Tuesday, 11 February 2014

Environment Manager Post Logon Trigger

I've sat through a lot of workshops both internally and externally were logon times are a major problem. I've had customers tell me about C-Level executives who phone their assistants and ask them to logon so that when they get to the office they can start working, users logging on and then walking off to make their morning coffee whilst their system logs on, etc. With this in mind a lot of the customers I speak to are not prepared to add anything into the logon trigger.

For years people have recommended using AppSense Environment Manager and creating a set of actions that run on the process started trigger when explorer.exe runs. Others recommend assessing the logon process and find something that runs in the user context immediately after logon. These are both acceptable recommendations but in my experience are not ideal. Builds vary and you cannot always rely on a specific application running on all platforms to trigger these actions from.

This post will show you what I do instead and to date... this hasn't failed:


The first thing I do is create an empty executable which waits for 1 second and closes. My colleague, Jorrit van Eijk created a powershell action which creates this executable at computer startup.

You can find the XML snippet for that script here...
MD5: 5faae6bedaca8a298cdafd7ce055ef58

Simply import the action into the computer startup trigger of your Environment Manager configuration and provided powershell is installed on the endpoint, RefreshNow.exe will be created on the next reboot.

User Logon

The next thing I do is create a set registry action to add a registry value to the RunOnce registry key which will run RefreshNow.exe at logon.

You can find the XML snippet for that action here...
MD5: 08b682c2e934b2fa8f012df5228df940

Process Started

Lastly I create a process started trigger for RefreshNow.exe launching and I publish anything that is not required during logon in this node.

A few examples of things I include here are:

  • Desktop Icons
  • Migration Actions
  • Internet Explorer ADM/ADMX settings
  • UserSID scripts
  • Creation of IE Favorites
  • Network Drive Mapping
  • Network Printer Mapping
  • Etc
You can find the XML snippet for that action with a few sample actions here...
MD5: 5ccd31c07be2933f63319557098a6539

There are a few actions you should not try and use in the "Post Logon Trigger". A few examples are:

  • Folder Redirection
  • Lockdown Actions
  • ADM / ADMX Actions that affect regional settings, themes, etc. 
Any questions or comments find me on twitter...