Phil_Helmling's Posts

You should create a Directory user in UEM console, and disable staging (Accounts > edit the user > Advanced tab > expand Staging and click Disabled & Save. then when building the device, use auto-admin logon process from the unattend.xml to login as the local administrator account, enrol using the default command line but specify the Directory user, eg: msiexec.exe /i AirWatchAgent.msi /qn ENROLL=Y IMAGE=N SERVER=<server> LGNAME="WHdesktops" USERNAME="DIRUSER" PASSWORD="<password>" we sometimes call this user a service account user.   Bear in mind that some things will not function properly with subsequent user logons. I would assume these devices would be AD Domain joined also. If so and the device can connect to the DC when enrolling, the Hub should not pop up and ask for credentials.

Hi Nolan, my recommendation would be to write a powershell script to achieve this and use the schedule option when assigning it to a SmartGroup(s) like shown in the attached screenshot. We don't have the feature built into the platform, but there are three different feature requests that you could add weight to by voting: https://euc-vmware.aha.io/ideas/ideas/WIND-I-120 https://euc-vmware.aha.io/ideas/ideas/MSFTI-I-78 https://euc-vmware.aha.io/ideas/ideas/MSFTI-I-343  

Hi Gemma, I'm not sure what you mean by Windows Server 2016 is installed on RedHat. If it is a virtual machine on Redhat, then it doesn't matter as it is completely containerised.  Checkout this upgrade guide - https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/UEM_Upgrade.pdf just google search for "upgrade Workspace ONE UEM 2206"

Hi Richard, this API can be used  https://asXXX.awmdm.com/API/help/#!/apis/10002?!/SmartGroups/SmartGroups_CreateSmartGroupAsync However I would suggest you use some dynamic method such as reading a sensor or AD User Group of enrolled user, that identifies the relevant devices and select those options as the identifier/filter within the Smart Group.

Hi Mahmoud, apologies for the delay in responding. I'm only just start to watch this forum. Attached is a doc to help with troubleshooting P2P. I would stay with Distributed mode but change the "Maximum Cache Age (days) to 999 to ensure the bits stay in cache to serve other devices. Default setting is 3 days.... Also ensure the firewall settings have applied, and as it says in the doc, check that the P2P redirect settings are in the content manifest within the registry.  Have you tried adding a new app or version of an app after you deployed this profile?

according to 2206 documentation - https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2206/UEM_Recommended_Architecture/GUID-AWT-ON-PREM-SOFTWARE-REQS.html  The following cipher suites need to be enabled based on the server version of the application servers to communicate with Apple for the new HTTP/2 change that will go into effect early next year (2021): “TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384”(windows server 2016 and later) - This is handled by a crypto library in the product for OS's that do not support it. "TLS_RSA_WITH_AES_256_CBC_SHA “(windows 2012 R2 and earlier)   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 info is found here https://ciphersuite.info/cs/TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/ and it is TLS1.2

There are many ways to do this, which is a good thing and a bad thing I like the script Aaron suggested, and it could certainly help. Here is a repo with a bunch of example profiles to do stuff in the registry, ADMX etc - https://github.com/helmlingp/WS1UEM_Profiles Phil

Hi CS, no WS1 can't manage certificates for websites. Firstly WS1 manages endpoint devices not servers and also certificate management is confined to device or user certs and not applications. If the device was a desktop OS, then we could possibly do this by deploying a device certificate and then a script to configure the application (web server) to consume and bind the certificate.

Hey @GemmaNavas1, I have no idea what is causing the cache folder to fill up or whether you can delete the cache files. I know you can manually delete orphaned file storage blobs (app installers) that would be stored on the configured file storage path. For this, use the PurgeUtility log to determine what is not being purged.  @aaronk I have suggested to support that they first determine if the ACLs on the folders are actually correct. The screenshot I saw had a SID for the user. Also the username configured in the console to impersonate and access the DFS is supposed to be in DOMAIN\Username format. Not sure why the screenshot had UPN. Phil

Does the device have a GPS or mobile SIM? How did you get the location? Are you using something similar to https://github.com/helmlingp/WS1UEM_Sensors/blob/master/getGeoLocation2.ps1?  I have found that unless there is a GPS or mobile SIM in the device, the device reports the location of the NAT'd IP which is then potentially inside the ISP's network. 

Default behaviour for devices registered to inactive users is Enterprise Wipe as described here: https://kb.vmware.com/s/article/50120774  However, even though not described properly in the below doc link, this can be set to "Restrict Additional Device Enrollment" which will suit your needs. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/UEM_Managing_Devices/GUID-ConfigureEnrollmentOptions.html 

You can just uninstall the connector using the same installer, or shutdown the server. You should also log a support call to decommission the tenant in the SaaS instance which you can do here https://www.vmware.com/group/vmware/get-help/  

You need to add a SAN for your connection server(s) into the view.victorschools.org cert as View will only use one certificate, the one with the "vdm" friendly name. Todo this you will need to purchase a UCC or multi-use certificate. The other issue you will have though, if you have two connection servers, one paired with the security server and another accepting internal traffic, is that your internal split DNS will be pointing to the external and therefore routing all internal requests for view.victorschools.org to your external. The only way I've found around this is to add host file entries on the Security Server and paired Connection Server for the external IP for the external DNS. Hope that makes sense. Phil

have you applied the optimisation recommendations in the Windows 7 and Windows 8 optimisation guide? http://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf I suspect the choppiness when moving windows between screens is because you haven't disable "Show window contents while dragging" in the Visual Effects tab (see attached). This is disabled when running our suggested optimisations in the above: rem Set Windows Visual Effects to Optimized for best performance reg ADD “hku\temp\Software\Microsoft\Windows\CurrentVersion\Explorer\ VisualEffects” /v VisualFXSetting /t REG_DWORD /d 0x2 /f I would also disable 3D in the pool, unless you need it, but based on what you've said above, you don't. Phil