EUC Toolbox: Regshotting across the end user universe

For managing applications and user environments it is very useful to know the way the application and the user behaves. And for application provisioning and user environment management it is necessary to know where the application and system stores the settings and personalizations options. We will need some form of application to use for capturing or monitoring the system for changes that the application or it’s settings are doing. For UEM for example we have the Application Profiler to use and create application configuration or predefined settings. But if you like to see where our Windows friend stores its changes, application profiler is not enough. We need other tools for the job. We can use Process monitor (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx) or SpyStudio (http://www.nektra.com/products/spystudio-api-monitor/) to name a few. Or regshot.

The main difference of regshot to, for example the mentioned Process monitor or SpyStudio, is that this tool does not require admin permissions like Process monitor or installation on the system like SpyStudio. You can just download and run in the user context. This is what is the strong point is of Regshot, low footprint and no changes to the system that could influence your capturing. As long as the changes you want to monitor are within the user context, but wasn’t this the point in the first place….

What does regshot do?

In short regshot takes a first and a second shot of the registry, and shows you the differences between these. Next to this regshot also allows you to scan dirs. For example save the registry and APPDATA after you have changed that minor customization. Isn’t that what you would want to see?

In short take a first shot before your change. Change the system and take a second shot. Press compare and see what has been changed. And use that output in for example UEM configurations.

Options

First up the application is available in 32-bit and 64-bit, and in ANSI and Unicode encoding.

Regshot Files

The difference here is the program architecture and how the character encoding is handled. If for example your language settings include non-latin characters, you may want to use the Unicode version of Regshot. Else it will not matter which one you take as long as the processor architecture is right.

Secondly with the shots you can do your shot, or do and save your shot. When saved you can later use this with the load option.

Capture and shot

Third, want your output in HTML or text. HTML is friendlier on the eyes, however it will take some more time to output. Sometimes the external program connection to HTML is screwed.

Fourth is including a scandir. Default regshot will do registry, but a lot of application do save something in for example the AppData Local, ProgramData or other locations. I would recommend to include the scandirs where possible. To only downside is that you would need to know where an application stores its values, or put in the most likely suspects. Just going for all out C:\users is getting you a lot of background noises from other applications using the same space.

Fifth is setting an output path. Currently it is set to the administrators AppData profile path. If I am scanning dirs in that location it might be a better idea to redirect the output to another location not to mess up the output.

Do keep in mind not to let in a lot of cycles between the first and second shot. The system will continue to run and add up in changes between the shots. Do your required change and shoot again.

Where can I get Regshot?

RegShot is available on its Sourceforge project page at https://sourceforge.net/projects/regshot/. You can download Regshot as a compressed .7z file. You can open this with 7Zip or WinZip. Downpart of the 7z is that if you haven’t brought an additional zip application, native Windows can’t handle this. There goes my no changes to the system with using Regshot…..or just unzip it on another system 😉

Show me

Don’t mind if I do. First we are going to take our first shot. Just let the program count the keys and values, and the dirs and files, until the second shot button appears.

Regshot Shooting

I don’t mind the time it takes, my testlab is a bit on the slow hand. And including the scandir takes an even longer time than just browsing the registry. But I’m there for the results not the speed.

Next up do a change to the system. For this example I changed Chrome browser settings to show the home and always show the bookmark bar. Done with the change? Take the 2nd shot. And wait until the compare button is available. Than press that one. In the output is for example:

Keys Home

Now it is up to you to analyse what is needed..

We see that Chrome wrote to the \Software\Google\Chrome\PreferenceMACs in the USER SID key. However SIDs we cannot capture with for example UEM. We do know that this is the same as HKCU and can be captured from the HKCU\Software\Google\Chrome\PreferenceMACs. Just add the HKCU\Software\Google\Chrome\PreferenceMACs or HKCU\Software\Google\Chrome to be included in the UEM Configuration.

Now it is up to you to analyse what is needed.

