Managing and delivering desktops that meet end-user expectations and enforce policy is a 24x7 nightmare for IT. End users want a consistent, responsive, and personalized computing experience regardless of device, time of day, or location so they can be more productive. However, traditional approaches to user workspace management, like logon scripts and Group Policies, are complex and impossible to maintain.

1. Environment Manager Policy
Windows 10 Migration Accelerator
Simon Townsend, Chief Technologist
@simon_townsend

2. 90%
Up to
Faster logons

3. Eliminate
HUNDREDS
of Group Policies

4. ONE
Windows Image for
all Desktops

5. Migrate users
Profilesand Data
to Windows 10

6. Just 3 things…
How we Help with
Windows 10
migrations
Integration with
other Ivanti
products
New version of
Ivanti
Environment
Manager

7. User Workspace Management
On-demand profile
management and
context-aware policy
controls
Application control
and privilege
management
Maximize user density
and deliver an optimal
user experience
Simplify user data
access and
migration
Granular endpoint
data collection for
informed analysis
Application
Control
Environment
Manager
Performance
Manager
File
Director
Insight

8. User Workspace Management
On-demand profile
management and
context-aware policy
controls
Application control
and privilege
management
Maximize user density
and deliver an optimal
user experience
Simplify user data
access and
migration
Granular endpoint
data collection for
informed analysis
Application
Control
Environment
Manager
Performance
Manager
File
Director
Insight

9. Features of Environment Manager
Feature Benefit “Full” EM
Logon Script Replacement Faster logons, graphical console, multi-threaded engine Y
Group Policy Replacement Applies ADM/ADMX settings faster and with more context Y
Cache Roaming /
Containerization
Accelerate Office 365 and other applications on virtual desktops using
VHD containers
Y
Windows desktop and
application UI lockdown
Hide and restrict access to edit boxes, buttons and dropdown menus Y
Powerful, contextual Rules
Engine
Apply policy settings and profiles to much more than just OUs and AD
groups
Y
Roam user profiles Reduce Profile corruption, faster logon times, happier users Advanced
Snapshots, Profile Rollback
and Bulk Changes
Web UI with delegated admin for the service desk to roll back to a
previous state, known good or make bulk profile changes
Y
Offline Support Caching and sync engine for online and offline desktops and laptops. Y
Cross Platform Support Move user settings across versions of Windows. Move user settings
between native app and App-V/ThinApp.
Y
Multi Datacenter and Cloud
Support
Replication, failover and central management across datacenters with
any SQL Edition, on-premises or cloud-hosted
Y
Learning mode Guided application profiling for settings capture Y
End user self-service Users can roll back their own profiles via a self-service tool or existing
service management solutions, reducing support calls
Y

10. EM Policy Edition
• Simple, easy to implement and
maintain
• No additional IIS/SQL Infrastructure
required
• Can be deployed via GPO, SCCM,
Ivanti EPM or via Management Centre
• Just agent, license file and
configuration
• Online and offline desktops

11. EM Policy vs EM
Feature Benefit EM Policy “Full” EM
Logon Script Replacement Faster logons, graphical console, multi-threaded engine Y Y
Group Policy Replacement Applies ADM/ADMX settings faster and with more context Y Y
Cache Roaming /
Containerization
Accelerate Office 365 and other applications on virtual desktops using
VHD containers
Y Y
Windows desktop and
application UI lockdown
Hide and restrict access to edit boxes, buttons and dropdown menus Y Y
Powerful, contextual Rules
Engine
Apply policy settings and profiles to much more than just OUs and AD
groups
Y Y
Roam user profiles Reduce Profile corruption, faster logon times, happier users Standard Advanced
Snapshots, Profile Rollback
and Bulk Changes
Web UI with delegated admin for the service desk to roll back to a
previous state, known good or make bulk profile changes
Y
Offline Support Caching and sync engine for online and offline desktops and laptops. Y
Cross Platform Support Move user settings across versions of Windows. Move user settings
between native app and App-V/ThinApp.
Y
Multi Datacenter and Cloud
Support
Replication, failover and central management across datacenters with
any SQL Edition, on-premises or cloud-hosted
Y
Learning mode Guided application profiling for settings capture Y
End user self-service Users can roll back their own profiles via a self-service tool or existing
service management solutions, reducing support calls
Y

12. So what about those logon times..?

13. Traditional Desktop Policy Methods
Logon Scripts
A series of coded instructions to set up a Windows workspace
applied each time a user logs on to their device
Typically written in legacy VBscript or KiXtart code
Group Policy Objects (GPOs)
A collection of IT settings that define what a Windows workspace will
look like and how it will behave for a defined group of users

14. Disadvantages of Logon Scripts
§ Typically require a specialist member of IT who can code in either VBscript or KixTart
§ Scripts are usually many hundreds or thousands of lines of code
§ No version control - so if a mistake is made, it’s difficult to rollback to a working version
§ Hard to pick up and maintain someone else’s script as everyone writes code differently
§ Logon scripts execute actions one-after-the-other
§ If scripts contain thousands of lines of code, user logon times can be very long
§ Logon scripts only apply settings during the logon process
§ They cannot apply settings on-demand when contextual changes are made in-session
§ There is no way of knowing who made a change to a logon script if something goes wrong
§ There is no way of knowing what the last change was if something went wrong
Complex to write
Difficult to
maintain
Run
sequentially
Only apply at
logon
No audit
control

