VMware Dynamic Environment manager

 
Navigation
As of version 9.9, User Environment Manager (UEM) was renamed to Dynamic Environment
Manager (DEM).
This post applies to all Dynamic Environment Manager (aka User Environment Manager)
versions including DEM 2009 (aka 10.1), and DEM 9.9 (ESB).

 Change Log
 Upgrade
 Installation Prerequisites
 Mandatory Profile
 DEM Console Installation
 Configure Dynamic Environment Manager
 Horizon Smart Policies
 Application Blocking
 Privilege Elevation
 Computer Settings
Personalization and DEM Templates
Additional DEM Configuration
DEM Application Profiler
DEM Support Tool
💡 = Recently Updated
Change Log

 2020 Oct 18 – DEM 2009 new features

 2020 Oct 17 – updated install instructions for DEM 2009 (aka 10.1)
 2020 Aug 15 – updated install instructions for DEM 2006 (aka 10.0)
 New Computer Settings section.
2020 May 11 – Configure DEM – added link to Bulk convert existing shortcuts to Dynamic
Environment Manager – Ivan de Mes
2020 Mar 18 – updated install instructions for DEM 9.11
2019 Dec 14 – updated install instructions for DEM 9.10
2019 Sep 26 – Mandatory profile – added Allow deployment operations in special
profiles (source = Chris Koch in the comments).
2019 Sep 18 – updated install instructions for DEM 9.9
 Renamed UEM to DEM – replaced most screenshots
2019 Jul 4 – Horizon Smart Policies – added info from VMware User Environment
Management 9.8 Feature Walk-Through at YouTube
2019 Jul 3 – updated install instructions for UEM 9.8
2019 Mar 16 – updated install instructions for UEM 9.7
2019 Mar 8 – updated install instructions for UEM 9.4.1 (ESB)
2018 Dec 15 – updated install instructions for UEM 9.6
2018 Sep 10 – Personalization – Download Config Templates from Console Ribbon
2018 Sep 9 – updated install instructions for UEM 9.5
2018 July 30 – Mandatory Profile – added link to VMware TechZone Creating an Optimized
Windows Image for a VMware Horizon Virtual Desktop, and MadeByIpop in
the Comments details how to generalize the Shell Folders in the Mandatory profile
2018 May 31- Personalization – added Windows 10 Start Menu – Windows 10 1703 and
higher
2018 May 31 – Privilege Elevation – added YouTube video VMware User Environment
Manager 9.4 Argument Based Privilege Elevation Feature Walk-through.
2018 May 29 – updated install instructions for UEM 9.4
2018 Apr 2 – in Installation Prerequisites section, added link to VMware’s Quick-Start Tutorial
for User Environment Manager.
2018 Apr 1 – in Additional UEM Config section, added link to Ivan de Mes Export/Import File
Type Associations (FTA) successfully using UEM
2018 Mar 22 – in Configure UEM section, added link to Nigel Hickey Leveraging VMware
UEM to reduce Microsoft GPO usage
2018 Jan 7 – in Configure UEM section, added configuration of Outlook OST on App Volumes
writable volume.
2018 Jan 6 – updated install instructions for UEM 9.3

Upgrade
If you are performing a new installation, skip to the Installation Prerequisites section.
When upgrading an existing installation of DEM or UEM, upgrade the FlexEngine on the
Horizon Agents first.
From UEM Upgrade 8.7 to 9.2.1 at VMware Communities: The newest FlexEngine (v9.2.1) can
still interpret the INI files from v8.7. After your clients (FlexEngine) have been upgraded, you
can upgrade the management console, which allow for new options, like elevated privileges and
others, which (when enabled) can now be correctly interpreted by the upgraded clients
(FlexEngine). After that update the ADMX files.
Installation Prerequisites
Before performing the procedures detailed on this page, make sure you’ve create the DEM File
Shares, imported the DEM GPO ADMX templates, created the GPOs for
Horizon, and configured the Horizon GPOs for Dynamic Environment Manager.

 
VMware Tech Zone Antivirus Considerations in a VMware Horizon Environment: exclusions
for Horizon View, App Volumes, User Environment Manager, ThinApp
VMware Workspace Tech Zone has an excellent Quick-Start Tutorial for User Environment
Manager. It’s around 130 printed pages.
Mandatory Profile
At user logon, DEM restores profile archives on top of a Windows profile, which is typically a
local profile, or a mandatory profile.

 GO-EUC performance testing indicates that Mandatory profiles on Windows 10 don’t

perform as well as Local profiles.

If your Horizon Agent machines are single-user, non-persistent that reboot at logoff, then local
profiles are essentially the same as mandatory.
If your Horizon Agent machines are multi-user machines (e.g. RDSH) that don’t reboot every
day, then you might need a process to delete local profiles when the user logs off. Here are some
options:

 Schedule a delprof2.exe script that runs daily.

 Configure mandatory profiles, which are automatically deleted a logoff.
 A more advanced option is to add users to the local Guests group, which causes their profile
to be deleted at logoff.
If you choose Mandatory profile, then here are some mandatory profile creation instructions:

 VMware TechZone Creating an Optimized Windows Image for a VMware Horizon Virtual

Desktop – includes instructions to create a mandatory profile on Windows 10.
 James Rankin Creating a mandatory profile on Windows 10 1803
 VMware Blog Post VMware User Environment Manager, Part 1: Easier, Faster Windows
Logins with Mandatory Profiles
 Microsoft’s Create mandatory user profiles in Windows 10
 MadeByIpop in the Comments details how to generalize the Shell Folders in the Mandatory
profile.
 You might have to enable the App Package Deployment GPO setting Allow deployment
operations in special profiles, which is located at Computer Configuration | Policies |
Administrative Templates | Windows Components | App Package Deployment.
 
 

DEM Console Installation

As of version 9.9, User Environment Manager (UEM) was renamed to Dynamic Environment
Manager (DEM).
In Horizon 2006 (aka 8.0), DEM is available in all editions of Horizon. There are two editions of
DEM, each with different downloads and different DEM capabilities.

 Horizon 2006 Enterprise Edition and Horizon 7.13 Enterprise Edition are entitled to DEM
Enterprise Edition, which has all features.
 Horizon 2006 Standard Edition and Horizon 2006 Advanced Edition are entitled to DEM
Standard Edition, which is limited primarily to Personalization features. If you are using
FSLogix Profile Containers, then you don’t need DEM Standard Edition.
In Horizon 7, DEM is only available for Horizon Enterprise Edition customers. Horizon 7
Enterprise Edition customers can download DEM 2009 Enterprise Edition.
1. Download Dynamic Environment Manager 2009 Enterprise Edition, Dynamic Environment
Manager 2009 Standard Edition, Dynamic Environment Manager 9.9.0 (ESB).

2. If upgrading, don’t upgrade the DEM Console until all of your DEM Agents have been
upgraded.
3. On your administrator machine, run the downloaded VMware Dynamic Environment
Manager 10.1 x64.msi, or VMware Dynamic Environment Manager 9.9 x64.msi.
4. In the Welcome to the VMware Dynamic Environment Manager Enterprise Setup
Wizard page, click Next.

5. In the End-User License Agreement page, check the box next to I accept the terms and
click Next.
6. In the Destination Folder page, click Next.

7. In the Choose Setup Type page, click Custom.

8. In the Custom Setup page, change the selections so that only the console is selected and then
click Next.

9. In the Ready to install VMware Dynamic Environment Manager Enterprise page,

click Install.
10. In the Completed the VMware Dynamic Environment Manager Enterprise Setup
Wizard page, click Finish.

Configure Dynamic Environment Manager

Here is a summary of the major Dynamic Environment Manager functionality:

 Personalization (aka import/export user settings) – saves application and Windows settings

to a file share. This is the roaming profiles functionality of Dynamic Environment Manager.
You configure folders and registry keys that need to be saved. The import/export can
happen at logon/logoff or during application launch/exit.
 Pre-configure application settings – configures files and registry keys for specific
applications so users don’t have to do it themselves. Some examples: disable splash
screen, default folder save location, database server name, etc.
 Self–support tool – users can use this tool to restore their application settings.
 DEM Standard Edition supports all Personalization features.

User Environment – configures Windows settings like drive mappings, Explorer settings,
printer mappings, etc. This is similar to group policy but offers significantly more options
for conditional filtering. Dynamic Environment Manager can configure any registry setting
defined in an ADMX file.
 DEM Standard Edition only has a limited set of User Environment settings (e.g. drive
mappings). Most User Environment features require DEM Enterprise Edition.
  Most settings in DEM are only for users, not computers. DEM 2006 (aka 10.0) and
newer support ADMX templates for Computer Settings. In older DEM, use Group Policy
to configure Computer Settings.
 Best practice is to not mix Dynamic Environment Manager and user group policy. Pick
one tool. If the same setting is configured in both locations then group policy will win.
 UEM 9.6 and newer support Windows Server 2019 as an Operating System condition.
Horizon Smart Policies – Use Horizon Conditions (e.g. client IP) to control device mappings
(e.g. client printing) and PCoIP/Blast Bandwidth Profile.
Privilege Elevation (UEM 9.2 and newer)  – allow apps to run as administrator even though
user is not an administrator. Installers can also be elevated.

Initial Configuration (Easy Start)

To perform an initial configuration of Dynamic Environment Manager, do the following:

1. Launch the DEM Management Console from the Start Menu.

2. Enter the path to the DEMConfig share, and click OK.

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3.These Settings checkboxes define what is displayed in the management console. Leave it
set to the defaults, and click OK.

3.
4. In the Personalization ribbon, on the far right, click Easy Start.
5. Select your version of Office, and click OK. Office 2019 and Office 2016 are essentially
the same.