– Happy shooting at your users…ermmm user environment I mean!

Sources: sourceforge.net/projects/regshot

EUC Layers: Dude, where’s my settings?

With this blog post I am continuing my EUC Layers series. As I didn’t know that I started one there is no real order to follow. Other that it seems to be somewhat from the user perspective, as that seems a big part in End User Computing. But I cannot guarantee that will be the right order at the end of things.

If you would like to read back the other parts you can find them here:

For this part I would like to ramble on and sing my song about an important part for the user experience, User Environment Management.

User Environment

Organisations will grant its users access to certain workspaces, an application, a desktop and or parts of data required or supporting the users role within the business processes. With that these users are granted access to one or more operating systems below that workspace or application. This organization would also like to apply some kind of corporate policy to ensure the user works with the appropriate level(s) of access for doing their job and keeping organizations data secure. Or in some cases to comply with rules and regulations and thus making the users job a bit difficult at the same time.

On the other side of the force, each user will have a preferred way of using the workspace and will tend to make all sorts of changes that enable these users to work efficiently as human possible. An example of these changes are look and feel options and e-mail signatures.

The combination of the organization policy and the user preferences is the User Environment Layer, also called persona also called user personality.

Whether a user is accessing a virtual desktop or a published application, the requirement for a consistent experience for users across all resources is one of the essential objectives and requirements for End User Computing solutions. If you don’t have a way of managing the UE, you will have disgruntled users and not much of a productive solution.

Dude

Managing the User Environment

Managing the User Environment is complicated as there are a lot of factors and variables in the End User environment. Further complexity is added by what will be needed to be managed from the organization perspective and what does your users expect.

Next to this yet an other layer is added to this complexity, the workspaces are often not just one dominating technology, but a combination of several pooled technologies. Physical desktops pools, Virtual desktops pools, 3D engineering pools, application pools and so on.

That means that a user does not always log on to the same virtual desktop each time, or log on to a published application on another device still wanting to have the same settings to the application and the application on the virtual desktop. A common factor is that the operating system layer is a Windows-based OS. Downside is, several versions and a lot of application options. We should make sure that user profiles are portable in one way or another from one session to the next one.

It is absolutely necessary that using different versions pooled workspaces that the method of deploying applications and settings to users is fast, robust and automated. From the user context and operational management.

Sync Personality

User Environment Managers

And cue the software solutions that will abstract the user data and the corporate policies from the delivered operating system and applications. And manage centrally.

The are a lot of solutions that provide a part of the puzzle with profile management and such. And some will provide a more complete UEM solution like:

  • RES ONE Workspace (previously known as RES Workspace Manager),
  • Ivanti Environment Manager (previously known as AppSense Environment Manager),
  • LiquidLabs Profile Unity,
  • VMware User Environment Manager (previously known as Immidio).

And probably some more…

Which one works best is up to your requirements and the fit with the rest of the used solution components. Use the one the fits the bill for your organisation now and in a future interaction. And look for some guidance and experience from the field via the community or the Intarweb.

User Profile Strategy

All the UEM solutions offer an abstraction for the Windows User Profile. The data and settings normally in the Windows User Profile are captured and saved to a central location. When the user session is started on the desktop, context changes, application starts or stops, or sessions are stopped, interaction between (parts of) the central location and the Windows Profile is done to maintain a consistent user experience across any desktop. Just in the time when they are needed, and not bulk loaded on startup.

The Windows Profile itself comes in following flavours:

  • Roaming. Settings and data is saved to a network location. Default the complete profile is copied at log in and log out to any computer the user starts the session. The bits that will be copied or not can be tweaked with policies.
  • Local. Settings and data is saved locally to the desktop. This remains on the desktop. When roaming settings and data are not copied and a new profile is created with a new session.
  • Mandatory. All user sessions use a prepared user profile. All user changes done to the profile are delete when user session are logged off.
  • Temporary. Something fubarred. This profile only comes in to play when an error condition prevents the user’s profile from loading. Temporary profiles are deleted at the end of each session, and changes made by the user to desktop settings and files are lost when the user logs off. Not using this with UEM.

