Workspace Environment Management

What’s new

A goal of Citrix is to deliver new features and product updates to Workspace Environment Management (WEM) service customers when they are available. New releases provide more value, so there is no reason to delay updates. Updates are rolled out to the service release approximately every four weeks.

This process is transparent to you. Updates are applied to Citrix internal sites initially, and are then applied to customer environments gradually. Delivering updates incrementally in waves helps ensure product quality and maximize availability.

In general, updates to the documentation are made available before new features and product updates are accessible to all customers.

For information about the service level goal for the WEM service for cloud scale and service availability, see Service Level Goals. To monitor service interruptions and scheduled maintenance, see the Service Health Dashboard.

November 2024

Unified Platform experience for navigation

The primary navigation menu is now expanded to include a secondary navigation menu for the Monitoring and Enrollment menu items on the WEM web console. Navigation breadcrumbs are now displayed on the top of every page. To provide a unified platform experience, a drop-down menu is now included on the top right-hand corner of the page that lets you switch to either the Legacy console, Utilities, or to the Web console. The screenshots depicting the changes are as follows:

Expanded primary menu

Navigation breadcrumbs

Unified platform experience

User statistics quick search and refresh icon

This enhancement provides the ability to search in the user statistics table using the user name and other relevant properties, such as, display name and email.

You can now use the refresh icon that appears when you hover your mouse on every record or user display name instead of the SID. For more information, see User statistics.

Upload scripts for external tasks

Previously, to use the external task feature, the path to a script (or executable) on the agent machine (or network storage) had to be specified. This required maintenance of the script files either on network storage locations or locally on a VDA running WEM causing inconvenience.

With this feature, you can now directly upload scripts when configuring external tasks. To create an external task, you now have an option to upload the script file for the task to run. After uploading, you can also view the content of the script.

For more information, see Create an external task.

Minimum agent version required: 2410.1.0.1

Rule Generator updated with expanded app access control features

The Rule Generator for App Access Control tool now supports the expanded features of the App access control policy. With this tool, you can now create redirection rules and configure exclusions for rule assignments.

For more information, see Rule Generator for App Access Control.

Enhancements to Group Policy Migration Tool

This feature enables you to auto-configure script path and parameters when you migrate the Windows Logon scripts to WEM external tasks using the Group Policy Migration Tool.

For more information, see Group Policy Migration Tool

New details to diagnose logon duration

This feature introduces new details to diagnose the logon duration. You can find more details for the sub-metrics, FSLogix profile loading and WEM logon services in the table that lists all the metrics, submetrics, and tips in detail.

For more information, see Windows Logon Analysis.

Profile Management

Workspace Environment Management now supports all supported versions of Profile Management through 2411. The following features are now available in the web console.

  • Alert user when profile size exceeds quota. This feature helps prevent data loss by notifying users when their profile size exceeds a quota. You can customize the quota limit and the notification content based on the default settings. The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Settings.

  • Enable UWP app load acceleration. This feature accelerates the loading of UWP apps and improves their consistency in non-persistent environments. By default, Windows stores UWP App registration information locally on each machine, which can be lost upon restart in non-persistent environments. With this policy enabled, Profile Management creates a VHDX container for each machine to store the UWP app registration data, speeding up user logon and preventing data loss on restarts. The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Settings.

  • App access control policy expanded. With the policy, you can now implement machine-level redirections for files, folders, registry keys, and registry values. In addition, you can now exclude specific users, machines, and processes from rule enforcement for more precise control. The feature is available under each configuration set in Profiles > Profile Management Settings > App access control. For more information, see Citrix Profile Management Settings.

  • Folder redirection policy enhanced for more secure access control. With a new option, Grant access to specific users and groups, you can now grant specific users or groups Read and Execute permissions on the redirection target folders. For more information, see Citrix Profile Management Settings.

  • Minimum agent version required: 2411.1.0.1

Fixes

No issues have been observed in this release.

October 2024

Group policy migration to WEM

  • You can now use the Group policy migration to migrate Group policy preferences that cause slow sign-ons into WEM actions to improve your sign-on experience. In the WEM Tool Hub, you can begin the migration workflow either within a logon duration report, while viewing GPO processing times, or from the Group Policy Migration Tool. This tool allows you to scan for currently applied GPOs.

  • You can select from the listed items supported for migration. Selected items are exported as a ZIP file to the local machine, which is later imported as WEM actions. This feature is enhanced to guide you through the process of creating an assignment group with the exported settings, and also assign the group to the respective user.

  • For more information, see Group Policy Migration Tool and Create an assignment group using the exported settings.

Introducing new insights to monitor and diagnose logon duration

  • This enhancement introduces profile container and GPP processing insights to monitor and diagnose logon duration. This feature enables you to identify the possible issues, which may cause slow logon and to also provide recommendations to resolve issues.

  • For more information, see Windows Logon analysis and Analyze logon duration using scripted tasks.

Centralized configuration set level agent cache synchronization

  • This feature is introduced to enhance the existing agent cache synchronization mechanism.

  • Based on the new mechanism, you can avoid performance issues for large WEM deployments and the database cost on the Cloud is also reduced. For more information, see Agents and Agent cache utility options.

  • Minimum agent version required: 2409.1.0.1

Fixes

  • While creating Start menu shortcuts and pinning applications to the Start menu, shortcuts are generated in the root folder of the Start menu instead of being created in the path specified. This issue occurs only on Windows Server 2022/2019 but not on Windows Server 2016. [WEM-32923, CVADHELP-24045]

September 2024

Support data export to Splunk

Previously, you were restricted only to Grafana when exporting agent reports to third-party platforms.

With this feature, you can now effortlessly export the data to Splunk as well.

For more information, see Reports.

Privilege elevation

WEM agent support for persistent cache on non-persistent machines

  • This enhancement enables the WEM agent to automatically detect non-persistent machines provisioned by MCS or PVS and use the persistent data location provided by the underlying Provisioning Service to persist agent cache and other crucial information. This improves the WEM performance and resiliency on non-persistent machines. Also, the WEM agent enrollment now supports non-persistent machines. You can now enroll the master image and the provisioned non-persistent machines are automatically enrolled.

  • For more information, see Prerequisites, Determine which setup method to use, and Introduction.

  • Minimum agent version required: 2408.1.0.1

Configuring registry and GPO settings with a new registry value type

  • REG_NONE registry value type is introduced for more customized configurations by providing a way to specify settings or parameters that do not fit into other predefined data categories, such as, strings, integers, or binary data. You can use this flexibility to handle unique or specialized configurations.

  • REG_NONE registry value type supports the following functions:

    • In creating/updating registry entry action
    • In creating/updating registry entry-based GPO action
    • When importing a registry entry-based GPO
    • On the agent side
    • For legacy console
    • For backup and restore from the web console and the legacy console
  • For more information, see Create a GPO and Import Group Policy settings.

  • Minimum agent version required: 2408.1.0.1

Selective WEM reset feature

  • WEM is enhanced to selectively reset WEM actions tracking cache. When you enable Allow Users to reset Cached Actions, the Reset Cached Actions is turned on. On clicking it, a new wizard gets displayed and then you can choose the cached actions that need a reset. This enhancement enables you to reset the process history for JSON files or the user group policy objects. After the reset, the actions get processed during the subsequent user logons.

  • Minimum agent version required: 2408.1.0.1

Fixes

  • An output is not generated when you run the scripted task with parameters. [WEM-39324]

  • The scripted task service can run an unknown binary file with a special path because the service path contains space and is not enclosed within quotes. [WEM-39477]

  • When you try to sign in to Workspace using WEM Tool Hub > Application assistance using your Active directory and Token, you won’t see a blank workspace window. [WEM-37723]

August 2024

Enhancements to the selection of Microsoft Entra ID (Azure AD) groups or users

Policies, including actions and security rules, assigned to Microsoft Entra ID (Azure AD) groups or users now automatically take effect on the agent side without requiring manual user-device associations. To ensure the proper functioning of this feature, adhere to the following requirements:

  • The agent version must be 2407.2.0.1 or higher.
  • In Citrix WEM User Logon Service Properties dialog, set the Startup type as Automatic.
  • Log out of your local machine and login again.

Add new built-in scripted tasks to reduce operation efforts

Added more valuable built-in script tasks that help admins use built-in scripted tasks directly and reduce operation efforts. This feature resolves unregistered VDA issues and sets CDF trace configurations. For more information, see Scripted Tasks.

VHD disk compaction report

Administrators can now view the VHD disk compaction reports in the web console by enabling VHD disk compaction report collection. For more details, see Reports and Monitoring preferences.

Profile Management

Workspace Environment Management now supports all supported versions of Profile Management through 2407. The following features are now available in the web console.

  • Enable in-session profile container failover among user stores Specifies whether to enable in-session profile container failover among user stores. This feature enhances profile redundancy in the contain-based solution by expanding the container failover scope from occurring only at user logons to throughout the entire session.

    The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings > Replicate user stores. For more information, see Citrix Profile Management Settings.

  • Folder redirection enhanced with two new options:

    • Redirect to the local user profile, allowing you to redirect a folder to the local user profile.
    • Move contents to new location, allowing you to decide whether to move contents from the previous folder to the new one when setting or modifying redirection target folders.

    For more information, see Citrix Profile Management Settings.

  • Minimum agent version required: 2407.1.0.1

Fixes

  • In the cloud environment, if the selected WEM agent version is outdated, it should give an error prompt when editing the delivery task. [WEM-37688]

  • When the WEM transformer is visible on the screen, the unlock feature through a hotkey (CTRL+ALT+U) does not work. If you change the focus to the app, the unlock hotkey works again. [WEM-37678]

June 2024

Support for testing the app access control rules

You can now validate app access control rules on the local machine before deploying in the testing or production environment. For more information, see Rule Generator for App Access Control.

View a GPO

You can now view the WEM Group Policy settings. GPO summaries in read-only mode without editing the GPO. This implementation eliminates the risk of misconfiguration while reviewing the existing settings.

For more information, see Group Policy settings.

Support data export to third-party platforms for flexible management

Previously, you were restricted to exporting reports solely to cloud storage or local machines, hindering your ability to effectively analyze and monitor task outcomes.