6. Click OK when prompted that configuration items have been successfully installed.

7. Review the pre-configured settings to make sure they are acceptable. For example, on the
ribbon named User Environment, under Shortcuts, Dynamic Environment Manager
might create a Wordpad shortcut that says (created by VMware UEM). You can
 either Disable this item, or delete it.

 Bulk convert existing shortcuts to Dynamic Environment Manager – Ivan de Mes

8. Go to the ribbon name User Environment. On the left, expand Windows Settings and
click Policy Settings. On the right, if there is a setting to Remove Common Program
 Groups, then click Edit.

1. Consider adding a condition so it doesn’t apply to administrators.

Common Configurations

1. To roam the Start Menu in Windows 10 1703 and newer, see VMware 2150422 How to
roam Windows 10 Start Menu layout.
1. Go to the ribbon named Personalization, click a folder, and click Create Config File.

2. Select Use a Windows Common Setting and click Next.

3. Select Windows 10 Start Menu – Windows 10 Version 1703 and higher. This option is

only available in newer versions of DEM. It should work with Windows Server 2019,
 but it doesn’t apply to Windows Server 2016, which is actually version 1607.

4. Enter a file name. DEM will create a .zip file for each user with this name.
Click Finish when done.
2. You can run Triggered Tasks when a session is reconnected, or workstation is unlocked.
This is useful for re-evaluating Smart Policies, as detailed below.
  UEM 9.4 and newer have a new Trigger for All AppStacks Attached.

2. UEM 9.3 and newer have a setting to store Outlook OST file on App Volumes writable
volumes. Go to the ribbon named User Environment. Right-click App Volumes and create
a setting. Check the box next to Store Offline Outlook Data File (.ost) on writable
volume. Configure other fields as desired. Note: this setting only applies to new Outlook
profiles. More info in the YouTube video VMware User Environment Manager Outlook
 OST on App Volumes User Writable Volume Feature Walkthrough.

 Nigel Hickey Leveraging VMware UEM to reduce Microsoft GPO usage: Configure

ADMX settings in UEM.
 VMware 2151201 Windows 10 1703 Start Menu causes the COM Surrogate process to use
100% CPU in UEM with DirectFlex enabled – add dllhost.exe to the DirectFlex blacklist

Horizon Smart Policies

Horizon Smart Policies let you control (e.g. disable) Horizon functionality for external users or
other conditions.

1. In UEM 9.0 and newer, go to User Environment > Horizon Smart Policies, and create a
policy.
2. DEM 9.11 has an expanded list of settings configurable using Smart Policies.
3. UEM 9.8 adds several new Smart Policy Settings, including Drag and drop. See VMware
User Environment Management 9.8 Feature Walk-Through at YouTube.

4. On the Conditions tab, you can use any of the available conditions, including the Horizon
Client Property conditions. Note: UEM 9.2 has more conditions (e.g. Active Directory Site
Name) than prior versions.
 To detect external users, select Horizon Client Property > Client Location = External.
UAG and Security Server set the session’s location to External.

 
 
 
5. You can also enter a Horizon Client Property condition that corresponds to
the ViewClient_ registry keys. In the Property field, type in a property name
(remove ViewClient_ from the property name). See VMware Blog Post Enhancing Your
VMware Horizon 7 Implementation with Smart Policies. And the 28-page
PDF Reviewer’s Guide for View in Horizon 7: Smart Policies, VMware Horizon 7.
6. UEM 9.1 and newer has Endpoint Platform as a policy condition. Create a Policy, go to
the Conditions tab, and select the Endpoint Platform condition. UEM 9.8 adds Chrome to
 the Platform list.

7. UEM 9.8 adds Matches Regex to some of the conditions (e.g. Endpoint name and Horizon
Client Property > Pool name).
8. To reapply Horizon Policies when users reconnect to an existing session, go to User
Environment > Triggered Tasks, and click Create. Or you can edit one of the
existing Triggered Tasks settings.

1. Change the Trigger to Session Reconnected.

 2. Change the Action to User Environment refresh. Select Horizon Smart Policies, and
click Save.

Application Blocking
1. UEM 9.0 adds an Application Blocking feature. To enable it, go to User Environment >
Application Blocking, and click the Global Configuration button.

2. Check the box to Enable Application Blocking. Specify Conditions where, if true, then
App Blocking is enabled. These are the same conditions available in other policies and
settings. Click OK.
3. Then you can create an Application Blocking setting to designate the folders that users can
run executables from, or what file hashes are allowed.

4. You can add folders that allow or block apps. Any executable in these paths will be allowed
or blocked. By default, executables in Windows and Program Files (including x86) are
 allowed.

5. UEM 9.1 and newer allows File Hashes in addition to File Paths. Set the Type to Hash-
based, click Add, browse to an executable, UEM will compute the hash, and add it to the
 list.

6. UEM 9.2 and newer supports Publisher-based allow. Set the Type to Publisher-based,

click Add, browse to an executable, UEM will read the certificate, and add it to the list.
Note: A challenge with hash-bashed and publisher-based rules is that the policy might have
 to be updated whenever the app is updated.

Privilege Elevation

1. UEM 9.2 adds a Privilege Elevation feature, which allows executables to run as

administrator even if users are not administrators. To enable it, go to User Environment >
 Privilege Elevation, and click the Global Configuration button.

2. Check the box to Enable Privilege Elevation. Specify Conditions where, if true, then
Privilege Elevation is enabled. These are the same conditions available in other policies and
settings.
3. If you allow installers to be elevated, elevate the installer’s child processes too, check the
box. This checkbox only applies to installers. Child processes of elevated applications is
enabled when creating a Privilege Elevation configuration setting.
4. When an application is elevated, the user can be asked to allow it. This prompt is intended to
inform the user that the application has more permissions than it should, and thus be careful
 with this application. Click OK.

5. Then you can create a Privilege Elevation setting to designate the applications that should
be elevated. The applications can be specified by a path, a hash, or a publisher certificate.
 These are essentially the same options as Application Blocking.

6. Path-based user-installed application lets you elevate installers. The other three options
elevate applications, but not installers.
7. The child processes checkbox applies to applications.

8. UEM 9.4 adds Argument-based elevated application, which lets you elevate specific
scripts and/or Control Panel applets. For details, see the YouTube video VMware User
 Environment Manager 9.4 Argument Based Privilege Elevation Feature Walk-through.

9. DEM Group Policy settings can be enabled to log both Application Blocking and Privilege
Elevation to Event Viewer

Computer Settings
DEM Enterprise Edition 2006 and newer can deploy computer-based ADMX settings.
DEM 2006 and newer Agents (FlexEngines) must be configured in the registry to enable
computer settings. Group Policy Preferences can push these registry keys to the Horizon Agent
machines. Or you can manually modify the registry in your master images. For the list of registry
values, see FlexEngine Configuration for Computer Environment Settings at VMware Docs.
Domain Computers must have Read permission to the DEM Config file share.
1. In the DEM Management Console, at the right side of any ribbon, click Configure.

2. At the bottom of the General tab, check the box next to Computer Environment.

3. A new Computer Environment ribbon is added. DEM 2009 and newer have Startup
Tasks and Shutdown Tasks.

4. With ADMX-based Settings highlighted on the left, click Manage Templates in the

ribbon.
5. At the bottom of the window, click Add Folder.

6. If you have PolicyDefinitions in your SYSVOL, then browse to that. Or you can point it
to C:\Windows\PolicyDefinitions. Click OK.
7. Click OK after import is successful. DEM copied the .admx files into the DEM Config
share. You can run this again any time to update templates.

8. With ADMX-based Settings selected on the left, click Create in the ribbon.

9. At the bottom, click Select Categories.
10. Select a category where your setting is located and click OK.

11. At the top of the window click Edit Policies.

12. Only the settings for your chosen categories are shown. Configure these settings the same
way you would configure them in group policy. Then close the window.

13. DEM shows the configured settings.

14. On the Conditions tab, you can add conditions. Obviously the user-based conditions will
not be available for computer-based settings.

Personalization and DEM Templates

VMware has provided a list of Personalization Templates to simplify your configuration.
1. To save user settings at logoff and restore at logon, you must specify the settings to save.
Easy Start created a bunch of configurations on the Personalization ribbon. Note: DEM
9.11 adds a Find box to this ribbon.

2. You can see what settings these save. On the tab named Import / Export, on the top right,
click Manage, and then click Expand.
1. Click Yes to expand it.
 1. After reviewing the config, click a different Personalization setting, and then click No to
not save your changes.

3. To save more profile settings at logoff, on the ribbon named Personalization, select a folder
(or create a new folder), and then click Create Config File.

4. A wizard appears. You can use one of the built-in Windows Common

Setting or Application Templates. Or you can create your own.
 DEM 9.10 and newer have a Windows Common Setting named Default applications –
File type associations and protocols. For details, see Ivan de Mes at Managing File
Type Associations (FTA) natively using Dynamic Environment Manager. 💡

 Also enable the GPO setting Do not show the ‘new application installed’
notification at Computer Configuration > Policies > Administrative Templates
 > Windows Components > File Explorer.

UEM 9.4 and newer have a Windows Common Setting for Windows 10 Start Menu –
Windows 10 1703 and higher

2. In UEM 9.5 and newer, the DEM Console has a button in the ribbon to Download Config
Templates. You will need a My VMware account to access it. See Ivan de Mes VMware
 UEM 9.5 introduces the VMware Marketplace for templates.

3. The Browse button on top lets you choose where in the tree you want to save the new
Config File.
4. DEM 9.11 and newer have a Find box.

5. For older versions of UEM, download a template, and import it.

1. In the DEM Console, on the Personalization tab, click the Configure button to locate
your DEM Configuration file share.

2. Extract the downloaded templates to the General\Applications folder in the DEM

Config Share.
 3. The downloaded template should then show up in the Personalization tab under
the Applications folder. If you don’t see it, click the Refresh Tree icon.

