VMware UEM series part 2: Group policy and agent

VMware recently acquired Immidio and renamed it VMware UEM, they now have an Enterprise ready UEM solution in their portfolio. As I noted at conferences many people still are not familiar with these kind of UEM solutions. In this blog series I will take you along the path you need to take to implement VMware UEM and regain control of your user environment.
In my previous blog I showed you how to setup the management console and configure the shares on the file servers. This bog will show you how to configure the group policies and setup the agent in the golden image.


VMware UEM uses an engine to manage the user environment, this engine can be called from group policies or from a logon script. The best option is to use the group policy extension to run the engine, you are early in the process for managing the user environment. 
To start the engine in time you need to install it in the golden image, let’s show how that’s done. There not much to it so the first four screen are next, I chose custom installation because I wanted to show the installation options.

The installation gives the option to install several option, actually you only need the UEM FlexEngine on the golden image but if you also want to offer self support to your users you need to install that also.
There are three option to pick here;
  • Application migration
  • Self support
  • Management console
  • Let’s start with the last one, you don’t need the management console in any golden image. The management console is installed on a management server/desktop.
  • Self Support offers the user the option to get back user settings from a backup so that they never loose settings and don’t have to bother a service desk if they do. Backups need to be configured to be available though.
  • Application migration is roaming user and application settings across different operating platforms if the settings are in the same location. This makes roaming between a Windows 7, 8 2012 and 10 easy

After the options you pick the license file and you’re done.

The last screen here is the installation button that start the installation. It takes a few minutes to get installed. now you have the management console and share ready, the agent is installed. All that is left now is making sure the engine is called during logon, that done through a GPO.

Group policies

In my previous blog I wrote about the ADMX files that need to be copied, now we start configuring a new GPO for UEM. Of course there is nothing holding you back adding the configuration into an existing GPO, but I like to keep things clear and created a new GPO.

So we have a domain and I created a VDI OU and started a new GPO there. The VDI desktops are living in that specific OU and I set a block of all GPO’s on the OU to prevent GPO settings from the rest of the domain tampering with my VDI desktops.

So once you opened the GPO related to VMware UEM you see the following settings. There are a few settings you need to set and several optional ones. I configured the UEM GPO with a loopback to make sure the user settings are deployed when the user logs on to the VDI desktop. 

What you need to configure is the path to the engine and the paths to the configuration, user archive and user backup share. Also set the setting to run the Flexengine as a Group Policy Extension.

Once this is all setup you are ready to test your UEM environment. Deploy your VDI desktop and watch the icons on the desktop. VMware UEM will show all applications shortcuts on your desktop if the application executable is found on the system. If it is not, it will not.

Also if you happen to use App Volumes in combination with UEM you have to mind that any application you add with App Volumes has to be made available through UEM.  But that might be a great new blog.

Hope this helps you get comfortable with VMware UEM, next blog is about configuring UEM. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.