Most Popular Posts

Thursday, 15 November 2012

Microsoft UE-V Setup & Configuration

This blogpost aims to cover step by step the setup and configuration of UE-V to a basic level.Lets get started...

First of all you have to have Software Assurance as UE-V comes as part of MDOP (Microsoft Desktop Optimisation Pack) if you don't have SA then UE-V is just one of the many reasons you need it.

Secondly I will run through the components of UE-V to bring you up to speed:

UE-V is comprised of 4 components
  • Settings Store - Where the agent stores the application settings
  • UE-V Agent - the Agent itself
  • Settings location Template- Files that define what will be synced on a per app basis (One template per app)
  • UE-V Generator - used to capture application settings to create an XML based template the UE-V Agent can read
On with the guide....

1) In a suitable location (preferably a DFS Namespace) create 2 folders called "SettingsStoreShare" & "SettingsTemplateCatalog" we will discuss permissions on these folders in a moment

2) Create an Active Directory Group that will contain users we wish to have UE-V for the purpose of this post that group will be called "Corp.Sys.UevUsers" but you may call it whatever fits your naming standards

3) Now share permissions on the 2 folders:

SettingsStoreShare
Share Name - SettingsStoreShare$
Share Permissions - Corp.Sys.UevUsers (Full Control)
NTFS Permissions - Corp.Sys.UevUsers (List Folder/Read Data & Create Folders / append data)

SettingsTemplateCatalog
Share Name - SettingsTemplateCatalog$
Share Permissions - Domain Computers (Full Control)
NTFS Permissions - Domain Computers (Read Access) & Domain Admins (Full Control)

4) Take your UE-V admx file and place it in your central store,which should be located at \\FQDN\Sysvol\FQDN\Policies\PolicyDefinitions and place the adml file in the same location but one folder deeper \\FQDN\Sysvol\FQDN\Policies\PolicyDefinitions\en-us

5) Before we create our group policy object, know that it contains both user and computer settings and in my case is linked to an OU that is above both my Windows workstations and my Users so will apply the settings to both. If your Active Directory is not structured as such I recommend creating 2 policies here.

Open the Group policy management console and create a group policy Object, then browse to Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft User Experience Virtualization
Now change the policy as shown in the picture


Still in the policy browse to User Configuration\Policies\Administrative Templates\Windows Components\Microsoft User Experience Virtualization
Now change the policy as shown in the picture


You will notice the Applications node, for now just enable Notepad/Wordpad within this node for testing purposes.

UE-V relies entirely on Microsoft's Offline Files Services so we also need to set a policy up to ensure this is switched on. I have enabled this policy within my UE-V GPO but you may already have it set somewhere so I will leave it up to you to decide how best to do this. The offline files setting we need to enable is located here:
Computer Configuration\Policies\Administrative Templates\Network\Offline Files\Allow Or Disallow The Use Of The Offline Files Feature.  This should be set to "Enabled"

6) Next we need to create a WMI filter to apply to this policy, this filter will ensure that only Windows 7 or Windows 8 devices can apply the policy

Within Group Policy management console, right click on the WMI filters node and select New. Give it a name like Windows 7&8 and add the following WMI query:

Select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" OR Version like "6.2%" AND ProductType="1"

Save this filter.

ProductType="1" ensures that we only apply this Policy to workstations and NOT Servers!

7) Now open he group policy objects node and select  your new WMI filter as shown:


8) Now to add some filtering for the users, we only want users in our Corp.Sys.UevUsers group to apply this policy so still within Group Policy objects click "Delegation" and then advanced. Add the group and give it the permissions Read & Apply Group Policy as shown


Now link your policy to a suitable OU.

9) Next you have to install the UE-V agent and drop users in to the Corp.Sys.UevUsers group. There are many ways to install the agent (Group policy, Manual, Config Manager) so I will leave that up to you. 

10) Once you have installed the agent and have a suitable user account to test with log onto a machine make a few changes in wordpad, lock your pc or log off and check the SettingsStoreShare, you should see that it now has a (hidden) folder created within. If not use Gpresult.exe to track down the cause, most likely the policy is not applying.

11) Now logon to a second machine and verify the wordpad settings have "roamed"

That's all for the basic setup, below I will run through a few tips:
  • If you are installing the UE-V Agent in a VDI environemtn then you will need to enable the "Do Not Use Offline Files" policy setting and install the agent with the "SyncMethod=None" parameter.
  • New templates are applied every 24 hours by default but can be forced with the ApplySettingsTemplate.exe from the agent installation path
  • You can rollback settings for individual applications (back to their original state) using Powershell see below for rolling back wordpads settings for example
Import-Module UEV
Restore-UevUserSetting -Application Wordpad

Cheers
Wayne

No comments:

Post a Comment