DEMdev's Posts

Hi @tschuegy, Local groups are supported. Does this error maybe occur on a non-English setup? Built-in group names are (sometimes?) localized; for instance, BUILTIN\Administrators on a German Window... See more...
Hi @tschuegy, Local groups are supported. Does this error maybe occur on a non-English setup? Built-in group names are (sometimes?) localized; for instance, BUILTIN\Administrators on a German Windows 10 install seems to be VORDEFINIERT\Administratoren. It's interesting that this has not come up before (at least, as far as I'm aware.) I'll see what we can do about this. In the mean time, configuring such groups by browsing to them will include the group's SID for the agent to fall back to (as you already saw.)
Hi @tschuegy, That's fine as far as the DEM agent is concerned. Just be aware that depending on where that folder is located (and/or how you have managed ACLs) your end user might be able to add/rem... See more...
Hi @tschuegy, That's fine as far as the DEM agent is concerned. Just be aware that depending on where that folder is located (and/or how you have managed ACLs) your end user might be able to add/remove/change settings, which would allow them to run executables with elevation, circumvent application blocking and Group Policy-based restrictions, et cetera.
@VMHero4Ever, Is this related to the "Intermittently fails to load profiles" issue? If not, can you please start a new thread for your issue? > In the Log file I can see an error What error do you... See more...
@VMHero4Ever, Is this related to the "Intermittently fails to load profiles" issue? If not, can you please start a new thread for your issue? > In the Log file I can see an error What error do you see?  
@NeoChen176, That DEV_FlexEngine2.log you provided shows that VDI Policy Can Copy in and out was skipped due to conditions, and that the following Smart Policies settings were picked up from VDI Pol... See more...
@NeoChen176, That DEV_FlexEngine2.log you provided shows that VDI Policy Can Copy in and out was skipped due to conditions, and that the following Smart Policies settings were picked up from VDI Policy Only Can Copy in: Drag and drop is allowed from client to agent Printing is disabled Client drive redirection is set to read-only Clipboard redirection allows copy from client to agent USB redirection is disabled Web and Chrome file transfer allows upload from client to agent That seems to match the "dev can only upload" scenario you described. Note that DEM just provides configuration settings. Whether these are actually taking effect is up to the individual Horizon components. You would need to check the logs on the Horizon side to see if there might be any conflicting configuration (from GPO, for instance.)
@NeoChen176, Can you provide a log file (at log level DEBUG) so we can see what exactly is going on w.r.t. evaluating those conditions?
@JohnLord, Looks like the corresponding vdm_common.adml file is not valid according to its XML schema: You can fix this by opening that file in Notepad and setting that defaultItem attribute to... See more...
@JohnLord, Looks like the corresponding vdm_common.adml file is not valid according to its XML schema: You can fix this by opening that file in Notepad and setting that defaultItem attribute to "0". We'll make the DEM Management Console a bit less picky w.r.t. this validation – thank you for bringing this to our attention. 
Hi @vBritinUSA, Ah, shoot... That "%{ViewClient_Machine_Name}%" argument in the elevated task definition gets resolved when privilege elevation config is processed rather than when the task gets lau... See more...
Hi @vBritinUSA, Ah, shoot... That "%{ViewClient_Machine_Name}%" argument in the elevated task definition gets resolved when privilege elevation config is processed rather than when the task gets launched... If you change your triggered task to run a batch file containing the following two commands, it should work. "C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -DemRefreshPrivilegeElevation "C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -LaunchTask "YourTaskNameHere"
Hi @tschuegy, The best workaround I can come up with requires launching the Helpdesk Support Tool twice, once for the “Global” config files, profile archives, and backups, and once for the silo-spec... See more...
