The Evolution of Citrix Workspace Environment Management

Citrix WEM is consistently updating and bringing enhanced capability to the table. This post aims to track the changes and releases as they occur, and provide a single point of reference. I have started the tracking at 1912, anything before that, read the docs.

I will do my best to maintain this list as and when features come out, as well as some commentary around their value where I can.

- - - - - Version 2203

Feature: Allow users to self-elevate certain applications

Detail: This release introduces self-elevation for the privilege elevation feature. With self-elevation, you can automate privilege elevation for certain users without the need to provide the exact executables beforehand. Those users can request self-elevation for any applicable file simply by right-clicking the file and then selecting Run with administrator privileges in the context menu. All actions are audited based on requested input from the user

Feature: Configure user processes as triggers for external tasks

Detail: Two additional options to control when to run external tasks have been added

  • Run when processes start controls whether to run the external task when specified processes start
  • Run when processes end controls whether to run the external task when specified processes end

This allows for specific actions to apply when a specific process is triggered or ended - very cool

Feature: Profile container insights

Detail: a long awaited addition to the on-premises release, you can monitor profile containers for Profile Management and FSLogix. The feature provides insights into the basic usage data of the profile containers, the status of sessions using the profile containers, the issues detected, and more. Use the feature to stay on top of space usage for profile containers and to identify problems that prevent profile containers from working

Feature: Administration console Updates

Detail: The administration console user interface has changed:

In Security, there is a new node, Self-elevation. The node contains a tab that lets you automate privilege elevation for users.

In Monitoring, there is a new node, Profile Container Insights. The node contains two tabs. The Summary tab includes two pie charts, providing a summary that shows the status of profile containers. The Profile Container Status tab displays a list of status records for profile containers

- - - - - Version 2112

Feature: Privilege elevation

Detail: a feature from the Cloud Service, this release introduces the privilege elevation feature. The feature lets you elevate the privileges of non-administrative users to an administrator level necessary for some executables. As a result, those users can start those executables as if they are members of the administrators group.

You can configure privilege elevation using two types of rules: executable rules and Windows installer rules. You can configure how a rule behaves according to the type of the operating system. You can also configure whether a rule takes effect at a particular point in time or within a time range. You assign a rule on a per user or per user group basis

Feature: Support for optimizing multi-session OS machines

Detail: With this feature, you can optimize multi-session OS machines where disconnected sessions are present. The feature improves the user experience of connected sessions by limiting the number of resources disconnected sessions can consume.

This is similar to how ControlUp etc offer some process stripping functionality for disconnected sessions. This is also less harsh on the page file etc as optmization is only performed on disconnected sessions

Feature: Administration console Updates

Detail: The administration console user interface has changed:

  • In System Optimization, there is a new Multi-session Optimization node. On the node, there is a new Multi-session Optimization tab for you to configure settings designed to optimize multi-session OS machines with disconnected sessions
  • In Security, there is a new Privilege Elevation node. On the node, there is a Privilege Elevation tab for controlling whether to enable the feature and to apply global settings. Below the node, there are two subnodes:
    • Executable Rules with a Privilege Elevation tab where you can apply privilege elevation using executable rules
    • Windows Installer Rules with a Privilege Elevation tab where you can apply privilege elevation using Windows installer rules

- - - - - Version 2109

Feature: Support for Windows 11

Detail: The Citrix components, features, and technologies in this release that support the Windows 10 OS now also support Windows 11, unless otherwise noted

Feature: Support for running Workspace Environment Management in FIPS mode

Detail: You can now run Workspace Environment Management (WEM) in a FIPS environment

- - - - - Version 2106

Feature: Windows Server 2022 support

Detail: The Citrix components and technologies in this release that support Windows Server platforms now also support Windows Server 2022, unless otherwise noted

Feature: Overwrite or merge application security rules

Detail: This release adds two settings, Overwrite and Merge, to the Administration Console > Security > Application Security tab. The settings let you determine how the agent processes application security rules.