2. DirectFlex – to speed up logins, enable DirectFlex whenever possible. Instead of restoring

the files during logon and thus delaying the login, DirectFlex restores the settings on-
demand when the user launches the application. DirectFlex can be enabled on most
application configurations. However, Windows settings (e.g. Start Menu) should be loaded
 during login rather than on-demand after login.

Additional DEM Configuration

 VMware Blog Post VMware User Environment Manager, Part 2: Complementing

Mandatory Profiles with VMware User Environment Manager details the following:
 Personalization Settings (what settings are roamed)
 Predefined App Settings
 User Environment Settings (shortcuts, drive mappings, and so on)
Active Directory Attribute References – DEM 2009 and newer support Active Directory
Attribute References like %{AD$extensionAttribute8}%\%username%\Archives.
See VMware Communities.
ViewClient Property References – DEM 2009 and newer support ViewClient Property
References in the %{ViewClient_propertyName}% format. See VMware Communities.
BGInfo – VMware Communities has a configuration guide for BGInfo using User Environment
Manager.
File Type Associations –  Ivan de Mes Export/Import File Type Associations (FTA)
successfully using UEM uses GetUserFTA.exe and SetUserFTA.exe to backup and save
 file type associations at logoff and logon.

Start Menu – Customize Windows 10 Start Menu Layout via UEM and App Volumes.
Cookies – VMware 2146418 UEM settings in a mixed environment with Windows 7 and
Windows 10 cookies do not transfer. You will need to create a new custom configuration for
cookies for Windows 10. On Import/Export tab add the following:

Predefined settings – Fabian Lenz has a series of articles on Predefined settings in UEM:
 Predefined settings (Basic concepts) explains the four types of Predefined Settings.
  Predefined settings – Deep how-to (Internet Explorer) explains how to use Application
Profiler, or a regular user DEM profile archive, to create Predefined Settings.

 Predefined settings – Dynamic Placeholder explains how to use environment variables in

Predefined Settings.

ThinApp – To integrate ThinApp with UEM, configure DEM to save the application’s setting
(e.g. AppData, HKCU registry key). You can use Application Profiler to identify these
settings locations. Then configure ThinApp with Merged Isolation Mode for those locations.
Also enable DirectFlex.
 Run Once – VMware 2146336 Run Once option behave differently in combination with a
Local User Profile: The Run Once option for DEM configurations, such as shortcuts, has no
effect when a Local User Profile is used. As a result, the UEM configuration runs at each
login. To workaround, set the RunOnceSpecial attribute in DEM XML configuration files.
User Environment Manager 8.7 and newer has a UEMResult feature that lets you see what
settings were applied to the user. The .xml file is only updated at logoff. To enable for a
particular user, go to the user’s Logs folder and create a folder named UEMResult. At logoff,
DEM will put an .xml file in this folder. More information at VMware Docs.

From VMware 2113514 Enabling debug logging for a single user in VMware User Environment
Manager: To configure FlexEngine to log at debug level for a single user, create an empty
FlexDebug.txt file in the same folder as the standard log file for this user. This triggers
FlexEngine to switch to debug logging for this particular user.
DEM Application Profiler
This tool cannot be installed on a machine that has FlexEngine (aka DEM Agent) installed:
1. .NET Framework 3.5 is required.
2. In the Dynamic Environment Manager files, in the Optional Components folder,
run VMware DEM Application Profiler 9.9 x64.msi or VMware UEM Application
Profiler 9.4 x64.msi (ESB).
3. In the Welcome to the VMware DEM Application Profiler Setup Wizard page, click Next.

4. In the End-User License Agreement page, check the box next to I accept the terms and
click Next.
5. In the Custom Setup page, click Next.

6. In the Ready to install VMware DEM Application Profiler page, click Install.

7. In the Completed the VMware DEM Application Profiler Setup Wizard page, click Finish.

You may now use the tool to determine where applications store their settings and export a
default application configuration that can be pushed out using Dynamic Environment Manager.

 See VMware Docs for details.

 vDelboy VMware User Environment Manager Application Profiler has an overview of the
process.
 VMware Blog Post VMware User Environment Manager and Application Profile
Settings details how to use Application Profiler to determine where Chrome settings are
stored and upload that configuration to User Environment Manager.

DEM Support Tool

vDelboy – VMware UEM Helpdesk Support Tool
Do the following to configure the environment for the support tool:
1. In the Dynamic Environment Manager Console, click the star icon on the top left, and
click Configure Helpdesk Support Tool.

2. Click Add.

3. In the Profile archive path field, enter the user folder share (the same one configured in
Dynamic Environment Manager GPO). At the end of the path, enter \[UserFolder]\
Archives.
4. Check the other two boxes. The paths should be filled in automatically. Make sure they
match what you configured in the Dynamic Environment Manager group policy object.
 Click OK.

5. Click Save.

6. VMware recommends creating a new GPO for the Support Tool. This GPO should apply

only to the support personnel.

7. On the Scope tab, change the filtering so it applies to DEM Support and DEM Admins. If
this GPO applies to machines with group policy loopback processing enabled, then also
add Domain Computers.
8. Edit the GPO.

9. Go to User Configuration | Policies | Administrative Templates | VMware UEM |

Helpdesk Support Tool.
10. Double-click the setting DEM configuration share.

11. Enable the setting, and enter the path to the DEMConfig share. Click OK.
12. Consider enabling the remaining GPO settings. Read the Explain text or refer to the
documentation.

Do the following to install the support tool.

1. .NET Framework 3.5 is required.

2. Some support tool functions require the FlexEngine (aka DEM Agent) to be installed on the
help desk machine.
3. In the extracted Dynamic Environment Manager files is an Optional
Components folder. From inside that folder run VMware DEM Helpdesk Support Tool
9.9 x64.msi or VMware UEM Helpdesk Support Tool 9.4 x64.msi (ESB).
4. In the Welcome to the VMware DEM Helpdesk Support Tool Setup Wizard page, click Next.

5. In the End-User License Agreement page, check the box next to I accept the terms and
click Next.
6. In the Destination Folder page, click Next.

7. In the Ready to install VMware DEM Helpdesk Support Tool page, click Install.

8. In the Completed the VMware DEM Helpdesk Support Tool Setup Wizard page,
click Finish.

Once the Helpdesk Support Tool is installed, you can launch it from the Start Menu, search for
users, and then perform operations on the archives.
 
 
 
Skip to content
SATYA
Cloud Masters Training and Placements 
VMware Dynamic Environment Manager
Navigation
As of version 9.9, User Environment Manager (UEM) was renamed to Dynamic Environment Manager
(DEM).
This post applies to all Dynamic Environment Manager (aka User Environment Manager) versions including
DEM 2009 (aka 10.1), and DEM 9.9 (ESB).

 Change Log
 Upgrade
 Installation Prerequisites
 Mandatory Profile
 DEM Console Installation
 Configure Dynamic Environment Manager
 Horizon Smart Policies
 Application Blocking
 Privilege Elevation
 Computer Settings
Personalization and DEM Templates
Additional DEM Configuration
DEM Application Profiler
DEM Support Tool
💡 = Recently Updated
Change Log

 2020 Oct 18 – DEM 2009 new features

 2020 Oct 17 – updated install instructions for DEM 2009 (aka 10.1)
 2020 Aug 15 – updated install instructions for DEM 2006 (aka 10.0)
 New Computer Settings section.
2020 May 11 – Configure DEM – added link to Bulk convert existing shortcuts to Dynamic Environment
Manager – Ivan de Mes
2020 Mar 18 – updated install instructions for DEM 9.11
2019 Dec 14 – updated install instructions for DEM 9.10
2019 Sep 26 – Mandatory profile – added Allow deployment operations in special profiles (source = Chris
Koch in the comments).
2019 Sep 18 – updated install instructions for DEM 9.9
 Renamed UEM to DEM – replaced most screenshots
2019 Jul 4 – Horizon Smart Policies – added info from VMware User Environment Management 9.8 Feature
Walk-Through at YouTube
2019 Jul 3 – updated install instructions for UEM 9.8
2019 Mar 16 – updated install instructions for UEM 9.7
2019 Mar 8 – updated install instructions for UEM 9.4.1 (ESB)
2018 Dec 15 – updated install instructions for UEM 9.6
2018 Sep 10 – Personalization – Download Config Templates from Console Ribbon
2018 Sep 9 – updated install instructions for UEM 9.5
2018 July 30 – Mandatory Profile – added link to VMware TechZone Creating an Optimized Windows Image
for a VMware Horizon Virtual Desktop, and MadeByIpop in the Comments details how to generalize the
Shell Folders in the Mandatory profile
2018 May 31- Personalization – added Windows 10 Start Menu – Windows 10 1703 and higher
2018 May 31 – Privilege Elevation – added YouTube video VMware User Environment Manager 9.4
Argument Based Privilege Elevation Feature Walk-through.
2018 May 29 – updated install instructions for UEM 9.4
2018 Apr 2 – in Installation Prerequisites section, added link to VMware’s Quick-Start Tutorial for User
Environment Manager.
2018 Apr 1 – in Additional UEM Config section, added link to Ivan de Mes Export/Import File Type
Associations (FTA) successfully using UEM
2018 Mar 22 – in Configure UEM section, added link to Nigel Hickey Leveraging VMware UEM to reduce
Microsoft GPO usage
2018 Jan 7 – in Configure UEM section, added configuration of Outlook OST on App Volumes writable
volume.
2018 Jan 6 – updated install instructions for UEM 9.3

Upgrade
If you are performing a new installation, skip to the Installation Prerequisites section.
When upgrading an existing installation of DEM or UEM, upgrade the FlexEngine on the Horizon Agents
first.
From UEM Upgrade 8.7 to 9.2.1 at VMware Communities: The newest FlexEngine (v9.2.1) can still interpret
the INI files from v8.7. After your clients (FlexEngine) have been upgraded, you can upgrade the management
console, which allow for new options, like elevated privileges and others, which (when enabled) can now be
correctly interpreted by the upgraded clients (FlexEngine). After that update the ADMX files.
Installation Prerequisites
Before performing the procedures detailed on this page, make sure you’ve create the DEM File Shares,
imported the DEM GPO ADMX templates, created the GPOs for Horizon, and configured the Horizon GPOs
for Dynamic Environment Manager.

