The first step we need to take on the road to DEM domination is to get the share setup. This will hold the configuration files that the agent will read to apply to the desktop. Once the share is setup you install the DEM manager and point it at the share, at which point it will create the initial directory structure, if it isn’t already there.OK
There are two types of permissions we need to address. Share permissions and security permissions. Thankfully in this case we’ll set the same for both. The DEM admins will need full control and DEM users will need read only. I’d consider it best practice to create separate AD groups called DEM admins and DEM Users.
Creating and configuring the DEM Share.
- Connect to your file server. When testing this out in my lab I just created a share on my DC, but in a prod environment you’ll want to get this setup on a dedicated file server.
- Create a folder. In my case I called it DEMConfig.
- Right click on the folder and select properties. Select the tab labeled Sharing and click Advanced Sharing.
- In the Advnced Sharing window check “Share this folder”. If you add a $ sign to the end of your folder name it becomes hidden from casual browsing. Click Permissions.
- Select Everybody and click Remove. Click Add and add your DEM user and Admin groups. The DEM Users should only have read and the DEM Admins should have full control. Click OK. Click OK.
- Back in the Properties windows select the Security tab and click Edit. Add the DEM user and administrators. The DEM Users should only have read and the DEM Admins should have full control. Click OK. Click OK.
Now we’ve created the share it’s on to installing the management console and putting together the first XML file for noAD mode.
[Edit – 31/10/19 – Updated for Dynamic Environment Manager]
In the next few posts wel’ll look at setting up Dynamic Environt Manager. User Environment Manager or Dynamic Envirnment Manager as its now called is a very powerful tool for EUC. It gives admins a very flexable way to configure desktops without needing to work the base image. VMware are pushing it as a replacement for Persona Manager, which makes sense as then they do not need to support two products. Persona manager can be configured to use physical as well as virtual desktops.
DEM can have its initial config delivered through GPO or, in the case of noAD mode, an XML file. Infact all configuration is pickedup via XML files. The management dashboard is a local install of a few hundred MB which you point at the file share, and really only makes sure the formatiing is correct. All the hardwork is done via the agent. There is an argument to be had about whether or not to have some of the desired config baked into your parent images. I prefer to have as much of the the config delivered via DEM as possible to prevent any more recomposes than nessesary.
I particuarily like the fact that this product does not need a server backend and can run without the need for active directory GPO’s. Infact to get up and running there are only 4 things to setup.
- File share and correct permissions
- The Managment interface
- The various customisations you’d like
- And (obviously) the agent on the parent image (or physical machines
The next post will look at getting the file share setup.