Workspace Control 2022.3 (10.10.0.0)
This section includes new features, compatibility updates and improvements from previous Workspace Control versions, starting with Workspace Control 2022.2 version 10.9.10.0 and up to version 2022.3 (10.10.0.0).
What's New
Ivanti Ideas Feature Requests
The following user requests have been addressed in this version of Workspace Control:

The following new settings are added to the Workspace Control Console, under Composition > Desktop > Lockdown and Behavior > Settings tab:
Under the Windows Explorer section:
-
Open File Explorer to This PC — Configure This PC as the default location when opening the Windows File Explorer. This setting is available only for Windows 11.
-
Remove Properties from the Recycle Bin context menu — Removes the Properties option from the Windows Recycle Bin context menu.
-
Show This PC icon on the Desktop — Configure the This PC icon to be visible on the Windows Desktop. This setting is available only for Windows 10, Windows 11, Windows Server 2019 and Windows Server 2022.
-
Show User's Files icon on the Desktop — Configure the User's Files icon to be visible on the Windows Desktop. This setting is available only for Windows 10, Windows 11, Windows Server 2019 and Windows Server 2022.
Under the Microsoft Windows Shell section:
-
Align the Taskbar to the left — Aligns the Windows taskbar items to the left of the taskbar. This setting is available only for Windows 11.
When the Enable Ivanti Start Menu option is selected, all taskbar items are aligned to the left of the taskbar, regardless if the Align the Taskbar to the left option is selected or not.
-
Unpin Chat from the Taskbar — Removes the Chat icon from the Windows taskbar. This setting is available only for Windows 11.
Under the Windows Explorer section:
-
Enable classic context menu in Windows Explorer — Replaces the Windows 11 context menu with the classic Windows 10 context menu in the Windows Explorer. This setting is available only for Windows 11.
-
Enable compact mode in Windows Explorer — Enables Compact view in the Windows Explorer. This decreases the space between items shown in the Explorer. This setting is available only for Windows 11.
Under the Microsoft Windows Shell section:
-
Hide news and interests on the taskbar — Hides the News and Interests taskbar widget from the Windows taskbar. This setting is available only for Windows 10.
-
Unpin Search from the Taskbar — Hides the Search bar from the Windows taskbar. This setting is available only for Windows 11.
-
Unpin Task view from the Taskbar — Hides the Task View button from the Windows taskbar. This setting is available only for Windows 11.
-
Unpin Widgets from the Taskbar — Hides the Widgets panel from the Windows taskbar. This setting is available only for Windows 11.
The new Lockdown and Behavior settings are disabled by default.
For more details on Lockdown and Behavior, see the Workspace Control Administration Guide.

The feature is currently in Early Access and is under constant development.
New Enhancements and Improvements
The following enhancements and/or improvements are part of this version of Workspace Control:

When configuring Microsoft operating system Rules for Zones, Windows 11 for Virtual Desktops is now available as an option.
The new option is available in the Workspace Control Console, under User Context > Locations and Devices. Create or edit a Zone and under its Rules tab, select Add > Computer/Configuration > Operating system > Version.

Workspace Control 2022.1 version 10.7.20.0 introduced the Logon Performance feature that displays statistics regarding Workspace Control session logons. If the feature is enabled, Workspace Control Agents send logon information to the Datastore when a Workspace Control managed session is started.
In Workspace Control 2022.2 version 10.9.10.0, the Logon Performance feature is enhanced with additional details regarding the Windows and Workspace Control events that occurs at session logon. The details include the following:
-
Event — the name of the logon event.
-
Start — the date and time when the logon event started.
-
Duration — the duration of the logon event in seconds.
Logon events that take less than 200 milliseconds to complete can be hidden from the Logon Performance Details window by selecting the Hide low durations checkbox.
Use the Export to file button to export session logon details to a CSV file.

When configuring Workspace Control managed applications, printers can no longer be set as default. The Set as default printer option was removed from the New connection to network printer window.
Applications are configured as Workspace Control managed applications in the Workspace Control Console, under Composition > Applications > Start Menu tab. To add a printer, open the Edit application window and navigate to Configuration > Actions. Select Add and in the Please select action for application window select Printer.
More details are found in the following KB article.

The Errors log can now be exported as a CSV file. To export the error log, open the Workspace Control Console, navigate to Diagnostics > Errors and use one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Errors > Export to file.
-
From the main toolbar, select the
(Export to file) button.
The error log can also be exported using the pwrtech command-line option:
pwrtech.exe /exportlog /type=errors /output=<output filepath> [/outputtype=csv] [/start=<start date>] [/end=<end date>]
For example:
pwrtech.exe /exportlog /type=errors /output=C:\export\errors.csv /outputtype=csv /start=20211230 /end=20220123
For more details on exporting the error log using the pwrtech command-line option, see the Workspace Control Administration Guide.

