Product Documentation

Assign App layers as Elastic layers

You can drastically reduce the number of images to manage by leaving applications for specific users or sub-groups out of your base image. With the Elastic layer setting, you can assign layers to specific users above and beyond the base layered image.

An Elastic layer is an App layer that you assign to specific users and groups, based on user entitlements. Elastic layers are delivered to the users when they log onto their systems, whether the system is a session host or standalone desktop. With Elastic Layers, you can give each user a unique set of applications, in addition to those delivered in the base layered image. For session hosts, an Elastic layer is used across sessions in the case of standalone desktops an Elastic layers are used across floating pools/shared groups.

Once you add elastic assignments to an App layer, a copy of the layer is stored in the appliance’s Network File Share, and delivered to individual AD users and groups on-demand, in addition to the layers that they receive via the base image.

To use this feature, you add Elastic Assignments specifying which users and groups should receive each of the App layers. You’ll then publish your base image(s) with the Elastic Layering setting enabled.

How users access Elastic layers assigned to them

When users log into their session or desktop, icons for their Elastic layers will appear as shortcuts on the desktop.

A user receives an Elastic layer in the following cases:

  • The user (an AD user in the management console) is assigned the layer.
  • An AD group that the user belongs to is assigned the layer.
  • A machine that the user logs into is a member of an AD Group that receives the Elastic layer.
  • A machine that the user logs into is associated with an AD Group that is assigned to the layer via the management console.

If more than one version of the same layer is assigned to a user

If a layer is assigned directly to the user and indirectly to one or more of the user’s groups, the user receives the most recent version of the Layer assigned directly to her/him. For example, if a user is assigned Version 2, and a group that the user belongs to is assigned Version 3, the user will get Version 2.

If the user is assigned a layer via one or more group assignments, the user receives the most recent version of the layer.

If a user has an App layer in their layered image, and the layer is also assigned to them elastically

If a user has an App layer in the layered image and the user is also assigned the layer elastically, they will receive the Elastic layer, even if the version in the base image is more recent.


  • .NET Framework 4.5 is required on any layered Image where Elastic layers are enabled.
  • The App layers you want to assign as Elastic layers.


App layers with the same OS layer as the layered image

For best results when assigning App layers as Elastic layers, only assign App layers that have the same OS layer as the one used in the layered image.

OS layer switching for Elastic layers

You can try assigning App layers as Elastic layers on layered images that use a different OS layer. There is no guarantee that an App layer will work on a different OS layer, but you can try. If the layers works, feel free to use it.


When adding versions to an App layer, you must use the OS layer included in the original App layer.

Elastic Layering Limitations

You cannot elastically layer the following:

  • Microsoft Office, Office 365, Visual Studio.
  • Applications with drivers that use the driver store. Example: a printer driver.
  • Applications that modify the network stack or hardware. Example: a VPN client.
  • Applications that have boot level drivers. Example: a virus scanner.

Elastic layer compatibility mode

When a user logs onto a desktop provisioned using a layered image, the Elastic layer is usually composited into the image after the user logs in. If you have a specific Elastic layer that doesn’t load correctly, you can try enabling Elastic Layer Compatibility Mode so that the layer starts loading before login is complete.


We recommend leaving this setting disabled, unless a layer isn’t working correctly as an Elastic layer. This is because enabling this setting on too many layers slows login times.

Enable Elastic Layering in the base image

When you publish the layered image that the users will log into to get the Elastic App layer(s):

  1. In the management console, select the Image Template used to generate the layered image.

  2. Select the Images tab.

  3. Select the image template on which you want to enable Elastic layering, and select Edit Template from the Action bar. The Edit Template wizard opens.

  4. On the Layered Image Disk tab, select a value for the Elastic layering option.

    • Office 365 - To enable Elastic Layering for Office 365 (desktop version).
    • Session Office 365 - To enable Elastic Layering for Office 365 (session host version).
    • Full - To enable Elastic Layering for all layers.
  5. Finish publishing the layered image.

  6. Use your provisioning system to distribute the virtual machines.

    When the users log in, they should see an icon for each Elastic App Layer they’ve been assigned.

Run the Elastic Fit analyzer on App layers

Before assigning an App Layer elastically, use the Elastic Fit Analyzer to determine the likelihood that the layer assignment will be successful.

Elastic Fit analysis

In the Layer Details, the Elastic Fit rating indicates how likely it is that the layer will work when elastically assigned.

Good Elastic Fit. This layer should work when deployed elastically.

localized image

Poor Elastic Fit. This layer will probably not work when deployed elastically, or may behave differently than when it is deployed in a layered image.

localized image

Elastic Fit details

You can learn more about the Elastic Fit of a layer by expanding the Elastic Fit Analysis. If the Elastic Fit is less than ideal, the list of violated rules will be displayed.

