Tag: UE-V

Profile management overview in Windows – how to get back to a working state after a reinstall or reset (or renewal of device)

This is a high-level summary of the specific needs, business impact and listing of current profile management options for your physical and virtual Windows 10 and 11 devices. The focus is how to get back to a state which can make you productive as soon as possible after a device reinstall or reset. This scenario of course also covers when you get a new device that replaces an older one.

Business impact

Most organizations have a policy that “we will troubleshoot a problem on a Windows device for X number of minutes, if we can’t solve it, let’s do a reinstall or reset”.

This might seem like a great policy that saves time for the service desk. But the numbers the management do not see is how much time have service desk have to spend on helping the user get back on track after the reinstall or reset? The same goes when user needs help transferring from one device to another as part of regular renewal of device. The potential time-saver here is enormous. If the user can get to a state that has everything the user needs available instantly, the user can become productive much quicker.

A consequence of having everything brought back quickly is that not only can the user be productive quicker, but the user will much more likely agree to a reinstall or reset when knowing the user can start working without hazzle again. It might also mean that you can reduce troubleshooting time from say 60 minutes down to 15 before you do a reinstall or reset. Overall a real time-saver and money-saver!

Needs and goals

High-level goals:

  • Getting back to a state where a user can start working as soon as possible after re-install or reset of the device, or even when switching device as part of hardware renewal.
  • “Everything back as it was” (more details on this below). I.e., the time the user needs to spend on getting back to a state that just works as before needs to be minimized.

Expanded description of goals:

  • All files and documents back as they were and accessible by user.
  • All required applications back as they were. (This is out of scope for this blog post as most organizations use ConfigMgr, Intune or a third-party software to deploy applications).
  • All relevant settings back:
    • Specific settings for line of business applications.
    • Outlook signatures and calendar settings etc.
    • Printers and printer settings.
    • Browser related settings, favorites, and history, including saved passwords.
    • Mapped SharePoint sites (Teams files) in File Explorer.
    • Settings for apps.

Solutions

Let’s have a look at what Microsoft technologies are available to solve the needs.

Personal files and documents

  • OneDrive for Business with Known Folder Move.
    If you have the possibility to use OneDrive for Business this is the best solution out there. Make sure to set the GPO or MDM setting to silently configure OneDrive to automatically have your OneDrive folder available after re-install or reset. Also set the policy setting “Enable Known Folder Move” to make sure that Desktop, Documents and Pictures folders are redirected to your OneDrive Folder. Reality check, do you know anyone who do NOT save stuff they need on the desktop? :)
  • Work Folders (which I typically call the internal OneDrive).
    Setting up Work Folders is easy, the role has existed in Windows Server since 2012 R2, thus requires a Windows File Server to setup and enable. Once you’ve setup Work Folders, use good old redirection of Documents and Desktop folders (and maybe Pictures as well) pointing to the local Work Folders directory just like it is done with Known Folder Move for OneDrive for Business.
  • Folder Redirection + offline files.
    Only two words: Stay away! (And migrate as soon as possible to OneDrive for Business or Work Folders if you are already using it). For some organizations I have worked with I have made it opt-in to use offline files, clearly stating the potential risks when opting in. Offline files cause user problems and have very high risk of user data loss.

Common or shared files and documents

  • SharePoint Sites (Teams files directories).
    Many users prefer to work with SharePoint sites and Teams files by syncing them to work with the files in File Explorer. There is no official way of having these remapped automatically after a reinstall or reset of a Windows device.

Settings

  • User Experience Virtualization (UE-V).
    I have many times referred to UE-V as the best thing since sliced bread. It is a technology that was released for about 10 years ago, with the intent to provide roaming of settings for Windows and applications (both Microsoft and any third party), using on-premises file shares. It also roams printers if you are not deploying those through other means.

    Since Windows 10 version 1607 UE-V is integrated in the operating system. I’ve used UE-V quite a lot and this is a really good technology to get many settings back after a reinstall. In one case I could do a F12 reinstall of a Windows 10 device before going to lunch and after lunch I logged in and started working instantly, with all settings back. Those were the days!

