VMware Horizon Community
sjesse
Leadership
Leadership
Jump to solution

UEM no ad mode different archive location for different groups

We currently use UEM in noad more because we found it works better in a multi domain deployment, The problem is I have some desktops that I want to have all archives discarded on logoff and there isn't an easy way to do it. Before switching to no ad mode, we used different gpos to set the archive to location for the different groups, but since no ad mode uses an xml thats specified on install there isn't an easy way to do that without using different config directories or parent images. Currently I have  condition sets on all of the personalization settings but as new ones get added its easy to miss them.

Is there a way I'm not thinking of

1 Solution

Accepted Solutions
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi sjesse,

That's the one aspect where NoAD mode is limited compared with Group Policy-based configuration... We plan to tackle this at some point, but nothing has been decided yet. Your forum post about this will increase the priority of those changes, but it still won't be any time soon.

In the meantime, a potential workaround that isn't quite supported (in that VMware support can't really help you with it), but that should work fine. At logon, the XML attributes defined in NoAD.xml end up as registry values under HKLM\SOFTWARE\VMware, Inc.\VMware UEM\Agent\Configuration, and that's where the UEM agent looks for its configuration.

You could create a .REG file with the relevant profile archive backup settings​​, configure an argument-based privilege elevation setting for a Regedit.exe import of that file, and create a shortcut to launch that command from the startup folder (using conditions to control both the privilege elevation and the shortcut definitions). (That startup-folder detour is a workaround for the fact that UEM can't use privilege elevation for executables that it launches itself.)

View solution in original post

Reply
0 Kudos
5 Replies
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi sjesse,

That's the one aspect where NoAD mode is limited compared with Group Policy-based configuration... We plan to tackle this at some point, but nothing has been decided yet. Your forum post about this will increase the priority of those changes, but it still won't be any time soon.

In the meantime, a potential workaround that isn't quite supported (in that VMware support can't really help you with it), but that should work fine. At logon, the XML attributes defined in NoAD.xml end up as registry values under HKLM\SOFTWARE\VMware, Inc.\VMware UEM\Agent\Configuration, and that's where the UEM agent looks for its configuration.

You could create a .REG file with the relevant profile archive backup settings​​, configure an argument-based privilege elevation setting for a Regedit.exe import of that file, and create a shortcut to launch that command from the startup folder (using conditions to control both the privilege elevation and the shortcut definitions). (That startup-folder detour is a workaround for the fact that UEM can't use privilege elevation for executables that it launches itself.)

Reply
0 Kudos
sjesse
Leadership
Leadership
Jump to solution

Can I point to a different noad.xml but use the same config files somehow? For the most part we have one UEM configuration folder, but we have one group that has there own, and to limit the need to create different parent images I'm running this script during the post sync step in Horizon

@ reg add "HKLM\SOFTWARE\VMware, Inc.\VMware UEM" /v msiNOADCONFIGFILEPATH /t REG_EXPAND_SZ  /d %1 /f

@ reg add "HKLM\SOFTWARE\VMware, Inc.\VMware UEM\Agent\Configuration" /v ConfigFilePath /t REG_EXPAND_SZ  /d %1 /f

and I pass the configuration folder, but these are separate shares.This way its there before the user logs on and then everything gets passed through correctly.

Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi sjesse,

No, the FlexRepository\NoAD\NoAD.xml part is hard-coded – only the config file path that leads to that folder structure is configurable.

However, adding a registry setting under HKLM\SOFTWARE\VMware, Inc.\VMware UEM\Agent\Configuration to optionally define a different file name than NoAD.xml should be pretty straightforward... No guarantees yet, but I'll give that a bit more thought.

Either way, that won't help you at this time. My privilege-elevation-based suggestion is the best I can come up with for now.

Reply
0 Kudos
sjesse
Leadership
Leadership
Jump to solution

I'll try your method, figured I'd see if I could adjust what I'm already doing. Thanks

DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi sjesse,

You could actually stick with your current post-sync approach (sort of):

  • Remove the backup-related settings from NoAD.xml, as those would override any registry tweaks made beforehand
  • "reg add" the required backup-related settings (just like you're doing now with the ConfigFilePath)