With this feature, you can now effortlessly configure and export report data to third-party platforms such as Grafana. This enhancement helps to seamlessly integrate and utilize external analytics tools for comprehensive performance monitoring and analysis, whether automatically scheduled or manually initiated.

For more information, see Reports.

Fixes

  • When you upgrade to Workspace Environment Management version 2402, the Actions > External Tasks > Run Once configuration doesn’t work as expected in some cases. [WEM-37104]

  • The WEM agent fails to enumerate all the groups to which the user belongs. Only Everyone and Administrator are listed. [WEM-37201]

Integration of the WEM Health Check tool into the WEM Tool Hub

  • The WEM Health Check tool is now integrated and listed within the WEM Tool Hub Home page for ease of access and use. This tool runs checks on the WEM agent or infrastructure server and identifies potential issues with your WEM deployment. For more information, see WEM Health Check tool.

  • Minimum agent version required: 2401.1.0.1

Hub agents

  • This feature allows you to promote the WEM agent to a hub agent role. The hub agent can be configured to manage multiple configuration sets, assisting in the utilization of on-premises resources. Currently, the hub agent provides two key benefits:

    • Application Package Delivery: Once the hub agent is configured, it enables you to browse files from the SMB share in your on-premises environment when you add an application package.

    Note:

    The hub agent must be set to manage the site where the SMB share is located.

    • On-Demand Task Execution: If you initiate agent on-demand tasks from the WEM console and the cloud connector is not reachable, notifications are sent to the hub agent managing the configuration set, to which the target agent belongs. The hub agent then attempts to notify the target agents on the same subnet to execute its tasks.
  • For more information, see Hub agents

  • Minimum agent version required: 2406.1.0.1

Profile Migration Tool in the WEM Tool Hub

With the new Profile Migration Tool, you can now migrate different types of profiles to the Citrix container-based profile solution. This feature simplifies the profile migration process, ensuring a smooth transition and minimal disruption to user workflows. The following types of profiles are supported:

  • FSLogix profile container
  • Citrix file-based solution
  • Local profile

For more information, see Profile Migration Tool.

Application security rules for WEM web console

  • This feature allows you to create and configure different types of application security rules and assign them to users in the web console. This feature uses the same workflow that is used for action assignments. You can now import rules configured with AppLocker to manage them in WEM. You can also use the WEM Tool Hub to retrieve information needed for rule configuration, such as path, publisher, and hash values. For more information, see Application security, File Info Viewer, and Assignment Groups.

  • Minimum agent version required: 2406.1.0.1

Fixes

  • User can now access the Reports page from the Task history page with the specific type UPM health check. [WEM-36422]

May 2024

Windows event-based triggers for external tasks

  • Windows event-based triggers for external tasks now allow you to associate external tasks (session-level tasks) with them. When the Windows events meet the defined criteria, the trigger is activated. This trigger begins to perform the associated external tasks that help in automatically managing the session-level tasks, based on Windows events. For more information, see Considerations.

  • Minimum agent version required: 2404.1.0.1

WEM agent basic deployment mode

  • A basic deployment mode for the WEM agent is introduced to provide basic agent functions, such as system optimization and logon duration analysis without the need to connect to the infrastructure service. WEM has powerful capabilities for user environment management that require deploying backend components such as Broker, database, and consoles for the entire deployment. Some of you might want to use only the basic features. For example, previously, if you wanted to use only the optimization functionality you had to deploy all of the backend components. This feature now provides a lightweight method to deploy WEM. You can use this deployment method for utilizing WEM basic functionalities easily. The WEM health check tool runs checks for these types of agents providing the ability to reconfigure the agent as an on-premises or service agent. You can now start the health check tool on an agent in basic deployment mode to run checks. You can also switch the agent type to on-premises or the service agent by providing necessary information about the infrastructure service or cloud connectors. For more information, see Install the agent, Manage Basic Deployment agents, and Windows Logon analysis.

  • Minimum agent version required: 2404.1.0.1

Profile Management

Folder redirection settings: This feature lets you configure rule sets for redirecting the paths of local folders to new locations. Each rule set specifies where you want to redirect the folders based on the users accessing them.

To configure folder redirection for a configuration set, locate the set, go to Profiles > Profile Management Settings > Folder redirection, and then add rule sets. For more information, see Citrix Profile Management Settings.

Fixes

  • During user logon, additional delays are caused by the WEM user logon service accompanied by the following Windows event log Failed to retrieve user information for CVAD session launch event and AD query timed out exception. [WEM-35792]

  • Some applications only have the 32-bit version. Windows 2010 OS VDIs redirect the path system32 to syswow64 by default if the caller is a 32-bit application. When the elevation engine tries to access files such as OptionalFeatures.exe, the file is not found. Disabling the default redirect behavior elevates the application. [WEM-35650]

March 2024

Enhanced automatic backup limit for configuration sets

WEM provides automatic backup of configuration sets. The automatic backup limit is now enhanced to support storage of up to 25 backup files for each configuration set before overwriting the oldest existing file. This enhancement reduces the operation effort, especially for large and complex environments. For more information, see Manage automatic backup.

Customizing the Start menu layout for Windows 11

  • To support user level assignments, you can now apply the WEM action JSON files for the Windows 11 Start menu configuration. Using the new tool Start Menu Configurator for Windows 11 in the WEM Tool Hub, you can now select applications that you prefer to add to the Pinned section of the Start menu and arrange the layout as needed. After customizing the layout, copy the configuration data and paste the data in the web console, when you add a new JSON object in the JSON Files page. For more details, see Customize the Start menu layout for Windows 11.

  • Minimum agent version required: 2403.1.0.1

User Store Creation Tool

This tool is introduced in the WEM Tool Hub to help you create user stores. The user store is the central network location for storing Citrix user profiles. This tool helps you to set up user stores by creating file shares and setting appropriate permissions to them according to your specifications. This tool simplifies the configuration process and reduces errors. You can choose to create the user store on the current machine (running the tool) or on a different machine. For more details, see User store creation tool.

Fixes

  • Creating or duplicating Printers, Network drives, or User DSNs is very slow on the WEM web console. [WEM-32997]

  • Upgrading the WEM database successively, results in the error The given key was not present in the dictionary. [WEM-34849]

  • The Profile Management health column might show a question mark even when the Profile Management is configured correctly. This issue occurs when the UpmConfigCheck.ps1 script used by the WEM agent does not work as expected. This issue affects the machines installed with the Profile Management 2203 LTSR. [WEM-34822, CVADHELP-24723]

February 2024

Assignment Groups (Preview)

This feature lets you group individual actions and manage their assignments in one place. Assignments are created per action rather than at the group level. You can now add actions to a group and select assignment targets, create, edit, and delete assignment groups. Assignment details like filters and options are maintained at the individual item level. For more details, see Assignment groups.

Health check enhancements in the web console

You can now gain a clearer and more detailed insight into the status of Profile Management through Workspace Environment Management:

  • Invalid: Indicates that Profile Management is either not found or not enabled.
  • Error: Indicates configuration issues in Profile Management.
  • Warning: Identifies a suboptimal state of Profile Management.
  • Notice: Identities an acceptable state of Profile Management.
  • Good: Identities Profile Management is in a healthy state.

For more details, see the description for Profile Management health column in Statistics.

Enhanced analysis capability for Windows Logon

  • This enhancement provides a more detailed data analysis for User profile and Citrix Profile Management. Group policy objects sub-metric is now introduced with HDX connection sub-metric being enabled. For more details, see Windows Logon analysis.

  • Minimum agent version required: 2401.1.0.1

WEM health check tool

You can now open the WEM standalone tool to check the status of the WEM components and troubleshoot. This tool can run on WEM agents or the infrastructure server providing results for different selected (check) items respectively. After completing a check, a report is saved to their machine. You can turn on the debug mode and retrieve the log files to the specified location. You can also fix some configuration issues automatically. For more details, see WEM health check tool.

Fixes

  • When the WEM agent runs on Windows Server 2022, the memory usage limit you apply to specific processes might not work as expected. [WEM-28773]

January 2024

User Data source name

Using the web console, you can now add user data source names (DSNs) and assign them to users. For more details, see User DSN.

Ports

Using the web console, you can now add port mappings and assign them to users. For more details, see Ports.

INI files

Using the web console, you can now add INI file operations and assign them to users. For more details, see INI files.

Agent on-demand task history

This enhancement allows you to check the progress and results of tasks initiated in the last 24 hours. You can see the task status for each of the target agents after you trigger a task. You can also view the history of recent tasks and their statuses. For tasks with reports, you can access those reports directly from the Reports tab. For more details, see Agents.

Enhanced filter condition capability for report management

This enhancement lets you filter and add multiple values by separating each value with a semicolon when you choose the Result summary condition, providing a flexible method for report management that enables you to monitor and optimize the system.

Profile Management

Workspace Environment Management now supports all supported versions of Profile Management through 2311. The following features are now available in the web console.

  • User store selection method. Specifies the user store selection method when multiple user stores are available. Options include:

    • Configuration order. Lets Profile Management select the earliest configured store.
    • Access performance. Lets Profile Management select the store with the best access performance.

    The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings > Replicate user stores. For more information, see Citrix Profile Management Settings.

  • Deduplicate files this size or larger (MB). Specifies the minimum size of files to deduplicate from profile containers. The default size is 256 MB.

    The feature is available under each configuration set in Profiles > Profile Management Settings > File deduplication > Enable file deduplication. For more information, see Citrix Profile Management Settings.

  • Log off users when profile container is not available during logon. Specifies whether to force log-off users when the profile container is unavailable during user logon.

    The feature is available under each configuration set in Profiles > Profile Management Settings > Profile container > Enable profile container. For more information, see Citrix Profile Management Settings.

  • Set users and groups to access profile container. Specifies which AD domain users and groups have Read & Execute permission on profile containers. By default, a profile container is accessible only to its owner.

    The feature is available under each configuration set in Profiles > Profile Management Settings > Profile container. For more information, see Citrix Profile Management Settings.