    Over time as applications are moving to the app’s world, UE-V has basically become less effective in its job. Also, after adding UE-V to Windows version 1607, UE-V has not gotten much love from Microsoft and as no development has been made for almost six years this is still something that most will benefit from, but sad to see that Microsoft do not care for this.
  • Enterprise State Roaming.
    About the same time that UE-V was integrated into Windows 10 we also saw the introduction of Enterprise State Roaming. This is a technology that use the cloud (a private protected and untouchable area) in Azure to store profile settings that roams with the user. For instance, background image, Windows theme settings and some other stuff is being roamed when enabling this through Azure AD. Sad to say, this feature is facing the same destiny as UE-V, with no new features or changes for the last six years or so.

    Actually with Windows 11 the number of settings that roam using Enterprise State Roaming have decreased, now only roaming passwords, some Windows settings, and language preferences.
  • FSLogix profiles.
    Microsoft bought FSLogix and with that obtained their profile technology. This is a container-based profile solution used primarily in remote Windows solutions, such as Azure Virtual Desktop. Although the technology should be possible to use on physical machines as well, I haven’t many details regarding this and haven’t tried it our myself. One reason for this is that FSLogix profiles requires an Active Directory and is not yet (per January 2022) supported for Azure Active Directory, although this is announced in the future.
  • Edge profile sync.
    The new and lovely Edge has profile sync with roaming built-in which is very much appreciated. Sign in with your school or work account and off you go! You’ll also find some additional information on Configure Microsoft Edge enterprise sync | Microsoft Docs.
  • Outlook settings roaming.
    Finally you can roam your email signature and a bunch of other settings to the cloud – without doing anything other than making sure this option is enabled. Take a look at Outlook roaming options to get more information about this one.

Note 1: Roaming profiles take care of both files and settings but like with folder redirection and offline files: Stay away from roaming profiles to make your life happier.

Note 2: As apps in Windows always store their configuration and user specific data in a standardized location. That is C:\Users\%username%\AppData\Local\Packages\%AppName%\ which means Microsoft should be able to provide a supported way of roaming these settings.

What settings can you use?

Depending on how your Windows devices are managed you can use some or all these technologies. This is applicable for Windows 10, Windows 11, Windows 365 as well as Azure Virtual Desktop. Note: All technologies below are not necessarily supported for all physical and virtual use cases.

Active Directory JoinedHybrid Azure AD JoinedAzure AD Joined
User Experience Virtualization (UE-V)Yes, pointing to file shareYes, pointing to file shareYes, pointing to OneDrive
for Business local folder*
Enterprise State RoamingNoYesYes
FSLogix profilesYesYesNo (not supported yet)
Edge profile syncYesYesYes
Outlook settings roamingYesYesYes
Summary of what profile technologies are available for various Windows device join types.

* For configuration, this is a great start: Manage User Experience Virtualization on the Modern Desktop | Aaron Parker (stealthpuppy.com)

Support matrix

Windows 10/11 – PhysicalWindows 10/11 – VDIWindows 365Azure Virtual Desktop
User Experience Virtualization (UE-V)YesYes**
Enterprise State RoamingYesYesYesNot supported**
FSLogix profilesNot supportedYesNot supportedYes***
Edge profile syncYesYesYesYes
Outlook settings roamingYesYesYesYes
Summary of what profile technologies are supported officially by Microsoft.

* Technically it will work, but likely not supported by Microsoft for Windows 365 nor Azure Virtual Desktop.
** Supported only for personal pools – not multi-session Windows 10 or 11, nor Windows Server.
*** For Azure Virtual Desktop, currently there is no support for Azure AD Joined devices.

Summary

With the existing Microsoft tools and technologies, you can reach a state where most of the stuff you want back actually is configured and brought back automatically. Getting the files and documents back is easy. Edge profile sync and Outlook settings roaming are a no-brainer and should be used by everyone.

UE-V and Enterprise State Roaming are not developed anymore but they still fill a purpose and can be very useful to save time, starting today, as they are very easy to get started with and has a very low implementation cost. FSLogix profiles are primarily intended for datacenter hosted solutions.

With those facts, there is a strong need for Microsoft to strengthen profile management to make it the true time-saver it can be. IT management would very much appreciate it I can assure. But the ones that would appreciate this the most are the end users!

UE-V “Error 4 was returned while initializing sync provider for template …” EventID 13008

Just adding this quick blog post as there is nothing available on the Internet on this particular error, at least not what I could find or see at a first glance.  

