WEM Tool Hub
WEM Tool Hub is a collection of tools that aims to simplify the configuration experience for Workspace Environment Management (WEM) administrators. To download it, go to Citrix Cloud > WEM service > Utilities.
The prerequisites for running the WEM Tool Hub are as follows:
- .NET Framework 4.7.1 or later
- Microsoft Edge WebView2 Runtime version 98 or later
- Local administrator privilege
Currently, the following tools are available:
- Application assistant
- Start Menu Configurator for Windows 11
- Windows Logon analysis
- User Store Creation Tool
- File Type Association Assistant
- Printer assistant
- Profile Migration Tool
- Rule generator for app access control
Note:
- WEM Tool Hub does not save data for you. Data will be cleared after you exit a tool. To avoid potential data loss, be sure to save your work.
- To paste data copied from the WEM Tool Hub into the web console, ensure that the browser allows data copying. Example: For Microsoft Edge, be sure to have the Site permissions > Clipboard > Ask when a site wants to see text and images copied to the clipboard option enabled.
Application Assistant
Use this tool to prepare configuration information for icons and Citrix Workspace resources that you want to use when adding applications in the management console.
Workspace resources
Note:
This tool requires Citrix Workspace app to be installed on the machine.
When adding an application of type “Citrix Workspace resource” to the web console, you need to specify a resource. To get information for a resource, complete the following steps:
-
Enter a Store URL or Workspace URL.
-
Click Browse resources to browse your resources. Resources are then enumerated and listed.
-
From the list, select the target application and copy its information.
In the web console, paste the information you copied by clicking Paste resource info. See Add an application.
Icons
When setting the icon for an application in the web console, you can add new icons. To get data for an icon, complete the following steps:
-
Click Browse to browse to a file that contains the icon. Icons in the file are then loaded. Supported file types:
.exe
,.dll
,.ico
. -
Select the icon and copy the icon data.
In the web console, paste the icon data you copied by clicking Paste icon data. See Add an application.
Start Menu Configurator for Windows 11
Use this tool to configure Start menu layouts for Windows 11 and generate configurations in JSON format that you can assign as actions in the management console.
To customize the Start menu layout for Windows 11, complete the following steps.
-
Click Start Menu Configurator for Windows 11 in the WEM Tool Hub. Select applications that you prefer to add to the Pinned section of the Start menu and arrange the layout as needed.
-
Click Generate configuration and copy the result.
-
In the web console, click Add a new JSON object and select Start menu configuration for Windows 11. Paste the configuration in the Add JSON object page and click Done.
-
Assign JSON file configuration to the users by selecting the required assignment target in the Manage assignments page and click Save.
Add applications
To add applications using the WEM Tool Hub, complete the following steps.
-
Click Add applications in the Start Menu Configurator for Windows 11 page.
-
Choose the applications from the Add applications page by selecting the required applications that you intend to add to the Start menu, and click Add.
-
You can change the order of the applications by dragging the applications as needed under the Pinned layout section.
-
Click Generate configuration and after the configuration is generated, click Copy. While generating the configuration, the selected layout is applied to the Start menu.
Windows Logon analysis
You can use this tool to view logon duration reports and get the tips for logon duration optimization and troubleshooting.
To receive complete reports, enable log collection for relevant Windows event logs on the machine.
- Click Windows Logon analysis > Get reports to access the Get latest reports wizard.
- Select the time range by choosing one of the options from the drop down list and click Get reports. The default range is Last 24 hours.
- The phase and description are displayed in the form of a chart based on the following table.
The following table lists all the metrics, submetrics, and tips in detail.