  • Minimum agent version required: 2311.1.0.1

Fixes

  • Using the Agent auto upgrade feature results in the upgrade failure on the x32 platform. [WEM-32783]

  • Machine-level GPOs assigned to the agent might fail when other AD objects have the same name as the agent in the domain. [WEM-32315, CVADHELP-23868]

November 2023

Automatic agent upgrade

The following enhancements are made to the automatic agent upgrade feature:

  • You can select the desired agent package from the centralized SMB share package storage location, and schedule automatic upgrades for all agent machines in a configuration set.

  • You can now specify the time period and schedule the day(s) of the week on which you want WEM to automatically roll out the upgrade to all agent machines in a configuration set.

  • You can now specify the device name and IP of agent machines in a configuration set for which you want WEM to automatically roll out the upgrades. For more details, see App Package Delivery.

  • Minimum agent version required: 2310.1.0.1

Extended limit for the Memory Usage Limit functionality

  • This feature is enhanced to extend the limitation set for the maximum value of the Memory Usage Limit functionality from 4 GB to 32 GB in 64-bit OS. This enhancement provides more flexibility based on real situations in the customer system environment.

  • Minimum agent version required: 2310.1.0.1

Windows Logon analysis

This tool collects the logon duration data and generates reports about the recent logon duration data. Each logon report is categorized further allowing you to identify potential issues and bottlenecks. For more details, see Windows Logon analysis.

Application security log reports

  • Administrators can now review the Application security logs in the web console by enabling application security log collection per configuration set and get the corresponding reports. The administrator can view the logs by subtype within the details of each report. For more details, see Application Security logs under Reports and the description for Security logs in Monitoring preferences.

  • Minimum agent version required: 2310.1.0.1

Fixes

No issues have been observed in this release.

October 2023

Registry Entries

Using the web console, you can now add registry entries as assignable actions, which let you create, set, or delete registry values in the user environment. The feature has been enhanced to provide a better user experience. Additionally, you are now able to add tags to registry entries and assign multiple registry entries at the same time. For more information, see Registry Entries.

Enhancements to extended data in reports

Two new export options are introduced for agent reports, CSV (formatted) and JSON (formatted). These options enhance the readability of extended data within the reports. For more information, see Export reports.

Categorize Profile Management settings in the web console

This feature lets you reorganize your view of Profile Management settings. The three built-in tags, File-based, Container-based, and App access control act like filters, helping you concentrate on the settings available to the selected tag. The latest selected tags are retained as your administrator preference. For more information, see Profile Management Settings.

Enhancements to optimization and usage insights

This feature lets you configure the list of excluded applications by providing the application names. You can add, edit, and delete the excluded applications using the settings under Preferences. For more information, see Excluded applications.

Support for File Type Association (FTAs) settings on web console

This feature lets the administrators create, manage FTAs, and assign them to the users. Administrators can also use the File Type Association Assistant tool in the WEM Tool Hub to easily get the information they need for configuring FTAs in the web console. For more information, see File Type Associations.

Enhanced Agent Settings

  • A new setting Enable agent to use cached domain search results is added to the agent settings. When enabled, the agent uses the cache for domain query results to improve performance and resiliency. You can also update WEM group policies when the agent cannot contact the domain. For more details, see Agent Settings.

  • Minimum agent version required: 2309.2.0.1

Enhancements to the health check report functionality in web console

This feature improves the user experience of configuring Profile Management through WEM. When you follow the link on the Agent health check result page to Profile Management settings, you can see the errors/warnings in the results with its corresponding setting highlighted in the Profile Management configuration page on the web console. You can then modify the settings according to the results displayed in the footer. For more information, see Reports.

New version of WEM Tool Hub

A new version of WEM Tool Hub is now available: 2309.2.0.1. This version includes performance enhancements, support for AAD/NDJ object selector support, and bug fixes. For more information, see WEM Tool Hub.

Fixes

  • The application disappeared at times, when the customer exported the application setting to the file, saved the file to the ASCII encoding, and imported the modified file to WEM again. [WEM-31180]

  • After the machine reboots, the WEM agent may lose previous SMB shares configured in Advanced Settings > File Shares. [WEM-30209]

September 2023

Support for the Windows 11 and Windows Server 2022 in Citrix Optimizer

  • We added support for the Windows 11 version 21H2 (build 2009) and Windows Server 2022 21H2 (build 2009) in Citrix Optimizer. You can now use the WEM service to perform template-based system optimizations for Windows 11 2009 and Windows Server 2022 2009 machines. In addition, we have updated all existing templates to reflect changes introduced in the latest standalone Citrix optimizer. For information about using Citrix Optimizer, see Citrix Optimizer.

  • Minimum agent version required: 2309.1.0.1

Enhancements to the manual backup limit

We have now enhanced the maximum manual export limit from 10 to 25 per account. For more information, see Back up a configuration set.

Enhancements to the optimization and usage insight application limit

We have now enhanced the optimization insight application and usage insight application limit from 10 to 20. For more information, see Insights.

Registry Entries (Preview)

Using the web console, you can now add registry entries as assignable actions, which let you create, set, or delete registry values in the user environment. The feature has been enhanced to provide a better user experience. Additionally, you are now able to add tags to registry entries and assign multiple registry entries at the same time. For more information, see Registry Entries.

AAD/NDJ object selector tool

  • You can now assign app access rules to AAD users/groups and NDJ machines in addition to AD users/groups and domain-joined machines that are currently supported. A tool AAD/NDJ object selector is now available on the web console, where you can get the object data and paste them into the Rule Generator. For more information, see Assigning app access rules to AAD users/groups and NDJ machines.

  • Minimum agent version required: 2309.1.0.1

File System Operations in web console

Administrators can create and manage file system operations and assign them to the users now using the web console. For more information, see File System Operations.

User-level Profile Management settings

This feature lets you configure Profile Management settings at the user level for customization and precise control. Use this feature to apply specific Profile Management settings to individual users or user groups, tailoring the profile experience as needed. For more information, see User-level Profile Management settings.

Support reporting through agent reports

  • Administrators can now review the privilege elevation logs in the web console by enabling security log collection per configuration set and get the corresponding reports. The administrator can view the logs by subtype within the details of each report. For more information, see the description for Security logs in Monitoring preferences.

  • Minimum agent version required: 2309.1.0.1

Profile Management

  • Workspace Environment Management now supports all supported versions of Profile Management through 2308. The following features are now available in the web console:

    • Enable VHD auto-expansion for profile container. If enabled, when the profile container reaches 90% utilization, it automatically expands by 10 GB, with a maximum capacity of 80 GB. Depending on your needs, you can adjust the default auto-expansion settings using the following options: Auto-expansion trigger threshold (%), Auto-expansion increment (GB), Auto-expansion limit (GB).

      The feature is available under each configuration set in Profiles > Profile Management Settings > Profile Container. For more information, see Citrix Profile Management Settings.

    • Default capacity of VHD containers. Specifies the default storage capacity (in GB) of each VHD container.

      The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Settings.

    • Enable exclusive access to profile container. If enabled, the profile container allows only one access at a time.

      The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Settings.

    • Enable exclusive access to OneDrive container. If enabled, the OneDrive container allows only one access at a time.

      The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Settings.

    • Enable UWP app roaming. If enabled, UWP (Universal Windows Platform) apps roam with users. As a result, users can access the same UWP apps from different computers.

      The feature is available under each configuration set in Profiles > Profile Management Settings > Advanced Settings. For more information, see Citrix Profile Management Settings.

  • Minimum agent version required: 2307.1.0.1

Configure task settings

A new option Configure task settings is introduced in the Scripted Tasks page that directs you to the specifically chosen filtered task wizard in the Scripted Task Settings page. For more information, see Configure task settings option.

New version of WEM Tool Hub

A new version of WEM Tool Hub is now available: 2309.1.0.1. This version includes performance enhancements, support for AAD/NDJ object selector support, and bug fixes. For more information, see WEM Tool Hub.

Fixes

  • The Profile Management health column might show errors even when Profile Management is configured correctly. This issue occurs because the UpmConfigCheck.ps1 script used by the WEM agent does not work as expected. This issue affects machines with Profile Management setting, Path to log file enabled, with the path containing %SystemRoot% in it. [WEM-29519]

  • The WEM agent now refreshes the SMB connection every time the policy settings get refreshed instead of waiting for the next refresh, which is every 15 minutes. [WEM-29142, CVADHELP-21957]

July 2023

User-level Profile Management settings (preview)

  • This feature lets you configure Profile Management settings at the user level for customization and precise control. Use this feature to apply specific Profile Management settings to individual users or user groups, tailoring the profile experience as needed. For more information, see User-level Profile Management settings.

  • To enable this feature, go to Home, click the preview features icon in the upper-right corner, and enable User-level Profile Management settings. See Preview features.

Enhanced WEM agent event logging

We have made enhancements to WEM agent event logging, aiming at improving troubleshooting capabilities. The enhancements include:

  • Comprehensive event logs: We have provided comprehensive event logs, giving you a complete picture of agent activities.

  • Unique event IDs: Each event log now has a distinct ID, making it easier for you to filter and identify specific events.

For more information, see Agent event logs.

Microsoft Edge browser support for WEM Transformer

  • The WEM Transformer now supports the latest version of the Microsoft Edge browser.

  • Minimum agent version required: 2307.1.0.1

JSON object assignment

  • You can now add JSON objects and assign them to create or modify JSON files. Using this feature, you can apply personalized settings to applications with a JSON configuration file (for example, Microsoft Teams). This feature is available only in the web console. For more information, see Actions.

  • Minimum agent version required: 2306.1.0.1

Add local applications for quick access

  • This feature lets you add local applications to the WEM Tool Hub for quick access. The added applications are considered your personal data and are retained when you switch machines within the Profile Management environment. You can add and remove multiple applications at a time. For more information, see Add local applications for quick access.

New version of WEM Tool Hub

A new version of WEM Tool Hub is now available: 2307.1.0.1. The version includes performance enhancements and bug fixes. For more information, see WEM Tool Hub.

Fixes

  • Attempts to restore a configuration set might fail if it contains too many (for example, 10,000) template-based GPOs. [WEM-28447]

June 2023

Enhancements to CPU spike protection

  • This release introduces enhancements to the CPU spike protection feature, giving you more granular control. The enhancements include the following changes:

    • We have reorganized CPU spike protection options with intuitive logic for easier configuration.
    • When customizing CPU spike protection, you can now configure the CPU usage limit using non-integer values.
    • A new option Set limit relative to single CPU core, is now available, letting you set a limit on CPU usage based on a single CPU core as a reference.

