What’s new

A goal of Citrix is to deliver new features and product updates to Workspace Environment Management (WEM) service customers when they are available. New releases provide more value, so there is no reason to delay updates. Updates are rolled out to the service release approximately every three weeks.

This process is transparent to you. Updates are applied to Citrix internal sites initially, and are then applied to customer environments gradually. Delivering updates incrementally in waves helps ensure product quality and maximize availability.

In general, updates to the documentation are made available before new features and product updates are accessible to all customers.

For information about the service level goal for the WEM service for cloud scale and service availability, see Service Level Goals. To monitor service interruptions and scheduled maintenance, see the Service Health Dashboard.

January 2022

Web console now available as a preview

A new, web-based Workspace Environment Management (WEM) console is now available. We are in the process of migrating the full set of functionalities from the legacy console to the web console. The web console generally responds faster than the legacy console. You can easily switch between the web console and the legacy console from within the Manage tab to perform your configuration or deployment management tasks. Click the down arrow next to Manage and select an option:

  • Legacy Console. Takes you to the legacy console.
  • Web Console. Takes you to the new, web-based console.

Options in the Manage menu

The following features are available only in the web console:

  • Run scripted tasks. You can add scripted tasks that you customize to suit your unique environment management needs. You can then automate those tasks with WEM by configuring them in the applicable configuration set. For more information, see Scripted Tasks.

  • Save a backup of a configuration set automatically. You can manage automatic backup for your configuration sets. For more information, see Configuration Sets.

  • Scan large files in profile containers. You can enable the WEM agent to run a scan of large files on profile containers when container usage exceeds the specified threshold value. For more information, see Advanced Settings.

  • Prevent child processes from inheriting CPU priority. When you apply CPU spike protection, the CPU priority of a process that triggers CPU spike protection is adjusted to a lower level. That process’ child process automatically inherits the lowered CPU priority. We added an option, Prevent child processes from inheriting CPU priority, to the Configuration Sets > System Optimization > CPU Management > Enable CPU spike protection tile. The option lets you specify processes whose child processes you do not want to inherit the CPU priority. For more information, see System Optimization.

  • Language localization support for the web console. The web console is adapted for use in languages other than English. The web console supports non-English characters and keyboard input even when the console itself is not localized in the preferred language of an administrator. The supported languages are as follows: French, German, Spanish, and Japanese.

Apply settings to unbound agents

  • You can now apply settings to agents that are not bound to any configuration set. The feature lets you control how unbound agents behave. For more information, see Active Directory Objects.

  • Minimum agent version required: 2201.2.0.1

Support for managing non-domain-joined machines in Citrix Virtual Apps and Desktops Standard for Azure deployments

  • You can now use WEM service to manage non-domain-joined machines in Citrix Virtual Apps and Desktops Standard for Azure deployments. This support enables you to assign policies and settings to non-domain-joined machines as you do with domain-joined machines. For more information, see Manage non-domain-joined machines.

  • Minimum agent version required: 2201.2.0.1

Support for enumerating Azure AD users and groups

WEM service now supports enumerating Azure Active Directory (AD) users and groups. After connecting your Citrix Cloud account to your Azure AD, you can add Azure AD users and groups that you want WEM to manage. For information about connecting your Citrix Cloud account to Azure AD, see Connect Azure Active Directory to Citrix Cloud.

External task

  • This release includes enhancements to the external task feature. The feature now provides you with three additional options to control when to run external tasks:
    • Disconnect. Controls whether to run the external task when a user disconnects from a machine where the agent is running.
    • Lock. Controls whether to run the external task when a user locks a machine where the agent is running.
    • Unlock. Controls whether to run the external task when a user unlocks a machine where the agent is running.

    For more information, see External Tasks.

  • Minimum agent version required: 2201.1.0.1

Profile Management

  • Workspace Environment Management now supports all versions of Profile Management through 2112. Also, the following new options are now available in the Administration Console > Policies and Profiles > Citrix Profile Management Settings interface:

    • Enable File Exclusions for Profile Container. Available on the Profile Container Settings tab, the option controls whether to exclude the listed files from the profile container.
    • Enable File Inclusions for Profile Container. Available on the Profile Container Settings tab, the option controls whether to keep the listed files in the profile container when their parent folders are excluded.
    • Customize storage path for VHDX files. Available on the Advanced Settings tab, the option controls whether to store VHDX files of different policies in different folders under the specified storage path.

    This release also adds wildcard support for Profile Management. When specifying files or folders, you can now use wildcards. For more information, see Citrix Profile Management Settings.

