VMware Horizon Community
sjesse
Leadership
Leadership
Jump to solution

Restricted Groups

Hi

Has anyone tried setting local computer groups with UEM in anyway? I have an app that requires users to be in two local computer groups, and right now its the one of the only realy reasons I need to use a GPO(I HATE GPOs Smiley Happy ).

1 Solution

Accepted Solutions
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi sjesse,

Unfortunalty I need them on the first logon,

Yeah, that's what I expected Smiley Sad

but maybe I'll play around a bit if or think of a way I can make them logon and off again.

Sure Smiley Happy

pastedImage_8.png

pastedImage_10.pngpastedImage_11.png

Where C:\Flex\sjesse.cmd contains the following:

C:\Windows\System32\net.exe localgroup "Demo Group" "%username%" /ADD

"C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -m "NOTE:" "You'll be logged off"

C:\Windows\System32\logoff.exe

User logs on:

2019-12-06 12:46:42.069 [INFO ] Performing path-based import

...

2019-12-06 12:46:42.099 [INFO ] Collected argument-based privilege elevation settings to apply for elevated applications ('Local Group Test.xml')

...

2019-12-06 12:46:42.122 [DEBUG] Conditions: Check for user membership of group 'Demo Group' = false

2019-12-06 12:46:42.175 [INFO ] Successfully created shortcut in programs menu ('sjesse.xml')

User is automatically logged off (after clicking away the message box):

2019-12-06 12:51:39.059 [INFO ] Performing path-based export

...

2019-12-06 12:51:39.132 [DEBUG] Successfully removed shortcut 'C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sjesse.lnk' ('sjesse.xml')

...

2019-12-06 12:51:39.139 [INFO ] Privilege elevation statistics:

2019-12-06 12:51:39.139 [INFO ]    Elevated C:\Windows\System32\net.exe 1 time (argument-based).

User logs on again:

2019-12-06 12:51:48.507 [INFO ] Performing path-based import

...

2019-12-06 12:51:48.571 [DEBUG] Conditions: Check for user membership of group 'Demo Group' = true

2019-12-06 12:51:48.571 [INFO ] Skipping shortcut due to conditions ('sjesse.xml')

View solution in original post

Reply
0 Kudos
5 Replies
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi sjesse,

You can use argument-based privilege elevation to add or remove a user from a local group:

pastedImage_0.png

However, those membership changes will only be picked up at the user's next logon...

Reply
0 Kudos
ijdemes
Expert
Expert
Jump to solution

Hmm, for people that hate GPO's it would be very nice if one would be able to apply such "computer settings" using DEM. Smiley Wink


\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com
Mickeybyte2
Hot Shot
Hot Shot
Jump to solution

The product used to be "User" environment manager, but was recently renamed to "Dynamic" environment manager. Maybe some changes are in the pipeline to broaden the possibilities to more than just "user" settings?

Just a guess though...

Michiel.

Regards, Michiel.
Reply
0 Kudos
sjesse
Leadership
Leadership
Jump to solution

Unfortunalty I need them on the first logon, but maybe I'll play around a bit if or think of a way I can make them logon and off again. I'm also thinking of testing something like puppet or ansible again for this.

Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi sjesse,

Unfortunalty I need them on the first logon,

Yeah, that's what I expected Smiley Sad

but maybe I'll play around a bit if or think of a way I can make them logon and off again.

Sure Smiley Happy

pastedImage_8.png

pastedImage_10.pngpastedImage_11.png

Where C:\Flex\sjesse.cmd contains the following:

C:\Windows\System32\net.exe localgroup "Demo Group" "%username%" /ADD

"C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -m "NOTE:" "You'll be logged off"

C:\Windows\System32\logoff.exe

User logs on:

2019-12-06 12:46:42.069 [INFO ] Performing path-based import

...

2019-12-06 12:46:42.099 [INFO ] Collected argument-based privilege elevation settings to apply for elevated applications ('Local Group Test.xml')

...

2019-12-06 12:46:42.122 [DEBUG] Conditions: Check for user membership of group 'Demo Group' = false

2019-12-06 12:46:42.175 [INFO ] Successfully created shortcut in programs menu ('sjesse.xml')

User is automatically logged off (after clicking away the message box):

2019-12-06 12:51:39.059 [INFO ] Performing path-based export

...

2019-12-06 12:51:39.132 [DEBUG] Successfully removed shortcut 'C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sjesse.lnk' ('sjesse.xml')

...

2019-12-06 12:51:39.139 [INFO ] Privilege elevation statistics:

2019-12-06 12:51:39.139 [INFO ]    Elevated C:\Windows\System32\net.exe 1 time (argument-based).

User logs on again:

2019-12-06 12:51:48.507 [INFO ] Performing path-based import

...

2019-12-06 12:51:48.571 [DEBUG] Conditions: Check for user membership of group 'Demo Group' = true

2019-12-06 12:51:48.571 [INFO ] Skipping shortcut due to conditions ('sjesse.xml')

Reply
0 Kudos