    For more information, see CPU spike protection.

  • Minimum agent version required: 2306.1.0.1

Environment variables

  • Using the web console, you can now add environment variables as assignable actions. When assigned, those environment variables are created or set in the user environment. The feature has been enhanced to provide a better user experience. For more information, see Environment variables.
  • Minimum agent version required: 2306.1.0.1

Dynamic token support for Group Policy settings

You can now use dynamic tokens in Group Policy settings. This feature allows for more adaptable policy configuration in different environments, reduces manual configuration, and simplifies policy management. For more information, see Dynamic token support for Group Policy settings.

Group Policy setting processing results

This release introduces the action processing results report feature. With this feature, you can now view the results of every action assigned to a user in a consolidated report that updates every 4 hours. The report includes information such as the name of the action, the assigned user, the filter used, and the processing result. This feature is designed for all actions but currently supports only Group Policy setting processing results. To use the feature, first enable result collection for Group Policy settings. For more information, see Reports and Monitoring preferences.

JSON object assignment (preview)

  • You can now add JSON objects and assign them to create or modify JSON files. Using this feature, you can apply personalized settings to applications with a JSON configuration file (for example, Microsoft Teams). This feature is available only in the web console. For more information, see Actions.
  • To enable this feature, go to Home, click the preview features icon in the upper-right corner, and enable JSON object assignment. See Preview features.
  • Minimum agent version required: 2306.1.0.1

May 2023

Profile Management backup and quick setup

  • You can now back up and restore your Profile Management settings. For more information, see Back up and restore. Plus, a quick setup feature is now available, letting you quickly set up Profile Management, whether you want to start with a fresh template or restore from a backup. For more information, see Quick setup.

  • Minimum agent version required: 2304.2.0.1

Network drives

  • Using the web console, you can now add network drives as assignable actions. When assigned, those network drives are available for use within the user’s desktop. The feature has been enhanced to provide a better user experience. For more information, see Actions.

  • Minimum agent version required: 2304.2.0.1

Virtual drives

  • Using the web console, you can now add virtual drives as assignable actions. When assigned, those virtual drives are available for use within the user’s desktop. The feature has been enhanced to provide a better user experience. For more information, see Actions.

  • Minimum agent version required: 2304.2.0.1

Improved advanced settings now available in the web console

Advanced settings have been migrated to the web console and are available in Advanced Settings under each configuration set. We have reorganized the settings to provide a better user experience. For more information, see Advanced Settings.

Set your start page

You can now set one of the following pages as your start page so that you land on it every time you sign in to the web console:

  • Agents
  • Reports
  • User Statistics
  • Usage Insights
  • Optimization Insights
  • Profile Container Insights

If no start page is set, you land on the Home page instead. After setting your start page, you can access it quickly by clicking the lightning icon (Lightning icon) on the left navigation of the console.

New version of WEM Tool Hub

A new version of WEM Tool Hub is now available: 2304.2.0.1. The version includes performance enhancements and bug fixes. For more information, see WEM Tool Hub.

Fixes

  • The Profile Management health column might show errors even when Profile Management is configured correctly. This issue occurs because the UpmConfigCheck.ps1 script used by the WEM agent does not work as expected. This issue affects machines with only one system volume. [WEM-27498]

April 2023

App access control

  • Using the web console, you can now add rules to control user access to items such as files, folders, and registries. A typical use case is to apply rules to control user access to apps installed on machines — whether to make apps invisible to relevant users. This feature can simplify application and image management. For example, using the feature, you can deliver identical machines to different departments while meeting their different application needs, thus reducing the number of images. For more information, see App access control.

  • Minimum agent version required: 2304.1.0.1

Printers

  • Using the web console, you can now add printers to assign to your users. When assigned, those printers are available for use within the user’s desktop. The feature has been enhanced to provide a better user experience. For more information, see Actions.

  • Minimum agent version required: 2304.1.0.1

WEM Tool Hub (preview)

The following two tools are now available in WEM Tool Hub:

  • Printer assistant. Use it to get a list of printers from your print server so that you can add them as assignable actions in the management console.

  • Rule generator for app access control. Use it to create rules to control user access to items such as files, folders, and registries. The rules are implemented through Citrix Profile Management. A typical use case is to apply rules to control user access to apps installed on machines — whether to make apps invisible to relevant users.

For more information, see WEM Tool Hub.

Profile Management

  • Workspace Environment Management now supports all supported versions of Profile Management through 2303. The following features are now available in both the legacy console and the web console.
    • Enable active write back on session lock and disconnection. If enabled, profile files and folders are written back only when a session is locked or disconnected. With both this option and the Enable active write back registry option enabled, registry entries are written back only when a session is locked or disconnected.
      • In the web console, the feature is available under each configuration set in Profiles > Profile Management Settings > Basic settings. For more information, see Citrix Profile Management Setting.
      • In the legacy console, the feature is available in Policies and Profiles > Citrix Profile Management Settings > Main Citrix Profile Management Settings. For more information, see Citrix Profile Management Setting.
    • Enable app access control. If enabled, Profile Management controls user access to items (such as files, folders, and registries) based on the rules you provide.
      • In the web console, the feature is available under each configuration set in Profiles > Profile Management Settings > App access control. For more information, see Citrix Profile Management Setting.
      • In the legacy console, the feature is available in Policies and Profiles > Citrix Profile Management Settings > App Access Control. For more information, see Citrix Profile Management Setting.
    • Enable VHD disk compaction. If enabled, VHD disks are automatically compacted on user logoff when certain conditions are met. This option enables you to save the storage space consumed by profile container, OneDrive container, and mirror folder container.
      • In the web console, the feature is available under each configuration set in Profiles > Profile Management Settings > Profile container. For more information, see Citrix Profile Management Setting.
      • In the legacy console, the feature is available in Policies and Profiles > Citrix Profile Management Settings > Profile Container Settings. For more information, see Citrix Profile Management Setting.
    • Set free space ratio to trigger VHD disk compaction, Set number of logoffs to trigger VHD disk compaction, and Disable defragmentation for VHD disk compaction. If Enable VHD disk compaction is enabled, use these three policies to adjust the default VHD compaction settings and behavior.

      • In the web console, the feature is available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Setting.
      • In the legacy console, the feature is available in Policies and Profiles > Citrix Profile Management Settings > Advanced Settings. For more information, see Citrix Profile Management Setting.
  • Minimum agent version required: 2304.1.0.1

February 2023

Applications

  • Using the web console, you can now add applications to assign to your users. When assigned, those applications have their shortcuts created on the desktop, Start menu, or taskbar, depending on your configuration. The feature has been enhanced to provide a better user experience. For more information, see Actions.

  • Minimum agent version required: 2302.1.0.1

WEM Tool Hub (preview)

A tool set WEM Tool Hub, is now available for WEM administrators. It includes a collection of tools that aims to simplify the configuration experience for administrators. To download it, go to Citrix Cloud > WEM service > Utilities. For more information, see WEM Tool Hub.

New settings added to external tasks

When using external tasks in the web console, you can now directly configure when the agent processes external tasks without going to Legacy Console > Advanced Settings for related settings. The newly added settings are:

  • Process external tasks on logon and refresh
  • Process external tasks on reconnection

This enhancement also provides detailed information on how to ensure that the agent processes external tasks. For more information about external tasks, see Actions.

External task - advanced settings

Fixes

  • If you use the Studio policy, Citrix Cloud Connectors, to configure Cloud Connectors for Workspace Environment Management, the policy does not work as expected. [WEM-25697]

  • In the legacy console, when you click the State column heading to sort, items are not sorted as expected. [WEM-25978, WEMHELP-274]

  • In the legacy console, the Backup Actions button is not available when you use the backup wizard to back up Group Policy settings even if the configuration set does not contain any resources created using the web console. [WEM-26240]

  • The privilege elevation feature might fail to work as expected. The issue occurs because the certificate used to sign the Citrix WEM software has expired. As a workaround, bypass the certificate validity check by creating a DWORD registry value under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Norskale\Agent Host and setting the value to 1. [WEM-26420, WEMHELP-284]

January 2023

Enhancements to automatic agent upgrade

  • The automatic agent upgrade feature has been migrated to the web console and is available in Advanced Settings > Agent Settings under each configuration set. The feature now provides a better user experience and offers extra capabilities. In addition to scheduling automatic upgrades for the agents, you now have the flexibility to control whether to apply agent upgrades to persistent or non-persistent machines. For more information, see Advanced Settings.

  • Minimum agent version required: 2301.1.0.1

Automatically bind non-domain-joined agents to desired configuration sets

  • You can now set up binding rules for unbound non-domain-joined agents. Those rules dictate which configuration set to bind the matching agents to. This feature simplifies the process of adding non-domain-joined agents for WEM to manage. For more information, see Directory Objects.

  • Minimum agent version required: 2301.1.0.1

Support for assigning GPOs to organizational units

  • Using the web console, you can now assign GPOs to organizational units. This eliminates the need to change your Active Directory structure for use with WEM. For more information, see Add an assignment target.

  • Minimum agent version required: 2301.1.0.1

Fixes

  • When running in offline mode, the agent can’t connect to the SMB shares you configured in Advanced Settings > File Shares. This issue does not affect the functionality of the agent. [WEM-25318]

November 2022

External task

  • Using the web console, you can now create external tasks to assign to your users. External tasks can be scripts or applications. Specify when to run external tasks to manage your user environment precisely and effectively. Also, the web console provides an extra capability for external tasks — letting you associate the scheduled trigger with external tasks to schedule when to run. For more information, see External tasks.

  • Minimum agent version required: 2211.1.0.1

Agents to download configuration data only when needed

  • Previously, WEM agents periodically connected to the WEM service to download configuration data whether or not there was a configuration change. Agents now periodically check with the service to see if any configuration changes were made:

    • If yes, agents download the configuration data.
    • If no, the configuration data is not downloaded.

