Hi All, UEMdev ijdemes
I would like to share with you one thing regarding UEM..
right now I am testing to persisting local machine settings through UEM and got success with persisting "HKLM" settings per user!!
UEM:9.1
View:7.0.2
Image: Win10 1607
Please let me know If anyone need help on it.......
Thank you,
Vkmr.
Please share your breakthrough, because that's the whole purpose of this community: sharing knowledge.
By the way, exporting (reading) HKLM settings with UEM is not hard, there is a folder token to support HKLM as you can see in this screenshot.
The hard part is importing (writing) the HKLM settings back into the registry, because default users (and thus the FlexEngine) don't have permissions to do that.
There are several options you can use to work around this limitation, some more secure than others.
Please share what you have done so other might benefit.
Hi Pim!!
I was implemented this on my testing environment.
I am just including "HKLM\software\Filezilla" and I am not facing any issues with importing these registry's [with user account rights].
Note: my UAC settings is set to "never notify" on parent image.
Thank you
And your users are local administrators?
No they are not local Administrators.
Thank you,
Vkmr.
VKMR.....really would like to hear how you managed to do this? I need the help, and I'm sure many others do as well.
Hi ap_idb,
Can you please provide the use case/issue you are trying to solve?
Pushing an ODBC via UEM Registry Settings to HKLM
Why do you want to push that to HKLM? Why not use a User DSN?
I do currently as in the past days in my org it was HKLM, but I was more curious how OP fixed pushing HKLM for a standard user. I can't think of a need off the top of my head right now, but I do think it would help to know it's possible.
I think it is only possible if the permissions in HKLM allow it. Which requires either permissions specifically in HKLM or membership of "Local Administrators". The question is, do you really need it? Maybe some old legacy application, but otherwise....
I tend to agree, mostly curiosity. But, most of us here don't have the power to force application level changes for the business, we're mostly just asked to support it. I suspect I'll find one of those apps one day.
Appreciate your responses to the thread Ivan!
Sure, no problem!
Hi ap_idb,
You could use UEM's privilege elevation to tweak HKLM settings. It's not completely straightforward in that you would need to configure an argument-based privilege elevation config file to elevate a particular regedit.exe import, and then launch that import (for instance by creating a shortcut in the startup folder), but it works.
One thing I'm investigating is using puppet, its a configuration management tool used mostly by servers, but seems like it would work here. This tool can do what UEM does but in the scope of the machine instead of the user. I'm hoping in at one point UEM maybe gets copied to CEM(Clone Environment Manager)
, to do the something like this, and currently, no VMWare tool really can manage these stuff well that isn't really user profile focused
