Same discussion here

UEM and User Assignment

And I raised a call with VMWare and received a message that this is indeed not possible and asked for a feature request.

We now just created groups for this and add a user to this group, it is what it is.

Let's hope user assignment will be a new feature...

UEMdev​. Yes, this indeed did the trick, thank you very much for your reaction.

This opens up a lot of different options for us :smileysilly:...

Does this work in time though? Because it will only create these during logon?

I use this setting when i need to test a configuration in UEM.

I create a setting/policy and when the condition matches it is deployed to the users. It works perfectliy on every logon.

Must say: we use a non-presisten clients, so everytime a user logs on, they will log on to a new client. and when they log off, the client gets deleted and redeployed as a new client.

There's no timing issue here – UEM only gets to run after Windows has created the local user profile folder.

The only potential issue I see with this approach is if you're using this in a persistent environment where you do not remove the profile at logoff. In that case it might happen that user abc logs on but folder C:\Users\sgr still exists on disk, causing the condition to match...

Using the environment variable condition to check %username% does not have that (potential) issue.

Yes, but since we are running non-presistant, it works just fine for my testing usage.

This is working, but still requires a user logon to be effective.  I still cannot add the user conditional to the UEM setting and just have a user refresh.  I have even tested doing a ...\FlexEngine.exe -r command and it still does not configure the new drive mapping until the user logs off and back in again.

Our environment if Horizon 7.5, instant clones of Win10 v.1803, AppVolumes 2.14.2.  Test user have have Writable UIA - NO profile. UEM v9.4

Hi rcscott44,

-UemRefreshDrives should work just fine in this case, so let's see what's going on. Can you provide a FlexEngine log file and a FlexEngine async log file (in case you're mapping drives asynchronously), both at log level DEBUG? Just the log fragments that apply to the (failed) refresh would be sufficient, with a brief description of which drive mapping you tried to add.

When you logs on to windows, are you able to run UNC patch to the shared network drive without user credential prompt?

Are your klient in the domain? (i know, silly question...)

i always map network drives with \\server.domain.com\path-to-share

Interesting development...

I attempted to pull logs for our test user and could not access the FlexEngine-async log while the user was logged in.  That has never been an issue before.  I logged the user out and could access the logs, but they showed nothing added for days.  I logged the user back in and the FelxEngine-async log was immediately locked again.  I could not determine what application was locking it.  As a last resort, I deleted the writable volume and created a new one from scratch.  Immediately everything worked as expected. I am now able to assign and remove drive mappings for the user by "username" and the -UEMrefreshDrives argument works without requiring a new user logon. 

It is troubling that some config saved in the writable could affect operations this way.  We don't have the ability to remove writable drives entirely from our environment and it would be problematic if this issue happened for a real user.

-Bob

Hi Bob,

Are you mapping printers, by any chance? The async log file being locked is typically a symptom of a printer mapping that is hanging (or just very slow).

Yes, we do map network printers as well.  We do see issues with some printers hanging at logon, but they either complete of time-out after 10 minutes or so.  The async-log locking existed for hours.  Is there a way to see if there is printer mapping issue without the async log?  Nothing from UEM was being added to the log, so I had no way to see if a printer was hung up.

Yeah, that's a bit of an annoying thing about our log files... To limit our network and disk impact, log lines aren't written to disk immediately, but are buffered in memory first; once that buffer (which is a few kilobytes large, for a handful to a dozen log lines, in general) is full, it's written to disk.

If something causes the FlexEngine.exe instance that is writing to the async log to hang, quite often the last log lines that make it to disk are for one of the actions preceding the culprit...

If you can reproduce the issue during the session (maybe by killing the hanging FlexEngine.exe and performing a UEM refresh), ProcMon might shed some light on the hanging action.