WEM Tool Hub
WEM Tool Hub is a collection of tools that aims to simplify the configuration experience for Workspace Environment Management (WEM) administrators. On the on-premises environment, users can download the tool from the on-premises web console.
The prerequisites for running the WEM Tool Hub are as follows:
- .NET Framework 4.7.1 or later
- Microsoft Edge WebView2 Runtime version 98 or later
- Local administrator privilege
Currently, the following tools are available:
- Application assistant
- File Type Association Assistant
- Printer assistant
- Rule generator for app access control
Note:
- WEM Tool Hub does not save data for you. Data will be cleared after you exit a tool. To avoid potential data loss, be sure to save your work.
- To paste data copied from the WEM Tool Hub into the web console, ensure that the browser allows data copying. Example: For Microsoft Edge, be sure to have the Site permissions > Clipboard > Ask when a site wants to see text and images copied to the clipboard option enabled.
Application Assistant
Use this tool to prepare configuration information for icons and Citrix Workspace resources that you want to use when adding applications in the management console.
Workspace resources
Note:
This tool requires Citrix Workspace app to be installed on the machine.
When adding an application of type “Citrix Workspace resource” to the web console, you need to specify a resource. To get information for a resource, complete the following steps:
-
Enter a Store URL or Workspace URL.
-
Click Browse resources to browse your resources. Resources are then enumerated and listed.
-
From the list, select the target application and copy its information.
In the web console, paste the information you copied by clicking Paste resource info. See Add an application.
Icons
When setting the icon for an application in the web console, you can add new icons. To get data for an icon, complete the following steps:
-
Click Browse to browse to a file that contains the icon. Icons in the file are then loaded. Supported file types:
.exe
,.dll
,.ico
. -
Select the icon and copy the icon data.
In the web console, paste the icon data you copied by clicking Paste icon data. See Add an application.
Windows Logon analysis
You can use this tool to view logon duration reports and get the tips for logon duration optimization and troubleshooting.
To receive complete reports, enable log collection for relevant Windows event logs on the machine.
- Click Windows Logon analysis > Get reports to access the Get latest reports wizard.
- Select the time range by choosing one of the options from the drop down list and click Get reports. The default range is Last 24 hours.
- The phase and description are displayed in the form of a chart based on the following table.
The following table lists all the metrics, submetrics, and tips in detail.
Base-metric | Base-metric Description(UI) | Sub-metrics | Tips | Details |
---|---|---|---|---|
Pre-logon | Time taken before Windows Logon. | Citrix pre-logon | ||
HDX connection | ||||
Authentication | Time taken to complete authentication to the session. | Windows authentication | Use Windows Hello. Windows Hello is a biometric authentication feature that allows you to sign in to your PC using your face or fingerprint. | |
VDA authentication | Network/Active Directory Speed. Ensure that there is a good network communication between the current machine and the Active Directory. You can use the tool, such as Dcdiag to check it. | |||
Efficient Input of Username and Password. Incorrect or delayed input of the user name and password can lead to an overall extension of the authentication time. | ||||
Citrix RSOP | Time taken to complete Citrix RSOP(Resultant Set of Policy). | |||
User Profile Loading | Time taken to load the profile settings for the user logging on. | FSLogixLoadProfile (Time taken to load FSLogix profile container). | Check for low disk space and free up space. If your hard drive is almost full, it can slow down your PC’s login process. Ensure that you have enough free space on your hard drive. | |
UserProfile (Time taken to load Windows user profile files and settings). | Use ProcMon tool. To analyze the details, use the ProcMon tool to capture the file I/Os within the user profile during user logon. | Windows profile data (Profile size, file/folder counts), Temp folder data (Profile size, file/folder counts), Top 10 large file list (Size not less than 50MB), Top 10 large folder list (Size not less than 100MB) | ||
SMB client (Time taken to initialize the SMB client for remote connections). | ||||
CitrixProfileMgmt | Citrix Profile Management. If you are using Citrix Profile Management, you can optimize the logon process either by using a container-based solution or by using the file-based solution with Profile streaming, for folders with Accelerate folder mirroring enabled. For more details, see link. | Profile Management health check report | ||
Group Policy Processing | Time taken to process Group Policy settings. | GroupPolicy GroupPolicyScript (Async) GroupPolicyCse (Async) GroupPolicyScript |
Disable the GPO cache. Run gpedit.msc and locate to path Computer Configuration > Administrative Templates > System > Group Policy. Then, disable the GPO cache. |