    This enhancement significantly reduces bandwidth consumption, especially if you have a large deployment with many agents.

  • Minimum agent version required: 2211.1.0.1

Fixes

  • If you restore settings from a previous backup, you experience issues with user store-related credentials.

    • In the legacy console, you can’t save changes made to the credentials.
    • In the web console, the restored credentials fail to appear in Advanced Settings > File Shares. [WEM-23466]
  • On Mozilla Firefox browsers, the built-in scripted task Cloud Health Check fails to appear above custom scripted tasks. [WEM-24166]

  • An application security rule fails to work when both of the following conditions are met:

    • It’s an exception rule of the publisher type.
    • “And above” or “And below” is selected for the file version. [WEM-24327, CVADHELP-21205]
  • If a registry file contains a registry key without a registry value, the scan of the file for import to Workspace Environment Management stops. Registry keys already scanned appear in the list. [WEM-24767]

Filter enhancements

  • This feature lets you use the AND and OR operators to build filters. You can use the operators to combine two or more conditions into a compound condition. This feature gives you more flexibility to build filters for use with assignments and scripted tasks. For more information, see Filters.

  • Minimum agent version required: 2210.2.0.1

October 2022

Additional trigger types available

  • The following built-in trigger types are now available when you create triggers:

    • Machine shutdown. Activates the trigger when machines shut down.
    • Machine startup. Activates the trigger when machines start up.
  • You can create triggers of these types and associate tasks with them. When activated, the triggers start those tasks in the user environment. The two additional trigger types give you more flexibility to control when to run your scripted tasks. For more information, see Triggers.

  • Minimum agent version required: 2210.1.0.1

Support for using task results as triggers

  • The following trigger types are now available when you create triggers

    • Cloud Health Check result. Activates the trigger when Cloud Health Check returns specified health statuses.
    • Profile Management health check result. Activates the trigger when Profile Management health check returns specified health statuses.
    • Custom scripted task result. Activates the trigger when scripted tasks return specified results.

    You can create triggers of these types and associate tasks with them. When activated, the triggers start those tasks in the user environment. These trigger types let you automatically manage your user environments based on task execution results. For more information, see Triggers.

  • Minimum agent version required: 2210.1.0.1

Profile Management

  • Workspace Environment Management now supports all supported versions of Profile Management through 2209. The following feature is now available in both the legacy console and the web console.

    • File deduplication. If enabled, Profile Management removes duplicate files from the user store and stores one copy of them in a central location. Doing so reduces the load on the user store by avoiding file duplication, thus reducing your storage cost.
      • In the web console, the feature is available under each configuration set in Profiles > Profile Management Settings > File deduplication. For more information, see Citrix Profile Management Setting.
      • In the legacy console, the feature is available in Policies and Profiles > Citrix Profile Management Settings > File Deduplication. For more information, see Citrix Profile Management Setting.
  • Minimum agent version required: 2210.1.0.1

View the registration status of agents

In the web console, a tab, Registrations, is now available in Monitoring > Administration > Agents. The tab lets you view the registration status of agents in your WEM deployment. With the information, you can troubleshoot agent registration issues. For more information, see Administration.

Support for cloning assignment targets

You can now clone assignment targets (users and groups) from one configuration set to another, without the need to add them from scratch. For more information, see Assignment targets.

Fixes

  • In the web console, when you use the filter, Last logon, to refine results in Monitoring > Administration > User Statistics, the filter might not work as expected. The issue occurs when you leave the end date unspecified. As a workaround, specify an end date when using the filter. [WEM-23705]

  • In Legacy Console > Policies and Profiles > Citrix Profile Management Settings, there is no option to add user groups for which streamed profiles and cross-platform profiles are used. [WEM-23874, CVADHELP-20951, WEMHELP-256]

September 2022

Install and upgrade: Workspace Environment Management agent

The Workspace Environment Management agent is no longer included as an additional component in the VDA installation. To install it, use the standalone WEM agent installer or the full-product installer on the Citrix Virtual Apps and Desktops product ISO.

August 2022

Use Windows events as triggers

  • A new trigger type, Windows event, is now available when you create triggers. It lets you create a Windows event-based trigger. You can then associate tasks with it. When the Windows events meet the defined criteria, the trigger is activated and starts the associated tasks. This trigger type lets you automatically manage your user environments based on Windows events. For more information, see Triggers.

  • Minimum agent version required: 2208.1.0.1

Use file shares for file downloads on the agent side

  • Previously, file downloads on the agent side always occurred through Citrix Cloud. You can now let file downloads on the agent side occur through file shares. Doing so reduces network resources needed for other critical operations. This feature reduces traffic on networks and reduces the time to download files to agent machines. For more information, see File Shares.

  • Minimum agent version required: 2208.1.0.1

Set timeouts for scripted tasks

  • An option, Set a timeout value, is now available when you configure a scripted task. The option lets you specify the time (in minutes) after which the task is forced to end. If you do not specify a timeout, the task might keep running, thus preventing other tasks from running. For more information, see Scripted Task Settings.

  • Minimum agent version required: 2207.2.0.1

Invite users to enroll agents

  • A new node, Enrollment, is now available in the web console. The node contains two pages:

    • Enrolled Agents. Lists all enrolled agents. You can manage them as needed.
    • Invitation. Lets you send enrollment invitations to users. Each invitation includes an invitation code and the steps needed to complete the enrollment.

    For more information, see Enrollment.

  • Minimum agent version required: 2207.2.0.1

Contextualize scripted tasks

  • An option, Filter, is now available in General when you configure a scripted task. The option lets you use a filter to contextualize the task. As a result, the WEM agent runs the task only when all conditions in the selected filter are met. For more information, see Configure a scripted task.

  • Minimum agent version required: 2207.2.0.1

Fixes

When you add a scripted task larger than 10 MB, the following error message appears even if the task is added successfully: Failed to add the scripted task. After you refresh the view, the task appears. [WEM-21241]

July 2022

Support for performing administrative tasks for non-domain-joined and enrolled agents

  • You can now perform administrative tasks (such as refreshing the cache, resetting settings, and retrieving agent information) for non-domain-joined and enrolled agents through the administration console, just like you do for other agents. Technically, this feature is a different implementation. The target agents are not immediately notified of performing those tasks. The notifications are sent when the target agents or other agents on the same subnet connect to Citrix Cloud to refresh settings. So, there might be a delay until the tasks run on the agent side. The more agents you have on the same subnet, the shorter the delay.

  • This feature is available in both the legacy console and the web console.
    • In the web console, go to Monitoring > Administration > Agents. For more information, see Administration.
    • In the legacy console, go to Administration > Agents. For more information, see Administration.
  • Minimum agent version required: 2207.1.0.1

Configure Windows GPOs by using Group Policy Administrative Templates

  • In the web console, a tab, Template-based, is now available in Actions > Group Policy Settings under each configuration set. The tab lets you configure Windows GPOs by using Group Policy Administrative Templates. You can configure GPOs at a machine and user level. After that, you deploy them by assigning them to your users, just like you do for registry-based GPOs. For more information, see Group Policy Settings.

  • Minimum agent version required: 2207.1.0.1

New features available in scripted task settings

  • The following new features are now available when you configure a scripted task:

    • File path. A parameter type that lets you pass a file path as a parameter to the System.IO.FileInfo class.
    • Collect output even if runtime errors occur. An option that controls whether to collect output file content and console output even if errors occur while running the task.

    For more information, see Scripted Task Settings.

  • Minimum agent version required: 2207.1.0.1

Fixes

  • If you assign application security rules (AppLocker rules) to built-in administrators, the rules might not take effect on the agent machine even if the logged-on user belongs to the administrators group. [WEM-21133, WEMHELP-229]

  • When you view the health status of Profile Management in the management console, you might see errors even if Profile Management is configured correctly. The issue occurs when the local system account under which the agent is running does not have permission to the user store. [WEM-21247, CVADHELP-19963]

  • In the web console, attempts to add or edit registry operations of the following types might fail: REG_QWORD and REG_QWORD_LITTLE_ENDIAN. The issue occurs when you type a decimal value that exceeds 9007199254740991 or a hexadecimal value that exceeds 1FFFFFFFFFFFFF. As a workaround, use the legacy console instead.

    If you use the web console to edit registry operations of the two types whose value exceeds the limit, you see the following error message: Invalid value or format. You can dismiss the message. [WEM-22217]

Deploy GPOs through the web console

  • In the web console, you can now manage Group Policy settings. The management takes the form of configuring Windows Group Policy Objects (GPOs). After you add or import your settings, you deploy them by assigning them to your users. For more information, see Group Policy Settings.

  • Minimum agent version required: 2206.2.0.1

Profile Management

  • Workspace Environment Management now supports all versions of Profile Management through 2206. The following new options are now available in both the legacy console and the web console.

    • Enable profile streaming for pending area. If enabled, files in the pending area are fetched to the local profile only when they are requested. This ensures optimum logon experience in concurrent session scenarios.

      • In the web console, the option is available under each configuration set in Profiles > Profile Management Settings > Streamed user profiles. For more information, see Citrix Profile Management Setting.
      • In the legacy console, the option is available in Policies and Profiles > Citrix Profile Management Settings > Streamed user profiles. For more information, see Citrix Profile Management Setting.
    • Enable concurrent session support. Provides native Outlook search experience in concurrent sessions. If enabled, each concurrent session uses a separate Outlook OST file. You can specify the maximum number of VHDX disks for storing Outlook OST files.

      Enable asynchronous processing for user Group Policy on logon. If enabled, Profile Management roams with users a registry value that Windows uses to determine the processing mode for the next user logon — synchronous or asynchronous processing mode. This ensures that the actual processing mode is applied each time users log on.

      Enable OneDrive container. If enabled, Profile Management roams OneDrive folders with users by storing the folders on a VHDX disk. The disk is attached during logons and detached during logoffs.

      • In the web console, the three options are available under each configuration set in Profiles > Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Setting.
      • In the legacy console, the three options are available in Policies and Profiles > Citrix Profile Management Settings > Advanced settings. For more information, see Citrix Profile Management Setting.
  • Minimum agent version required: 2206.2.0.1

Application launcher

  • An application launcher tool, AppLauncherUtil.exe, is now available in the agent installation folder. The tool aggregates all applications you assigned to your users through the administration console. Using the tool, users can launch all assigned applications in one place. For more information, see Application launcher.