  • Minimum agent version required: 2110.2.0.1

Administrative access to WEM service based on Azure Active Directory (AD) group membership

You can now manage administrative access to WEM service based on Azure AD group membership. Users (administrators) within the Azure AD group can directly onboard to Citrix Cloud and access WEM service – you do not need to manually add them in Citrix Cloud. A general workflow to use the feature is as follows:

  1. Connect your Citrix Cloud account to your Azure AD.
  2. Add the applicable group to Citrix Cloud from Azure AD.

Users can then sign in to Citrix Cloud by using their Azure AD credentials. For more information, see Connect Azure Active Directory to Citrix Cloud.

Fixes

  • On the Administration Console > Policies and Profiles > Microsoft USV Settings > Folder Redirection tab, with both Redirect AppData (Roaming) and Delete Local Redirected Folders enabled, the WEM agent fails to apply the following settings:

    • Redirect Contacts
    • Redirect Downloads
    • Redirect Links
    • Redirect Searches [WEM-15016, CVADHELP-18196]
  • After you upgrade to 2103 or later, the WEM agent might write errors to the Windows Event Log every five minutes even if users experience no issues with their environment. [WEM-15466, CVADHELP-18352]

  • When you use VUEMRSAV.exe to view results about excluded actions or excluded action groups for the current user, the Excluded Actions tab fails to display Action Groups. (By default, VUEMRSAV.exe is located in the agent installation folder: %ProgramFiles%\Citrix\Workspace Environment Management Agent\VUEMRSAV.exe.) [WEM-17075]

November 2021

Message about instance migration

If you use a service in another region, a message now appears when you sign in to the administration console. The message reminds you to migrate your service instance to your current region. We encourage you to do that for optimal performance. If necessary, contact Citrix Technical Support.

An option to export statistics

We added an option, Export statistics, to the migration tool. Use the option to control whether to export agent and user statistics. For more information, see Migrate.

Fixes

  • When you click Apply to save your environment settings, the administration console might exit unexpectedly. The issue occurs because the Style setting of Environmental Settings > Start Menu > Set Wallpaper is left empty. (If you previously set Style to Fill or Fit, the setting became empty after you upgraded the administration console to version 2109.) Workaround: Do not leave the Style setting empty. [WEM-16351, WEMHELP-159]

October 2021

Allow users to self-elevate certain applications

  • This release introduces self-elevation for the privilege elevation feature. With self-elevation, you can automate privilege elevation for certain users without the need to provide the exact executables beforehand. Those users can request self-elevation for any applicable file simply by right-clicking the file and then selecting Run with administrator privileges in the context menu. After that, a prompt appears, requesting that they provide a reason for the elevation. The reason is for auditing purposes. If the criteria are met, the elevation is applied, and the files run successfully with administrator privileges. In addition, self-elevation gives you flexibility to choose the best solution for your needs. You can create allow lists for the files you permit users to self-elevate or block lists for files you want to prevent users from self-elevating. For more information, see Self-elevation.

  • Minimum agent version required: 2109.2.0.1

Bind a Citrix Virtual Apps and Desktops service catalog to a configuration set

You can now use the Full Configuration management interface of Citrix Virtual Apps and Desktops service to bind a catalog to a WEM configuration set. Doing so lets you use WEM service to optimize the user experience based on your Citrix Virtual Apps and Desktops service deployment. You can quickly deliver the best possible workspace experience to your users by reusing an existing catalog setup. For more information, see Create machine catalogs and Manage machine catalogs.

Workspace Environment Management now available in Citrix Cloud Japan

Workspace Environment Management service is now available in Citrix Cloud Japan, a cloud that is isolated and separate from Citrix Cloud. Japanese customers can use the service in a dedicated Citrix-managed environment. The service requires Citrix Cloud Connector version 6.29.0.58841 or later. For more information, see Citrix Cloud Japan.

Support for Windows 11

The support requires minimum agent version 2109.2.0.1.

Fixes

  • The WEM agent can consume a significant amount of memory usage. Sometimes, its memory consumption can increase to 3 GB per session. [WEM-14682, WEMHELP-133]

September 2021

More granular control over applying privilege elevation to child processes

  • Previously, when you used the Apply to Child Processes setting in a rule, you applied the rule to all child processes that the executable started. This release provides you with three additional options, giving you more granular control over applying privilege elevation to child processes.

    • Apply only to executables in the same folder
    • Apply only to signed executables
    • Apply only to executables of the same publisher

    For more information, see Privilege elevation.

  • Minimum agent version required: 2109.2.0.1

Support for Windows Server 2022

The support requires minimum agent version 2109.2.0.1.

