With this guide i will show you how to install VMware User Environment Manager 8.7.0
Requirements
The great thing about VMware UEM is that there are just a minimal set of requirements to get it up and running. The following requirements are:
- Configuration share
- User share
- License file
- Active Directory
- Group Policy
You need a functional domain to manage the policies and a location to create the shares, either on the DC or a fileserver.
In this guide i use the domain “vDrone.net” and “vDroneDC” as domain controller.
Be in mind that this is a lab name and you need to implement this with your own DC related information. And share names can be whatever you want them to be.
Configuration Share
The configuration share is the share where VMware UEM stores the configuration you setup in the management console. You need to create a share called UEMConfiguration.
Setting up the share:
Example Name: \\vDroneDC\UEMConfiguration
The share permissions have to be set to:
- Administrator: Change
- User: Read
NTFS permissions have to be set to:
- Administrators: Full Control
- User: Read&Execute
User Share
The user share is the place where the user profile related settings are stored, Its a unique folder for each user similar to the roaming profile folder you’re used to. Create share with the name UEMProfileData.
Setting up the share:
Example Name: \\vDroneDC\UEMProfileData
The share permissions have to be set to:
- User: Change
The NTFS permissions have to be set to:
- Administrators: Full Control : This folder, subfolders and files
- User: Read&Execute, Create&append data : This folder only
- Creator owner: Full control : Subfolders and files only
Group policies
For group policies to work you need to make sure the correct files are there, there are a couple of files that we need here. The are found in the download of VMware UEM in the folder “VMware-UEM-8.7.0\Administrative Templates (ADMX)”
- VMware UEM Flexengine.admx
- VMware UEM helpdesk support tool.admx
- VMware UEM Administrator console.admx
- VMware UEM Sync tool Computer.admx
- VMware UEM Sync tool User.admx
- VMware UEM.admx
Copy these and the ADML files in the folder EN-US to the PolicyDefinitions folder on the domain controller.
Example: “\\vdrone.net\SYSVOL\vdrone.net\Policies\PolicyDefinitions”
First create a new GPO on the OU where the UEM user will reside in. This can also be on a group of computers but then you need to enable to “Loopback Processing” policy.
First browse to: User Configuration | Policies | Administrative Templates | VMware UEM | FlexEngine
GPO | Status | Setting |
Flex Config Files | Enabled | \\vDroneDC\UEMConfiguration\general |
Run FlexEngine as a Group Policy Extension | Enabled | |
FlexEngine Logging | Enabled | \\vDroneDC\uemprofiledata\%username%\logs\flexexgine.log |
Profile Archive Backups | Enabled | \\vDroneDC\uemprofiledata\%username%\backups |
Profile Archives | Enabled | \\vDroneDC\uemprofiledata\%username%\archives |
These are the user configuration settings that are required for VMware UEM. There are a few other general GPO settings that needs to be applied before you are done.
Set Logoff Script: You will need to set a logoff script to ensure that all user settings are written to the share at logoff.
Browse to “User Configuration | Polices | Windows Settings | Scripts (Logon/Logoff)”, change the “Logoff” setting.
Script Name: C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe
Script Parameters: -s
Always wait for the network at computer startup and logon – This setting ensures that the VMware UEM GPO settings will apply when the user logs into the system.
Browse to: Computer Configuration | Administrative Templates | System | Logon and Enable Always wait for the network at computer startup and logon
User Group Policy loopback processing mode (only required when OU has computers instead of users)
Browse to: Computer Configuration | Administrative Templates | System | Group Policy
Select User Group Policy loopback processing mode, Enabled it and choose Merge option.
If you AD is missing these settings you will need to install and ADMX add-on for Windows desktops. Download Windows8.1-Update-ADMX.msi and install this on your domain controller.
Setup the Management Console.
The only interesting option during the installation is the selection of the management console in the setup. Just wanted to show you this before we head on to the finish.
The VMware UEM FlexEngine component is needed on all windows device which you want to manage. This can also be deployed with SCCM or via login script. For Virtual Desktops this can be installed within the Gold Image / Blueprint. The Management Console is only required on the system from where you want to manage you UEM settings.
Select the license file and click on install, and within a few minutes VMware UEM management console is installed. The license file can be acquired via your VMware license portal when you download your copy of UEM.
When starting the Management Console for the fist time it wil ask for a location to save the configuration files, use the share we created before.
example: \\vDroneDC\UEMConfiguration
Except the default configuration and your done for now installing UEM.
This guide is a work in progress, either for myself to archive knowledge and to share with other people who are installing UEM for the first time.