VMware Tech Zone Antivirus Considerations in a VMware Horizon Environment: exclusions for Horizon
View, App Volumes, User Environment Manager, ThinApp
VMware Workspace Tech Zone has an excellent Quick-Start Tutorial for User Environment Manager. It’s
around 130 printed pages.
Mandatory Profile
At user logon, DEM restores profile archives on top of a Windows profile, which is typically a local profile, or
a mandatory profile.

 GO-EUC performance testing indicates that Mandatory profiles on Windows 10 don’t perform as well as
Local profiles.

If your Horizon Agent machines are single-user, non-persistent that reboot at logoff, then local profiles are
essentially the same as mandatory.
If your Horizon Agent machines are multi-user machines (e.g. RDSH) that don’t reboot every day, then you
might need a process to delete local profiles when the user logs off. Here are some options:

 Schedule a delprof2.exe script that runs daily.

 Configure mandatory profiles, which are automatically deleted a logoff.
 A more advanced option is to add users to the local Guests group, which causes their profile to be deleted
at logoff.
If you choose Mandatory profile, then here are some mandatory profile creation instructions:

 VMware TechZone Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop –
includes instructions to create a mandatory profile on Windows 10.
 James Rankin Creating a mandatory profile on Windows 10 1803
 VMware Blog Post VMware User Environment Manager, Part 1: Easier, Faster Windows Logins with
Mandatory Profiles
 Microsoft’s Create mandatory user profiles in Windows 10
 MadeByIpop in the Comments details how to generalize the Shell Folders in the Mandatory profile.
 You might have to enable the App Package Deployment GPO setting Allow deployment operations in
special profiles, which is located at Computer Configuration | Policies | Administrative Templates
| Windows Components | App Package Deployment.

DEM Console Installation

As of version 9.9, User Environment Manager (UEM) was renamed to Dynamic Environment Manager
(DEM).
In Horizon 2006 (aka 8.0), DEM is available in all editions of Horizon. There are two editions of DEM, each
with different downloads and different DEM capabilities.

 Horizon 2006 Enterprise Edition and Horizon 7.13 Enterprise Edition are entitled to DEM Enterprise
Edition, which has all features.
 Horizon 2006 Standard Edition and Horizon 2006 Advanced Edition are entitled to DEM Standard
Edition, which is limited primarily to Personalization features. If you are using FSLogix Profile
Containers, then you don’t need DEM Standard Edition.
In Horizon 7, DEM is only available for Horizon Enterprise Edition customers. Horizon 7 Enterprise Edition
customers can download DEM 2009 Enterprise Edition.
1. Download Dynamic Environment Manager 2009 Enterprise Edition, Dynamic Environment Manager
2009 Standard Edition, Dynamic Environment Manager 9.9.0 (ESB).
2. If upgrading, don’t upgrade the DEM Console until all of your DEM Agents have been upgraded.
3. On your administrator machine, run the downloaded VMware Dynamic Environment Manager 10.1
x64.msi, or VMware Dynamic Environment Manager 9.9 x64.msi.
4. In the Welcome to the VMware Dynamic Environment Manager Enterprise Setup Wizard page,
click Next.

5. In the End-User License Agreement page, check the box next to I accept the terms and click Next.
6. In the Destination Folder page, click Next.

7. In the Choose Setup Type page, click Custom.

8. In the Custom Setup page, change the selections so that only the console is selected and then click Next.

9. In the Ready to install VMware Dynamic Environment Manager Enterprise page, click Install.

10. In the Completed the VMware Dynamic Environment Manager Enterprise Setup Wizard page,
click Finish.

Configure Dynamic Environment Manager

Here is a summary of the major Dynamic Environment Manager functionality:

 Personalization (aka import/export user settings) – saves application and Windows settings to a file
share. This is the roaming profiles functionality of Dynamic Environment Manager. You configure
folders and registry keys that need to be saved. The import/export can happen at logon/logoff or during
application launch/exit.
 Pre-configure application settings – configures files and registry keys for specific applications so
users don’t have to do it themselves. Some examples: disable splash screen, default folder save
location, database server name, etc.
 Self–support tool – users can use this tool to restore their application settings.
 DEM Standard Edition supports all Personalization features.
User Environment – configures Windows settings like drive mappings, Explorer settings, printer mappings,
etc. This is similar to group policy but offers significantly more options for conditional filtering. Dynamic
Environment Manager can configure any registry setting defined in an ADMX file.
 DEM Standard Edition only has a limited set of User Environment settings (e.g. drive mappings).
Most User Environment features require DEM Enterprise Edition.
 Most settings in DEM are only for users, not computers. DEM 2006 (aka 10.0) and newer support
ADMX templates for Computer Settings. In older DEM, use Group Policy to configure Computer
Settings.
 Best practice is to not mix Dynamic Environment Manager and user group policy. Pick one tool. If
the same setting is configured in both locations then group policy will win.
  UEM 9.6 and newer support Windows Server 2019 as an Operating System condition.
Horizon Smart Policies – Use Horizon Conditions (e.g. client IP) to control device mappings (e.g. client
printing) and PCoIP/Blast Bandwidth Profile.
Privilege Elevation (UEM 9.2 and newer)  – allow apps to run as administrator even though user is not an
administrator. Installers can also be elevated.

Links:

 YouTube video User Environment Manager 9.6 What’s New Overview

 Dynamic Environment Manager documentation can be found at VMware Docs.
 VMware User Environment Manager 9.2 Technical Deep Dive – VMware Blog Post
 VMware has posted several User Environment Manager videos at YouTube.
 Fabian Lenz Let’s troubleshoot User Environment Manager (#UEM) 9.X: How to avoid errors during the
installation

Initial Configuration (Easy Start)

To perform an initial configuration of Dynamic Environment Manager, do the following:

1. Launch the DEM Management Console from the Start Menu.

2. Enter the path to the DEMConfig share, and click OK.

3. These Settings checkboxes define what is displayed in the management console. Leave it set to the
defaults, and click OK.

4. In the Personalization ribbon, on the far right, click Easy Start.

5. Select your version of Office, and click OK. Office 2019 and Office 2016 are essentially the same.

6. Click OK when prompted that configuration items have been successfully installed.

7. Review the pre-configured settings to make sure they are acceptable. For example, on the ribbon
named User Environment, under Shortcuts, Dynamic Environment Manager might create a Wordpad
shortcut that says (created by VMware UEM). You can either Disable this item, or delete it.

 Bulk convert existing shortcuts to Dynamic Environment Manager – Ivan de Mes

Go to the ribbon name User Environment. On the left, expand Windows Settings and click Policy Settings.
On the right, if there is a setting to Remove Common Program Groups, then click Edit.

1. Consider adding a condition so it doesn’t apply to administrators.

Common Configurations

1. To roam the Start Menu in Windows 10 1703 and newer, see VMware 2150422 How to roam Windows
10 Start Menu layout.
1. Go to the ribbon named Personalization, click a folder, and click Create Config File.

2. Select Use a Windows Common Setting and click Next.

3. Select Windows 10 Start Menu – Windows 10 Version 1703 and higher. This option is only
available in newer versions of DEM. It should work with Windows Server 2019, but it doesn’t apply
 to Windows Server 2016, which is actually version 1607.

4. Enter a file name. DEM will create a .zip file for each user with this name. Click Finish when done.
2. You can run Triggered Tasks when a session is reconnected, or workstation is unlocked. This is useful
for re-evaluating Smart Policies, as detailed below.
  UEM 9.4 and newer have a new Trigger for All AppStacks Attached.

2. UEM 9.3 and newer have a setting to store Outlook OST file on App Volumes writable volumes. Go to
the ribbon named User Environment. Right-click App Volumes and create a setting. Check the box next
to Store Offline Outlook Data File (.ost) on writable volume. Configure other fields as desired. Note:
this setting only applies to new Outlook profiles. More info in the YouTube video VMware User
 Environment Manager Outlook OST on App Volumes User Writable Volume Feature Walkthrough.

Links:

 Nigel Hickey Leveraging VMware UEM to reduce Microsoft GPO usage: Configure ADMX settings in
UEM.
  VMware 2151201 Windows 10 1703 Start Menu causes the COM Surrogate process to use 100% CPU in
UEM with DirectFlex enabled – add dllhost.exe to the DirectFlex blacklist

Horizon Smart Policies

Horizon Smart Policies let you control (e.g. disable) Horizon functionality for external users or other
conditions.

1. In UEM 9.0 and newer, go to User Environment > Horizon Smart Policies, and create a policy.
2. DEM 9.11 has an expanded list of settings configurable using Smart Policies.
3. UEM 9.8 adds several new Smart Policy Settings, including Drag and drop. See VMware User
Environment Management 9.8 Feature Walk-Through at YouTube.

4. On the Conditions tab, you can use any of the available conditions, including the Horizon Client
Property conditions. Note: UEM 9.2 has more conditions (e.g. Active Directory Site Name) than prior
versions.
  To detect external users, select Horizon Client Property > Client Location = External. UAG and
Security Server set the session’s location to External.