When the Authorized Owners feature is enabled, Workspace Control now takes into consideration the following parameters to determine if a software application is allowed to run:
-
Authorized Certificates deny rules;
-
Authorized File Hashes deny rules.
Authorized Owners details are now visible in the Workspace Control Console, under the Diagnostics node:
-
Workspace Model Overview — under the Security section;
-
Workspace Analysis — when opening the Event Log for a user session.
For more details on the Authorized Owners feature, see the Workspace Control Administration Guide.

The security of Workspace Control has been improved. For more details, see the following CVE record.

Workspace Control can now treat user sessions as Microsoft Azure sessions when retrieving diagnostics information. The Use MS Azure when analyzing the workspace for the selected user option was introduced in the Workspace Control Console, under the Diagnostics > User Sessions node.
When Use MS Azure when analyzing the workspace for the selected user is selected, Workspace Control treats user sessions as Azure sessions when retrieving diagnostics information.
If the option is selected and Workspace Control does not retrieve any diagnostics information for a user session, then the selected user session is a non-Azure session.
When Use MS Azure when analyzing the workspace for the selected user is not selected, Workspace Control treats user sessions as non-Azure sessions when retrieving diagnostics information.
If the option is not selected and Workspace Control does not retrieve any diagnostics information for a user session, then the selected user session is an Azure session.

User settings can now be exported to a CSV file.
The content of the CSV file is filtered by the Show details or Show all User settings options in the in the lower part of the User settings tab.
User settings are found in the Workspace Control Console, under Composition > User Settings.
For more details, see Export User settings to CSV File.

Execute commands can start external non-Workspace Control tasks or applications during user sign-in or sign-out. Execute commands are found in the Workspace Control Console, under Composition > Action By Type > Execute Command.
Execute commands can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Execute Command > Export to file.
-
From the main toolbar, select the
(Export to file) button.

Environment variables are variables set in the memory of the user's workstation or session. The Environment Variables feature enables to set or modify environment variables based on various types of access control. The feature is found in the Workspace Control Console, under Composition > Action By Type > Environment Variables.
Environment variables can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Environment Variables > Export to file.
-
From the main toolbar, select the
(Export to file) button.

It is possible to create drive and port mappings based on Access Control. Drive and port mappings are found in the Workspace Control Console, under Composition > Action By Type > Files and Folders > Drive and Port Mappings.
Drive and port mappings can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Drive and Port Mappings > Export to file.
-
From the main toolbar, select the
(Export to file) button.

For some (legacy) applications it may still be necessary to use a fixed drive letter. You can substitute drives to create the drive needed. Drive substitutes found in the Workspace Control Console, under Composition > Action By Type > Files and Folders > Drive Substitutes.
Drive substitutes can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Drive Substitutes > Export to file.
-
From the main toolbar, select the
(Export to file) button.

Folder redirection enables administrators to redirect the location of certain user profile folders to a different path, such as a shared network location. Folder redirections are found in the Workspace Control Console, under Composition > Action By Type > Files and Folders > Folder Redirection.
Folder redirections can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Folder Redirection > Export to file.
-
From the main toolbar, select the
(Export to file) button.

Folder Synchronization synchronizes files in two designated folders, in order to ensure that the correct set of files and folders is available in the user's workspace. Folder synchronizations are found in the Workspace Control Console, under Composition > Action By Type > Files and Folders > Folder Synchronization.
Folder synchronizations can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Folder Synchronization > Export to file.
-
From the main toolbar, select the
(Export to file) button.

The User Home Directory feature enables the configuration of a template of the files and folders that are needed to be present in or copied to the user's home directory. The feature is found in the Workspace Control Console, under Composition > Action By Type > Files and Folders > User Home Directory.
User Home Directory settings can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > User Home Directory > Export to file.
-
From the main toolbar, select the
(Export to file) button.

The Printers feature enables the configuration of printer connections and makes printers available depending on the physical location of the user's machine. Printers are set up in the Workspace Control Console, under Composition > Action By Type > Printers.
Printers configurations can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Printers > Export to file.
-
From the main toolbar, select the
(Export to file) button.

The User Home Directory feature enables the configuration of a template of the files and folders that are needed to be present in or copied to the user's profile directory. The feature is found in the Workspace Control Console, under Composition > Action By Type > Files and Folders > User Profile Directory.
User Profile Directory settings can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > User Profile Directory > Export to file.
-
From the main toolbar, select the
(Export to file) button.