Fixes

  • When you use the WEM PowerShell SDK module to export or import a WEM configuration set, certain settings, such as application security (AppLocker) rules, are not included. [WEM-12811, CVADHELP-18383]

  • When you apply privilege elevation to a 32-bit executable, the privilege of the executable can be successfully elevated on machines running a 64-bit Windows operating system. However, its child processes automatically inherit the privilege whether or not the Apply to Child Processes setting is selected in the executable rule. [WEM-13592]

  • When you use WEM to pin certain applications to the taskbar, they might not be pinned successfully. The issue occurs with Windows multi-session OS machines. [WEM-14812]

  • WEM fails to deploy registry keys if their path contains a forward slash (/). The issue occurs because WEM incorrectly treats the forward slash as a separator. [WEM-15561, WEMHELP-146]

August 2021

Enablement of Asia Pacific South based instances

The WEM service is available globally. Initially, it had only US-based and EU-based instances. In addition, we now offer Asia Pacific South based instances.

July 2021

Notifications about new agent versions

This release updates the email notification feature available on the Downloads tab. Previously, you could decide whether to get notifications about upcoming upgrades to your WEM service. Starting with this release, you will not receive notifications about upgrades to your WEM service. You can decide whether to let us inform you that a new version of the Workspace Environment Management service agent is available.

Fixes

  • On a non-English version of the Microsoft Windows operating system, the WEM agent during logon writes errors to the Windows Event Log even if users experience no issues with their environment. [WEM-12603, CVADHELP-17381]

  • The WEM agent writes errors to the Windows Event Log each time the Optimize Memory Usage for Idle Processes feature comes into effect. The agent might also write errors to the Windows Event Log when the feature fails to work. [WEM-12934]

  • If you use the [ADAttribute:objectSid] dynamic token to extract the objectsid attribute, the WEM agent fails to extract the attribute of the corresponding AD object. [WEM-13746]

  • If you use the administration console to set desktop wallpaper, the WEM agent fails to fill, fit, or tile the wallpaper. [WEM-14408]

June 2021

Parameter matching for privilege elevation

  • This release introduces parameter matching for the privilege elevation feature. Parameter matching gives you more granular control by letting you restrict privilege elevation to executables that match the specified parameter. A parameter works as a match criterion. To further expand the criterion, you can use regular expressions. For more information, see Privilege elevation.

  • Minimum agent version required: 2106.2.0.1

Privilege elevation support for Windows installer files

  • Starting with this release, you can apply privilege elevation to .msi and .msp Windows installer files. Using the feature, you elevate the privileges of non-administrative users to an administrator level necessary for some Windows installer files. As a result, those users can run those files as if they are members of the administrators group. For more information, see Privilege elevation.

  • Minimum agent version required: 2105.1.0.1

Profile Management

  • Workspace Environment Management now supports all versions of Profile Management through 2106. The Administration Console > Policies and Profiles > Citrix Profile Management Settings user interface has changed:

    • Replicate user stores. A new option that lets you replicate a user store to multiple paths on each logon and logoff, in addition to the path that the Set path to user store option specifies. To synchronize to the user stores files and folders modified during a session, enable active write back. Enabling the option can increase system I/O and might prolong logoffs. This feature does not currently support full container solutions.

    • Accelerate folder mirroring. A new option that accelerates folder mirroring. Enabling the option lets Profile Management stores mirrored folders on a VHDX-based virtual disk. As a result, Profile Management attaches the virtual disk during logons and detaches it during logoffs, eliminating the need to copy the folders between the user store and local profiles.

    • User Store Credentials. A new tab that lets you control whether to let Profile Management impersonate the current user when accessing user stores. To allow Profile Management to impersonate the current user, disable the setting. To prevent Profile Management from impersonating the current user, enable the setting. As a result, Profile Management uses the specified user store credentials to access the user stores on behalf of the user.

    For more information, see Citrix Profile Management Settings.