You can also enter a Horizon Client Property condition that corresponds to the ViewClient_ registry keys. In
the Property field, type in a property name (remove ViewClient_ from the property name). See VMware
Blog Post Enhancing Your VMware Horizon 7 Implementation with Smart Policies. And the 28-page
PDF Reviewer’s Guide for View in Horizon 7: Smart Policies, VMware Horizon 7.
UEM 9.1 and newer has Endpoint Platform as a policy condition. Create a Policy, go to the Conditions tab,
and select the Endpoint Platform condition. UEM 9.8 adds Chrome to the Platform list.

UEM 9.8 adds Matches Regex to some of the conditions (e.g. Endpoint name and Horizon Client Property
> Pool name).
To reapply Horizon Policies when users reconnect to an existing session, go to User Environment >
Triggered Tasks, and click Create. Or you can edit one of the existing Triggered Tasks settings.

1. Change the Trigger to Session Reconnected.

 2. Change the Action to User Environment refresh. Select Horizon Smart Policies, and click Save.

Application Blocking
1. UEM 9.0 adds an Application Blocking feature. To enable it, go to User Environment > Application
Blocking, and click the Global Configuration button.

2. Check the box to Enable Application Blocking. Specify Conditions where, if true, then App Blocking is
enabled. These are the same conditions available in other policies and settings. Click OK.
3. Then you can create an Application Blocking setting to designate the folders that users can run
executables from, or what file hashes are allowed.

4. You can add folders that allow or block apps. Any executable in these paths will be allowed or blocked.
By default, executables in Windows and Program Files (including x86) are allowed.
5. UEM 9.1 and newer allows File Hashes in addition to File Paths. Set the Type to Hash-based,
click Add, browse to an executable, UEM will compute the hash, and add it to the list.

6. UEM 9.2 and newer supports Publisher-based allow. Set the Type to Publisher-based, click Add,

browse to an executable, UEM will read the certificate, and add it to the list. Note: A challenge with
hash-bashed and publisher-based rules is that the policy might have to be updated whenever the app is
 updated.

Privilege Elevation

1. UEM 9.2 adds a Privilege Elevation feature, which allows executables to run as administrator even if
users are not administrators. To enable it, go to User Environment > Privilege Elevation, and click
 the Global Configuration button.

2. Check the box to Enable Privilege Elevation. Specify Conditions where, if true, then Privilege Elevation
is enabled. These are the same conditions available in other policies and settings.
3. If you allow installers to be elevated, elevate the installer’s child processes too, check the box. This
checkbox only applies to installers. Child processes of elevated applications is enabled when creating
a Privilege Elevation configuration setting.
4. When an application is elevated, the user can be asked to allow it. This prompt is intended to inform the
user that the application has more permissions than it should, and thus be careful with this application.
Click OK.
5. Then you can create a Privilege Elevation setting to designate the applications that should be elevated.
The applications can be specified by a path, a hash, or a publisher certificate. These are essentially the
same options as Application Blocking.

6. Path-based user-installed application lets you elevate installers. The other three options elevate
applications, but not installers.
7. The child processes checkbox applies to applications.
 8. UEM 9.4 adds Argument-based elevated application, which lets you elevate specific scripts and/or
Control Panel applets. For details, see the YouTube video VMware User Environment Manager 9.4
Argument Based Privilege Elevation Feature Walk-through.

9. DEM Group Policy settings can be enabled to log both Application Blocking and Privilege Elevation to
Event Viewer

Computer Settings
DEM Enterprise Edition 2006 and newer can deploy computer-based ADMX settings.
DEM 2006 and newer Agents (FlexEngines) must be configured in the registry to enable computer
settings. Group Policy Preferences can push these registry keys to the Horizon Agent machines. Or you can
manually modify the registry in your master images. For the list of registry values, see FlexEngine
Configuration for Computer Environment Settings at VMware Docs.
Domain Computers must have Read permission to the DEM Config file share.
1. In the DEM Management Console, at the right side of any ribbon, click Configure.

2. At the bottom of the General tab, check the box next to Computer Environment.

3. A new Computer Environment ribbon is added. DEM 2009 and newer have Startup
Tasks and Shutdown Tasks.

4. With ADMX-based Settings highlighted on the left, click Manage Templates in the ribbon.

5. At the bottom of the window, click Add Folder.

6. If you have PolicyDefinitions in your SYSVOL, then browse to that. Or you can point it to C:\Windows\
PolicyDefinitions. Click OK.
7. Click OK after import is successful. DEM copied the .admx files into the DEM Config share. You can
run this again any time to update templates.

8. With ADMX-based Settings selected on the left, click Create in the ribbon.

9. At the bottom, click Select Categories.
10. Select a category where your setting is located and click OK.

11. At the top of the window click Edit Policies.

12. Only the settings for your chosen categories are shown. Configure these settings the same way you would
configure them in group policy. Then close the window.

13. DEM shows the configured settings.

 14. On the Conditions tab, you can add conditions. Obviously the user-based conditions will not be available
for computer-based settings.

Personalization and DEM Templates

VMware has provided a list of Personalization Templates to simplify your configuration.
1. To save user settings at logoff and restore at logon, you must specify the settings to save.  Easy
Start created a bunch of configurations on the Personalization ribbon. Note: DEM 9.11 adds a Find box
to this ribbon.
2. You can see what settings these save. On the tab named Import / Export, on the top right, click Manage,
and then click Expand.

1. Click Yes to expand it.

 2. After reviewing the config, click a different Personalization setting, and then click No to not save
your changes.

3. To save more profile settings at logoff, on the ribbon named Personalization, select a folder (or create a
new folder), and then click Create Config File.

4. A wizard appears. You can use one of the built-in Windows Common Setting or Application
Templates. Or you can create your own.
 DEM 9.10 and newer have a Windows Common Setting named Default applications – File type
associations and protocols. For details, see Ivan de Mes at Managing File Type Associations (FTA)
natively using Dynamic Environment Manager. 💡

 Also enable the GPO setting Do not show the ‘new application installed’
notification at Computer Configuration > Policies > Administrative Templates > Windows
 Components > File Explorer.

UEM 9.4 and newer have a Windows Common Setting for Windows 10 Start Menu – Windows 10
1703 and higher
2. In UEM 9.5 and newer, the DEM Console has a button in the ribbon to Download Config Templates.
You will need a My VMware account to access it. See Ivan de Mes VMware UEM 9.5 introduces the
VMware Marketplace for templates.

3. The Browse button on top lets you choose where in the tree you want to save the new Config File.
4. DEM 9.11 and newer have a Find box.

5. For older versions of UEM, download a template, and import it.

1. In the DEM Console, on the Personalization tab, click the Configure button to locate your DEM
Configuration file share.

2. Extract the downloaded templates to the General\Applications folder in the DEM Config Share.

 3. The downloaded template should then show up in the Personalization tab under
the Applications folder. If you don’t see it, click the Refresh Tree icon.

2. DirectFlex – to speed up logins, enable DirectFlex whenever possible. Instead of restoring the files
during logon and thus delaying the login, DirectFlex restores the settings on-demand when the user
launches the application. DirectFlex can be enabled on most application configurations. However,
 Windows settings (e.g. Start Menu) should be loaded during login rather than on-demand after login.

Additional DEM Configuration

 VMware Blog Post VMware User Environment Manager, Part 2: Complementing Mandatory Profiles
with VMware User Environment Manager details the following:
 Personalization Settings (what settings are roamed)
 Predefined App Settings
 User Environment Settings (shortcuts, drive mappings, and so on)
Active Directory Attribute References – DEM 2009 and newer support Active Directory Attribute
References like %{AD$extensionAttribute8}%\%username%\Archives. See VMware Communities.
ViewClient Property References – DEM 2009 and newer support ViewClient Property References in the %
{ViewClient_propertyName}% format. See VMware Communities.
BGInfo – VMware Communities has a configuration guide for BGInfo using User Environment Manager.
File Type Associations –  Ivan de Mes Export/Import File Type Associations (FTA) successfully using
UEM uses GetUserFTA.exe and SetUserFTA.exe to backup and save file type associations at logoff
 and logon.

Start Menu – Customize Windows 10 Start Menu Layout via UEM and App Volumes.

Cookies – VMware 2146418 UEM settings in a mixed environment with Windows 7 and Windows 10
cookies do not transfer. You will need to create a new custom configuration for cookies for Windows
 10. On Import/Export tab add the following:

Predefined settings – Fabian Lenz has a series of articles on Predefined settings in UEM:
 Predefined settings (Basic concepts) explains the four types of Predefined Settings.
  Predefined settings – Deep how-to (Internet Explorer) explains how to use Application Profiler, or a
regular user DEM profile archive, to create Predefined Settings.

 Predefined settings – Dynamic Placeholder explains how to use environment variables in Predefined

Settings.

ThinApp – To integrate ThinApp with UEM, configure DEM to save the application’s setting (e.g. AppData,
HKCU registry key). You can use Application Profiler to identify these settings locations. Then configure
ThinApp with Merged Isolation Mode for those locations. Also enable DirectFlex.

Run Once – VMware 2146336 Run Once option behave differently in combination with a Local User
Profile: The Run Once option for DEM configurations, such as shortcuts, has no effect when a Local
User Profile is used. As a result, the UEM configuration runs at each login. To workaround, set
the RunOnceSpecial attribute in DEM XML configuration files.
User Environment Manager 8.7 and newer has a UEMResult feature that lets you see what settings were
applied to the user. The .xml file is only updated at logoff. To enable for a particular user, go to the user’s Logs
folder and create a folder named UEMResult. At logoff, DEM will put an .xml file in this folder. More
information at VMware Docs.

From VMware 2113514 Enabling debug logging for a single user in VMware User Environment Manager: To
configure FlexEngine to log at debug level for a single user, create an empty FlexDebug.txt file in the same
folder as the standard log file for this user. This triggers FlexEngine to switch to debug logging for this
particular user.
DEM Application Profiler
This tool cannot be installed on a machine that has FlexEngine (aka DEM Agent) installed:
1. .NET Framework 3.5 is required.
2. In the Dynamic Environment Manager files, in the Optional Components folder, run VMware DEM
Application Profiler 9.9 x64.msi or VMware UEM Application Profiler 9.4 x64.msi (ESB).
3. In the Welcome to the VMware DEM Application Profiler Setup Wizard page, click Next.
4. In the End-User License Agreement page, check the box next to I accept the terms and click Next.