Base-metric | Base-metric Description(UI) | Sub-metrics | Tips | Details |
---|---|---|---|---|
Pre-logon | Time taken before Windows Logon. | Citrix pre-logon | ||
HDX connection | ||||
Authentication | Time taken to complete authentication to the session. | Windows authentication | Use Windows Hello. Windows Hello is a biometric authentication feature that allows you to sign in to your PC using your face or fingerprint. | |
VDA authentication | Network/Active Directory Speed. Ensure that there is a good network communication between the current machine and the Active Directory. You can use the tool, such as Dcdiag to check it. | |||
Efficient Input of Username and Password. Incorrect or delayed input of the user name and password can lead to an overall extension of the authentication time. | ||||
Citrix RSOP | Time taken to complete Citrix RSOP(Resultant Set of Policy). | |||
User Profile Loading | Time taken to load the profile settings for the user logging on. | FSLogixLoadProfile (Time taken to load FSLogix profile container). | Check for low disk space and free up space. If your hard drive is almost full, it can slow down your PC’s login process. Ensure that you have enough free space on your hard drive. | |
UserProfile (Time taken to load Windows user profile files and settings). | Use ProcMon tool. To analyze the details, use the ProcMon tool to capture the file I/Os within the user profile during user logon. | Windows profile data (Profile size, file/folder counts), Temp folder data (Profile size, file/folder counts), Top 10 large file list (Size not less than 50MB), Top 10 large folder list (Size not less than 100MB) | ||
SMB client (Time taken to initialize the SMB client for remote connections). | ||||
CitrixProfileMgmt | Citrix Profile Management. If you are using Citrix Profile Management, you can optimize the logon process either by using a container-based solution or by using the file-based solution with Profile streaming, for folders with Accelerate folder mirroring enabled. For more details, see link. | Profile Management health check report | ||
Group Policy Processing | Time taken to process Group Policy settings. | GroupPolicy GroupPolicyScript (Async) GroupPolicyCse (Async) GroupPolicyScript |
Disable the GPO cache. Run gpedit.msc and locate to path Computer Configuration > Administrative Templates > System > Group Policy. Then, disable the GPO cache. |
|
WmiFilter LogonScheduledTask (Async) SingleLogonScheduledTask FolderRedirection | Decrease the number of GPOs. Decrease the number of GPOs that are processed at once. Group Policy processing is done in parallel, but there are limits to how many GPOs can be processed simultaneously. Decreasing the number of GPOs that are processed at once can speed up the Group Policy processing. | |||
CitrixWemTotal CitrixWemCheckingHostServiceStatus CitrixWemReadConfiguration CitrixWemStartupScriptedTask | Use Citrix WEM to process group policy async. Using Citrix WEM to process group policy async can process group policy before user logon and make group policy processing faster. For more details, see link. | |||
CitrixWemCache (Sync) CitrixWemJsonFile CitrixWemMachineGroupPolicy CitrixWemUserGroupPolicy | ||||
Group policy objects | Single group policy object list | |||
Pre-shell (UserInit) | Time for the userinit.exe to the explorer.exe startup. |
|||
Logon Script Processing | Time taken to run logon scripts. | UserLogonScript | Optimize your logon script. You can optimize your logon script by removing unnecessary commands and reducing the size of the script. | |
Use Group Policy Preferences. Group Policy preferences can be used to replace logon scripts. They are easier to manage and can be processed faster than logon scripts. | ||||
Use Citrix WEM external tasks. Set up your logon scripts using external tasks. You can specify whether to wait for the task to complete and the duration of the wait timeout. Limiting the wait time helps speed-up user logon. To learn more about external tasks, see the product documentation. | ||||
Shell Startup | Time taken to run shell startup. | ActiveSetup FSLogixShellStart (Time taken to run the shell after loading the FSLogix profile container). |
Disable startup programs. You can disable the programs that automatically launch when you turn on your PC. To disable startup programs on Win11/Win10/Win Server 2022, perform the following steps. Press the Windows + I shortcut to open Settings and select Apps > Startup. Toggle off any apps or programs that must not be turned on automatically during startup. Remove unnecessary programs from the global startup folder: %allusersprofile%\Microsoft\Windows\Start Menu\Programs\StartUp . Remove unnecessary programs from the user startup folder: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup . |
|
ShellStart (Time taken to run the shell after loading the Windows user profile). AppxAssociations | Enable fast startup. The fast startup feature allows your computer to start up faster after shutdown. To enable fast startup on Windows 10, perform the following steps: Open the Control Panel in Icon view and choose Power Options. Choose what the power buttons do in the sidebar. Select the checkbox Turn on fast startup from the list of options that must be available. | |||
AppxLoadPackage(AppX packages loaded during logon) SingleAppxLoadPackage | Adjust the appearance and performance of Windows. You can adjust the appearance and performance of Windows to speed up your PC’s login process. To do this, right-click My Computer and select Properties. Click Advanced System Settings and then click the Settings button under Performance. You can adjust the appearance and performance of Windows here. |
User Store Creation Tool
Use this tool to create the user stores with Citrix Profile Management on the current machine, running the tool, or on a different machine. You can specify the folder path and share the name for the user store. When the user store is created, the recommended configuration for the path to the user store is provided, allowing you to use it directly in your Profile Management settings.
Create a user store on the current machine
To create a user store on the current machine, complete the following steps.