The User Registry feature enables the set up of registry keys and policies for users or groups, based on their specific situations and needs. The feature is found in the Workspace Control Console, under Composition > Action By Type > User Registry.
User registry configurations can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > User Registry > Export to file.
-
From the main toolbar, select the
(Export to file) button.

The Audit Trail shows detailed information about all modifications in your Workspace Control environment, including the installation of Service Packs (if applicable). The feature is found in the Workspace Control Console, under Diagnostics > Audit Trail.
The Audit Trail information can now be exported to a CSV file using one of the following methods:
-
Right-click in the right-side pane and select Export to file from the context-menu.
-
From the main menu, select Action > Audit Trail > Export to file.
-
From the main toolbar, select the
(Export to file) button.
-
Using the pwrtech command line:
pwrtech.exe /exportlog /type=audittrail /output=<output filepath>.
For more details on exporting the Audit Trail, see the Workspace Control Administration Guide.

Authorized Owners details are now visible in the Workspace Control Console, under the Diagnostics node:
-
User Sessions > Event Log;
-
User Sessions > Workspace Model Overview — under Security section;
For more details on Authorized Owners, see the Workspace Control Administration Guide.

Authorized Certificates details are now visible in the Workspace Control Console, under the Diagnostics node:
-
User Sessions > Event Log;
-
User Sessions > Workspace Model Overview — under Security section;
For more details on Authorized Certificates, see the Workspace Control Administration Guide.