UE-V problems in Windows 10 v1709 and looking in the Event log showed warnings events with ID 13008 and the text (for example): 

“Error 4 was returned while initializing sync provider for template MicrosoftInternetExplorer.Version11” 

As usual one of my favorite tools Process Monitor came to the rescue and quickly helped identify the problem: ACCESS DENIED when monitoring read/write access to the settings storage location. Turned out the owner of the folder was incorrectly set, adjusting that and everything got back to a working state.

Restoring Internet Explorer favorites from an invalid UE-V package

Those of you who know me know that I am somewhat stubborn and I never give up. This case could easily have gotten anyone to crack! This blog post shows a way to restore favorites from within a UE-V (User Experience Virtualization) package that UE-V cannot use to roam the favorites, as the package is considered invalid.

Problem

A user has created some 2346(!) favorites in Internet Explorer over the years. UE-V is used to roam favorites. After the user reinstalled the machine from Windows 7 to Windows 10, the favorites went missing.

Investigation

To start with, the package supposedly containing the favorites (MicrosoftInternetExplorer.common.pkgx) could still be found in the SettingsPackages folder and the size was 1,24MB and dated just a week ago. Those of you that have worked with UE-V know that a package that large signals that it contains a rather large amount data. Therefore, with that indication I assumed that the favorites is still lurking in there.

First thing to try was to just force the read of the package using via the UE-V agent as is the case whenever IE is started or closed, however Event Viewer revealed that UE-V thinks there is some kind of problem with the package.

The initial settings package for settings location template "MicrosoftInternetExplorer.common" is invalid. The initial settings package will be replaced with a new copy.

Now it is time to analyze the package itself. Note: This took quite some time to process by the cmdlet and it seems that the UE-V agents takes the same amount of time to process this large amount of favorites (~30 seconds).

Export-UevPackage c:\temp\MicrosoftInternetExplorer.common.pkgx | out-file C:\temp\ MicrosoftInternetExplorer.common.txt

Reading the output text file revealed that the user had 2346 favorites, data in the following format:

<SettingsDocument>
<file>
<Setting Type="VT_FILE" Name="file://{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Folder1\Name of site 1.url" Action="Update">FEBB399A-8DF5-4B3D-B73D-A8167F61EB6B.pkgdat</Setting>
<Setting Type="VT_FILE" Name="file://{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Folder1\Name of site 2.url" Action="Update">9FA223F9-F065-4269-B02C-E467A6B26459.pkgdat</Setting>
<Setting Type="VT_FILE" Name="file://{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Folder2\Name of site 3.url" Action="Update">2393C0D8-AEDE-4D11-9CE3-E7E1E4B039CA.pkgdat</Setting>
...

Next up, rename the MicrosoftInternetExplorer.common.pkgx to MicrosoftInternetExplorer.common.zip and open it up. Note that you probably also would want to unblock the ZIP file before extracting the contents, choosing Properties and Unblock. Opening the PKGX as a ZIP shows us all the PKGDAT files listed in the output from Export-UevPackage. Extract the PKGDAT files to a folder, in my example c:\Temp\PKGDAT.

With these data sources, we have everything we need to recreate the URLs and their structure. Basically, what we need from the output from Export-UevPackage is the folder where the URL file is stored, the name of the URL file and the name of the PKGDAT filename.

Solution

With the aforementioned pieces of data, we can automate and match this to rebuild the Favorites entirely, using this PowerShell script:

$urls = (Export-UevPackage c:\temp\MicrosoftInternetExplorer.common.pkgx).split(“`n”) | select-string VT_FILE

foreach ($extracted in $urls)
{

$hash1 = $extracted -split ‘<Setting Type=|Name=|Action=|</Setting>’
$folder = $hash1[2].split(“\”)[1]
$urlname = $hash1[2].split(“\”)[-1].Replace(‘”‘,“”)
$pkgdat= $hash1[3].Split(“>”)[1]

New-Item c:\temp\RestoredURLs\$folder -type directory

if ($folder -match ‘”‘)
{
Copy-Item c:\temp\PKGDAT\$pkgdat c:\temp\RestoredURLs\$urlname
} else {
Copy-Item c:\temp\PKGDAT\$pkgdat c:\temp\RestoredURLs\$folder\$urlname
}
}

This recreated the favorites and in the same structure as it was! The user was indeed very happy!

