Guide: Installing VMware UEM 8.7.0

UEM

With this guide i will show you how to install VMware User Environment Manager 8.7.0

Requirements

The great thing about VMware UEM is that there are just a minimal set of requirements to get it up and running. The following requirements are:

  • Configuration share
  • User share
  • License file
  • Active Directory
  • Group Policy

You need a functional domain to manage the policies and a location to create the shares, either on the DC or a fileserver.
In this guide i use the domain “vDrone.net” and “vDroneDC” as domain controller.
Be in mind that this is a lab name and you need to implement this with your own DC related information. And share names can be whatever you want them to be.

Configuration Share

The configuration share is the share where VMware UEM  stores the configuration you setup in the management console. You need to create a share called UEMConfiguration.

Setting up the share:
Example Name: \\vDroneDC\UEMConfiguration

The share permissions have to be set to:

  • Administrator: Change
  • User: Read

NTFS permissions have to be set to:

  • Administrators: Full Control
  • User: Read&Execute

User Share

The user share is the place where the user profile related settings are stored, Its a unique folder for each user similar to the roaming profile folder you’re used to. Create share with the name UEMProfileData.

Setting up the share:
Example Name: \\vDroneDC\UEMProfileData

The share permissions have to be set to:

  • User: Change

The NTFS permissions have to be set to:

  • Administrators: Full Control : This folder, subfolders and files
  • User: Read&Execute, Create&append data : This folder only
  • Creator owner: Full control : Subfolders and files only

Screen Shot 2015-11-25 at 08.49.10

Group policies

For group policies to work you need to make sure the correct files are there, there are a couple of files that we need here. The are found in the download of VMware UEM in the folder “VMware-UEM-8.7.0\Administrative Templates (ADMX)”

  • VMware UEM Flexengine.admx
  • VMware UEM helpdesk support tool.admx
  • VMware UEM Administrator console.admx
  • VMware UEM Sync tool Computer.admx
  • VMware UEM Sync tool User.admx
  • VMware UEM.admx

Copy these and the ADML files in the folder EN-US to the PolicyDefinitions folder on the domain controller.

Example: “\\vdrone.net\SYSVOL\vdrone.net\Policies\PolicyDefinitions”

After importing you need to set a few policies in place.
First create a new GPO on the OU where the UEM user will reside in. This can also be on a group of computers but then you need to enable to “Loopback Processing” policy.

First browse to: User Configuration | Policies | Administrative Templates | VMware UEM | FlexEngine

 

GPO Status Setting
Flex Config Files Enabled \\vDroneDC\UEMConfiguration\general
Run FlexEngine as a Group Policy Extension Enabled
FlexEngine Logging Enabled \\vDroneDC\uemprofiledata\%username%\logs\flexexgine.log
Profile Archive Backups Enabled \\vDroneDC\uemprofiledata\%username%\backups
Profile Archives Enabled \\vDroneDC\uemprofiledata\%username%\archives

These are the user configuration settings that are required for VMware UEM.  There are a few other general GPO settings that needs to be applied before you are done.

Set Logoff Script: You will need to set a logoff script to ensure that all user settings are written to the share at logoff.

Browse to “User Configuration | Polices | Windows Settings | Scripts (Logon/Logoff)”, change the “Logoff” setting.

Script Name:  C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe
Script Parameters:  -s

Always wait for the network at computer startup and logon – This setting ensures that the VMware UEM GPO settings will apply when the user logs into the system.

Browse to: Computer Configuration | Administrative Templates | System | Logon and Enable Always wait for the network at computer startup and logon

User Group Policy loopback processing mode (only required when OU has computers instead of users)

Browse to: Computer Configuration | Administrative Templates | System | Group Policy

Select User Group Policy loopback processing mode, Enabled it and choose Merge option.

If you AD is missing these settings you will need to install and ADMX add-on for Windows desktops. Download Windows8.1-Update-ADMX.msi and install this on your domain controller.

Setup the Management Console.

The setup is really straight forward. Let’s walk through it.
 12
34

The only interesting option during the installation is the selection of the management console in the setup. Just wanted to show you this before we head on to the finish.

The VMware UEM FlexEngine component is needed on all windows device which you want to manage. This can also be deployed with SCCM or via login script. For Virtual Desktops this can be installed within the Gold Image / Blueprint. The Management Console is only required on the system from where you want to manage you UEM settings.

 custom

Select the license file and click on install, and within a few minutes VMware UEM management console is installed. The license file can be acquired via your VMware license portal when you download your copy of UEM.

When starting the Management Console for the fist time it wil ask for a location to save the configuration files, use the share we created before.

example: \\vDroneDC\UEMConfiguration

Except the default configuration and your done for now installing UEM.

This guide is a work in progress, either for myself to archive knowledge and to share with other people who are installing UEM for the first time.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.