|
WmiFilter LogonScheduledTask (Async) SingleLogonScheduledTask FolderRedirection | Decrease the number of GPOs. Decrease the number of GPOs that are processed at once. Group Policy processing is done in parallel, but there are limits to how many GPOs can be processed simultaneously. Decreasing the number of GPOs that are processed at once can speed up the Group Policy processing. | |||
CitrixWemTotal CitrixWemCheckingHostServiceStatus CitrixWemReadConfiguration CitrixWemStartupScriptedTask | Use Citrix WEM to process group policy async. Using Citrix WEM to process group policy async can process group policy before user logon and make group policy processing faster. For more details, see link. | |||
CitrixWemCache (Sync) CitrixWemJsonFile CitrixWemMachineGroupPolicy CitrixWemUserGroupPolicy | ||||
Group policy objects | Single group policy object list | |||
Pre-shell (UserInit) | Time for the userinit.exe to the explorer.exe startup. |
|||
Logon Script Processing | Time taken to run logon scripts. | UserLogonScript | Optimize your logon script. You can optimize your logon script by removing unnecessary commands and reducing the size of the script. | |
Use Group Policy Preferences. Group Policy preferences can be used to replace logon scripts. They are easier to manage and can be processed faster than logon scripts. | ||||
Use Citrix WEM external tasks. Set up your logon scripts using external tasks. You can specify whether to wait for the task to complete and the duration of the wait timeout. Limiting the wait time helps speed-up user logon. To learn more about external tasks, see the product documentation. | ||||
Shell Startup | Time taken to run shell startup. | ActiveSetup FSLogixShellStart (Time taken to run the shell after loading the FSLogix profile container). |
Disable startup programs. You can disable the programs that automatically launch when you turn on your PC. To disable startup programs on Win11/Win10/Win Server 2022, perform the following steps. Press the Windows + I shortcut to open Settings and select Apps > Startup. Toggle off any apps or programs that must not be turned on automatically during startup. Remove unnecessary programs from the global startup folder: %allusersprofile%\Microsoft\Windows\Start Menu\Programs\StartUp . Remove unnecessary programs from the user startup folder: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup . |
|
ShellStart (Time taken to run the shell after loading the Windows user profile). AppxAssociations | Enable fast startup. The fast startup feature allows your computer to start up faster after shutdown. To enable fast startup on Windows 10, perform the following steps: Open the Control Panel in Icon view and choose Power Options. Choose what the power buttons do in the sidebar. Select the checkbox Turn on fast startup from the list of options that must be available. | |||
AppxLoadPackage(AppX packages loaded during logon) SingleAppxLoadPackage | Adjust the appearance and performance of Windows. You can adjust the appearance and performance of Windows to speed up your PC’s login process. To do this, right-click My Computer and select Properties. Click Advanced System Settings and then click the Settings button under Performance. You can adjust the appearance and performance of Windows here. |
File Type Association Assistant
Use this tool to get the information needed for configuring FTAs to add them as assignable actions in the management console.
Selecting File Type Association Assistant leads you to the File Type Association Assistant page in the WEM Tool Hub. You can configure an FTA by completing the following steps.
- When you type a file name extension, you can choose from the matching file name extension options that begins with your input.
- Check if the extension entered has an associated ProgID and whether the ProgID has associated actions in the registry.
- Click Browse to list all the applications that have the entered ProgID registered.
- Configure the application that you want to associate it with.
- You can also select Customize action to perform the Open, Edit, and Print actions.
- You can copy the configured FTA data by clicking the Copy button.
For more details, see File Type Associations.
Printer Assistant
Use this tool to get a list of printers from your print server so that you can add them as assignable actions in the management console.
When adding printers from a network print server, you need printer information to add them. To get the printer information, complete the following steps:
- Enter the full name of the print server.
- Specify whether to connect to the print server using specific credentials.
- Click Connect to view the printer list.
- Select one or more printers from the list and copy the printer information.
In the web console, paste the information you copied by clicking Paste printer info. See Add printers from a print server.
Rule generator for app access control
Use this tool to create rules to control user access to items such as files, folders, and registries. The rules are implemented through Citrix Profile Management. A typical use case is to apply rules to control user access to apps installed on machines — whether to make apps invisible to relevant users.