5. In the Custom Setup page, click Next.

6. In the Ready to install VMware DEM Application Profiler page, click Install.

7. In the Completed the VMware DEM Application Profiler Setup Wizard page, click Finish.

You may now use the tool to determine where applications store their settings and export a default application
configuration that can be pushed out using Dynamic Environment Manager.

 See VMware Docs for details.

 vDelboy VMware User Environment Manager Application Profiler has an overview of the process.
 VMware Blog Post VMware User Environment Manager and Application Profile Settings details how to
use Application Profiler to determine where Chrome settings are stored and upload that configuration to
User Environment Manager.

DEM Support Tool

vDelboy – VMware UEM Helpdesk Support Tool
Do the following to configure the environment for the support tool:

1. In the Dynamic Environment Manager Console, click the star icon on the top left, and click Configure
Helpdesk Support Tool.
2. Click Add.

3. In the Profile archive path field, enter the user folder share (the same one configured in Dynamic
Environment Manager GPO). At the end of the path, enter \[UserFolder]\Archives.
4. Check the other two boxes. The paths should be filled in automatically. Make sure they match what you
configured in the Dynamic Environment Manager group policy object. Click OK.
5. Click Save.

6. VMware recommends creating a new GPO for the Support Tool. This GPO should apply only to the
support personnel.
7. On the Scope tab, change the filtering so it applies to DEM Support and DEM Admins. If this GPO
applies to machines with group policy loopback processing enabled, then also add Domain Computers.
8. Edit the GPO.

9. Go to User Configuration | Policies | Administrative Templates | VMware UEM | Helpdesk Support

Tool.
10. Double-click the setting DEM configuration share.

11. Enable the setting, and enter the path to the DEMConfig share. Click OK.
 12. Consider enabling the remaining GPO settings. Read the Explain text or refer to the documentation.

Do the following to install the support tool.

1. .NET Framework 3.5 is required.

2. Some support tool functions require the FlexEngine (aka DEM Agent) to be installed on the help desk
machine.
3. In the extracted Dynamic Environment Manager files is an Optional Components folder. From inside
that folder run VMware DEM Helpdesk Support Tool 9.9 x64.msi or VMware UEM Helpdesk
Support Tool 9.4 x64.msi (ESB).
4. In the Welcome to the VMware DEM Helpdesk Support Tool Setup Wizard page, click Next.

5. In the End-User License Agreement page, check the box next to I accept the terms and click Next.
6. In the Destination Folder page, click Next.

7. In the Ready to install VMware DEM Helpdesk Support Tool page, click Install.

 8. In the Completed the VMware DEM Helpdesk Support Tool Setup Wizard page, click Finish.

Once the Helpdesk Support Tool is installed, you can launch it from the Start Menu, search for users, and then
perform operations on the archives.
166 thoughts on “VMware Dynamic Environment Manager
2009”
COMMENT NAVIGATION
 
Skip to content
SATYA

Cloud Masters Training and Placements

  VMware Dynamic Environment Manager 

Navigation
As of version 9.9, User Environment Manager (UEM) was renamed to Dynamic Environment Manager
(DEM).
This post applies to all Dynamic Environment Manager (aka User Environment Manager) versions including
DEM 2009 (aka 10.1), and DEM 9.9 (ESB).

 Change Log
 Upgrade
 Installation Prerequisites
 Mandatory Profile
 DEM Console Installation
 Configure Dynamic Environment Manager
 Horizon Smart Policies
 Application Blocking
 Privilege Elevation
 Computer Settings
Personalization and DEM Templates
Additional DEM Configuration
DEM Application Profiler
DEM Support Tool
💡 = Recently Updated
Change Log

 2020 Oct 18 – DEM 2009 new features

 2020 Oct 17 – updated install instructions for DEM 2009 (aka 10.1)
 2020 Aug 15 – updated install instructions for DEM 2006 (aka 10.0)
 New Computer Settings section.
2020 May 11 – Configure DEM – added link to Bulk convert existing shortcuts to Dynamic Environment
Manager – Ivan de Mes
2020 Mar 18 – updated install instructions for DEM 9.11
2019 Dec 14 – updated install instructions for DEM 9.10
2019 Sep 26 – Mandatory profile – added Allow deployment operations in special profiles (source = Chris
Koch in the comments).
2019 Sep 18 – updated install instructions for DEM 9.9
 Renamed UEM to DEM – replaced most screenshots
2019 Jul 4 – Horizon Smart Policies – added info from VMware User Environment Management 9.8 Feature
Walk-Through at YouTube
2019 Jul 3 – updated install instructions for UEM 9.8
2019 Mar 16 – updated install instructions for UEM 9.7
2019 Mar 8 – updated install instructions for UEM 9.4.1 (ESB)
2018 Dec 15 – updated install instructions for UEM 9.6
2018 Sep 10 – Personalization – Download Config Templates from Console Ribbon
2018 Sep 9 – updated install instructions for UEM 9.5
2018 July 30 – Mandatory Profile – added link to VMware TechZone Creating an Optimized Windows Image
for a VMware Horizon Virtual Desktop, and MadeByIpop in the Comments details how to generalize the
Shell Folders in the Mandatory profile
2018 May 31- Personalization – added Windows 10 Start Menu – Windows 10 1703 and higher
2018 May 31 – Privilege Elevation – added YouTube video VMware User Environment Manager 9.4
Argument Based Privilege Elevation Feature Walk-through.
2018 May 29 – updated install instructions for UEM 9.4
2018 Apr 2 – in Installation Prerequisites section, added link to VMware’s Quick-Start Tutorial for User
Environment Manager.
2018 Apr 1 – in Additional UEM Config section, added link to Ivan de Mes Export/Import File Type
Associations (FTA) successfully using UEM
2018 Mar 22 – in Configure UEM section, added link to Nigel Hickey Leveraging VMware UEM to reduce
Microsoft GPO usage
2018 Jan 7 – in Configure UEM section, added configuration of Outlook OST on App Volumes writable
volume.
2018 Jan 6 – updated install instructions for UEM 9.3
Upgrade
If you are performing a new installation, skip to the Installation Prerequisites section.
When upgrading an existing installation of DEM or UEM, upgrade the FlexEngine on the Horizon Agents
first.
From UEM Upgrade 8.7 to 9.2.1 at VMware Communities: The newest FlexEngine (v9.2.1) can still interpret
the INI files from v8.7. After your clients (FlexEngine) have been upgraded, you can upgrade the management
console, which allow for new options, like elevated privileges and others, which (when enabled) can now be
correctly interpreted by the upgraded clients (FlexEngine). After that update the ADMX files.
Installation Prerequisites
Before performing the procedures detailed on this page, make sure you’ve create the DEM File Shares,
imported the DEM GPO ADMX templates, created the GPOs for Horizon, and configured the Horizon GPOs
for Dynamic Environment Manager.

VMware Tech Zone Antivirus Considerations in a VMware Horizon Environment: exclusions for Horizon
View, App Volumes, User Environment Manager, ThinApp
VMware Workspace Tech Zone has an excellent Quick-Start Tutorial for User Environment Manager. It’s
around 130 printed pages.
Mandatory Profile
At user logon, DEM restores profile archives on top of a Windows profile, which is typically a local profile, or
a mandatory profile.

 GO-EUC performance testing indicates that Mandatory profiles on Windows 10 don’t perform as well as
Local profiles.

If your Horizon Agent machines are single-user, non-persistent that reboot at logoff, then local profiles are
essentially the same as mandatory.
If your Horizon Agent machines are multi-user machines (e.g. RDSH) that don’t reboot every day, then you
might need a process to delete local profiles when the user logs off. Here are some options:

 Schedule a delprof2.exe script that runs daily.

 Configure mandatory profiles, which are automatically deleted a logoff.
 A more advanced option is to add users to the local Guests group, which causes their profile to be deleted
at logoff.

If you choose Mandatory profile, then here are some mandatory profile creation instructions:

 VMware TechZone Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop –
includes instructions to create a mandatory profile on Windows 10.
 James Rankin Creating a mandatory profile on Windows 10 1803
 VMware Blog Post VMware User Environment Manager, Part 1: Easier, Faster Windows Logins with
Mandatory Profiles
 Microsoft’s Create mandatory user profiles in Windows 10
 MadeByIpop in the Comments details how to generalize the Shell Folders in the Mandatory profile.
 You might have to enable the App Package Deployment GPO setting Allow deployment operations in
special profiles, which is located at Computer Configuration | Policies | Administrative Templates
| Windows Components | App Package Deployment.

DEM Console Installation

As of version 9.9, User Environment Manager (UEM) was renamed to Dynamic Environment Manager
(DEM).
In Horizon 2006 (aka 8.0), DEM is available in all editions of Horizon. There are two editions of DEM, each
with different downloads and different DEM capabilities.

 Horizon 2006 Enterprise Edition and Horizon 7.13 Enterprise Edition are entitled to DEM Enterprise
Edition, which has all features.
  Horizon 2006 Standard Edition and Horizon 2006 Advanced Edition are entitled to DEM Standard
Edition, which is limited primarily to Personalization features. If you are using FSLogix Profile
Containers, then you don’t need DEM Standard Edition.
In Horizon 7, DEM is only available for Horizon Enterprise Edition customers. Horizon 7 Enterprise Edition
customers can download DEM 2009 Enterprise Edition.
1. Download Dynamic Environment Manager 2009 Enterprise Edition, Dynamic Environment Manager
2009 Standard Edition, Dynamic Environment Manager 9.9.0 (ESB).

