WEM 2203 UPDATE AVAILABLE

Intro

Spring has sprung and Citrix has released a new version of WEM along with the new 2203 LTSR announcement. Citrix has released the first WEM version of 2022. You can download the new version here (requires Platinum/Premium licenses and login to Citrix.com). I’ve provided the release notes below.

What’s new in 2203

This release includes the following new features and addresses issues to improve the user experience:

Allow users to self-elevate certain applications

This release introduces self-elevation for the privilege elevation feature. With self-elevation, you can automate privilege elevation for certain users without the need to provide the exact executables beforehand. Those users can request self-elevation for any applicable file simply by right-clicking the file and then selecting Run with administrator privileges in the context menu. After that, a prompt appears, requesting that they provide a reason for the elevation. The reason is for auditing purposes. If the criteria are met, the elevation is applied, and the files run successfully with administrator privileges. In addition, self-elevation gives you flexibility to choose the best solution for your needs. You can create allow lists for files you permit users to self-elevate or block lists for files you want to prevent users from self-elevating. For more information, see Self-elevation.

Configure user processes as triggers for external tasks

This release includes enhancements to the external task feature. The feature now provides you with two additional options to control when to run external tasks:

  • Run when processes start. Controls whether to run the external task when specified processes start.
  • Run when processes end. Controls whether to run the external task when specified processes end.

Using the two options, you can define external tasks to supply resources only when certain processes are running and to revoke those resources when the processes end. Using processes as triggers for external tasks lets you manage your user environments more precisely compared with processing external tasks on logon or logoff.

For more information, see External Tasks.

Profile container insights

Starting with this release, you can monitor profile containers for Profile Management and FSLogix. The feature provides insights into the basic usage data of the profile containers, the status of sessions using the profile containers, the issues detected, and more. Use the feature to stay on top of space usage for profile containers and to identify problems that prevent profile containers from working. For more information, see Profile Container Insights.

Administration console

The administration console user interface has changed:

  • In Security, there is a new node, Self-elevation. The node contains a tab that lets you automate privilege elevation for users.
  • In Monitoring, there is a new node, Profile Container Insights. The node contains two tabs. The Summary tab includes two pie charts, providing a summary that shows the status of profile containers. The Profile Container Status tab displays a list of status records for profile containers.

Deprecation

Click here to see deprecated features.

Thanks for reading,
Alain

WEM 2112 UPDATE AVAILABLE

Intro

Happy holidays! Citrix has released the last WEM version of 2021 as an early Christmas present. You can download the new version here (requires Platinum/Premium licenses and login to Citrix.com). I’ve provided the release notes below.

What’s new in 2112

Workspace Environment Management 2112 includes the following new features. For information about bug fixes, see Fixed issues.

Privilege elevation

This release introduces the privilege elevation feature. The feature lets you elevate the privileges of non-administrative users to an administrator level necessary for some executables. As a result, those users can start those executables as if they are members of the administrators group.

You can configure privilege elevation using two types of rules: executable rules and Windows installer rules. You can configure how a rule behaves according to the type of the operating system. You can also configure whether a rule takes effect at a particular point in time or within a time range. You assign a rule on a per user or per user group basis.

For more information, see Privilege elevation. For more information, see Privilege elevation.

Support for optimizing multi-session OS machines

Multi-session OS machines are used to run multiple sessions from a single machine to deliver desktops and applications to users. A disconnected session remains active and its applications continue to run. The disconnected session can consume resources needed for connected desktops and applications that run on the same machine. With this feature, you can optimize multi-session OS machines where disconnected sessions are present. The feature improves the user experience of connected sessions by limiting the number of resources disconnected sessions can consume. For more information, see Multi-session Optimization.

Administration console

The administration console user interface has changed:

  • In System Optimization, there is a new Multi-session Optimization node. On the node, there is a new Multi-session Optimization tab for you to configure settings designed to optimize multi-session OS machines with disconnected sessions.
  • In Security, there is a new Privilege Elevation node. On the node, there is a Privilege Elevation tab for controlling whether to enable the feature and to apply global settings. Below the node, there are two subnodes:
    • Executable Rules with a Privilege Elevation tab where you can apply privilege elevation using executable rules.
    • Windows Installer Rules with a Privilege Elevation tab where you can apply privilege elevation using Windows installer rules.

Deprecation

Click here to see deprecated features.

Thanks for reading,
Alain

WEM 2109 UPDATE AVAILABLE

Intro

Fall is here and so is a new pumpkin-spice flavor of WEM. Citrix has released version 2109 of WEM. You can download the new version here (requires Platinum/Premium licenses and login to Citrix.com). I’ve provided the release notes below.

What’s new in 2109

Workspace Environment Management 2109 includes the following new features. For information about bug fixes, see Fixed issues.

Support for running Workspace Environment Management in FIPS mode

You can now run Workspace Environment Management (WEM) in a FIPS environment. See FIPS support for information on FIPS-related configurations in WEM and upgrade and agent considerations.

Fixed Issues

Workspace Environment Management 2109 contains the following fixed issues compared to Workspace Environment Management 2106:

  • If you assign a printer to a user based on a filter and the assignment satisfies the filter criteria, the WEM agent assigns the printer to the user. However, the agent still assigns the printer to the user the next time the user logs on even when the assignment does not satisfy the filter criteria. [WEM-11680]
  • With the Windows PowerShell script execution policy set to Allow only signed scripts on the agent host machine, WEM fails to perform Profile Management health checks. With the policy set to Allow local scripts and remote signed scripts or Allow all scripts, WEM can perform Profile Management health checks but writes error information to the Windows Event Log. [WEM-11917]
  • On a non-English version of the Microsoft Windows operating system, the WEM agent during logon writes errors to the Windows Event Log even if users experience no issues with their environment. [WEM-12603]
  • When you assign an action to a user or user group through an action group, the action still takes effect even if it is set to Disabled in the administration console. [WEM-12757]
  • The WEM agent installs VUEMRSAV.exe (Workspace Environment Management Resultant Actions Viewer), a utility that lets users view the WEM configuration defined for them by administrators. However, on the Agent Settings tab of the utility, users cannot see the setting that is associated with the Use Cache to Accelerate Actions Processing option configured in the administration console. [WEM-12847]
  • Attempts to upgrade the WEM database from version 2003 or earlier to version 2009 or later might fail if you specify a different schema (not dbo) as the default schema. [WEM-13319]
  • If you use the [ADAttribute:objectSid] dynamic token to extract the objectsid attribute, the WEM agent fails to extract the attribute of the corresponding AD object. [WEM-13746]
  • When you attempt to configure Windows Server 2022 as the matching result of a filter condition (with Client OS as the filter condition type), you find that Windows Server 2022 is missing from the Matching Result menu. [WEM-14036]
  • When the WEM agent belongs to an OU or a group whose name contains certain characters (for example, forward slash, plus sign, and equal sign), the agent might fail to register with a configuration set. As a result, the agent fails to appear on the Administration console > Administration > Agents > Registrations tab. [WEM-14316]
  • If you use the administration console to set desktop wallpaper, the WEM agent fails to fill, fit, or tile the wallpaper. [WEM-14408]

Deprecation

Click here to see deprecated features.

Thanks for reading,
Alain