal. |
|
Personalization operations 500 error on SQL managed instance. |
|
EMPMigrate failed to update last login on existing user. |
|
Group policy import feature incorrectly imports policies outside of Windows settings templates. |
Known issues and limitations
The known issues and limitations are detailed on the Ivanti Community site.
Supported operating systems and technologies
The supported operating systems and technologies are detailed in the Environment Manager Maintained Platforms Matrix.
For previous versions, please refer to the Online version of the release notes.
Required utilities and components
Component |
Required utilities and components |
---|---|
Database Server |
|
Personalization Server |
|
Console |
|
Client |
|
Please ensure that your endpoints are fully up to date with the latest Microsoft patches.
Previous Versions
Components in this release
Component |
Version |
---|---|
Environment Manager Agent |
10.13.0.0 |
Environment Manager Server |
10.13.0.0 |
Environment Manager Console |
10.13.0.0 |
Database Schema |
10.4.202 |
Important upgrade information
This upgrade section contains functionality changes that have been introduced in Management Center v10.1 or above. Any information that is new to this release is specifically listed as Environment Manager 2024.1.
When upgrading server and database infrastructure it is best to upgrade by no more than two major versions in each step. Upgrading three or four versions in one operation is not a method that has been tested and could produce unexpected behavior.
For further details relating to upgrades and compatibility please refer to the following Ivanti Community article.
Windows Server
Environment Manager 2024.1 Personalization Server requires Windows Server 2012 R2 SP1 or above. Microsoft mainstream support for both Windows Server 2008 and R2 ended on 13 January 2015, and we support Windows Server 2008 R2 beyond this date on a best-efforts basis.
Windows client
Support for Windows XP, Windows Vista, and Windows Server 2008 has been deprecated for the Environment Manager Agent, therefore the Environment Manager 10.x Agent now requires Windows 7 SP1 or above and Windows Server 2008 R2 SP1 or above. Microsoft extended support for Windows XP ended on 8 April 2014, and mainstream support for Windows Vista ended on 10 April 2012.
In addition, both Windows 7 SP1 and Windows Server 2008 R2 SP1 must be updated to support SHA-256.
For details on SHA-256 requirements, please refer to this Ivanti Community article.
SQL Server
Support for SQL Server 2008 and 2008 R2 has ended. The Environment Manager 10.x Personalization Server requires SQL Server 2012 SP2 or above. Microsoft mainstream support for SQL Server 2008 and R2 ended on 8 July 2014.
Please refer to 2024.3 Release Notes for further details.
Product licensing
Environment Manager 10.x and above requires a v2 product license key, and this key must be deployed to all endpoints to which the Environment Manager v10.x Agent is deployed. The new license key can be installed alongside the existing 8.x license key and should be deployed at the same time or before the Environment Manager Agent is deployed. The new license key is deployable via Management Center 10.x and is available from Ivanti Licensing Support.
For further information on Licensing queries, refer to this Ivanti Community article.
User personalization data
Personalization groups are no longer used as a container for user personalization data. Personalization groups now are used only for assigning settings to users. If a user falls into a different Personalization group due to a membership rule, hierarchy change, or because their Microsoft Entra ID changes, their personalization data moves with them automatically.
During the upgrade process, user personalization data that may have been orphaned due to previous user movement between Personalization groups are merged. Where there is a conflict, the most recent user personalization data are used. Pre-upgrade SQL scripts are included with the Personalization Server installation package to show the impact of any changes prior to upgrade.
File-based registry (FBR)
Environment Manager 8.x used a file-based registry (FBR) to personalize virtualized registry keys and values. In version 10.x, the FBR mechanism has been replaced with registry hives for efficiency and performance. FBR files created in 8.x versions of Environment Manager will not be upgraded until the global setting UpgradeFbrToHive is set to True. Once the UpgradeFbrToHive has been set to True (Not Reversable), the FBR files on the endpoints are converted to registry hives at next logon or application launch. The old FBR files remain in place for a period of at least 30 days, after which time they are deleted if they have not been accessed by version 8.x agents.