Thanks goes to my colleague Jimmy Benandex who helped in making the above PowerShell command. As he mentioned there are better ways of doing the matching but I consider what we produced as a good enough solution :)

UE-V and Enterprise Mode in IE11 not working well together

Consider the following scenario: A user has a Windows client running UE-V (User Experience Virtualization) and IE 11 and everything in regards​ to Enterprise Mode in Internet Explorer 11 is working fine. The user then gets a new machine or logs into another machine let it be a client or for instance Remote Desktop session and then Enterprise Mode in IE11 does not work at all. The URL:s defined in the Enterprise Mode XML ruleset file are not applied when the user browse a web application defined for Enterprise Mode.

The problem is a consequence of UE-V roaming the Enterprise Mode registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enterprise Mode where it lists CurrentVersion with the current version of the XML file that is being used. So basically that means that Enterprise Mode think it has already applied the current ruleset although it has not.

Solution / Workaround

The workaround to prevent this scenario from happening is to exclude that registry key from being roamed. In the MicrosoftInternetExplorer2013.xml file scroll down to <Application> <Name>Internet Explorer 11</Name> and add an additional exclusion to the other exclusions already listed under <Registry>:

<Exclude>
<Path>Main\EnterpriseMode</Path>
</Exclude>

For users that are already affected by the problem one must delete the registry key mentioned above and make sure that it is not synced back from the IE package in the SettingsPackages location (MicrosoftInternetExplorer.Version11 package).

Roaming Outlook email signatures with UE-V

Today I held a presentation at the Swedish System Center User Group client day on topic Microsoft User Experience Virtualization (UE-V) and its integration in ConfigMgr 2012 R2. Great to see such interest in UE-V! Afterwards, the most common question I got was “Does UE-V roam email signatures for Outlook?”. Well, the answer is yes, but there is a big “BUT”!

UPDATE May 14th 2014: UE-V 2.1 (currently in beta) include a template fix for this for Swedish and Dutch but still there might be issues for other localized versions of Office. If you are still on UE-V 1.0 or 2.0 you find a UE-V template for roaming the Signature for Swedish Office at TechNet Gallery.

UE-V does roam the email signature but you have to manually set the signature as default in Outlook options > Mail > Signatures when logging into another machine or after reinstalling your own machine. And, there is an issue if you are using a localized version of Office. First an example of how the Outlook email signature is actually roamed when switching to another machine, but note that you must choose to make the email signature “active” on the other machine.


So this is in Office 2010 on a Windows 7 machine. Note that I have set this email signature to be active for new messages. 1980110714567


And after logging onto a Windows 8.1 machine, the email signature did roam with me, but I as a user must make the email signature active by selecting it in the drop down list for new and/or replied or forwarded messages.

Problems with the default templates for localized Office versions

If you are running a localized version of Office you must manually update the UE-V templates to accomodate for localized folder names. The rule as specified for roaming the Outlook email signature in the UE-V template file MicrosoftOffice2010Win32.xml defines the following:

<File>
<Root>
<EnvironmentVariable>APPDATA</EnvironmentVariable>
</Root>
<Path Recursive="true">Microsoft\Signatures</Path>
</File>

This will save and roam all files (email signatures) in the users %APPDATA%\Microsoft\Signatures folder. The problem is that on a machine with a localized Office version, the email signature folder located in C:\Users\<username>\AppData\Roaming\Microsoft is not called “signatures” but instead localized to “signaturer” (as I am running a Swedish installation of Office).

If you  have followed UE-V best practices and put your template files in a network share pointing that out using the UE-V GPO settings, you can just go ahead and edit the template file in the network location replacing “Signatures” with “Signaturer” in my example and the UE-V agents in your environment will by default pick up the new settings within 24 hours.

This behavior is the default for both UE-V 1.0 (with SP1) as well as the coming UE-V 2.0 (which is now in beta). Note that changes might occur before UE-V 2.0 is released.

UPDATE September 25th 2013: Microsoft has posted a KB article which explains more about why the mail signature is not set as default/active when roaming, see http://support.microsoft.com/kb/2889499/en-us.