Hi @tschuegy, The best workaround I can come up with requires launching the Helpdesk Support Tool twice, once for the “Global” config files, profile archives, and backups, and once for the silo-specific files. That second instance requires the creation of a folder structure (which can live anywhere, outside of the standard configuration folder) containing directory junctions to the “real” silo folders. Create a folder like C:\Flex\SiloHelpdeskHack\General, and copy the “Global” Helpdesk Support Tool config file that’s currently being used next to that new General folder: C:\>dir /s C:\Flex\SiloHelpdeskHack Volume in drive C has no label. Volume Serial Number is 4C1E-CE2B Directory of C:\Flex\SiloHelpdeskHack 10/28/2020  01:21 PM    <DIR>          . 10/28/2020  01:21 PM    <DIR>          .. 10/28/2020  01:17 PM    <DIR>          General 10/28/2020  01:11 PM               388 Immidio Flex+ Helpdesk Support Tool.xml                1 File(s)            388 bytes Inside that new General folder, create symlinks to the “real” silos folders, like: C:\Flex\SiloHelpdeskHack>cd General C:\Flex\SiloHelpdeskHack\General>mklink /D Silo-A-Test C:\Flex\Configuration\silos\SiloA symbolic link created for Silo-A-Test <<===>> C:\Flex\Configuration\silos\SiloA If the Silo-specific suffix policy setting is configured, use that as the name for the symlink; otherwise, just use the silo name. In my experiments I configured my silo-specific GPOs to use suffices Silo-A-Test and Silo-B-Test for silos SiloA and SiloB, respectively. Put differently: make sure the symlink names match the relative subfolder names where the users’ silo-specific archives and backups reside. After symlinking your silo folders, the new General folder should look something like this: Directory of C:\Flex\SiloHelpdeskHack\General 10/28/2020  01:17 PM    <DIR>          . 10/28/2020  01:17 PM    <DIR>          .. 10/28/2020  01:10 PM    <SYMLINKD>     Silo-A-Test [C:\Flex\Configuration\silos\SiloA] 10/28/2020  01:10 PM    <SYMLINKD>     Silo-B-Test [C:\Flex\Configuration\silos\SiloB]                0 File(s)              0 bytes You can now launch the “Silos” instance of the Helpdesk Support Tool: "C:\Program Files\Immidio\Flex Profiles\Flex+ Helpdesk Support Tool.exe" -FlexConfig C:\Flex\SiloHelpdeskHack, specifying the path of that special folder structure (excluding General.) So, all in all quite involved...
Hi @vBritinUSA, Such a refresh will just refresh configuration settings. That is, it will process the privilege elevation configuration again, but that won't automatically launch elevated tasks (whi... See more...
Hi @vBritinUSA, Such a refresh will just refresh configuration settings. That is, it will process the privilege elevation configuration again, but that won't automatically launch elevated tasks (which is a good thing, I guess :)) You can still use a triggered task for session reconnect, though. Just use Run custom command as the Action, specify the path to FlexEngine.exe as the Command, and -LaunchTask "Name-of-your-elevated-task" as the Arguments.
Hi @tschuegy, Sorry, I haven't been active on VMTN for a long time... The Helpdesk Support Tool does indeed not have silo support. I've created an internal write-up quite a while ago describing a ki... See more...
Hi @tschuegy, Sorry, I haven't been active on VMTN for a long time... The Helpdesk Support Tool does indeed not have silo support. I've created an internal write-up quite a while ago describing a kind of workaround. I can try and dig that up in case you're still trying to look for way to make this work?
Hi @nathangreenley, Is this happening during a path-based import, or a DirectFlex import? If the latter, please try switching to path-based; if the former, you can check with a ProcMon boot log.
Hi @vBritinUSA, Sure, that should be possible. Just create an elevated task, with Executable – C:\Windows\System32\reg.exe Arguments – add HKLM\Software\Citrix\ICA\Session /v value-name-here /d "... See more...
Hi @vBritinUSA, Sure, that should be possible. Just create an elevated task, with Executable – C:\Windows\System32\reg.exe Arguments – add HKLM\Software\Citrix\ICA\Session /v value-name-here /d "%{ViewClient_Machine_Name}%" /f Then, create a logon task that launches that elevated task. (I think that that %{ViewClient_...}% reference is undocumented, but it is fully supported. No need any more for any hacks to retrieve the ViewClient_ values from HKCU, with all the related timing issues.)