Low Severity Warning. This is unlikely to cause any change in behavior or functionality for most applications.

localized image

Medium Severity Warning. This may cause minor changes in behavior or functionality for some applications.

localized image

High Severity Warning. This is likely to cause significant changes in behavior or functionality for many applications.

localized image

Analyze an App layer for Elastic Fit

All new Layer Versions will be analyzed for elastic layering compatibility when they are finalized. To analyze existing App Layers for Elastic Fit:

  1. Log into the Management Console.
  2. Select Layers > App Layers.
  3. Select the Layer to analyze, and click Analyze Layer.
  4. On the Select Versions tab, choose the Layer Versions to analyze.
  5. On the Confirm and Complete tab, click Analyze Layer Versions. The analysis takes seconds.
  6. To see the Elastic Fit Analysis, select the App Layers module, move the mouse pointer over the Layer icon and click the Info icon.
  7. Expand the Version Information for each Layer Version, and look for the Elastic Fit rating.
  8. For a detailed report, expand the Elastic Fit Details. If the Elastic Fit is less than ideal, the list of violated rules will be displayed.
  9. You can display the AD tree and hide the violated rules by clicking a button acknowledging that the layer is unlikely to work as expected.

Upgrading from earlier releases

After upgrading from a very early App Layering release, the Elastic Fit Detail shows that any existing Layer Version(s) have not been analyzed. Until you run the analysis on existing Layer Versions, the Versions will have a single High severity Elastic Fit Detail, and a Poor Elastic Fit.

Elastically assign an App layer to AD Users and Groups

The first time you assign an App Layer elastically, we recommend starting with a simple app like Notepad++ or GIMP.

  1. Log into the management console as an Admin user, and select Layers > App Layers.
  2. Select an App layer that is not going to be included in the base image, and select Add Assignments.
  3. In the wizard that opens, select the Version of the App Layer that you want to assign users.
  4. Skip the Image Template Assignment tab. This tab is for assigning the layer to an image template.
  5. In the Elastic Assignment tab, select the users and groups who should get this App layer.
  6. In the Confirm and Complete tab, review your selections, and click Assign Layers.

When the users log in, they should see an icon for each Elastic layer they’ve been assigned.

Elastically assign an App layer to users via machine assignments and associations

You can assign layers to a machine by either adding the machine to, or associating the machine with the AD Group, and then elastically assigning the App layers to the AD Group.

The layers assigned to the machine will be available to every User who successfully logs into that machine. The App Layering Service will scan for changes to the machine’s AD group memberships and associations every 10 minutes. When the users log in, they should see an icon for each Elastic App layer they’ve been assigned.

Use Active Directory to add the machine to the AD Group

Assuming you have a published layered image booted in your environment, you can add the machine to an AD Group, and assign Elastic layers to the AD Group.

  1. Use Active Directory (AD) to add the machine to an AD Group.

  2. Select an App layer that is not going to be included in the base image, and elastically assign the layer(s) to an AD Group.

  3. You can wait for AD to propagate the changes and be recognized by the App Layering Service, or you can force the App Layering Service to update its list of machine groups by doing one of the following:

    • Wait for the App Layering Service to detect the changes (within 10 minutes by default).

    • Restart the App Layering Service.

    • Reboot the App Layering Service Machine.

    • Execute the refresh.groups command:

      C:\Program Files\Unidesk\Layering Services\ulayer.exe refresh.groups


You start with an AD User, and AD Group, and a machine that you provisioned using a layered image.

  • AD User: Kenya
    • Kenya has no elastic assignments.
  • AD Group: Marketing
    • The Marketing group includes the member Kenya.
  • Machine: ElasticTestMachine
    • The ElasticTestMachine base image includes the MS Office App Layer.

In this example, you elastically assign the Chrome App layer to ElasticTestMachine:

  1. In AD, you add the machine ElasticTestMachine to the Marketing AD Group.
  2. In the management console you elastically assign the Chrome App Layer to the Marketing Group.
  3. When Kenya, who is part of the Marketing group, logs into ElasticTestMachine, she receives both the MS Office App layer, which is in the base image, and the Chrome App layer.
  4. When any user who is not in the Marketing group logs into ElasticTestMachine, they also receive both Layers: MS Office because it is in the base image, and Chrome because the ElasticTestMachine is a member of the Marketing AD Group.

Use the management console to associate the machine with an AD Group

Associating a set of machines with an AD Group allows any machine running the App Layering Service to have layers elastically assigned to it via AD group membership.

Elastic layers granted via Machine association can be thought of as extending the layers assigned to a user. For example, if a machine matches multiple Machine Associations, only the unique layers will be added to the ones the user already has.

In the management console, you use asterisk (*) wildcards in a machine name pattern to specify a set of machine names. For example:

Machine name pattern Matches these names Does not match these names
machine* machine01; machineindetroit amachine;localtestmachine
*machine amachine; localtestmachine machine01; machineindetroit
ky*eng ky02359eng; kytesteng 01ky_eng; testky01eng
eng eng01; 1eng; 1eng01 en01; 1en; 1en01

You can create Machine Associations before or after elastically assigning App layers to the AD Group. Also, the machines do not need to exist when you add the associations, as the associations exist within App Layering only, and AD is not aware of them.

