Why does setting the condition of horizon smart policy have no effect?
I want to block client drive and when I set the condition about Group Membership or horizon client property etc. only seting IP can do it.
My horizon VDI version 2206, vmware 7.0u3 , desktop is window 10 with pcoip , windows 2019 AD ,DEM the same 2206
Thank you
Can you provide a log file (at log level DEBUG) so we can see what exactly is going on w.r.t. evaluating those conditions?
Hi @DEMdev
I don't think my DEM policy is set on my desktop,I have set them to the same subnet,
but it always looks like default domain policy.
Sorry, I'm new to DEM. How do I set the debug log.
Thank you
I have never had an issue with application of Smart policies but we are only on DEM 2111. Hopefully its something simple and not a defect...
It should be noted that smart policies and many other DEM settings are processed alphabetically. We typically use an underscore for the blanket policy and then override that. The smart polices are cumulative for the policies that are matched but last match wins so for the client drive policy would only need to have the specific client drive setting in it.
_Smart Policies Default External (condition Client location=external) blanket disable client drive
Allow Clientdrives Read Write (condition user group membership) allow all.
Besides checking your DEM logs, for quick verification, settings should be here when applied though session id key may only be RDSH. Some values can be manipulated on the fly for testing and some require a fresh session start.
HKEY_CURRENT_USER\SOFTWARE\Policies\VMware, Inc.\VMware Blast\Config\[session id]
a success full clipboard redirection DEM smartpolicy would have a "ClipboardState" value in the above key.
HI @BenTrojahn
You mean that the policy of DEM will inherit, if I have two conditions for the same policy? I would like to ask if ad also has GPO and DEM policy, will DEM policy override GPO?
In addition, how to view the log?
Thank you
not sure if you have competing GPO and DEM USER settings which one wins out probably depends on processing order. I have not looked for the user GPO for CDR but I don't think there is one. Either way I would recommend using one method for these values.
You can have as many conditions as you want on the policy, Once you set DEM logging that will tell you if it matched the condition or not, or if your logic is wrong 😉 If you have multiple smart policies, the settings of the smart policies that match the conditions are aggregated alphabetically. In this live example below, if a the "Allow Client drives Read Write" matched the condition and executed, whatever was set in that policy would win over the other two that are processed alphabetically from top to bottom.
Hi @DEMdev
Can you successfully block this client drive with the client drive policy of horizon smart policy?
I have tried for several days, but it has no effect. At present, it seems that there is only default domain policy setting.
I want to block Drive Sharing of the horizom client's Setting , like picture.
Hi @DEMdev
I put two logs on it, and I built two smart policies,
MS_ Log can upload and download files to the desktop, dev can only upload
can't download (but the actual test upload and download errors are prohibited.
Please help check again.
Thank you.
That DEV_FlexEngine2.log you provided shows that VDI Policy Can Copy in and out was skipped due to conditions, and that the following Smart Policies settings were picked up from VDI Policy Only Can Copy in:
That seems to match the "dev can only upload" scenario you described.
Note that DEM just provides configuration settings. Whether these are actually taking effect is up to the individual Horizon components. You would need to check the logs on the Horizon side to see if there might be any conflicting configuration (from GPO, for instance.)