-
Specify the Folder path that you want to set as the user store location. The folder is created and shared with the specified users and groups.
-
Choose Stop and let me know or Use the existing folder, if the folder already exists.
-
Optionally, specify a name for the file share. By default, the name of the folder is used as the share name.
-
Choose Stop and let me know or Stop sharing the existing item and take the name, if a share with the same name already exists.
-
Select the users and groups that use this user store by clicking Add. This opens the native AD selector to select users and groups.
-
Select the Users or Groups object type from the location specified.
-
Add the object names in the Enter the object names to select field in the native AD selector and click OK.
-
Click Create user store.
Create a user store on a different machine
To create a user store on a different machine, complete the following steps.
-
Specify the machine name and enter the credentials of a domain user with the local administrator privilege on the machine specified. Make sure that the PowerShell remoting is enabled on the machine.
-
Specify the Folder path that you want to set as the user store location. The folder is created and shared with the specified users and groups.
-
Choose Stop and let me know or Use the existing folder, if the folder already exists.
-
Optionally, specify a name for the file share. By default, the name of the folder is used as the share name.
-
Choose Stop and let me know or Stop sharing the existing item and take the name, if a share with the same name already exists.
-
Select the users and groups that use this user store by clicking Add. This opens the native AD selector to select users and groups.
-
Select the Users or Groups object type from the location specified.
-
Add the object names in the Enter the object names to select field in the native AD selector and click OK.
-
Click Create user store.
Errors
The following error messages appear in the related sections.
- Incorrect user credentials
- Insufficient user privilege
- Folder already exists
- Share name in use
If you receive an error message apart from the ones listed, you can view the error details at the bottom of the page with the title An error occurred. View details below.
To create another user store, click Create another. This choice redirects you to the starting page with all the inputs cleared and reset.
File Type Association Assistant
Use this tool to get the information needed for configuring FTAs to add them as assignable actions in the management console.
Selecting File Type Association Assistant leads you to the File Type Association Assistant page in the WEM Tool Hub. You can configure an FTA by completing the following steps.
- When you type a file name extension, you can choose from the matching file name extension options that begins with your input.
- Check if the extension entered has an associated ProgID and whether the ProgID has associated actions in the registry.
- Click Browse to list all the applications that have the entered ProgID registered.
- Configure the application that you want to associate it with.
- You can also select Customize action to perform the Open, Edit, and Print actions.
- You can copy the configured FTA data by clicking the Copy button.
For more details, see File Type Associations.
Printer Assistant
Use this tool to get a list of printers from your print server so that you can add them as assignable actions in the management console.
When adding printers from a network print server, you need printer information to add them. To get the printer information, complete the following steps:
- Enter the full name of the print server.
- Specify whether to connect to the print server using specific credentials.
- Click Connect to view the printer list.
- Select one or more printers from the list and copy the printer information.
In the web console, paste the information you copied by clicking Paste printer info. See Add printers from a print server.
Profile Migration Tool
Use this tool to migrate other profiles to the Citrix container-based profile solution. The process includes the following steps:
- Select any of the following source profiles:
- FSLogix profile container
- Citrix file-based solution
- Local machine
Note:
If you select Local machine, skip step 2 as Profile Migration Tool retrieves the default configuration of the local machine profiles.
- Configure the location of the source profiles:
- File share: Click Browse and select the required source file share location or directly enter the location.
- Subpath: If you are not using the default container folder, enter the subpath.
Note:
For FSLogix profile container, two different folder patterns are supported, where
%SID%_%USERNAME%
is the default folder pattern. - Configure the location of the target Citrix user store:
- File share: Click Browse and select the required target file share location or directly enter the location.
- Subpath: Enter the required target subpath.
-
Click Check access to verify if your current account or the alternate account has read access to the source file share and full access to the target file share. If your current account doesn’t have access, select the Use alternate credentials check box to enter the alternate username and password.
-
Specify the users and groups whose profiles are to be migrated. If no users or groups are specified, all the profiles in the source location are migrated.
-
Select the OS version of the source profiles.
- Click Start migration.
Profile Migration Tool migrates one profile at a time. If you choose to stop the migration, click Stop. This action completes the migration for the current profile and stops the migration for the remaining profiles. You can choose to retry the migration by clicking Retry selected. Otherwise, to perform another migration, click Do another migration.
In case of a failure, you can click View log to see the error logs. You have the option to retry the migration for failed profiles by clicking Retry selected.