  • Minimum agent version required: 2206.2.0.1

Fixes

  • When you use VUEMRSAV.exe to view results about actions applied through an action group for the current user, the Applied Actions tab might display the incorrect source of the actions. Example: Two action groups (Group1 and Group 2) were assigned to the user and Group1 contains Application1. The Applied Actions tab might also show that Application1 is from Group2 even if Group2 does not contain Application1. (By default, VUEMRSAV.exe is located in the agent installation folder: %ProgramFiles%\Citrix\Workspace Environment Management Agent\VUEMRSAV.exe.) [WEM-20002]

May 2022

Enroll agents without configuring Citrix Cloud Connectors

  • Previously, you had to configure Cloud Connectors for WEM agents to manage them. You can configure Cloud Connectors in two ways:

    • Configure Cloud Connectors while installing the agent. For more information, see Install the agent.

    • Configure the Discover Citrix Cloud Connector from CVAD service policy. So, the agent discovers Cloud Connector information from the relevant Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) deployment and then connects to the corresponding Cloud Connector machines. For more information, see Configure group policies (optional).

    Starting with this release, you can enroll WEM agents without configuring Citrix Cloud Connectors. The enrollment applies to both domain-joined and non-domain-joined machines. For more information, see Enroll the agent.

  • Minimum agent version required: 2205.1.0.1

Scripted task updates

  • The following features are now available with scripted tasks:

    • Support for bundling multiple files into a single zip file to upload. When adding a scripted task, you can now bundle multiple files into a single zip file to upload. This feature is useful when you want to run a scripted task that comprises multiple script files. After uploading the zip file, you specify an entry point, indicating which file to run at the beginning of the task. For more information, see Scripted Tasks.

    • Include only regular expression matches in scripted task reports. A new option, Include only regular expression matches in reports, is now available in Output when you configure a scripted task. The option controls whether to include the entire output content in reports or only content that matches the regular expression. Enabling the option reduces the amount of data transmitted to Citrix Cloud. For more information, see Scripted Tasks.

    • Ability to use tags to identify scripted tasks. You can now use tags to identify your scripted tasks. Also, the tags act as filters, letting you rearrange your view of tasks depending on criteria that are important to you. For more information, see Scripted Tasks.

    • More scheduling options available with scripted tasks. You now have additional options to control when scripted tasks run. In addition to the hourly recurring pattern, you can now set daily, weekly, and monthly recurrence patterns. You can also specify the date and time at which you want scripted tasks to run, giving you more precise control. For agents earlier than 2205.1.0.1, be aware of the considerations when using the feature. For more information, see Configure a scripted task.

  • Minimum agent version required: 2205.1.0.1

Enhancements to Profile Management health check

  • This release includes the following enhancements to the Profile Management health check feature:

    • In the More menu of Monitoring > Administration > Agents:

      • Renamed Refresh Profile Management configuration check to Run Profile Management health check to make it easy to understand.
      • Added an option, View Profile Management health check report. The option provides quick access to Profile Management health reports related to the target agent machines.

      For more information, see Administration.

    • In Advanced Settings > Monitoring Preferences under a configuration set:

      • Added a section, Profile Management health check. The section lets you specify which aspects to cover in Profile Management health check reports. For more information, see Advanced Settings.
  • Minimum agent version required: 2205.1.0.1

New agent version

A new version of the WEM service agent is now available: 2205.1.0.1.

Fixes

  • When you import your AppLocker rules exported from the Microsoft AppLocker console into WEM, rules of the hash type cannot be imported. [WEM-20436]

  • When using Legacy Console > Assignments > Modeling Wizard, you might not be able to view the resultant actions for a user in a nested group. The issue occurs when the user does not reside in the top group to which the actions or action groups are assigned. Example: The top group is GroupA, GroupB is its member, and UserA is in GroupB. If you assign actions or action groups to GroupA, you cannot view the resultant actions for UserA by using Modeling Wizard. [WEM-20842, WEMHELP-225]

Ability to import Group Policy settings from registry files

An option, Import Group Policy settings from Registry Files, is now available in Legacy Console > Actions > Group Policy Settings. With the option, you can convert registry values that you export using the Windows Registry Editor into GPOs for management and assignment. If you are familiar with the Import registry files option available with Registry Entries, this feature:

  • Lets you import registry values under both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER.
  • Lets you import registry values of the REG_BINARY and REG_MULTI_SZ types.
  • Supports converting deletion operations associated with registry keys and values that you define in .reg files.

For more information, see Group Policy Settings.

Filters now available in the web console

In the web console, a new page, Filters, is now available within Assignments under each configuration set. Using that page, you can add filters for controlling when to assign actions to your users. For more information, see Filters.

New agent version

A new version of the WEM service agent is now available: 2204.2.0.1.

Fixes

  • With self-elevation or privilege elevation disabled, the WEM agent might write the following error to the Windows Event Log even if users experience no issues with their environment: System.ArgumentException: Cannot delete a subkey tree because the subkey does not exist. [WEM-20441]

April 2022

Updates to the More menu in Monitoring > Administration

  • This release organizes existing options in the More menu in Web Console > Monitoring > Administration into the following groups: Agent, Profile, and Power management. The update makes it easier for you to find what you need. The workflows for using the options remain the same.

  • Other updates to the More menu include:

    • Renaming Wake up agents to Wake and moving it to the Power management group
    • Adding the following four power management options:

      • Shut down. Lets you shut down agents.
      • Restart. Lets you restart agents.
      • Sleep. Lets you put agents into sleep mode.
      • Hibernate. Lets you put agents into hibernate mode.

    For more information, see Administration.

  • Minimum agent version required: 2204.1.0.1

Support for cloning scripted tasks

You can now clone an existing scripted task to use as a template for a new one, without the need to create a similar task from scratch. For more information, see Scripted Tasks.

Fixes

  • Attempts to restore self-elevation rules to a different configuration set might fail. [WEM-18602]

Manage Azure Virtual Desktop using Citrix Optimization Pack

Citrix Optimization Pack for Azure Virtual Desktop is a new Citrix offering for optimizing Azure Virtual Desktop workloads. The WEM service is the primary offering included in this Citrix Optimization Pack. With the pack, you can use the WEM service to manage, optimize, and secure your native Azure Virtual Desktop environments. For more information, see Citrix Optimization Pack for Azure Virtual Desktop.

March 2022

Profile Management now available in the web console

In the web console, you can now use Citrix Profile Management to manage user profiles across sessions and desktops. For more information, see Profile Management Settings.

Ability to pass parameters to scripted tasks

  • Using the web console, you can now provide inputs as parameter variables in a scripted task at runtime. Doing that lets you control how the scripted task behaves without changing the underlying code. Also, WEM provides you with flexibility in what parameters you want to use — parameters that accept only objects of a specific type (such as, string, integer, switch) and named parameters (using the name of the parameter). For more information, see Scripted Task Settings.

  • Minimum agent version required: 2203.2.0.1

Option to upgrade agents on demand

  • You can now upgrade your WEM agents from the console on demand. The option is available in both the legacy console and the web console. To use the feature:

    • In the legacy console, go to Administration > Agents, right-click an agent, and then select Upgrade agent to latest version. For more information, see Administration.
    • In the web console, go to Monitoring > Administration > Agents, select one or more agents, click More, and then select Upgrade agent to latest version. For more information, see Administration.
  • Minimum agent version required: 2203.2.0.1

Updates for the web console

This release introduces the following pages to the web console:

  • Home. Provides an overview of your WEM deployment along with information necessary for you to get to know and get started with WEM quickly. The interface comprises the following four parts:

    • Overview. Provides an overview of your WEM deployments.
    • Quick access. Provides quick access to a subset of the key features that WEM offers.
    • Highlights. Shows the key features that WEM offers.
    • Preview features. Shows features that are currently in preview. You can enable or disable preview features yourself.

    For more information, see Home page.

  • Directory Objects. Lets you add machines, groups, OUs, and more, that you want WEM to manage. You can now do the following:

    • Add machines, groups, Organizational Units (OUs), and more, that you want WEM to manage.
    • Apply settings to agents that are not bound to any configuration set. So, you can control how unbound agents behave.

    For more information, see Directory Objects.

  • Assignment Target. Lets you add users and groups (targets) so that you can assign actions and security rules to them. For more information, see Assignments.

Web console home page

Support for migrating your service instance yourself

If your WEM service instance does not reside in your current region, you can now migrate the instance to the current region yourself, without the need to contact Citrix Technical Support. Sign in to Citrix Cloud, go to Workspace Environment Management > Utilities, select Start migration. After the migration completes successfully, you receive a notification. It can take up to two days to receive the notification. We encourage you to migrate the instance to the current region for best performance.

January 2022

Web console now available as a preview

A new, web-based Workspace Environment Management (WEM) console is now available. We are in the process of migrating the full set of functionalities from the legacy console to the web console. The web console generally responds faster than the legacy console. You can easily switch between the web console and the legacy console from within the Manage tab to perform your configuration or deployment management tasks. Click the down arrow next to Manage and select an option:

  • Legacy Console. Takes you to the legacy console.
  • Web Console. Takes you to the new, web-based console.

Options in the Manage menu

The following features are available only in the web console:

  • Run scripted tasks. You can add scripted tasks that you customize to suit your unique environment management needs. You can then automate those tasks with WEM by configuring them in the applicable configuration set. For more information, see Scripted Tasks.

  • Save a backup of a configuration set automatically. You can manage automatic backup for your configuration sets. For more information, see Configuration Sets.

  • Scan large files in profile containers. You can enable the WEM agent to run a scan of large files on profile containers when container usage exceeds the specified threshold value. For more information, see Advanced Settings.

  • Prevent child processes from inheriting CPU priority. When you apply CPU spike protection, the CPU priority of a process that triggers CPU spike protection is adjusted to a lower level. That process’ child process automatically inherits the lowered CPU priority. We added an option, Prevent child processes from inheriting CPU priority, to the Configuration Sets > System Optimization > CPU Management > Enable CPU spike protection tile. The option lets you specify processes whose child processes you do not want to inherit the CPU priority. For more information, see System Optimization.