Associate a set of machines with an AD Group

  1. Log into the management console as an Admin user, and select Users > Tree.

  2. Expand the Tree, select the appropriate Group and click Edit Properties in the Action bar. This opens the Edit Group Wizard.

localized image

  1. Select the checkbox, Associate machines with this AD Group. This reveals the Machine Name Pattern field:

localized image

  1. Specify a set of machines to associate with the AD group by entering a machine name pattern. For examples, see the above table of Machine name patterns.

  2. On the Confirm and Complete tab, select Update Group. Notice the shape of a computer monitor superimposed over the group icon. This indicates that machines are associated with the group.

localized image

When you click the group’s icon, the Detail view now includes a field called, Associate With Machines where the pattern.

localized image


You start with the machine, Mach1, the AD Group, MachineGroup, and the App Layers for Firefox and MS Office.

  • Machine: Mach1
  • AD Group: MachineGroup
  • App Layers: FirefoxMS Office

Further, you have elastically assigned the Firefox and MS Office Layers to the AD Group.

If you add a Machine Association to MachineGroup with a name pattern of “Mach”, when any domain user logs into Mach1, they will receive the Firefox and MS Office Elastic App Layers.

Manage Elastic Assignments

You can:

  • View a user’s Elastic Layer assignments.
  • Add an Elastic Assignment.
  • Update an App layer and elastically assign the new Version of the layer.
  • Remove Elastic Assignments.
  • Debug an Elastic Assignments.

View a user’s Elastic Layer assignments

  1. Log into the Management Console and select Users > Tree.
  2. Select an AD User or Group, and click the “i” icon to the right of the name. If the user or group is assigned any Elastic Layers, the layers are listed just below the user’s or group’s profile information in the Details window that appears.

Update an App Layer and its Elastic Assignments

You’ve added Elastic Assignments to an App Layer, and users are accessing the app as expected. A new version of the application is released, so you update it by adding a new Version to the layer. Now you need to assign the new version to the users who have the layer.

  1. Log into the Management Console and select Layers > App Layers.

  2. Select the elastically assigned App Layer that you just updated.

  3. Right-click the Layer icon and select Update Assignments.

  4. In the wizard that opens, select the new Version.

  5. Skip the Image Template Assignment tab.

  6. In the Elastic Assignment tab, there’s a list of Users and Groups who have been assigned a different version of the selected layer. Select the users and groups to whom you want to assign the new Version of the layer.


    • If the list is long, use the Search field to filter the results.
    • If the list is empty, click the check box called, Show AD users and groups already at this version. A list of grayed out names may appear. These users have already been assigned the Version.
  7. On the Confirm and Complete tab, verify the Users and Groups selected to receive the new Version, and click Update Assignments.

Remove a layer’s Elastic assignments

  1. Log into the management console and select Layers > App Layers.

  2. Select the App layer for which you want to remove assignments, and select Remove Assignments.

  3. In the wizard that opens, select the assigned templates from which you want to remove the layer. All of the assignments for that layer are listed.

    If the list is long, use the Search field to filter the results.

  4. On the Confirm and Complete tab, verify the Image Templates selected to receive the new Version, and click Remove Assignments.

Troubleshooting Elastic Layer issues

If you have an Elastic layering issue, you can diagnose the problem by finding out whether the layer is being delivered, and if so, whether it is working correctly. If needed, collect data for Support, as described here.

Is this a Delivery issue?

Are the things you’d expect to see if this app were installed actually there as expected?

  • Do you see the files and registry entries for the layer?
  • If the app is supposed to be in the Start menu, is it there?
  • If there should be a shortcut for the app on the user’s desktop, is there one?

If you discover that app delivery is an issue, you can collect the following data, open a case, and send the data to Support.

  1. Collect the data from these logs:

    • Windows App Event log – In the Windows Event Viewer under Windows Logs, export the Application event log as an EVTX file.
    • App Layering Service log (ulayersvc.log) – C:\ProgramData\Unidesk\Logs\ulayersvc.log
  2. Collect the values of these Registry keys:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Unidesk\ULayer:AssignmentFile
    • HKEY_LOCAL_MACHINE\SOFTWARE\Unidesk\ULayer:RepositoryPath
  3. Collect the contents of the Assignment (ElasticLayerAssignments.json) and Layers (Layers.json) files from the Repository Path.

  4. Contact Support.

Is this an operational issue?

One of these issues could indicate that this is an Elastic layering issue:

  • The app is being delivered but doesn’t launch correctly.
  • An operation within the app doesn’t work correctly.
  • A licensing problem or a security issue.
  • The app launches, but then misbehaves, for example, it crashes on startup, or starts up but doesn’t work right.

If the problem with the layer is operational, test the App layer in the base image to rule out general layering issues:

  1. Add the App Layer to an image template, and publish a layered image that includes the App Layer.
  2. Log in as a user who is not assigned the layer elastically, and make sure that the application is operational in the base image.
  3. Contact Support with your findings.