Rule generator for app access control
Use this tool to create rules to control user access to items such as files, folders, and registries. The rules are implemented through Citrix Profile Management. A typical use case is to apply rules to control user access to apps installed on machines — whether to make apps invisible to relevant users.
You can perform the following operations:
- Create app rules
- Import app rules from a file
- Generate raw data for rules
- Edit app rules
- Delete app rules
To create an app rule, complete the following steps:
- Click Create rule in the action bar.
-
On the Target objects page, configure the following settings:
- App rule name. Specify a name to help you identify the rule.
-
Target objects. Add target objects. Target objects can be files, folders, and registries related to the app that you want to hide. Click Scan for a list of apps installed on the current machine and objects associated with each app.
Note:
- The tool might not be able to get the path for a folder after a scan. The path field shows the following warning:
No path found
. The issue occurs, for example, when the installation folder of an app resides in the user’s profile folder. In that case, you must locate the installation folder and then enter the path manually. - You cannot add paths for items on which certain Citrix and Windows services rely. Otherwise, those services might stop working properly. For a complete list of those paths, see Paths not allowed to be added.
- The tool might not be able to get the path for a folder after a scan. The path field shows the following warning:
-
On the Assignments page, add users, computers (organizational units), and processes you want to assign the rule to. For more information about how to get the AAD users or groups and NDJ machines, see AAD/NDJ object selector.
Note:
- After you assign this rule to certain users, computers, and processes, the target objects are invisible when users run the processes on related computers.
- Without assignments specified, this rule always hides the target objects.
- Assignments come in three categories: users, computers, and processes. The “OR” operator is used between items within a category, and the “AND” operator is used between categories.
- You cannot add users and computers when running the tool on a non-domain-joined or Azure Active Directory joined machine.
- You can add bulk processes. Enter process names (including the .exe extension), separated by line breaks.
- After you finish, click Done.
To generate raw data for rules, complete the following steps:
- Select desired rules or click Select all to select all rules.
- Click Generate raw data in the action bar. The raw data is then generated for the selected rules.
-
In the Generate raw data window, save the raw data to a file for later restoration or copy the raw data to your clipboard.
Note:
- Use the raw data when adding rules in the WEM administration console or when configuring the Profile Management policy “App access control,” depending on how you want to get the rules deployed.
- After you save the raw data to a file, you can restore the rules from the file. To achieve that, use Import in the action bar.
- After you finish, click Done.
Paths not allowed to be added
You cannot add the following paths and their parent paths for items on which certain Citrix and Windows services rely. Profile Management related registries:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\UserProfileManager
HKLM:\SOFTWARE\Policies\Citrix\UserProfileManager
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\UserProfileManager
HKLM:\SOFTWARE\Citrix\UserProfileManager
WEM related registries:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Norskale
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\WEM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Norskale
HKLM:\SOFTWARE\Policies\Norskale
HKLM:\SOFTWARE\Citrix\WEM
HKLM:\SYSTEM\CurrentControlSet\Control\Norskale
Virtual Delivery Agent (VDA) related registries:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\VirtualDesktopAgent
HKLM:\SOFTWARE\Citrix\VirtualDesktopAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Citrix Virtual Desktop Agent
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Citrix Virtual Desktop Agent
Windows related registries:
HKCU:
HKEY_CURRENT_USER
HKU:
HKEY_USERS
Windows and Citrix service related folders:
c:\windows\system32
\Citrix\User Profile Manager\
\Citrix\Workspace Environment Management Agent\
\Citrix\XenDesktopVdaSetup\
\%windir\%\system32
Assigning app access rules to AAD users/groups and NDJ machines
To assign app access rules to AAD users or groups and NDJ machines, complete the following steps.
-
Click AAD/NDJ object selector from the web console.
-
Use the AAD/NDJ object selector to add the desired AAD users and NDJ machines.
-
Copy the user or machine data.
-
Go to WEM Tool Hub > Rule Generator for App Access Control, where you create a new app rule.
-
Go to the Assignments page, and paste the data.
-
Click Done to create the app access control rules.
-
Copy the app access control rules.
-
Go to the web console > configure set > Profile Management settings > App access control and paste the data there.
Add local applications for quick access
This feature lets you add local applications to the WEM Tool Hub for quick access. The added applications are considered as part of your personal data. The data is retained when you switch machines while using the Profile Management environment.
To add an application, click the plus sign on the top right corner of the WEM Tool Hub and then navigate to the application. You can add multiple applications at a time.
The added applications appear as tiles in the WEM Tool Hub. You can click a tile to start the application quickly.
Note:
To remove an added application, click the trash can icon.