  • Select Overwrite if you want to overwrite existing rules. When selected, the rules that are processed last overwrite rules that were processed earlier. Citrix recommend that you apply this setting only to single-session machines.
  • Select Merge if you want to merge rules with existing rules. When conflicts occur, the rules that are processed last overwrite rules that were processed earlier.

Nice to not have to go and edit the SQL database directly for this one

Feature: Support for the Windows 10 2009 template in Citrix Optimizer

Detail: You can now use Workspace Environment Management to perform template-based system optimizations for Windows 10 2009 machines. In addition, Citrix have updated all existing templates to reflect changes introduced in the latest standalone Citrix optimizer

- - - - - Version 2103

Feature: Profile Management

Detail: Workspace Environment Management now supports all versions of Profile Management through 2103. Also, the following new options are now available in the Administration Console > Policies and Profiles > Citrix Profile Management Settings interface:

  • Enable Local Cache for Profile Container
    • Available on the Profile Container Settings tab
    • If enabled, each local profile serves as a local cache of its profile container
  • Enable multi-session write-back for profile containers
    • Available on the Advanced Settings tab
    • Replaces Enable multi-session write-back for FSLogix Profile Container of previous releases to accommodate multi-session write-back support for Citrix Profile Management profile containers
  • Enable Profile Streaming for Folders
    • Available on the Streamed User Profiles tab
    • If enabled, folders are fetched only when they are being accessed

Feature: SDK documentation

Detail: This release updates PowerShell modules in the Workspace Environment Management SDK. The following cmdlets are no longer usable:

  • Property SDKInfrastructureServiceConfiguration.AgentSyncPort
  • Property Commandlets.SetWemInfrastructureServiceConfiguration.AgentSyncPort

Version 2103 of the Workspace Environment Management SDK documentation reflects the update.

- - - - - Version 2012

Feature: WEM agent integration with the Citrix Virtual Apps and Desktops product software

Detail: The WEM agent is integrated with the Citrix Virtual Apps and Desktops product software, letting you include the WEM agent when installing a Virtual Delivery Agent (VDA). This integration is reflected in the Citrix Virtual Apps and Desktops 2012 product software and later. For more information, see Citrix Virtual Apps and Desktops 7 2012.

If you enable the Workspace Environment Management check box on the Additional Components page, the WEM Server page appears. That page is titled WEM Infrastructure Server. Enter the FQDN or IP address of the WEM infrastructure server. Then click Add. The WEM agent on the VDA communicates with that infrastructure server.

Feature: Optimized WEM agent startup

Detail: Previously, the WEM agent startup workflow had the following issues:

  • The agent did not refresh the Citrix Cloud Connector settings after startup. As a result, the Cloud Connector settings deployed to the agent through group policies did not work as expected
  • In a non-persistent environment, when the agent cache file resided in the base image, the agent could experience cache synchronization issues. As a result, WEM settings might not be applied properly

Starting with this release, the agent refreshes Cloud Connector settings after startup, just like it refreshes other settings. To ensure that the agent cache is up to date, the agent automatically recreates the cache in non-persistent environments

Feature: New agent cache utility options

Detail: This release adds the following agent cache utility options:

  • -RefreshSettings or -S: Refreshes agent host settings
  • -Reinitialize or -I: Reinitializes the agent cache when used together with the -RefreshCache option

Feature: Citrix optimizer

Detail: Citrix optimizer now provides an additional option that enables WEM to automatically select templates for your OS:

  • Automatically Select Templates to Use. If you are unsure which template to use, use this option to let WEM select the best match for each OS. You can also apply this option to custom templates with different name formats by using the Enable Automatic Selection of Templates Starting with Prefixes option

Feature: Support for the Windows 10 2004 template

Detail: WEM adds support for the Windows 10 2004 template introduced in Citrix optimizer. You can now use WEM to perform template-based system optimizations for Windows 10 2004 machines

Feature: Support for editing Group Policy settings

Detail: Previously, you could change only the name and description for a GPO after importing your GPO settings. You can now edit registry operations associated with a GPO. You can also add new registry operations to a GPO if needed. Currently, WEM supports adding and editing only Group Policy settings that are associated with the HKEY_LOCAL_MACHINE and the HKEY_CURRENT_USER registry hives.