  • Language localization support for the web console. The web console is adapted for use in languages other than English. The web console supports non-English characters and keyboard input even when the console itself is not localized in the preferred language of an administrator. The supported languages are as follows: French, German, Spanish, and Japanese.

Apply settings to unbound agents

  • You can now apply settings to agents that are not bound to any configuration set. The feature lets you control how unbound agents behave. For more information, see Active Directory Objects.

  • Minimum agent version required: 2201.2.0.1

Support for managing non-domain-joined machines in Citrix Virtual Apps and Desktops Standard for Azure deployments

  • You can now use WEM service to manage non-domain-joined machines in Citrix Virtual Apps and Desktops Standard for Azure deployments. This support enables you to assign policies and settings to non-domain-joined machines as you do with domain-joined machines. For more information, see Manage non-domain-joined machines.

  • Minimum agent version required: 2201.2.0.1

Support for enumerating Azure AD users and groups

WEM service now supports enumerating Azure Active Directory (AD) users and groups. After connecting your Citrix Cloud account to your Azure AD, you can add Azure AD users and groups that you want WEM to manage. For information about connecting your Citrix Cloud account to Azure AD, see Connect Azure Active Directory to Citrix Cloud.

External task

  • This release includes enhancements to the external task feature. The feature now provides you with three additional options to control when to run external tasks:
    • Disconnect. Controls whether to run the external task when a user disconnects from a machine where the agent is running.
    • Lock. Controls whether to run the external task when a user locks a machine where the agent is running.
    • Unlock. Controls whether to run the external task when a user unlocks a machine where the agent is running.

    For more information, see External Tasks.

  • Minimum agent version required: 2201.1.0.1

Profile Management

  • Workspace Environment Management now supports all versions of Profile Management through 2112. Also, the following new options are now available in the Administration Console > Policies and Profiles > Citrix Profile Management Settings interface:

    • Enable File Exclusions for Profile Container. Available on the Profile Container Settings tab, the option controls whether to exclude the listed files from the profile container.
    • Enable File Inclusions for Profile Container. Available on the Profile Container Settings tab, the option controls whether to keep the listed files in the profile container when their parent folders are excluded.
    • Customize storage path for VHDX files. Available on the Advanced Settings tab, the option controls whether to store VHDX files of different policies in different folders under the specified storage path.

    This release also adds wildcard support for Profile Management. When specifying files or folders, you can now use wildcards. For more information, see Citrix Profile Management Settings.

  • Minimum agent version required: 2110.2.0.1

Administrative access to WEM service based on Azure Active Directory (AD) group membership

You can now manage administrative access to WEM service based on Azure AD group membership. Users (administrators) within the Azure AD group can directly onboard to Citrix Cloud and access WEM service – you do not need to manually add them in Citrix Cloud. A general workflow to use the feature is as follows:

  1. Connect your Citrix Cloud account to your Azure AD.
  2. Add the applicable group to Citrix Cloud from Azure AD.

Users can then sign in to Citrix Cloud by using their Azure AD credentials. For more information, see Connect Azure Active Directory to Citrix Cloud.

Fixes

  • On the Administration Console > Policies and Profiles > Microsoft USV Settings > Folder Redirection tab, with both Redirect AppData (Roaming) and Delete Local Redirected Folders enabled, the WEM agent fails to apply the following settings:

    • Redirect Contacts
    • Redirect Downloads
    • Redirect Links
    • Redirect Searches [WEM-15016, CVADHELP-18196]
  • After you upgrade to 2103 or later, the WEM agent might write errors to the Windows Event Log every five minutes even if users experience no issues with their environment. [WEM-15466, CVADHELP-18352]

  • When you use VUEMRSAV.exe to view results about excluded actions or excluded action groups for the current user, the Excluded Actions tab fails to display Action Groups. (By default, VUEMRSAV.exe is located in the agent installation folder: %ProgramFiles%\Citrix\Workspace Environment Management Agent\VUEMRSAV.exe.) [WEM-17075]

November 2021

Message about instance migration

If you use a service in another region, a message now appears when you sign in to the administration console. The message reminds you to migrate your service instance to your current region. We encourage you to do that for optimal performance. If necessary, contact Citrix Technical Support.

An option to export statistics

We added an option, Export statistics, to the migration tool. Use the option to control whether to export agent and user statistics. For more information, see Migrate.

Fixes

  • When you click Apply to save your environment settings, the administration console might exit unexpectedly. The issue occurs because the Style setting of Environmental Settings > Start Menu > Set Wallpaper is left empty. (If you previously set Style to Fill or Fit, the setting became empty after you upgraded the administration console to version 2109.) Workaround: Do not leave the Style setting empty. [WEM-16351, WEMHELP-159]

October 2021

Allow users to self-elevate certain applications

  • This release introduces self-elevation for the privilege elevation feature. With self-elevation, you can automate privilege elevation for certain users without the need to provide the exact executables beforehand. Those users can request self-elevation for any applicable file simply by right-clicking the file and then selecting Run with administrator privileges in the context menu. After that, a prompt appears, requesting that they provide a reason for the elevation. The reason is for auditing purposes. If the criteria are met, the elevation is applied, and the files run successfully with administrator privileges. In addition, self-elevation gives you flexibility to choose the best solution for your needs. You can create allow lists for the files you permit users to self-elevate or block lists for files you want to prevent users from self-elevating. For more information, see Self-elevation.

  • Minimum agent version required: 2109.2.0.1

Bind a Citrix DaaS catalog to a configuration set

You can now use the Full Configuration management interface of Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) to bind a catalog to a WEM configuration set. Doing so lets you use WEM service to optimize the user experience based on your Citrix DaaS deployment. You can quickly deliver the best possible workspace experience to your users by reusing an existing catalog setup. For more information, see Create machine catalogs and Manage machine catalogs.

Workspace Environment Management now available in Citrix Cloud Japan

Workspace Environment Management service is now available in Citrix Cloud Japan, a cloud that is isolated and separate from Citrix Cloud. Japanese customers can use the service in a dedicated Citrix-managed environment. The service requires Citrix Cloud Connector version 6.29.0.58841 or later. For more information, see Citrix Cloud Japan.

Support for Windows 11

The support requires minimum agent version 2109.2.0.1.

Fixes

  • The WEM agent can consume a significant amount of memory usage. Sometimes, its memory consumption can increase to 3 GB per session. [WEM-14682, WEMHELP-133]

September 2021

More granular control over applying privilege elevation to child processes

  • Previously, when you used the Apply to Child Processes setting in a rule, you applied the rule to all child processes that the executable started. This release provides you with three additional options, giving you more granular control over applying privilege elevation to child processes.

    • Apply only to executables in the same folder
    • Apply only to signed executables
    • Apply only to executables of the same publisher

    For more information, see Privilege elevation.

  • Minimum agent version required: 2109.2.0.1

Support for Windows Server 2022

The support requires minimum agent version 2109.2.0.1.

Fixes

  • When you use the WEM PowerShell SDK module to export or import a WEM configuration set, certain settings, such as application security (AppLocker) rules, are not included. [WEM-12811, CVADHELP-18383]

  • When you apply privilege elevation to a 32-bit executable, the privilege of the executable can be successfully elevated on machines running a 64-bit Windows operating system. However, its child processes automatically inherit the privilege whether or not the Apply to Child Processes setting is selected in the executable rule. [WEM-13592]

  • When you use WEM to pin certain applications to the taskbar, they might not be pinned successfully. The issue occurs with Windows multi-session OS machines. [WEM-14812]

  • WEM fails to deploy registry keys if their path contains a forward slash (/). The issue occurs because WEM incorrectly treats the forward slash as a separator. [WEM-15561, WEMHELP-146]

August 2021

Enablement of Asia Pacific South based instances

The WEM service is available globally. Initially, it had only US-based and EU-based instances. In addition, we now offer Asia Pacific South based instances.

July 2021

Notifications about new agent versions

This release updates the email notification feature available on the Utilities tab. Previously, you could decide whether to get notifications about upcoming upgrades to your WEM service. Starting with this release, you don’t receive notifications about upgrades to your WEM service. You can decide whether to let us inform you that a new version of the Workspace Environment Management service agent is available.

Fixes

  • On a non-English version of the Microsoft Windows operating system, the WEM agent during logon writes errors to the Windows Event Log even if users experience no issues with their environment. [WEM-12603, CVADHELP-17381]

  • The WEM agent writes errors to the Windows Event Log each time the Optimize Memory Usage for Idle Processes feature comes into effect. The agent might also write errors to the Windows Event Log when the feature fails to work. [WEM-12934]

  • If you use the [ADAttribute:objectSid] dynamic token to extract the objectsid attribute, the WEM agent fails to extract the attribute of the corresponding AD object. [WEM-13746]

  • If you use the administration console to set desktop wallpaper, the WEM agent fails to fill, fit, or tile the wallpaper. [WEM-14408]

June 2021

Parameter matching for privilege elevation

  • This release introduces parameter matching for the privilege elevation feature. Parameter matching gives you more granular control by letting you restrict privilege elevation to executables that match the specified parameter. A parameter works as a match criterion. To further expand the criterion, you can use regular expressions. For more information, see Privilege elevation.

  • Minimum agent version required: 2106.2.0.1

Privilege elevation support for Windows installer files

  • Starting with this release, you can apply privilege elevation to .msi and .msp Windows installer files. Using the feature, you elevate the privileges of non-administrative users to an administrator level necessary for some Windows installer files. As a result, those users can run those files as if they are members of the administrators group. For more information, see Privilege elevation.

  • Minimum agent version required: 2105.1.0.1

Profile Management

  • Workspace Environment Management now supports all versions of Profile Management through 2106. The Administration Console > Policies and Profiles > Citrix Profile Management Settings user interface has changed:

    • Replicate user stores. A new option that lets you replicate a user store to multiple paths on each logon and logoff, in addition to the path that the Set path to user store option specifies. To synchronize to the user stores files and folders modified during a session, enable active write back. Enabling the option can increase system I/O and might prolong logoffs. This feature does not currently support full container solutions.