For customers who want to stage the implementation of the New Registry Hive format from 8.x, first enable the UpgradeFbrToHive setting to True after Server Upgrade to 10.1 FR1 and then target specific Endpoints for 10.1 FR1 Agent deployment in a controlled manner (for example, via Management Center).
Please note that in this scenario, if a user roams between 8.x and 10.1 FR2 Agents, the 8.x Agent continues using the Legacy FBR and the user settings are partitioned between 8.x FBR & 10.x Hive formats.
Personalization Operations
If you are upgrading from an older version of Personalization Operations, please note that some updates to the software affect HTML files which may have an extended cache expiry time. To force a full refresh following upgrade, users are advised to refresh their browser's cache. From the Personalization Operations console, select Ctrl + F5.
SQL Server Certificate validation for Personalization Server
The Server Configuration Portal (SCP) now enables greater security for communications between the Personalization Server and its SQL Server instance. This is set up when creating the database connection in the portal, and existing connections may be changed to use these options. The options are shown as checkboxes, and they are:
-
Encrypt Connection: All data transfers between the server and SQL are encrypted. This might affect performance.
-
Validate Server Certificate: The SQL certificate must be signed by a root certificate in the Personalization Server’s trusted root store, and the DNS name on the certificate must match the name used by Personalization Server for the SQL instance.
You must select Encrypt Connection to select Validate Server Certificate.
PowerShell cmdlets maintain the default security for backward compatibility, but we have added the new parameters -ValidateServerCertificate and -EncryptConnection to support the new feature. Refer to the Server Configuration Portal Scripting Guide for more information.
New features and product updates
To learn more about the latest features and improvements, refer to What's New in Environment Manager?.
Product update
We will deprecate the Personalization Merge Replication feature in the next scheduled release (2024.3), so please consider transitioning to GeoSync as an alternative solution.
Customer bugs fixed
Article ID |
Title |
---|---|
Process start trigger does not process actions after upgrading to Environment Manager 2023.1. |
|
Endpoint analysis logs do not show all computer and pre-session events. |
|
Lockdown does not work with the title bar right click. |
|
Icon positions fail to roam when personalized on Windows 11 and Windows Server 2022. |
|
Key not valid for use in specific state error when importing server configuration. |
|
Applications crash when using Environment Manager 2023.3 lockdown actions. |
|
Environment Manager console hangs after using Add/Remove feature in Windows Settings Group. |
|
Registry value name prefix is not honored in ADMX policy action. |
|
Personalization change tracking disabled for primary administrator. |
|
Desktop icon position resets after toggling Explorer hidden items. |
|
Duplicate Environment Manager configuration folders and files created in Windows temp folder. |
|
Personalication analysis error: FBR: Failed to read data, unable to cast object of Type 'FBRStringdata' to type 'System.String'. |
Environment Manager
Resource |
Description |
Location / Link |
---|---|---|
Environment Manager Online Help (current release) |
Describes the function and use of the software. Accessed via the [?] symbol within the application, or via the Ivanti Help web portal. |
|
Help videos |
Free video-based help content published to the Ivanti Help You Tube channel. Subjects range from short introductory topics to more detailed how-to content. |
|
Ivanti Community Environment Manager landing page. |
Hub page collating links to great resources including guides on configuration, troubleshooting and maintenance. |
To access previous versions of the user help, scroll to Environment Manager on the Ivanti Help page and click on the version you want to access. It appears in a new browser tab.
User Workspace Manager
Resource |
Description |
Location / Link |
---|---|---|
User Workspace Manager Online Help (current release) |
Describes the function and use of the software. Accessed via the [?] symbol within the application, or via the Ivanti Help web portal. |
|
Help videos |
Free video-based help content published to the Ivanti Help You Tube channel. Subjects range from short introductory topics to more detailed how-to content. |
|
Ivanti Community User Workspace Manager landing page | Hub page collating links to great resources including guides on configuration, troubleshooting and maintenance. | |
Server Configuration Portal Scripting Guide |
A guide to automate the configuration of Ivanti product servers using Windows PowerShell. Available via the Ivanti Help web portal. |
To access previous versions of the user help, scroll to Environment Manager on the Ivanti Help page and click on the version you want to access. It appears in a new browser tab.