2. If upgrading, don’t upgrade the DEM Console until all of your DEM Agents have been upgraded.
3. On your administrator machine, run the downloaded VMware Dynamic Environment Manager 10.1
x64.msi, or VMware Dynamic Environment Manager 9.9 x64.msi.
4. In the Welcome to the VMware Dynamic Environment Manager Enterprise Setup Wizard page,
click Next.

5. In the End-User License Agreement page, check the box next to I accept the terms and click Next.
6. In the Destination Folder page, click Next.

7. In the Choose Setup Type page, click Custom.

8. In the Custom Setup page, change the selections so that only the console is selected and then click Next.

9. In the Ready to install VMware Dynamic Environment Manager Enterprise page, click Install.

10. In the Completed the VMware Dynamic Environment Manager Enterprise Setup Wizard page,
click Finish.

Configure Dynamic Environment Manager

Here is a summary of the major Dynamic Environment Manager functionality:

 Personalization (aka import/export user settings) – saves application and Windows settings to a file
share. This is the roaming profiles functionality of Dynamic Environment Manager. You configure
folders and registry keys that need to be saved. The import/export can happen at logon/logoff or during
application launch/exit.
 Pre-configure application settings – configures files and registry keys for specific applications so
users don’t have to do it themselves. Some examples: disable splash screen, default folder save
location, database server name, etc.
 Self–support tool – users can use this tool to restore their application settings.
 DEM Standard Edition supports all Personalization features.
User Environment – configures Windows settings like drive mappings, Explorer settings, printer mappings,
etc. This is similar to group policy but offers significantly more options for conditional filtering. Dynamic
Environment Manager can configure any registry setting defined in an ADMX file.
 DEM Standard Edition only has a limited set of User Environment settings (e.g. drive mappings).
Most User Environment features require DEM Enterprise Edition.
 Most settings in DEM are only for users, not computers. DEM 2006 (aka 10.0) and newer support
ADMX templates for Computer Settings. In older DEM, use Group Policy to configure Computer
Settings.
 Best practice is to not mix Dynamic Environment Manager and user group policy. Pick one tool. If
the same setting is configured in both locations then group policy will win.
  UEM 9.6 and newer support Windows Server 2019 as an Operating System condition.
Horizon Smart Policies – Use Horizon Conditions (e.g. client IP) to control device mappings (e.g. client
printing) and PCoIP/Blast Bandwidth Profile.
Privilege Elevation (UEM 9.2 and newer)  – allow apps to run as administrator even though user is not an
administrator. Installers can also be elevated.

Links:

 YouTube video User Environment Manager 9.6 What’s New Overview

 Dynamic Environment Manager documentation can be found at VMware Docs.
 VMware User Environment Manager 9.2 Technical Deep Dive – VMware Blog Post
 VMware has posted several User Environment Manager videos at YouTube.
 Fabian Lenz Let’s troubleshoot User Environment Manager (#UEM) 9.X: How to avoid errors during the
installation

Initial Configuration (Easy Start)

To perform an initial configuration of Dynamic Environment Manager, do the following:

1. Launch the DEM Management Console from the Start Menu.

2. Enter the path to the DEMConfig share, and click OK.

3. These Settings checkboxes define what is displayed in the management console. Leave it set to the
defaults, and click OK.

4. In the Personalization ribbon, on the far right, click Easy Start.

5. Select your version of Office, and click OK. Office 2019 and Office 2016 are essentially the same.

6. Click OK when prompted that configuration items have been successfully installed.

7. Review the pre-configured settings to make sure they are acceptable. For example, on the ribbon
named User Environment, under Shortcuts, Dynamic Environment Manager might create a Wordpad
shortcut that says (created by VMware UEM). You can either Disable this item, or delete it.

 Bulk convert existing shortcuts to Dynamic Environment Manager – Ivan de Mes

Go to the ribbon name User Environment. On the left, expand Windows Settings and click Policy Settings.
On the right, if there is a setting to Remove Common Program Groups, then click Edit.

1. Consider adding a condition so it doesn’t apply to administrators.

Common Configurations

1. To roam the Start Menu in Windows 10 1703 and newer, see VMware 2150422 How to roam Windows
10 Start Menu layout.
1. Go to the ribbon named Personalization, click a folder, and click Create Config File.

2. Select Use a Windows Common Setting and click Next.

3. Select Windows 10 Start Menu – Windows 10 Version 1703 and higher. This option is only
available in newer versions of DEM. It should work with Windows Server 2019, but it doesn’t apply
 to Windows Server 2016, which is actually version 1607.

4. Enter a file name. DEM will create a .zip file for each user with this name. Click Finish when done.
2. You can run Triggered Tasks when a session is reconnected, or workstation is unlocked. This is useful
for re-evaluating Smart Policies, as detailed below.
  UEM 9.4 and newer have a new Trigger for All AppStacks Attached.

2. UEM 9.3 and newer have a setting to store Outlook OST file on App Volumes writable volumes. Go to
the ribbon named User Environment. Right-click App Volumes and create a setting. Check the box next
to Store Offline Outlook Data File (.ost) on writable volume. Configure other fields as desired. Note:
this setting only applies to new Outlook profiles. More info in the YouTube video VMware User
Environment Manager Outlook OST on App Volumes User Writable Volume Feature Walkthrough.
Links:

 Nigel Hickey Leveraging VMware UEM to reduce Microsoft GPO usage: Configure ADMX settings in
UEM.

 VMware 2151201 Windows 10 1703 Start Menu causes the COM Surrogate process to use 100% CPU in
UEM with DirectFlex enabled – add dllhost.exe to the DirectFlex blacklist

Horizon Smart Policies

Horizon Smart Policies let you control (e.g. disable) Horizon functionality for external users or other
conditions.
1. In UEM 9.0 and newer, go to User Environment > Horizon Smart Policies, and create a policy.
2. DEM 9.11 has an expanded list of settings configurable using Smart Policies.
3. UEM 9.8 adds several new Smart Policy Settings, including Drag and drop. See VMware User
Environment Management 9.8 Feature Walk-Through at YouTube.

4. On the Conditions tab, you can use any of the available conditions, including the Horizon Client
Property conditions. Note: UEM 9.2 has more conditions (e.g. Active Directory Site Name) than prior
versions.
  To detect external users, select Horizon Client Property > Client Location = External. UAG and
Security Server set the session’s location to External.

You can also enter a Horizon Client Property condition that corresponds to the ViewClient_ registry keys. In
the Property field, type in a property name (remove ViewClient_ from the property name). See VMware
Blog Post Enhancing Your VMware Horizon 7 Implementation with Smart Policies. And the 28-page
PDF Reviewer’s Guide for View in Horizon 7: Smart Policies, VMware Horizon 7.
UEM 9.1 and newer has Endpoint Platform as a policy condition. Create a Policy, go to the Conditions tab,
and select the Endpoint Platform condition. UEM 9.8 adds Chrome to the Platform list.

UEM 9.8 adds Matches Regex to some of the conditions (e.g. Endpoint name and Horizon Client Property
> Pool name).
To reapply Horizon Policies when users reconnect to an existing session, go to User Environment >
Triggered Tasks, and click Create. Or you can edit one of the existing Triggered Tasks settings.

1. Change the Trigger to Session Reconnected.

 2. Change the Action to User Environment refresh. Select Horizon Smart Policies, and click Save.

Application Blocking
1. UEM 9.0 adds an Application Blocking feature. To enable it, go to User Environment > Application
Blocking, and click the Global Configuration button.

2. Check the box to Enable Application Blocking. Specify Conditions where, if true, then App Blocking is
enabled. These are the same conditions available in other policies and settings. Click OK.
3. Then you can create an Application Blocking setting to designate the folders that users can run
executables from, or what file hashes are allowed.
4. You can add folders that allow or block apps. Any executable in these paths will be allowed or blocked.
By default, executables in Windows and Program Files (including x86) are allowed.
5. UEM 9.1 and newer allows File Hashes in addition to File Paths. Set the Type to Hash-based,
click Add, browse to an executable, UEM will compute the hash, and add it to the list.

6. UEM 9.2 and newer supports Publisher-based allow. Set the Type to Publisher-based, click Add,

browse to an executable, UEM will read the certificate, and add it to the list. Note: A challenge with
hash-bashed and publisher-based rules is that the policy might have to be updated whenever the app is
 updated.

Privilege Elevation

1. UEM 9.2 adds a Privilege Elevation feature, which allows executables to run as administrator even if
users are not administrators. To enable it, go to User Environment > Privilege Elevation, and click
 the Global Configuration button.

2. Check the box to Enable Privilege Elevation. Specify Conditions where, if true, then Privilege Elevation
is enabled. These are the same conditions available in other policies and settings.
3. If you allow installers to be elevated, elevate the installer’s child processes too, check the box. This
checkbox only applies to installers. Child processes of elevated applications is enabled when creating
a Privilege Elevation configuration setting.
4. When an application is elevated, the user can be asked to allow it. This prompt is intended to inform the
user that the application has more permissions than it should, and thus be careful with this application.
 Click OK.

5. Then you can create a Privilege Elevation setting to designate the applications that should be elevated.
The applications can be specified by a path, a hash, or a publisher certificate. These are essentially the
 same options as Application Blocking.

6. Path-based user-installed application lets you elevate installers. The other three options elevate
applications, but not installers.
7. The child processes checkbox applies to applications.

8. UEM 9.4 adds Argument-based elevated application, which lets you elevate specific scripts and/or
Control Panel applets. For details, see the YouTube video VMware User Environment Manager 9.4
 Argument Based Privilege Elevation Feature Walk-through.

