ltstudiooo - Fotolia
Organizations have always struggled to manage the Windows PC environment in a way that is flexible for users and sustainable for IT administrators. In the beginning, users could do whatever they wanted, which worked out fine until it was time to migrate to a new operating system or roll out a new application, or the user wanted to log in from another computer.
Admins are tempted to use the built-in features of Windows to get a grip on the problem. User profiles, local machine permissions, Group Policies and folder redirection tend to work at small scale in relatively simple environments. Roaming profiles can become huge and severely extend logon times while they copy from the file server to the local machine, however. It's effective to take admin rights away from a user -- until you run into an application that requires write access to a specific registry key or file. Group Policies are powerful but can result in unforeseen conflicts that are tough to resolve. And let's just say that, at scale, folder redirection is akin to a mini denial-of-service attack on your file server.
It's those problems that user environment management (UEM) can help solve. UEM compartmentalizes a user's workspace, allowing it to follow the user wherever he or she may log in.
How UEM works
Originally, user environment management focused on managing Windows profiles. It saved important parts, such as application settings, to a centralized location and discarded the bits that nobody needed, such as temporary internet files. At logon, the important parts loaded on top of an optimized, default profile. At logoff, the process repeated. This approach eliminated the need to use the built-in roaming profiles, dramatically decreasing logon times.
Over the last 15 years, UEM blossomed into a more full-featured technology that could handle profile management, among other things:
- translation between different versions of operating systems and profiles -- such as from Windows XP to Windows Vista and 7;
- elevating privileges for single applications so users can run apps that require admin rights without actually getting admin rights;
- applying policies more powerful than Group Policies, plus logon scripts to enforce security features, map drives and printers, disable certain peripherals and more; and
- facilitating user environment roaming without the complexity of the roaming profile, even between different delivery models (traditional PCs, Remote Desktop Session Host, virtual desktop infrastructure, even cloud-based desktops).
Even though some of those capabilities are available with basic Windows features, they often require using many different techniques in different management consoles. A user environment management platform provides a one-stop shop for all your customization needs, managed from the same console and applied to whatever bucket of objects you want to throw together. That means you can deploy settings to users, groups, virtual LANs, geographic locations or even floors within a building.
Do you need UEM?
Some environments can get away with the tools that come with Windows, but things can get out of hand quickly with as little as 20 or 30 users, especially if you're using desktop virtualization. Fortunately, Citrix and VMware have made recent acquisitions to bolster the UEM capabilities in their desktop virtualization products. VMware acquired Immidio in 2015, and Citrix bought Norskale in 2016.
Those vendors' capabilities ought to be enough to lighten the load for a large number of admins. Companies that need more functionality, or want additional features -- such as application management, security or automation -- built into the user environment management interface, can look to vendors such as AppSense, Liquidware Labs, RES Software and FSLogix.
To derive all the possible value from user environment management, organizations should use it on all their desktops, not just virtual desktops. Most companies are using virtual desktops for only a small percentage of their users. Deploying a full-featured UEM platform that works on any Windows desktop helps both immediately and down the road, when it comes time to move desktops to the data center or cloud.
Combined with other technologies that compartmentalize different pieces of Windows, including layering and application management, UEM can and should become a strategic part of your desktop management plan.
What's the latest in the UEM market?
AppSense DesktopNow vs. RES ONE Suite for UEM
A look at user environment virtualization
- How to Gain Visibility and Control of your Networks, Users and Devices –Aruba Networks
- Aruba 360 Secure Fabric: A User-centric Approach to Network Security –Aruba Networks
- Sleeping Android: the danger of dormant permissions –ComputerWeekly.com
- Password Guidelines to Lower Risk –TechTarget