15. Disadvantages of Group Policy Objects (GPOs)
§ GPOs process actions one-after-the-other
§ If many GPOs need to be configured, user logon times can be very long
§ GPOs can only be applied to users (within Active Directory Organizational Units) or computers
§ GPOs are therefore limited when it comes to applying settings based on context
§ GPOs can only be applied at Computer Startup, User Logon or on a set periodic basis
§ GPOs can’t react to changes in environment , e.g. network disconnect or reconnect
§ There is no built-in search or filter option to find a specific setting within a GPO
§ GPOs can be nested and inherited making it very difficult to find or fix issues with existing settings
§ Changes made to GPO settings are not audited
§ If an incorrect change is made, it is impossible to tell what the change was or who made it
Run
sequentially
Limited
flexibility
Limited
Triggers
Difficult to
maintain
No version
control

16. https://vimeo.com/255925900

17. Environment Manager Policy
FEATURE DESCRIPTION BENEFIT
Multi-Threaded Engine The ability to apply many
actions simultaneously rather
than one-after-the-other
§ Greatly improve logon times
§ More flexible configuration options
Comprehensive set of
Triggers
Provide the ability to decided
when configuration actions
need to be applied
§ Tailor the desktop based on specific
events occurring
§ Speed up logon times by configuring
actions typically applied at logon at
different times
Extensible Actions Setup & enforce user settings
on the desktop
§ Simple desktop configuration
§ Reduce IT support and management
costs
Flexible Conditions Provide context-aware
configuration
§ 100% flexibility in configuring the
user’s desktop
§ Adapt to the user’s environment and
security posture

18. Group Policies cause Delays. Some orgs have 1000s!
Group
Policy is
taking 16
seconds!
Replace with
multi-threaded
EM actions that
take 3 seconds!

19. Environment Manager Policy
FEATURE DESCRIPTION BENEFIT
Cache Roaming Provide a fast Outlook
experience when using Office
365 in virtual desktops
§ Able to use Cached Exchange Mode
with Citrix or VMware VDI
§ No need for additional products
Lockdown Hide or prevent access to
unrequired application or
Operating System features
§ Bolster security against workspace
vulnerabilities
§ Simplify the end-user experience
Self-Healing Automatically repair malicious
or accidental changes to
system settings
§ Prevent user introduced changes or
actions from compromising system
integrity
Enable/disable and show/hide
applications based on user
context and other attributes
§ Only need one master image for
Citrix/VMware virtual desktops
§ Slashes management costs
Application Control

20. Environment Manager Policy

21. How is Environment Manager Policy configured?
ConditionsActionsTriggers

22. EM Policy Console

23. Triggers
Computer
§ Startup / Shutdown
§ Network Available
§ System Process Started / Stopped
User
§ Logon / Logoff
§ Pre-Session / Pre-Desktop / Desktop Created
§ Process Started / Stopped
§ Network Connected / Disconnected
§ Session Reconnected / Disconnected
§ Session Locked / Unlocked

24. Actions
There are many built-in actions available in the EM console:
If specific actions aren’t available, custom actions can be created:

25. Conditions

26. https://www.ivanti.com/customers/autotrader

27. Customer Case Studies
• AutoTrader https://www.ivanti.com/customers/autotrader
• Deakin University https://www.ivanti.com/customers/deakin-university
• El Camino Hospital: https://rs.ivanti.com/case-studies/IVI-1817-el-camino.pdf
• Bolton NHS: http://rs.ivanti.com/case-studies/IVI-1803-bolton.pdf
• Mills & Reeve: https://rs.ivanti.com/case-studies/IVI-1796-mills-reeve.pdf
• Sharp Healthcare: https://player.vimeo.com/video/188733078

28. Common Project Types
Windows 10 Migration
Provide effortless migration of users’
personal settings to new Windows 10
Workspaces
Office 365 Migration
Improve Outlook performance in VDI
environments and get control of users’
1TB of OneDrive storage.
Reduce Virtual image count
Provide contextual policy to enable
non-persistent VDI workspaces whilst
reducing associated storage costs
Eliminate Logon Scripts
Replace slow, complex logon scripts
with a fast, easy-to-use graphical
user interface
End GPO Nightmares
Swap slow, antiquated group policy
for a rapid, multi-threaded engine
Speed up logon times
Improve the user experience and
increase user productivity

29. Endpoint manager

30. Windows 10
Migration Accelerator

31. Endpoint Manager
EM Policy

32. Unified Endpoint Manager
Existing customers of either product
can upgrade for $20 per device/user

33. Endpoint Manager

34. Xtraction….

35. NEW! SIMPLER! Windows 10 Migration Accelerator
OS Files Profile
1 2 53 4
Drivers Apps
Environment
Manager
Win 7 Win10
Endpoint
Manager
Windows 10 Migration Accelerator
• A free kit for Endpoint Manager, Environment Manager and Xtraction
• Configuration for Environment Manager: Policy only, no SQL, file server
• Xtraction Dashboard for Endpoint Manager
Optionally use EM Personalization and File Director for continuous sync
Xtraction

36. Windows 10 Migration Dashboard
• Control your Windows 10 Migration centrally from Xtraction
• Environment Manager Policy updates synced to EPM

37. Video of end-to-end Windows 10 Migration

39. • Where to find it?
• Pre built template for
Environment Manager
• Pre built connectors for
Xtraction
Win 10 Migration Accelerator

40. Summary
• New edition of Environment Manager
• Ideal to replace GPO and Scripts for ultra fast logons
• Windows accelerator template enables Windows migrations

41. Thank you