Contents

Creating UEM Folder and Setting Permission 4

Folder Structure of UEM 4
Creating Share Folder for UEMConfig, UEMProfile, UEMRedirection & UEMUserdata 4
Configure NTFS Security permission for UEMConfig Share 9
Configure NTFS Security permission for UEMProfile, UEMRedirection & UEMUserdata 14
Download UEM Software 19
Updating UEM ADMX File 21
Creating GPO for UEM Configuration 22
Flex Config Files 25
FlexEngine Logging 25
Profile Archives 26
Profile Archives Backups 27
Run FlexEngine as Group Policy Extension 28
Configure GPO Loopback Processing 29
Always Wait for the Network at Computer Startup and Logon 30
Logout Script 30
Link GPO to OU 30
UEM Management Console Installation 32
Configure the User Environment Manager Management Console 33
Verify the Configuration File Has Been Created 35
Starting User Environment Manager to Manage Many Common Windows applications 36
Configuring User Folder Redirections 38
Verify UEM Policy Application 39
Document Version 40

Creating UEM Folder and Setting Permission 

Prerequisite: Create a Horizon Cloud  User Group in AD for the VDI users (UEM configuration
will be applicable for the users member of this AD group)

Login to the machine with Domain Credential to configure UEM and create the File Shares.
Begin the deployment by creating file shares:  UEM configuration share and a profile-archive
share.
1. Identify the drive to host UEM configuration and Profile.
2. Create a Folder with name UEM
Folder Structure of UEM
Create Folders structure as below for UEM

Creating Share Folder for UEMConfig, UEMProfile,

UEMRedirection & UEMUserdata 

1. Right click on “UEMConfig” Folder

2. Click on property

1. Click on Sharing
2. Click on Advanced Sharing
3. Click on Share this Folder Check box 
4. Enter Share folder name “UEMConfig$”
5. Click on “Permissions” 
 6. Add everyone/ Or Horizon cloud users’ group  
7. Give full/change permission.
8. Click ok 

9. Make Note of UEMConfig Share path

10. Click Close.
Configure UEMProfile, UEMRedirection and UEMUserdata share Folders by repeating the
above steps for each folder

Keep a note of all share folder created for UEM

Configure NTFS Security permission for UEMConfig Share

The minimum share permissions are “change” for administrators and “read” for users. Set the
following NTFS security permissions on this share:
 Administrators of UEM: Full control
 Users of UEM: Read & execute
1. Right click on “UEMConfig” Folder
2. Click on properties

1. Click on Security tab

2. Click on Advanced
1. Click on “Disable Inheritance”.
2. Click on “Convert inherited permissions … “ 
3. Click Ok. 
1. Click on Add and Click on Select a Principle.

1. Search for Horizon Cloud users group

2. Check Names 
3. Click Ok  

1. Horizon Cloud users of UEM

2. Apply to: This folder only
3. Read & execute (As shown below) 

Ensure below security permissions are applied:

1. Horizon Cloud Users Group: Read & execute; Applies to: This folder only
2. Creator-owner: Full control ; Applies to: Subfolders and files only
Configure NTFS Security permission for UEMProfile,
UEMRedirection & UEMUserdata

The minimum share permissions should be “change” for all users. Set the following NTFS
security permissions on this share:
 UEM administrators or help desk: Full control ; Apply to: This folder, subfolders and
files
 Users of UEM: Read & execute, and Create folders/append data ; Apply to: This
folder only
 Creator-owner: Full control ; Apply to: Subfolders and files only

1. Right click on “UEMProfile” Folder

2. Click on properties
1. Click on Security tab
2. Click on Advanced

1. Click on “Disable Inheritance”.

2. Click on “Convert inherited permissions … “ 
3. Click Ok. 
1. Click on Add and Click on Select a Principle

2. Search for Horizon Cloud users group

3. Check Names 
4. Click Ok  

5. Apply to: This folder only

6. Read & execute, and Create folders/append data (As shown below) 

Ensure below security permissions are applied:

 Horizon Cloud Users Group: Read & execute, and Create folders/append data Applies to:
This folder only
Creator-owner: Full control and Applies to: Subfolders and files only

Configure UEMRedirection and UEMUserdata NTFS permissions by repeating the above

steps for each folder

Download UEM Software

Log in to https://my.vmware.com
Navigate to My product. 
Search for Horizon Cloud entitlement.
 

