VMware User Environment Manager is a Windows-based application, which consists of 4 components.
- Active Directory Group Policy for configuration of the VMware User Environment Manager.
- ADMX template files are provided with the product.
- VMware User Environment Manager configuration share (SMB)
- Profile Archives share (SMB)
- User Environment Manager FlexEngine
For a Non AD deployment check out my blog post on deploying UEM 9.1.0 in No AD mode
The following diagram shows how these components work together in a VMware User Environment Manager implementation:
Step 1 – Create the SMB Shares
Lets start by creating two file shares, one for the UEM configurations files and one for the Users Profile archive. For production the file server will ideally be backed up and replicated. DFS is supported but only in one direction. Storage array based replication works very well.
I have created the following on my file server.
(Allow EVERYONE READ access to the share)
(Allow EVERYONE READ and CONTRIBUTE access to the share)
The following NTFS permissions also need to be set on the file shares.
Step 2 – Install the User Environment Manager 9.0
Firstly download the product media from your myvmware portal. In production the Manager may be installed on a management server or individual engineers workstations.
Run the MSI, click Next and accept the license agreement
Choose your destination folder and setup type.
- Complete to install all the components inc the UEM Manager
- Custom to choose individual components
- Typical only installs VMware UEM FlexEngine, Application Migration, and Self-Support (NO UEM Manager)
On the next screen there is no option to install a license because i am using the VMware Horizon version that comes as part of the suite. If you have the standalone version for physical desktops for example then there will be a browse button you can use to select your license.
After the install is complete open up the User Environment Manager Console.
All Programs – VMware UEM – Management Console
Because it’s the first time you have installed UEM you will be prompted to point the Manager at configuration. Point it to your configuration SMB share \\uem-server\UEM-LAB-config we created in Step 1.
Next Leave the defaults selected (you can easily change this afterwards in the configure menu). Select OK.
If you receive a UEM – Error saving Configuration file Error Access to the path in denied. Check your share and NTFS permissions.
To confirm the install has been successful check you SMB share you will notice there has been a UEM file structure created.
Step 3 – GPO Configuration
First and foremost copy the VMware UEM.admx and VMware UEM FlexEngine.admx ADMX templates (and their corresponding ADML files) from the download package into your GPO environment.
Using Group Policy Management Editor create a new Group Policy object using the following settings.
- You will notice there is a logoff script that runs FlexEngine.exe the -s switch is for silent mode. By enabling the ‘Run FlexEngine as Group Policy Extension’ setting you do not have to use a logon script. If you do not enable this setting you must create a logon script to run FlexEngine.exe at login.
- UEM Log Levels can be set to Fatal, Error, Warn, Info and Debug
- Max log file size can also be set and should be to avoid any bloat
- Number of backups per UEM profile archive, default is 3 (one per day). UEM backs up the user profiles once a day and users can restore profiles and application settings (per app) using VMware User Environment Manager (UEM) Self Support Tool or engineers via the Helpdesk Tool.
- Compress backup archives to save on space
NOTE: On Windows 7 and Windows Server 2008 R2, the Run logon scripts synchronously policy setting is ignored when using mandatory profiles; when using local or roaming profiles the policy setting is ignored the first time a user logs in. Microsoft hotfix 2550944 addresses this issue.
Step 4 – Install FlexEngine
The FlexEngine needs to be installed on any machine (physical or virtual) that you want to manage with UEM.
For a Horizon deployment install it on your VDI/RDSH Gold Images.
When preparing a virtual machine for use as a virtual desktop or as an RDS host or VDI desktop, the relevant product agents must be installed. The installation order is important and if one is updated all subsequent agents should be removed and updated to maintain the installation order.
Agent Install Order
- vSphere VMTools
- Horizon Agent
- User Environment Manager FlexEngine
- VMware Identity Manager Client
- App Volumes Agent
The process for installing the FlexEngine is identical Step 2 using the same .msi except you choose a Typical or Custom install. Be careful not to do a complete install other wise you’ll end up with the management console on all your virtual machines.
Once the agent is installed in the correct order you’ll need to recompose your pools.
Step 5 – UEM Quick Start
So now you have all the infrastructure in place your ready to create your Application Profiles and Configurations in UEM. A great place to start is the aptly named ‘Quick Start’. UEM has some built-in templates for MS Office, Adobe Reader, VLC Player etc, to get you a head start.
Open the UEM Console and Click the Quick Start button on the toolbar.
The default options are then imported and you also can choose the MS Office versions you have in your environment.
Click OK and you the defaults and Office templates will be imported into your configuration.
Now log onto a desktop you have installed the FlexEngine on and open a program included the default templates such as Paint. Make some changes to the settings of Paint, in this demo i have enabled the Rulers, Gridlines and Status bar Views.
Logoff the desktop. Notice the files created in the central Profile Archive.
- Archive .zip file for Paint application settings
- Backup .zip file for Paint application settings (for restoration)
- Windows Settings
Log back into your desktop and notice the Paint application settings have been imported and the persona persistent.
This is a great way of getting up and running with the basics quickly.
Check out this blog post on some more advanced features, configuring UEM Horizon Smart Polices!