  • Minimum agent version required: 2106.2.0.1

Fixes

  • If you assign a printer to a user based on a filter and the assignment satisfies the filter criteria, the WEM agent assigns the printer to the user. However, the agent still assigns the printer to the user the next time the user logs on even when the assignment does not satisfy the filter criteria. [WEM-11680, CVADHELP-16818]

  • With the Windows PowerShell script execution policy set to Allow only signed scripts on the agent host machine, WEM fails to perform Profile Management health checks. With the policy set to Allow local scripts and remote signed scripts or Allow all scripts, WEM can perform Profile Management health checks but writes error information to the Windows Event Log. [WEM-11917]

  • When you assign an action to a user or user group through an action group, the action still takes effect even if it is set to Disabled in the administration console. [WEM-12757, CVADHELP-17406]

  • The WEM agent installs VUEMRSAV.exe (Workspace Environment Management Resultant Actions Viewer), a utility that lets users view the WEM configuration defined for them by administrators. However, on the Agent Settings tab of the utility, users cannot see the setting that is associated with the Use Cache to Accelerate Actions Processing option configured in the administration console. [WEM-12847]

May 2021

Configure user processes as triggers for external tasks

  • This release includes enhancements to the external task feature. The feature now provides you with two additional options to control when to run external tasks:

    • Run when processes start. Controls whether to run the external task when specified processes start.
    • Run when processes end. Controls whether to run the external task when specified processes end.

    Using the two options, you can define external tasks to supply resources only when certain processes are running and to revoke those resources when the processes end. Using processes as triggers for external tasks lets you manage your user environments more precisely compared to processing external tasks on logon or logoff. For more information, see External Tasks.

  • Minimum agent version required: 2104.1.0.1

Enhancements to process hierarchy control

  • This release introduces enhancements to the process hierarchy control feature that improve overall performance and stability. The enhancements include the following changes:

    • The AppInfoViewer tool has been updated to include the following two options: Enable Process Hierarchy Control and Disable Process Hierarchy Control. For the process hierarchy control feature to work, you must first use the tool on each agent machine to enable the feature. Every time you use the tool to enable or disable the feature, a machine restart is required.
    • In certain scenarios, you must restart your agent machine after upgrading or uninstalling the agent. See Considerations for details.
  • Minimum agent version required: 2105.1.0.1

Fixes

  • If you assign a file system operations action and update the action later, the files or folders that were previously copied to the user environment might be deleted. The issue occurs because the WEM agent reverts the assignment made earlier after you update the action. [WEM-11924, CVADHELP-16916]

  • With Agent Type set to CMD on the Advanced Settings > Configuration > Main Configuration tab, the Monitoring > Daily Reports > Daily Login Report tab might fail to display a summary of logon times across all users connected to the current configuration set. [WEM-12226]

April 2021

Process hierarchy control

  • This release introduces the process hierarchy control feature. The feature lets you control whether certain child processes can be started through their parent processes. You create a rule by defining parent processes and then designating an allow list or a block list for their child processes. You then assign the rule on a per user or per user group basis. The following rule types are available:

    • Path. Applies the rule to an executable according to the executable file path.
    • Publisher. Applies the rule according to publisher information.
    • Hash. Applies the rule to identical executables as specified.

    For more information, see Process Hierarchy Control.

  • Minimum agent version required: 2103.2.0.1

Overwrite or merge application security rules

This release adds two settings, Overwrite and Merge, to the Administration Console > Security > Application Security tab. The settings let you determine how the agent processes application security rules.

  • Select Overwrite if you want to overwrite existing rules. When selected, the rules that are processed last overwrite rules that were processed earlier. We recommend that you apply this setting only to single-session machines.
  • Select Merge if you want to merge rules with existing rules. When conflicts occur, the rules that are processed last overwrite rules that were processed earlier.

For more information, see Application Security.

Fixes

  • The WEM agent might become unresponsive when processing applications, failing to process them successfully. [WEM-11435, CVADHELP-16706]

  • You might experience performance issues such as slow logon or slow session disconnect when launching or disconnecting from published application sessions. The issue occurs with WEM agent 2005 and later. [WEM-11693]

March 2021

Discover Citrix Cloud Connectors from the CVAD service

This release introduces a policy setting titled Discover Citrix Cloud Connector from CVAD service. If you have not yet configured Cloud Connectors for the agent, use the setting to control whether the agent discovers Cloud Connector information from the relevant Citrix Virtual Apps and Desktops (CVAD) service deployment. The agent then connects to the corresponding Cloud Connector machines automatically. For more information, see Step 3: Configure group policies (optional).

Support for the Windows 10 2009 template

We added support for the Windows 10 2009 (also known as 20H2) template introduced in Citrix optimizer. You can now use WEM service to perform template-based system optimizations for Windows 10 2009 machines. In addition, we have updated all existing templates to reflect changes introduced in the latest standalone Citrix optimizer. For information about using Citrix optimizer, see Citrix optimizer.

Brand-new home page

This release replaces the home page of the WEM administration console with a quick-start page that provides information necessary for you to get started with the WEM service. Follow the on-screen instructions to start configuring your WEM deployment. To reopen the quick-start page, click Quick Start (available in the ribbon) in the upper-right corner of the console. For more information, see Get started with your Workspace Environment Management service.