1. Search for VMware Horizon Cloud Service. 

2. Click on Download.

Download UEM.
Updating UEM ADMX File
Copy the VMware User Environment Manager GPOs
Before creating the VMware User Environment Manager GPOs, you need to copy the GPOs to
the correct location.
Both the .admx and .adml files can be downloaded as part of the VMware User Environment
Manager download. Copy these files to one of your Active Directory servers at the following
locations:
1. Copy the .admx files to C:\Windows\SYSVOL\sysvol\<domainname>\Policies\
PolicyDefinitions
2. Copy the .adml files to C:\Windows\SYSVOL\sysvol\<domainname>\Policies\
PolicyDefinitions\en-US

Creating GPO for UEM Configuration

1. Open Control Panel - Administrative Tools- 
2. Open the Group Policy Management console. 

Create a new Group Policy object (GPO) 

1. Right Click on Group Policy object
2. Click on New 

1. Give a name for UEM policy 

2. Click on Ok 
1. Right Click on newly created Group Policy object
2. Click on Edit 

Expand User Configuration > Policy > Administrative Templates > VMware UEM > FlexEngine.
Flex Config Files
Use this setting to configure the central location of the UEM config files for uses by UEM
FlexEngine.
1. Click on Enable 
2. Enter UEMConfig$ network path with “\General” at the end. 
FlexEngine Logging
1. Click on Enable 
2. Enter \\<UEMServer>\UEMProfile$\%username%\Logs\FlexEngine.log
3. Set log level to Debug for the initial setup and should be changed to Info if no issue found
Profile Archives
Use this setting to configure the location that is used by UEM FlexEngine to read and store user
profile archives, and some other settings related to profile archives.
You must use a location that is unique for each user, which is why the variable %username% is
used. This way, a unique folder is created for each user.
1. Click on Enable 
2. Enter \\<UEMServer>\UEMProfile$\%username%\Archives
Profile Archives Backups

1. Click on Enable 
2. Enter \\<UEMServer>\UEMProfile$\%username%\Backups
3. Check box Create single backup per day 
Run FlexEngine as Group Policy Extension
Select this setting to run FlexEngine automatically during login by running as a Group Policy
client-side extension
 Configure GPO Loopback Processing
The setting is located on Computer Configuration > Policies > Administrative Templates >
System > Group Policy :  Configure user Group Policy loopback processing mode

Always Wait for the Network at Computer Startup and Logon

The setting is located on Computer Configuration > Policies > Administrative Templates >
System  :  Logon

Logout Script
The setting is located on User Configuration > Windows Settings > Scripts
“C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe –s”
Link GPO to OU 
1. Right Click on OU
2. Select Link as Existing GPO.

1. Select domain
2. Select GPO created in previous step.
3. Click ok
UEM Management Console Installation
Install the VMware UEM Management Console on an administrator’s machine. This can be any
computer, whether it be a desktop, or a central server used for administrative tasks.
Install the VMware UEM Management Console by executing VMware User Environment
Manager X.msi. The VMware UEM Setup Wizard will guide you through the steps required to
install the software on your computer:

1. Run VMware User Environment Manager X.msi.

2. Click Next.
3. Accept the license agreement and click Next.
4. Select the install location and click Next.
5. Select Custom.
6. Ensure the Management Console is selected and click Next.
Click on Install
Configure the User Environment Manager Management Console
The first time you start the User Environment Manager Management Console, you must provide
the path where UEMConfig$ is configured. (you can refer Creating share folder for UEM
Config.)

1. Click start.
2. Click on Management Console.

1. Click on Location and Enter UEMConfig$ UNC path.

2. Click ok 
Verify the Configuration File Has Been Created
Open UNC Path of UEMConfig$ and ensure it has general folder created and XMl file in place.

Starting User Environment Manager to Manage Many Common Windows

applications

1. Verify the UNC path of UEMConfig$

2. Click on easy start 
1. Select the M-Office versions that are installed on the virtual desktop or server that you want
to manage
2. Click OK

In the left pane, under General, you see a list of commonly installed Windows applications. Now
these applications can be managed with User Environment Manager.
Configuring User Folder Redirections
User folder redirection is very important when we use Floating desktop.
With below settings we are redirecting all user profile to UEMProfile$ folder.
1. Click on User Environment in UEM console.
2. Click on Folder redirection from left side options.
3. Click on create to creating policy.
1. Provide name for policy.
2. Enter UNC path of UEMRedirection$ share with %Username% in remote path.
3. Select the folder to redirect by check box.
a. You can edit each folder path if you need to.
4. Click save to apply. 
Verify UEM Policy Application
To verify Connect to VDI client device which has UEM FlexEngine running. Ensure Group policy
is UpToDate you will get shortcuts on desktop.
Restart the Virtual Machines or run GPUPDATE in command prompt to apply the group policies.
You can open Command prompt and Run SET command to see all variable. You must see
Folder redirection and UEM Config share are Profile archive path in it.