The following steps will provide instructions on the configuration of the user AD GPOs needed to enable UEM:
- While logged in as a user who has privileges to create and edit GPOs in the AD domain, open the AD Group Policy Management Console (GPMC).
- Create and link an AD GPO object to the Horizon - Users OU. In the example provided, we will name the AD GPO UEM_Users.
- Edit the UEM_Users GPO object, and navigate to User Configuration - Policies - Administrative Templates - VMware UEM - FlexEngine as shown in the following screenshot:
The full name of the Administrative Templates folder is actually Administrative Templates: Policy definitions (ADMX files) retrieved from the central store; to make the instructions easier to read, the shortened name will be used throughout this chapter.
- Configure the Flex config files policy as shown in the following screenshot. Provide the Central location of Flex config files:, check the Process folder recursively checkbox, and then click OK. In the example provided, the UEM Flex config file location is set to \dc-01.vjason.localUEMgeneral, where general is the default Flex config file folder created by the UEM management console during the initial configuration:
While not shown in the screenshot, when selected, each UEM GPO setting (along with almost every other GPO setting) is explained in detail within the AD GPMC itself. Refer to this information under Help: for a more detailed explanation of what it is you are configuring. You can also refer to the UEM documentation (https://www.vmware.com/support/pubs/uem-pubs.html) for information about the different UEM GPO settings.
- Configure the Profile archives policy as shown in the following screenshot. Provide the Location for storing user profile archives:, check the Compress profile archives and Retain file modification dates checkboxes, and then click OK. In the example provided, the UEM profile archive file location is set to \dc-01.vjason.localUEMUsers\%username%Archives, which will create it within the logged-on user's UEM profile folder:
We won't be setting any of the hide folder options in any of these UEM GPOs, to make it easier to validate that UEM is functioning as intended. I recommend hiding both UEM folders and their shares by default in a production environment, to help prevent them from being discovered and subsequently modified, even by authorized users.
- Configure the Profile archive backups policy as shown in the following screenshot. Provide the Location for storing user profile archive backups:, set the Number of backups per profile archive: to 1, check the Create single backup per day checkbox, and then click OK. In the example provided, the UEM profile archive file location is set to \dc-01.vjason.localUEMUsers\%username%Backups, which will create it within the logged-on user's UEM profile folder:
- Click the Run FlexEngine as Group Policy Extension radio button, as shown in the following screenshot, and then click OK:
The UEM user GPOs have now been created. Proceed to the next section to create the required user GPOs.