You can perform the following operations:
- Create app rules
- Import app rules from a file
- Generate raw data for rules
- Edit app rules
- Delete app rules
To create an app rule, complete the following steps:
- Click Create rule in the action bar.
-
On the Target objects page, configure the following settings:
- App rule name. Specify a name to help you identify the rule.
-
Target objects. Add target objects. Target objects can be files, folders, and registries related to the app that you want to hide. Click Scan for a list of apps installed on the current machine and objects associated with each app.
Note:
- The tool might not be able to get the path for a folder after a scan. The path field shows the following warning:
No path found
. The issue occurs, for example, when the installation folder of an app resides in the user’s profile folder. In that case, you must locate the installation folder and then enter the path manually. - You cannot add paths for items on which certain Citrix and Windows services rely. Otherwise, those services might stop working properly. For a complete list of those paths, see Paths not allowed to be added.
- The tool might not be able to get the path for a folder after a scan. The path field shows the following warning:
-
On the Assignments page, add users, computers (organizational units), and processes you want to assign the rule to. For more information about how to get the AAD users or groups and NDJ machines, see AAD/NDJ object selector.
Note:
- After you assign this rule to certain users, computers, and processes, the target objects are invisible when users run the processes on related computers.
- Without assignments specified, this rule always hides the target objects.
- Assignments come in three categories: users, computers, and processes. The “OR” operator is used between items within a category, and the “AND” operator is used between categories.
- You cannot add users and computers when running the tool on a non-domain-joined or Azure Active Directory joined machine.
- You can add bulk processes. Enter process names (including the .exe extension), separated by line breaks.
- After you finish, click Done.
To generate raw data for rules, complete the following steps:
- Select desired rules or click Select all to select all rules.
- Click Generate raw data in the action bar. The raw data is then generated for the selected rules.
-
In the Generate raw data window, save the raw data to a file for later restoration or copy the raw data to your clipboard.
Note:
- Use the raw data when adding rules in the WEM administration console or when configuring the Profile Management policy “App access control,” depending on how you want to get the rules deployed.
- After you save the raw data to a file, you can restore the rules from the file. To achieve that, use Import in the action bar.
- After you finish, click Done.
Paths not allowed to be added
You cannot add the following paths and their parent paths for items on which certain Citrix and Windows services rely. Profile Management related registries:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\UserProfileManager
HKLM:\SOFTWARE\Policies\Citrix\UserProfileManager
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\UserProfileManager
HKLM:\SOFTWARE\Citrix\UserProfileManager
WEM related registries:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Norskale
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\WEM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Norskale
HKLM:\SOFTWARE\Policies\Norskale
HKLM:\SOFTWARE\Citrix\WEM
HKLM:\SYSTEM\CurrentControlSet\Control\Norskale
Virtual Delivery Agent (VDA) related registries:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\VirtualDesktopAgent
HKLM:\SOFTWARE\Citrix\VirtualDesktopAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Citrix Virtual Desktop Agent
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Citrix Virtual Desktop Agent
Windows related registries:
HKCU:
HKEY_CURRENT_USER
HKU:
HKEY_USERS
Windows and Citrix service related folders:
c:\windows\system32
\Citrix\User Profile Manager\
\Citrix\Workspace Environment Management Agent\
\Citrix\XenDesktopVdaSetup\
\%windir\%\system32
Assigning app access rules to AAD users/groups and NDJ machines
To assign app access rules to AAD users or groups and NDJ machines, complete the following steps.
-
Click AAD/NDJ object selector from the web console.
-
Use the AAD/NDJ object selector to add the desired AAD users and NDJ machines.
-
Copy the user or machine data.
-
Go to WEM Tool Hub > Rule Generator for App Access Control, where you create a new app rule.
-
Go to the Assignments page, and paste the data.
-
Click Done to create the app access control rules.
-
Copy the app access control rules.
-
Go to the web console > configure set > Profile Management settings > App access control and paste the data there.
Add local applications for quick access
This feature lets you add local applications to the WEM Tool Hub for quick access. The added applications are considered as part of your personal data. The data is retained when you switch machines while using the Profile Management environment.
To add an application, click the plus sign on the top right corner of the WEM Tool Hub and then navigate to the application. You can add multiple applications at a time.
The added applications appear as tiles in the WEM Tool Hub. You can click a tile to start the application quickly.
Note:
To remove an added application, click the trash can icon.