9. DEM Group Policy settings can be enabled to log both Application Blocking and Privilege Elevation to
Event Viewer

Computer Settings
DEM Enterprise Edition 2006 and newer can deploy computer-based ADMX settings.
DEM 2006 and newer Agents (FlexEngines) must be configured in the registry to enable computer
settings. Group Policy Preferences can push these registry keys to the Horizon Agent machines. Or you can
manually modify the registry in your master images. For the list of registry values, see FlexEngine
Configuration for Computer Environment Settings at VMware Docs.
Domain Computers must have Read permission to the DEM Config file share.
1. In the DEM Management Console, at the right side of any ribbon, click Configure.

2. At the bottom of the General tab, check the box next to Computer Environment.

3. A new Computer Environment ribbon is added. DEM 2009 and newer have Startup
Tasks and Shutdown Tasks.

4. With ADMX-based Settings highlighted on the left, click Manage Templates in the ribbon.

5. At the bottom of the window, click Add Folder.

6. If you have PolicyDefinitions in your SYSVOL, then browse to that. Or you can point it to C:\Windows\
PolicyDefinitions. Click OK.
7. Click OK after import is successful. DEM copied the .admx files into the DEM Config share. You can
run this again any time to update templates.

8. With ADMX-based Settings selected on the left, click Create in the ribbon.

9. At the bottom, click Select Categories.
10. Select a category where your setting is located and click OK.

11. At the top of the window click Edit Policies.

12. Only the settings for your chosen categories are shown. Configure these settings the same way you would
configure them in group policy. Then close the window.
  

 
 
13. DEM shows the configured settings.
 14. On the Conditions tab, you can add conditions. Obviously the user-based conditions will not be available
for computer-based settings.

Personalization and DEM Templates

VMware has provided a list of Personalization Templates to simplify your configuration.
1. To save user settings at logoff and restore at logon, you must specify the settings to save.  Easy
Start created a bunch of configurations on the Personalization ribbon. Note: DEM 9.11 adds a Find box
to this ribbon.
2. You can see what settings these save. On the tab named Import / Export, on the top right, click Manage,
and then click Expand.

1. Click Yes to expand it.

 2. After reviewing the config, click a different Personalization setting, and then click No to not save
your changes.

3. To save more profile settings at logoff, on the ribbon named Personalization, select a folder (or create a
new folder), and then click Create Config File.

4. A wizard appears. You can use one of the built-in Windows Common Setting or Application
Templates. Or you can create your own.
 DEM 9.10 and newer have a Windows Common Setting named Default applications – File type
associations and protocols. For details, see Ivan de Mes at Managing File Type Associations (FTA)
natively using Dynamic Environment Manager. 💡

 Also enable the GPO setting Do not show the ‘new application installed’
notification at Computer Configuration > Policies > Administrative Templates > Windows
Components > File Explorer.
 UEM 9.4 and newer have a Windows Common Setting for Windows 10 Start Menu – Windows 10
1703 and higher

2. In UEM 9.5 and newer, the DEM Console has a button in the ribbon to Download Config Templates.
You will need a My VMware account to access it. See Ivan de Mes VMware UEM 9.5 introduces the
VMware Marketplace for templates.

3. The Browse button on top lets you choose where in the tree you want to save the new Config File.
4. DEM 9.11 and newer have a Find box.

5. For older versions of UEM, download a template, and import it.

1. In the DEM Console, on the Personalization tab, click the Configure button to locate your DEM
Configuration file share.
2. Extract the downloaded templates to the General\Applications folder in the DEM Config Share.
3. The downloaded template should then show up in the Personalization tab under
the Applications folder. If you don’t see it, click the Refresh Tree icon.

2. DirectFlex – to speed up logins, enable DirectFlex whenever possible. Instead of restoring the files
during logon and thus delaying the login, DirectFlex restores the settings on-demand when the user
launches the application. DirectFlex can be enabled on most application configurations. However,
 Windows settings (e.g. Start Menu) should be loaded during login rather than on-demand after login.

Additional DEM Configuration

 VMware Blog Post VMware User Environment Manager, Part 2: Complementing Mandatory Profiles
with VMware User Environment Manager details the following:
 Personalization Settings (what settings are roamed)
 Predefined App Settings
 User Environment Settings (shortcuts, drive mappings, and so on)
Active Directory Attribute References – DEM 2009 and newer support Active Directory Attribute
References like %{AD$extensionAttribute8}%\%username%\Archives. See VMware Communities.
ViewClient Property References – DEM 2009 and newer support ViewClient Property References in the %
{ViewClient_propertyName}% format. See VMware Communities.
BGInfo – VMware Communities has a configuration guide for BGInfo using User Environment Manager.
File Type Associations –  Ivan de Mes Export/Import File Type Associations (FTA) successfully using
UEM uses GetUserFTA.exe and SetUserFTA.exe to backup and save file type associations at logoff
 and logon.

Start Menu – Customize Windows 10 Start Menu Layout via UEM and App Volumes.

Cookies – VMware 2146418 UEM settings in a mixed environment with Windows 7 and Windows 10
cookies do not transfer. You will need to create a new custom configuration for cookies for Windows
 10. On Import/Export tab add the following:

Predefined settings – Fabian Lenz has a series of articles on Predefined settings in UEM:
 Predefined settings (Basic concepts) explains the four types of Predefined Settings.
 
 

 Predefined settings – Deep how-to (Internet Explorer) explains how to use Application Profiler, or a
regular user DEM profile archive, to create Predefined Settings.
  

 Predefined settings – Dynamic Placeholder explains how to use environment variables in Predefined

Settings.

 ThinApp – To integrate ThinApp with UEM, configure DEM to save the application’s setting (e.g.
AppData, HKCU registry key). You can use Application Profiler to identify these settings locations. Then
configure ThinApp with Merged Isolation Mode for those locations. Also enable DirectFlex.
  

 Run Once – VMware 2146336 Run Once option behave differently in combination with a Local User
Profile: The Run Once option for DEM configurations, such as shortcuts, has no effect when a Local
 User Profile is used. As a result, the UEM configuration runs at each login. To workaround, set
the RunOnceSpecial attribute in DEM XML configuration files.
User Environment Manager 8.7 and newer has a UEMResult feature that lets you see what settings were
applied to the user. The .xml file is only updated at logoff. To enable for a particular user, go to the user’s Logs
folder and create a folder named UEMResult. At logoff, DEM will put an .xml file in this folder. More
information at VMware Docs.

From VMware 2113514 Enabling debug logging for a single user in VMware User Environment Manager: To
configure FlexEngine to log at debug level for a single user, create an empty FlexDebug.txt file in the same
folder as the standard log file for this user. This triggers FlexEngine to switch to debug logging for this
particular user.
DEM Application Profiler
This tool cannot be installed on a machine that has FlexEngine (aka DEM Agent) installed:
1. .NET Framework 3.5 is required.
2. In the Dynamic Environment Manager files, in the Optional Components folder, run VMware DEM
Application Profiler 9.9 x64.msi or VMware UEM Application Profiler 9.4 x64.msi (ESB).
3. In the Welcome to the VMware DEM Application Profiler Setup Wizard page, click Next.

4. In the End-User License Agreement page, check the box next to I accept the terms and click Next.
5. In the Custom Setup page, click Next.

6. In the Ready to install VMware DEM Application Profiler page, click Install.

 7. In the Completed the VMware DEM Application Profiler Setup Wizard page, click Finish.

You may now use the tool to determine where applications store their settings and export a default application
configuration that can be pushed out using Dynamic Environment Manager.

 See VMware Docs for details.

 vDelboy VMware User Environment Manager Application Profiler has an overview of the process.
 VMware Blog Post VMware User Environment Manager and Application Profile Settings details how to
use Application Profiler to determine where Chrome settings are stored and upload that configuration to
User Environment Manager.

DEM Support Tool

vDelboy – VMware UEM Helpdesk Support Tool
Do the following to configure the environment for the support tool:
1. In the Dynamic Environment Manager Console, click the star icon on the top left, and click Configure
Helpdesk Support Tool.

2. Click Add.

3. In the Profile archive path field, enter the user folder share (the same one configured in Dynamic
Environment Manager GPO). At the end of the path, enter \[UserFolder]\Archives.
4. Check the other two boxes. The paths should be filled in automatically. Make sure they match what you
configured in the Dynamic Environment Manager group policy object. Click OK.

5. Click Save.

6. VMware recommends creating a new GPO for the Support Tool. This GPO should apply only to the
support personnel.
7. On the Scope tab, change the filtering so it applies to DEM Support and DEM Admins. If this GPO
applies to machines with group policy loopback processing enabled, then also add Domain Computers.
8. Edit the GPO.

9. Go to User Configuration | Policies | Administrative Templates | VMware UEM | Helpdesk Support

Tool.
10. Double-click the setting DEM configuration share.

11. Enable the setting, and enter the path to the DEMConfig share. Click OK.
 12. Consider enabling the remaining GPO settings. Read the Explain text or refer to the documentation.

Do the following to install the support tool.

1. .NET Framework 3.5 is required.

2. Some support tool functions require the FlexEngine (aka DEM Agent) to be installed on the help desk
machine.
3. In the extracted Dynamic Environment Manager files is an Optional Components folder. From inside
that folder run VMware DEM Helpdesk Support Tool 9.9 x64.msi or VMware UEM Helpdesk
Support Tool 9.4 x64.msi (ESB).
4. In the Welcome to the VMware DEM Helpdesk Support Tool Setup Wizard page, click Next.

5. In the End-User License Agreement page, check the box next to I accept the terms and click Next.
6. In the Destination Folder page, click Next.

7. In the Ready to install VMware DEM Helpdesk Support Tool page, click Install.

 8. In the Completed the VMware DEM Helpdesk Support Tool Setup Wizard page, click Finish.

Once the Helpdesk Support Tool is installed, you can launch it from the Start Menu, search for users, and then
perform operations on the archives.