Hi @NLAVOIE, This is the Dynamic Environment Manager forum; is your question related to DEM?
This will indeed be included in the upcoming 2206 (10.6) release. As described by @kennyvz it will not be enabled by default, but requires an HKLM value to be set. The reason for this approach is tha... See more...
This will indeed be included in the upcoming 2206 (10.6) release. As described by @kennyvz it will not be enabled by default, but requires an HKLM value to be set. The reason for this approach is that uninstalls require a bit more attention when the fix is enabled, and we don't want to inflict that on customers for whom the product is currently behaving as it should. An improved fix is scheduled for 2209 (10.7) – that one won't have the uninstall impact, and hence won't require any specific configuration.
@aterrell04, Happy to hear this has unblocked your rollout, but it sounds, umm, quite surprising... There's effectively no difference between having DEM personalization (profile archive import) put ... See more...
@aterrell04, Happy to hear this has unblocked your rollout, but it sounds, umm, quite surprising... There's effectively no difference between having DEM personalization (profile archive import) put that file into that folder, or having a DEM logon task do that through xcopy... Anyway, I'm also interested in hearing what support will tell you Do you have an SR# you can share (here or privately)? I'm off for a while, but I might sneak a peek, as I'm curious as to what's going on here.
@aterrell04, There used to be an issue where App Volumes detached the (implicit) writable volume before DEM's export took place (which might result in the behavior you described, i.e. DEM exporting ... See more...
@aterrell04, There used to be an issue where App Volumes detached the (implicit) writable volume before DEM's export took place (which might result in the behavior you described, i.e. DEM exporting contents from the base image), but I'm pretty sure that was fixed before App Volumes 2111. No clue then, I'm afraid, so probably best to open an official support ticket for this.
@kennyvz, Do you have support for computer environment settings enabled? If so, do you have RevertOnShutdown=1 configured? That setting is sometimes causing the "FlexEngine does not run after reboo... See more...
@kennyvz, Do you have support for computer environment settings enabled? If so, do you have RevertOnShutdown=1 configured? That setting is sometimes causing the "FlexEngine does not run after reboot" behavior. Pre-DEM 2111 that only applied to NoAD mode setups, but as of DEM 2111 it could affect Group Policy-based setups as well. The fix in DEM 2111 is that that setting no longer defaults to 1, but if it's explicitly set to 1 that could still cause the issue, of course.
@aterrell04, > Does 2111 process logging users off differently As of DEM 2111, DEM runs a tiny bit later in the overall logoff (compared to the logoff-script approach in previous versions; nothing ... See more...
@aterrell04, > Does 2111 process logging users off differently As of DEM 2111, DEM runs a tiny bit later in the overall logoff (compared to the logoff-script approach in previous versions; nothing has changed in NoAD mode.) I can't imagine this to be material, though. Which version of App Volumes are you using?
@system32AUT, Dominik, When exactly does that error dialog appear? When searching for users, or after selecting a user? Would it be possible to reproduce the problem with ProcMon running, and then ... See more...
@system32AUT, Dominik, When exactly does that error dialog appear? When searching for users, or after selecting a user? Would it be possible to reproduce the problem with ProcMon running, and then (privately) share that ProcMon trace with me (zipped, as it can be rather large but compresses very well)?
@Hubb1981, Thank you for the policies export. That all looks perfectly fine and straightforward. > DEM will run at logoff (and capture an essentially blank profile) for users That's quite odd, as ... See more...
@Hubb1981, Thank you for the policies export. That all looks perfectly fine and straightforward. > DEM will run at logoff (and capture an essentially blank profile) for users That's quite odd, as the DEM agent has some protection mechanism built in to prevent performing an export in the case the import did not run: 2022-04-28 16:36:06.048 [WARN ] Previous import not marked as successful -- skipping export 2022-04-28 16:36:06.049 [INFO ] Done (36 ms) [<<IFP#3d5bb27b-588abfc] Can you provide a registry export of HKCU\Software\Immidio for a session where DEM did not seem to have run during logon?