    • Accelerate folder mirroring. A new option that accelerates folder mirroring. Enabling the option lets Profile Management stores mirrored folders on a VHDX-based virtual disk. As a result, Profile Management attaches the virtual disk during logons and detaches it during logoffs, eliminating the need to copy the folders between the user store and local profiles.

    • User Store Credentials. A new tab that lets you control whether to let Profile Management impersonate the current user when accessing user stores. To allow Profile Management to impersonate the current user, disable the setting. To prevent Profile Management from impersonating the current user, enable the setting. As a result, Profile Management uses the specified user store credentials to access the user stores on behalf of the user.

    For more information, see Citrix Profile Management Settings.

  • Minimum agent version required: 2106.2.0.1

Fixes

  • If you assign a printer to a user based on a filter and the assignment satisfies the filter criteria, the WEM agent assigns the printer to the user. However, the agent still assigns the printer to the user the next time the user logs on even when the assignment does not satisfy the filter criteria. [WEM-11680, CVADHELP-16818]

  • With the Windows PowerShell script execution policy set to Allow only signed scripts on the agent host machine, WEM fails to perform Profile Management health checks. With the policy set to Allow local scripts and remote signed scripts or Allow all scripts, WEM can perform Profile Management health checks but writes error information to the Windows Event Log. [WEM-11917]

  • When you assign an action to a user or user group through an action group, the action still takes effect even if it is set to Disabled in the administration console. [WEM-12757, CVADHELP-17406]

  • The WEM agent installs VUEMRSAV.exe (Workspace Environment Management Resultant Actions Viewer), a utility that lets users view the WEM configuration defined for them by administrators. However, on the Agent Settings tab of the utility, users cannot see the setting that is associated with the Use Cache to Accelerate Actions Processing option configured in the administration console. [WEM-12847]

May 2021

Configure user processes as triggers for external tasks

  • This release includes enhancements to the external task feature. The feature now provides you with two additional options to control when to run external tasks:

    • Run when processes start. Controls whether to run the external task when specified processes start.
    • Run when processes end. Controls whether to run the external task when specified processes end.

    Using the two options, you can define external tasks to supply resources only when certain processes are running and to revoke those resources when the processes end. Using processes as triggers for external tasks lets you manage your user environments more precisely compared with processing external tasks on logon or logoff. For more information, see External Tasks.

  • Minimum agent version required: 2104.1.0.1

Enhancements to process hierarchy control

  • This release introduces enhancements to the process hierarchy control feature that improve overall performance and stability. The enhancements include the following changes:

    • The AppInfoViewer tool has been updated to include the following two options: Enable Process Hierarchy Control and Disable Process Hierarchy Control. For the process hierarchy control feature to work, you must first use the tool on each agent machine to enable the feature. Every time you use the tool to enable or disable the feature, a machine restart is required.
    • In certain scenarios, you must restart your agent machine after upgrading or uninstalling the agent. See Considerations for details.
  • Minimum agent version required: 2105.1.0.1

Fixes

  • If you assign a file system operations action and update the action later, the files or folders that were previously copied to the user environment might be deleted. The issue occurs because the WEM agent reverts the assignment made earlier after you update the action. [WEM-11924, CVADHELP-16916]

  • With Agent Type set to CMD on the Advanced Settings > Configuration > Main Configuration tab, the Monitoring > Daily Reports > Daily Login Report tab might fail to display a summary of logon times across all users connected to the current configuration set. [WEM-12226]

April 2021

Process hierarchy control

  • This release introduces the process hierarchy control feature. The feature lets you control whether certain child processes can be started through their parent processes. You create a rule by defining parent processes and then designating an allow list or a block list for their child processes. You then assign the rule on a per user or per user group basis. The following rule types are available:

    • Path. Applies the rule to an executable according to the executable file path.
    • Publisher. Applies the rule according to publisher information.
    • Hash. Applies the rule to identical executables as specified.

    For more information, see Process Hierarchy Control.

  • Minimum agent version required: 2103.2.0.1

Overwrite or merge application security rules

This release adds two settings, Overwrite and Merge, to the Administration Console > Security > Application Security tab. The settings let you determine how the agent processes application security rules.

  • Select Overwrite if you want to overwrite existing rules. When selected, the rules that are processed last overwrite rules that were processed earlier. We recommend that you apply this setting only to single-session machines.
  • Select Merge if you want to merge rules with existing rules. When conflicts occur, the rules that are processed last overwrite rules that were processed earlier.

For more information, see Application Security.

Fixes

  • The WEM agent might become unresponsive when processing applications, failing to process them successfully. [WEM-11435, CVADHELP-16706]

  • You might experience performance issues such as slow logon or slow session disconnect when launching or disconnecting from published application sessions. The issue occurs with WEM agent 2005 and later. [WEM-11693]

March 2021

Discover Citrix Cloud Connectors from the CVAD service

This release introduces a policy setting titled Discover Citrix Cloud Connector from CVAD service. If you have not yet configured Cloud Connectors for the agent, use the setting to control whether the agent discovers Cloud Connector information from the relevant Citrix Virtual Apps and Desktops (CVAD) service deployment. The agent then connects to the corresponding Cloud Connector machines automatically. For more information, see Step 2: Configure group policies (optional).

Support for the Windows 10 2009 template

We added support for the Windows 10 2009 (also known as 20H2) template introduced in Citrix optimizer. You can now use WEM service to perform template-based system optimizations for Windows 10 2009 machines. In addition, we have updated all existing templates to reflect changes introduced in the latest standalone Citrix optimizer. For information about using Citrix optimizer, see Citrix optimizer.

Brand-new home page

This release replaces the home page of the WEM administration console with a quick-start page that provides information necessary for you to get started with the WEM service. Follow the on-screen instructions to start configuring your WEM deployment. To reopen the quick-start page, click Quick Start (available in the ribbon) in the upper-right corner of the console. For more information, see Get started with your Workspace Environment Management service.

Profile Management

Workspace Environment Management service now supports all versions of Profile Management through 2103. Also, the following new options are now available in the Administration Console > Policies and Profiles > Citrix Profile Management Settings interface:

  • Enable Local Cache for Profile Container
    • Available on the Profile Container Settings tab.
    • If enabled, each local profile serves as a local cache of its profile container.
  • Enable multi-session write-back for profile containers
    • Available on the Advanced Settings tab.
    • Replaces Enable multi-session write-back for FSLogix Profile Container of previous releases to accommodate multi-session write-back support for Citrix Profile Management profile containers.
  • Enable Profile Streaming for Folders
    • Available on the Streamed User Profiles tab.
    • If enabled, folders are fetched only when they are being accessed.

For more information, see Citrix Profile Management Settings.

Fixes

  • For logging level changes to take effect immediately, the WEM agent might access certain registry keys very frequently, thus affecting performance. [WEM-11217]

  • With an action group assigned to multiple users or user groups, if you unassign it from a user or user group, the assignment might not work as expected. For example, you assign an action group to two user groups: Group A and Group B. If you unassign the action group from Group A, the action group is unassigned from Group B rather than Group A. [WEM-11459, WEMHELP-75]

  • When you configure an environment variable (Actions > Environment Variables), attempts to use the $Split(string,[splitter],index)$ dynamic token might fail. The issue occurs because the dynamic token does not support multi-line strings. [WEM-11915]

January 2021

Microsoft Sync Framework 2.1 deprecation

Microsoft Sync Framework 2.1 reached End of Life on January 12, 2021. WEM has removed the legacy sync service based on that framework and instead uses a new sync framework, Dotmim.Sync, an open-source sync framework. How does this change impact you?

  • If you use WEM agent version 1911 or later, this change does not require action on your part.
  • If you use WEM agent version earlier than 1911, upgrade the agent to 1911.

WEM agent integration with the Citrix Virtual Apps and Desktops product software

The WEM agent is integrated with the Citrix Virtual Apps and Desktops product software, letting you include the WEM agent when installing a Virtual Delivery Agent (VDA). This integration is reflected in the Citrix Virtual Apps and Desktops 2012 product software and later. For more information, see Install VDAs.

Support for condition-based assignment of Group Policy settings

  • Starting with this release, you can make Group Policy settings conditional by using a filter to contextualize their assignments. A filter comprises a rule and multiple conditions. The WEM agent applies the assigned Group Policy settings only when all conditions in the rule are met in the user environment at runtime. Otherwise, the agent skips those settings when enforcing filters. For more information, see Contextualize Group Policy settings.

  • Minimum agent version required: 2101.1.0.1

Privilege elevation

  • This release introduces the privilege elevation feature. The feature lets you elevate the privileges of non-administrative users to an administrator level necessary for some executables. As a result, those users can start those executables as if they are members of the administrators group.

    The feature enables you to implement rule-based privilege elevation for specific executables. The following rule types are available:

    • Path. Applies the rule to an executable according to the executable file path.
    • Publisher. Applies the rule according to publisher information.
    • Hash. Applies the rule to identical executables as specified.

    You can configure how a rule behaves according to the type of the operating system. You can also configure whether a rule takes effect at a particular time or within a particular time range. You assign a rule on a per user or per user group basis. For more information, see Privilege elevation.

  • Minimum agent version required: 2010.2.0.1

Fixes

  • The privilege elevation feature might fail to work properly. The issue occurs with the following versions of the WEM agent: 2010.2.0.1, 2011.1.0.1, and 2101.1.0.1. The issue occurs because the certificate used to sign the Citrix WEM software has expired. To work around the issue, uninstall the relevant WEM agent, install the latest WEM agent, and then restart the agent host. [WEM-11918]

  • While the WEM agent performs application processing during logon, Windows might display the Problem with Shortcut dialog box, prompting end users to delete a shortcut that no longer works properly. The issue occurs when the item to which the shortcut refers has been changed or moved. [WEM-10257, CVADHELP-15968]

  • When using the application security feature, you see a green checkmark next to a user or user group in the Assigned column of the Assignments section in the Edit Rule or Add Rule window. The green checkmark icon does not necessarily indicate that the rule is assigned to that user or user group. Only a user or user group with a blue background is the one to which the rule is assigned. [WEM-10047]

What’s new in earlier releases

For What’s new in earlier releases, see What’s new history.