The Management Portal integration of Workspace Control is now a deprecated feature and is no longer actively developed.
The Management Portal is a separate installation and the Management Portal integration is found in the Workspace Control Console, under Setup > Management Portal
Bug Fixes
The following customer support issues have been resolved in this release:
Problem ID | Title |
Internal finding |
Sometimes, refreshing the icon for existing UWP applications configured as Workspace Control managed applications results in the following pwrtech.exe errors: (9) Subscript out of range and (91) Object variable or With block variable not set. The Refresh Icon |
Internal finding |
After configuring the Ivanti Automation integration, Automation Dispatchers are not discovered by Workspace Control when testing the Automation integration configuration. The Ivanti Automation integration is configured in the Workspace Control Console, under Setup > Integration > Ivanti products > Automation > Settings tab. |
Internal finding |
Removed the New button from the Log tab of the Authorized Owners feature. The feature is found in the Workspace Control Console, under Security > Authorized Owners. |
Internal finding |
When the Authorized Owners feature was enabled, the Access Control configuration for Authorized Files was ignored when Workspace Control determined if a software application is allowed to run or not. |
Internal finding |
In the Logon Performance Details window, Microsoft Client-side Extensions (CSE) were displayed using the Workspace Control logo instead of the Microsoft Windows logo. Logon Performance is found in the Workspace Control Console, under Diagnostics > Logon Performance. |
Internal finding |
In the Logon Performance Details window, the Microsoft Windows logo was used for IWC Logon (total) instead of the Workspace Control logo. Logon Performance is found in the Workspace Control Console, under Diagnostics > Logon Performance. |
Internal finding |
Sorting the Log tab of Logon Performance did not work correctly. Logon Performance is found in the Workspace Control Console, under Diagnostics > Logon Performance. |
87332 |
When an ODBC connection is configured to be applied in Workspace Control managed sessions, changing its name results in the creation of a new, but broken ODBC connection. The new connection does not inherit the settings of the original ODBC connection. ODBC connections are configured in the Workspace Control Console, under Composition > Applications > Data Sources. More details in the following KB article. |
87405 |
In a specific scenario, after a Microsoft Active Directory Service user or group was renamed, running the Verify SIDs for groups and users maintenance task results in a failed operation and the following output message is displayed: Accountname [<domain>\<name>] does not match SID for configured user/group for Object [<objectname>] (<Applicationname>). Maintenance tasks are found in the Workspace Control Console, under Administration > Maintenance. More details in the following KB article. |
88217 |
In a specific scenario, after a Microsoft Active Directory Service user or group was renamed, running the Verify SIDs for groups and users maintenance task does not update the Group name with the new name. Maintenance tasks are found in the Workspace Control Console, under Administration > Maintenance. More details in the following KB article. |
88894 |
After upgrading to Workspace Control 2021.1 version 10.6.30.2 or higher, Workspace Control File Types HTTP and HTTPS protocol handlers are applied during user sign-in, but are then overwritten by the operating system which applies its default protocol handlers. More details in the following KB article. |
89439 |
Sometimes, end-users cannot start applications from the Windows Start Menu from within Workspace Control managed sessions. For each attempt, a new pwrgate.exe instance is started and cannot be closed during the session. More details in the following KB article. |
89710 |
After upgrading to Workspace Control 2022.2 version 10.9.10.0, the new Lockdown and Behavior settings introduced in this version were enabled by default, instead of being disabled. The new settings are found in the Workspace Control Console, under Composition > Desktop > Lockdown and Behavior > Settings tab. More details in the following KB article. |
88988 |
When using Microsoft Azure Active Directory (AD), all configured Azure AD groups are visible in Workspace Control managed sessions, under Workspace Preferences > Diagnostics > Group membership, instead of displaying only the Azure AD groups of which the user is a member. More details in the following KB article. |
89018 |
When using the Workspace Analysis tool, no Event Logs are generated for Microsoft Azure Active Directory accounts. The Workspace Analysis tool is found in the Workspace Control Console, under Diagnostics > Workspace Analysis. More details in the following KB article. |
89019 |
When Workspace Control Agents are joined to Microsoft Azure Active Directory, the Agents overview shows Domain as being WORKGROUP, instead of AzureAD joined. The Agents overview is found in the Workspace Control Console, under Administration > Agents > Agents tab. More details in the following KB article. |
89169 |
Sometimes, when the Workspace Control Shell is enabled for Workspace Control managed sessions, applications cannot be launched from Desktop shortcuts. The Workspace Control Shell is enabled from the Workspace Control Console, under Composition > Desktop > Shell. More details in the following KB article. |
89483 |
Write actions to the Microsoft App-V Virtual File System (VFS) took more time than excepted when the Workspace Control FileGuard filter driver was active. More details in the following KB article. |
89650 |
Sometimes, after applying an Access Control-based filter in the User Sessions overview, the Workspace Control Console can become unresponsive for some time. This time increases with number of user sessions where the filter is applied. The active user sessions are found in the Workspace Control Console, under Diagnostics > User Sessions. More details in the following: KB article 1 and KB article 2. |
89710 |
After upgrading to Workspace Control 2022.2 version 10.9.10.0, the new Lockdown and Behavior settings introduced in this version were enabled by default, instead of being disabled. The new settings are found in the Workspace Control Console, under Composition > Desktop > Lockdown and Behavior > Settings tab. More details in the following KB article. |
89858 |
After upgrading to Workspace Control 2022.1 version 10.8.10.0 or higher, user settings are not saved when a force sign-out is triggered. This occurs on machines running MicrosoftWindows Server operating systems, where Citrix Virtual Delivery Agent (VDA) is installed. A force sign-out can be triggered from the Workspace Control Console, under Diagnostics > User Sessions. More details in the following KB article. |
89898 |
After upgrading to Workspace Control 2022.2 version 10.9.10.0, the new Lockdown and Behavior settings introduced in this version were enabled by default on Workspace Containers, instead of being disabled. The new settings are found in the Workspace Control Console, under Composition > Desktop > Lockdown and Behavior > Settings tab. More details in the following KB article. |
87938 |