When editing Group Policy settings, you have the following actions: Set value, Delete value, Create key, Delete key, and Delete all values

Feature: Multiple selection support for action groups

Detail: Previously, when adding actions to an action group, you moved each action present in the Available pane to the Configured pane one by one. You can now move multiple actions in a single step

Feature: WEM agent (advanced notice) of change

Detail: Microsoft Sync Framework 2.1 will reach End of Life on January 12, 2021. WEM will retire the associated legacy agent cache sync service and switch to using the latest agent cache sync service to keep the agent cache in sync with the infrastructure services. The latest agent cache sync service relies on Dotmim.Sync, an open-source sync framework. How does this change impact you?

  • If you use Workspace Environment Management 1912 or later, this change does not require action on your part
  • If you use Workspace Environment Management 1909 or earlier, upgrade to Workspace Environment Management 1912 or later

This change is scheduled to be rolled out in March 2021

- - - - - Version 2009

Feature: Support for the Windows 10 1909 template

Detail: WEM adds support for the Windows 10 1909 template introduced in Citrix optimizer. You can now use WEM to perform template-based system optimizations for Windows 10 1909 machines

Feature: Profile Management Additions

Detail: Workspace Environment Management now supports all versions of Profile Management through 2009. The following new options are now available on the Administration Console > Policies and Profiles > Citrix Profile Management Settings > Profile Container Settings tab:

  • Enable Folder Exclusions for Profile Container (option for excluding the listed folders from the profile container)
  • Enable Folder Inclusions for Profile Container (option for keeping the listed folders in the profile container when their parent folders are excluded)

Feature: Administration console changes

Detail: The administration console user interface has changed:

  • In Administration Console > Policies and Profiles > Citrix Profile Management Settings, there is a new Profile Container Settings tab for you to configure Profile Management profile container settings
  • The Enable Profile Container option now moves to the Profile Container Settings tab. Previously, the option was present on the Synchronization tab

- - - - - Version 2006

Feature: Enhancements to Group Policy Object (GPO) migration

Detail: This release makes further enhancements to GPO migration. Different from the Migrate wizard, which lets you migrate only Group Policy Preferences (GPP), you can now also import Group Policy settings (registry-based settings) into WEM. After importing the settings, you can have an itemized view of the settings associated with each GPO before you decide which GPO to assign. You can assign the GPO to different AD groups. To import Group Policy settings, navigate to Administration Console > Actions > Group Policy Settings, select Enable Group Policy Settings Processing, and then click Import to open the import wizard

Feature: Administration console changes

Detail: The administration console user interface has changed:

  • In Actions, there is a new Group Policy Settings pane. In the pane, there is a Group Policy Settings tab for you to configure Group Policy settings

- - - - - Version 2003

Feature: Citrix optimizer

Detail: Citrix optimizer is now available in Workspace Environment Management (WEM). You can use the feature to optimize user environments for better performance. Citrix optimizer runs a quick scan of user environments and then applies template-based optimization recommendations. You can optimize user environments in two ways:

  • You can use built-in templates to perform optimizations. To do so, select a template applicable to the operating system
  • Alternatively, you can create your own custom templates with specific optimizations you want and then add them to WEM

Feature: External task

Detail: This release includes enhancements to the external task feature. The feature now provides you with two additional options to control when to run external tasks:

  • Logoff. This option lets you specify whether to run external tasks when users log off
  • Reconnect. This option lets you specify whether to run external tasks when a user reconnects to a machine on which the agent is running. This option is not applicable to scenarios where the WEM agent is installed on a physical Windows device

The logoff option can be useful in scenarios where you want to purge the user environment on logoff

Feature: Optimized action processing

Detail: tarting with this release, WEM supports processing actions without retrieving settings from the infrastructure services. There is a new “Use Cache to Accelerate Actions Processing” option on the Administration Console > Advanced Settings > Configuration > Agent Options tab. The option enables the WEM agent to process actions by using the agent local cache. As a result, the agent no longer needs to communicate with the infrastructure services when processing actions

Feature: Optimized logon performance

Detail: In earlier releases, WEM delayed user logons until the processing of user Group Policy settings completed. Starting with this release, WEM no longer delays logons, and user Group Policy settings are processed in the background by default.