The choice of Windows profile used with(in) the UEM solution often depends on to be architecture and the phase you are doing, starting point and where to go. For example starting with the bloating and error prone roaming profiles, UEM side-by-side for capturing the current settings and moving to clean mandatory profiles. Folder Redirection in the mix for centralized user data and presto.

Use mandatory as de facto wherever possible, it is a great fit for virtual desktops, published applications and host/terminal servers in combination with a UEM solution.

The User Profile strategy should also include something to mitigate against the Windows Profile versions. OS versions are incorporated with different profile versions. Without some UEM solution you cannot roam settings between a V2 and V3 profile. So when migrating or moving between different versions is not possible without tooling. The following table is created with the information from TechNet about User Profiles.

Windows OS User Profile Version
Windows XP and Windows Server 2003 First version without .
Windows Vista and Windows Server 2008 .V2
Windows 7 and Windows Server 2008 R2 .V2
Windows 8 and Windows Server 2012 .V3 (after the software update and registry key are applied)
.V2 (before the software update and registry key are applied)
Windows 8.1 and Windows Server 2012 R2 .V4 (after the software update and registry key are applied)
.V2 (before the software update and registry key are applied)
Windows 10 .V5
Windows 10, 1703 and 1607 .V6

Next to that UEM offers to move settings for the user context from Group Policies and login/logoff scripts, again lowering the amount of policies and scripts at login and logoff. And improving the user experience by lowering those waiting times to actually having what you need just in the time you need it.

And what your organization user environment strategy is, what do you want to manage and control, what to capture for users and applications, and what not.

VMware User Environment Manager

With VMware Horizon often VMware UEM will be used. And what do we need for VMware UEM?

In short VMware UEM is a Windows-based application, which consists of the following main components:

  • Active Directory Group Policy for configuration of the VMware User Environment Manager.
  • UEM configuration share on a file repository.
  • UEM User Profile Archives share on a file repository.
  • The UEM agent or FlexEngine in the Windows Guest OS where the settings are to be applied or captured.
  • For using UEM in offline conditions and synchronizing when a the device connects to the network again.
  • UEM Management Console for centralized management of settings, policies, profiles and config files.
  • The Self-Support or Helpdesk Tool. For resetting to a previous settings state or troubleshooting for level 1 support.
  • The Application Profiler for creating application profile templates., Just run your application with Appliction profiler and Application Profiler automatically analyzes where it stores its file and registry configuration. The analysis results in an optimized Flex config file, which can then be edited in the Application Profiler or used as is in the UEM environment.

UEM will work with the UEM shares and engine components available to the environment. With the latest release Active Directory isn’t a required dependency with the alternative NoAD mode. The last three are for management purposes.

All coming together in the following architecture diagram:

UEM Architecture

That’s it, no need for further redundant application managers and database requirements. In fact UEM will utilize components that organization already have in place. Pretty awesomesauce.

I am not going to cover installation and configuration of UEM, there are already a lot of resources available on the big bad web. Two excellent resources are http://www.carlstalhood.com/vmware-user-environment-manager/ or https://chrisdhalstead.net/2015/04/23/vmware-user-environment-manager-uem-part-1-overview-installation/. And of course VMware blogs and documentation center.

Important for the correct usage of UEM is to keep in mind that the solution works in the user context. Pre-Windows Session settings or computer settings will not be in UEM. And it will not solve application architecture misbehaviour. It can help with some duct tape, but it wont solve an application architecture changes from version 1 to version 4.

VMware UEM continually evolves with even tighter integration with EUC using VMware Horizon Smart Policies, Application Provisioning integrations, Application authorizations, new templates and so on.

Happy Managing the User Environment!

Sources: vmware.com, microsoft.com, res.com, ivanti.com, liquidwarelabs.com