5 Replies Latest reply on Apr 29, 2020 6:41 PM by popvm

    Basic Query - GPO Settings for DEM

    popvm Novice

      I am new to DEM and have a very basic question.

       

      I was reading Quick-Start Tutorial for User Environment Manager | VMware and what I understand is that we create an OU for desktops and link the UEM GPO to this OU and deploy all the desktops under this OU. How about the domain users, should they also be moved under this OU? I am confused by the fact that the DEM settings are primarily for users (and not computers) and it follows the user, but the documentation doesn't mention any GPOs for the users.

       

      Could someone explain how this needs to be done?

       

      DEMdev Pim_van_de_Vis

        • 1. Re: Basic Query - GPO Settings for DEM
          popvm Novice

          Okay, after some search I think I found it -  there is no need to add users to the OU if we enable the Group Policy loopback processing mode. Is that correct?

          • 2. Re: Basic Query - GPO Settings for DEM
            DEMdev Master
            VMware Employees

            Hi popvm,

             

            I'm really not the one to ask – I just build the product; I don't deploy it

             

            But, more seriously: Group Policy settings for DEM are configured at the user level. Typically the GPO containing DEM configuration is targeted to an OU containing "DEM users".

            Leveraging Group Policy's loopback feature allows you to have these user settings be applied to computer objects, in case you prefer to set it up that way.

            1 person found this helpful
            • 3. Re: Basic Query - GPO Settings for DEM
              sujayg15 Enthusiast
              VMware Employees

              Hi there..

               

              Hope this can answer your question..

              - The DEM GPO settings are User Settings, however the settings themselves point the "DEM Agent" on the Windows VDI/PC to the dem_config_share and the user_profile_share

              - The settings also tell how the Agent should behave with the user logging into the Windows VDI/PC, at the time of user logon.

              - That is why the DEM GPO is targeted to the OU that has the Computer AD Objects

              - In some cases the user AD Object is also in the same OU, but not in many cases, which is why to have the User Setting targeting an OU with Computer Objects, needs to have the additional "Computer Setting - Loopback Processing" in place

              - And the control over how the GPO is in effect can be controlled by using the Loopback Processing GPO setting in the MERGE/REPLACE Mode

              - Kiosks Windows OS and Windows OS where you don't want any user resedual settings, would prefer to have Loopback Processing in REPLACE Mode

              - Others would use MERGE Mode

              - In some cases with more than one GPO in play (the GPO order or precedence should also be taken into consideration)

              - for instance you want to ensure REPLACE Mode is the GPO setting of choice for the Loopback Processing setting (which means it will ignore User GPOs below it), so you might want to have this GPO to be the last GPO in the GPO Order of Precedence.

               

              There are a lot of combinations one can work with, but its what will work in the environment that matters, hence the flexibility of choice in GPO placement and loopback processing.

              1 person found this helpful
              • 4. Re: Basic Query - GPO Settings for DEM
                popvm Novice

                Hi DEMdev, Thanks for responding. I got what you meant. I know you are a Dev, but I also know how much expertise you have in the product (BTW, I'm ex-VMware), so I knew you know the answer

                • 5. Re: Basic Query - GPO Settings for DEM
                  popvm Novice

                  Thanks sujayg15 for responding. Very helpful. Let me try this setting in my lab set up and see how it behaves.