Sometimes, after upgrading to Workspace Control 2021.2 version 10.7.20.0 or higher, publishing an application from the Workspace Control Console using the Citrix XenApp Publishing integration results in error: Unknown error while publishing. The Citrix XenApp Publishing integration is found in the Workspace Control Console, under Setup > Integration > Application Virtualization > Citrix XenApp Publishing. More details in the following KB article. |
89048 |
When the $adinfo <property> function is used in Workspace Control to return a value of the specified user property from Active Directory, ADinfo property values are missing in offline Workspace Control managed sessions. More details in the following KB article. |
89762 |
After upgrading to Workspace Control 2022.1 version 10.8.10.0 or higher, when signing into a Workspace Control managed session on machines running Microsoft Windows Server operating systems, the Workspace Control splash screen becomes unresponsive when querying the computer name or takes up to several seconds to complete the step. More details in the following KB article. |
89813 |
After upgrading to Workspace Control 2022.1 version 10.8.0.0 or higher, the Logon Performance Details window is empty if the Datastore is split between a primary and a secondary Datastore. Logon Performance is found in the Workspace Control Console, under Diagnostics > Logon Performance. More details in the following KB article. |
89928 |
After upgrading to Workspace Control 2022.1 version 10.9.0.0 or higher, the Ivanti Start Menu is not displayed in Workspace Control managed sessions on machines running Microsoft Windows Server 2012 R2. The Ivanti Start Menu is enabled in the Workspace Control Console, under Composition > Desktop > Lockdown and Behavior. More details in the following KB article. |
89931 |
After upgrading to Workspace Control 2022.2 version 10.9.20.0, when a Microsoft Azure Active Directory Connector and a Microsoft Active Directory Connector are defined in the Workspace Control Console, under User Context > Directory Services, several errors occur when starting the Workspace Control Console and when navigating to Diagnostics > Workspace Analysis. More details in the following KB article. |
89944 |
When Workspace Control manages user sessions and the Azure Blob Storage User Settings integration is configured, the Azure website generates the following error after deploying the IWC.Azure.UserSettings ZIP file: You do not have permission to view this page. More details in the following KB article. |
90007 |
After upgrading to Workspace Control 2022.2 version 10.9.20.0, selecting multiple active sessions in the Workspace Control Console, under Diagnostics > User Sessions, results in error: Runtime error '91', Object variable or With variable is not set. After acknowledging the error, the Workspace Control Console closes. More details in the following KB article. |
90053 |
After upgrading to Workspace Control 2021.2 version 10.7.20.0 or higher, in a specific scenario where the InterceptManagedApps registry setting is configured, a duplicate Microsoft Edge shortcut without an icon is created in the Start Menu of Workspace Control managed sessions. More details in the following KB article. |
90081 |
Sometimes, when singing into a Workspace Control managed session on a Agent running Workspace Control 2022.2 version 10.9.20.0, the following pfwsmgr.exe error occurs: ComputerJoinStatus.TryGetComputerJoinStatus Error: Object reference not set to an instance of an object. The error occurs in the Workspace Control Console, when navigating to Diagnostics > User Sessions or when opening the Error Log for a user session. More details in the following KB article. |
90092 |
Sometimes, when Managed Application Security and File Certificate Security are enabled, end-users can experience a delay when launching Microsoft Teams in Workspace Control managed sessions. More details in the following KB article. |
90096 |
After upgrading to Workspace Control 2022.1 Service Update 1 version 10.6.30.2 or higher, in a specific scenario where a Citrix Desktop session configured as Single Session Server is started on a machine running Microsoft Windows Server 2019, the Workspace Control managed session results into a black screen after the Workspace Control splash screen completes loading. More details in the following KB article. |
90140 |
After upgrading to Workspace Control 2022.1 version 10.8.20.0 or higher, when starting the Workspace Control Console as a different user than the signed-in user on Microsoft Windows Server 2019 or Windows 10, the following pwrtech.exe error occurs: UwpApplicationManager.GetXmlFromFile Error: (9) Subscript out of range. The error occurs when opening a managed application under Composition > Applications. More details in the following KB article. |
90144 |
After configuring an administrative role with a combination of Modify, Read or Deny access permissions for sub-nodes in Security > Authorized Owners, the Workspace Control Console behaves unexpectedly. Administrative roles are configured in the Workspace Control Console, under Administration > Administrative Roles. More details in the following KB article. |
90165 |
After upgrading to Workspace Control 2022.1 version 10.9.20.0 or higher, when logging into a Workspace Control managed session on a machine running Microsoft Windows 10 build 21H2, a stop error occurs during sign-in which prevents the sign-in process from completing. More details in the following KB article. |
90205 |
When an Agent running Workspace Control 2022.1 version 10.8.0.0 or higher is connected directly to the Datastore using SQL Server Login as the authentication method, Usage Tracking fails and the following error occurs: Connection to the database could not be established. Usage Tracking Viewer will now exit. This happens when opening Workspace Preferences > Other tab in Workspace Control managed sessions. More details in the following KB article. |
90206 |
Sometimes, when creating a new Datastore using the Datastore Wizard during the installation of Workspace Control 2022.2 version 10.9.0.0 or higher, the Datastore creation process fails. More details in the following KB article. |
90198 |
The following error message occurs in IWC 10.8.20.0 and Relay Servers: An existing connection was forcibly closed by the remote host. More details in the following KB article. |
90291 |
Since version 10.9.10.1, the mailto protocol configured in the Console under Composition > Applications > File Types tab of the Managed Application, is not being applied in a Workspace Control managed session. More details in the following KB article. |
90319 |
Res.exe causes high CPU usage when Logon Performance option is active and users log on to the server. The issue does not appear on every server. More details in the following KB article. |
90369 |
When an IvantiWorkspace Control Managed Session is signed in on an Agent with Workspace Control 2022.2 (10.9.20.0) the following error message can be displayed in the User Session and the Error log in the Console. More details in the following KB article. |
90592 |
It is not possible to offer remote assistance from the Console that is running on a Windows Server 2012 R2. When starting Remote Assistance, a screen is shown with an overview for the parameters used in MSRA.EXE. More details in the following KB article. |