Feature: Optimized file type associations

Detail: In previous releases, file type associations other than those for text (.txt) files did not work consistently. Starting with this release, file type associations that you configure become default associations automatically. This enhancement lets you more effectively manage user environments. In addition, you now have more flexibility in configuring file type associations. In the New File Association window, you no longer have to fill out the following fields: Action, Target application, and Command. You can leave the fields empty as long as you can provide the correct ProgID

Feature: Profile Management updates

Detail: As of this release, you can use the Workspace Environment Management to configure all settings for Citrix Profile Management 2003. The following option is now available in the administration console:

  • Enable multi-session write-back for FSLogix Profile Container (option to save changes in multi-session scenarios for FSLogix Profile Container)

Feature: Administration console

Detail: The user interface of the administration console has changed:

  • In System Optimization, there is a new Citrix Optimizer pane. In the pane, there is a Citrix Optimizer tab for configuring optimization-related settings.

- - - - - Version 1912

Feature: Replacing Microsoft SQL Server Compact (SQL CE) with SQLite

Detail: The Workspace Environment Management (WEM) agent can work in offline mode. In earlier releases, the agent relied on Microsoft SQL Server Compact to synchronize with SQL Server to facilitate offline mode. Microsoft SQL Server Compact 3.5 Service Pack 2 is the last version that supports this functionality. Versions 4.0 and later do not support synchronization with SQL Server. However, SQL Server Compact 3.5 Service Pack 2 reached End of Life (EOL) in 2018. Starting with this release, the agent relies on SQLite for offline mode to work.

Feature: Support for exporting and importing configuration sets

Detail: Starting with this release, WEM supports exporting and importing configuration sets using the administration console. To export configuration sets, use the Backup wizard, where the Configuration set option is available on the Select what to back up page. To import configuration sets, use the Restore wizard, where the Configuration set option is available on the Select what to restore page. You can export and import only one configuration set at a time

Feature: Option to reset actions

Detail: Starting with this release, WEM supports resetting assigned actions (purging action-related registry entries in the user environment). The feature also provides the flexibility to reset assigned actions. You can reset all assigned actions by using the administration console or let users decide what to reset in their environment. The feature might be useful in scenarios where actions you assign to users or user groups do not take effect

Sound familiar?

Feature: Administration console changes

Detail: The administration console user interface has changed:

  • The Advanced Settings > UI Agent Personalization > UI Agent Options tab introduces an “Allow Users to Reset Actions” option. Use that option to control whether to let current users specify what actions to reset in their environment

Feature: Agent administrative templates

Detail: There are now two policies associated with the WEM agent cache synchronization:

  • Cache synchronization port (Applicable to Workspace Environment Management 1909 and earlier; replaced by Cached data synchronization port in Workspace Environment Management 1912 and later. The port defaults to 8285.)
  • Cached data synchronization port (Applicable to Workspace Environment Management 1912 and later; replaces Cache synchronization port of Workspace Environment Management 1909 and earlier. The port defaults to 8288.)

Starting with this release, the WEM agent relies on Cached data synchronization port to keep the agent cache in sync with the WEM infrastructure service. If you have Workspace Environment Management 1909 or earlier deployed in your environment, you cannot not use Cached data synchronization port. Instead, use Cache synchronization port

Feature: Upgrade enhancement

Detail: This release simplifies the process of upgrading the WEM database. In earlier releases, to upgrade the database, you needed to remove the database from the availability group if the database was deployed in a SQL Server Always On availability group. Starting with this release, you can upgrade the database without removing it from the availability group.

Note that you still need to back up the database before you perform the upgrade

Feature: Workspace Environment Management (WEM) PowerShell SDK modules

Detail: This release includes enhancements to the PowerShell modules in the WEM SDK. You can now use the PowerShell SDK to:

  • Create, update, query, and delete configuration sets and user-level and machine-level AD objects
  • Export and import configuration sets or user-level or machine-level AD objects