Profile Management

Workspace Environment Management service now supports all versions of Profile Management through 2103. Also, the following new options are now available in the Administration Console > Policies and Profiles > Citrix Profile Management Settings interface:

  • Enable Local Cache for Profile Container
    • Available on the Profile Container Settings tab.
    • If enabled, each local profile serves as a local cache of its profile container.
  • Enable multi-session write-back for profile containers
    • Available on the Advanced Settings tab.
    • Replaces Enable multi-session write-back for FSLogix Profile Container of previous releases to accommodate multi-session write-back support for Citrix Profile Management profile containers.
  • Enable Profile Streaming for Folders
    • Available on the Streamed User Profiles tab.
    • If enabled, folders are fetched only when they are being accessed.

For more information, see Citrix Profile Management Settings.

Fixes

  • For logging level changes to take effect immediately, the WEM agent might access certain registry keys very frequently, thus affecting performance. [WEM-11217]

  • With an action group assigned to multiple users or user groups, if you unassign it from a user or user group, the assignment might not work as expected. For example, you assign an action group to two user groups: Group A and Group B. If you unassign the action group from Group A, the action group is unassigned from Group B rather than Group A. [WEM-11459, WEMHELP-75]

  • When you configure an environment variable (Actions > Environment Variables), attempts to use the $Split(string,[splitter],index)$ dynamic token might fail. The issue occurs because the dynamic token does not support multi-line strings. [WEM-11915]

January 2021

Microsoft Sync Framework 2.1 deprecation

Microsoft Sync Framework 2.1 reached End of Life on January 12, 2021. WEM has removed the legacy sync service based on that framework and instead uses a new sync framework, Dotmim.Sync, an open-source sync framework. How does this change impact you?

  • If you use WEM agent version 1911 or later, this change does not require action on your part.
  • If you use WEM agent version earlier than 1911, upgrade the agent to 1911.

WEM agent integration with the Citrix Virtual Apps and Desktops product software

The WEM agent is integrated with the Citrix Virtual Apps and Desktops product software, letting you include the WEM agent when installing a Virtual Delivery Agent (VDA). This integration is reflected in the Citrix Virtual Apps and Desktops 2012 product software and later. For more information, see Install VDAs.

Support for condition-based assignment of Group Policy settings

  • Starting with this release, you can make Group Policy settings conditional by using a filter to contextualize their assignments. A filter comprises a rule and multiple conditions. The WEM agent applies the assigned Group Policy settings only when all conditions in the rule are met in the user environment at runtime. Otherwise, the agent skips those settings when enforcing filters. For more information, see Contextualize Group Policy settings.

  • Minimum agent version required: 2101.1.0.1

Privilege elevation

  • This release introduces the privilege elevation feature. The feature lets you elevate the privileges of non-administrative users to an administrator level necessary for some executables. As a result, those users can start those executables as if they are members of the administrators group.

    The feature enables you to implement rule-based privilege elevation for specific executables. The following rule types are available:

    • Path. Applies the rule to an executable according to the executable file path.
    • Publisher. Applies the rule according to publisher information.
    • Hash. Applies the rule to identical executables as specified.

    You can configure how a rule behaves according to the type of the operating system. You can also configure whether a rule takes effect at a particular time or within a particular time range. You assign a rule on a per user or per user group basis. For more information, see Privilege elevation.

  • Minimum agent version required: 2010.2.0.1

Fixes

  • The privilege elevation feature might fail to work properly. The issue occurs with the following versions of the WEM agent: 2010.2.0.1, 2011.1.0.1, and 2101.1.0.1. The issue occurs because the certificate used to sign the Citrix WEM software has expired. To work around the issue, uninstall the relevant WEM agent, install the latest WEM agent, and then restart the agent host. [WEM-11918]

  • While the WEM agent performs application processing during logon, Windows might display the Problem with Shortcut dialog box, prompting end users to delete a shortcut that no longer works properly. The issue occurs when the item to which the shortcut refers has been changed or moved. [WEM-10257, CVADHELP-15968]

  • When using the application security feature, you see a green checkmark next to a user or user group in the Assigned column of the Assignments section in the Edit Rule or Add Rule window. The green checkmark icon does not necessarily indicate that the rule is assigned to that user or user group. Only a user or user group with a blue background is the one to which the rule is assigned. [WEM-10047]

What’s new in earlier releases

For What’s new in earlier releases, see What’s new history.

What’s new