DataNow deployment: From Zero to Hero with ADMX and In-Location Sync
*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
You may have read Neil Barnett’s, DataNow Product Manager, blog on In-Location Sync yesterday. In it, he covers the common use-cases of the new feature, namely how it solves the following challenges:
- Legacy application compatibility issues
- Problems with a two-step data migration,where data is first copied to another folder before it is synced
In this blog, I’m going to discuss another new feature (our ADMX template), show how it can be used to configure DataNow In-Location Sync, and demonstrate how they can work together to simplify the rollout and improve user adoption of DataNow in your environment.
The ADMX template
The DataNow Windows client is configured via a combination of security policy settings. These are defined in the DataNow appliance admin console and configuration settings, which are defined in the local endpoint registry at the following locations:
If a user installs the DataNow Windows client interactively, they are presented with a first-run wizard that allows them to configure settings such as the appliance location and their credentials. This populates several registry settings in the above HKCU location.
This allows for flexibility of configuration as any registry manipulation tool can be used to define the settings, (DataNow will not display a first run wizard if the settings are present and correct).
So how does the ADMX fit in?
We have been working hard to make life easier for administrators looking to roll out DataNow, and our new ADMX template is one of the fruits of our labour. This consolidates and simplifies the configuration settings, and ships with the most common settings pre-defined, so in many cases all an administrator will need to do is define the DataNow Appliance location and deploy!
Where can I get it?
The latest ADMX template can be downloaded from here (make sure you're logged in) and can be deployed to endpoints using Group Policy, or Environment Manager.
Preparing the ADMX:
Once you have downloaded the template to the endpoint running Environment Manager Console, or Group Policy editor, unzip it so that you end up with a ‘DataNow.admx’ and an en-US folder containing ‘DataNow.adml’. Copy these items to %windir%\PolicyDefinitions
These are now available in Windows Group Policy editor, or they can be applied using Computer Startup or User Logon (pre-desktop) actions in Environment Manager for more granular control with conditions.
The majority of the settings can be applied at the user or computer level. (The DataNow policy appears in both locations).
DataNow reads the settings in the following order (priority highest to lowest):
The idea is that you would generally use the HKLM (computer settings) to define the settings and use the HKCU (user settings) to override any specific settings for particular users where required.
The policy keys take precedence over the conventional settings (including user configurable settings) so the administrator always has full control over the configuration.
ADMX and In-Location Sync Example
In the following example I’m going to use the DataNow ADMX to set up single sign-on to silently on-board a user to DataNow and automatically sync their Desktop and Documents with their home share.
The prerequisites for this particular example are that the DataNow appliance is configured to use a Home Directory field that uses a configurable LDAP attribute that stores the path to the user’s home share:
If you wish to nominate another map point location from the ‘map points’ tab in the DataNow Appliance Admin console, you can use the ‘PrivateMapPoint’ setting in the ADMX file to nominate this instead (e.g. ‘Data’).
Configuring the ADMX
To complete this example, we are going to enable and configure the following Group Policy settings:
These settings have default values for ease of configuration, but these must be enabled for to take effect. We will accept the default settings for all of the above with the exception of DataNowServer and InLocationSyncFolders.
DataNowServer is the FQDN of your DataNow Appliance (including the https:// prefix).
InLocationSyncFolders are the folders in the User’s profile that we would like to sync to the Home Directory defined in the DataNow Appliance.
Let’s take a closer look at the InLocationSyncFolders setting:
We add In-Location Sync folders on a line-by-line basis. With each line containing the remote folder name, we would like to create the local location within the user’s profile we are wanting to sync. (These should always be defined by either environment variables or CSIDL locations - https://msdn.microsoft.com/en-gb/library/windows/desktop/bb762494(v=vs.85).aspx). Followed by the optional HIDE_OVERLAYS setting, which should be comma separated.
In the above example, we’ve chosen to create a folder on the server storage in the Home map point called ‘Desktop’ which maps to the CSIDL_DESKTOP location, and we’ve also chosen to hide the DataNow file overlays in this location using the ‘HIDE_OVERLAYS’ option.
On the next line, we have also opted to sync the user’s ‘Documents’ folder to ‘My Documents’ in the home share, we have not chosen to hide the overlays here – whether they’re displayed will depend on whether the administrator has defined the global behaviour in the ADMX ‘DataNowOverlayMask’ setting, or the user has them enabled via the tray preferences.
Once we have configured the remaining items (SSO should generally be set to NTLM SSO Enabled) we can deploy the ADMX or EM Configuration and log in to an endpoint with a test user account.
Since there’s no local copy required during logon, there’s no impact to user logon times. In fact, the only clue to the end user that anything has changed is the green DataNow icon indicating it is logged on and working normally. (By default this icon is hidden – I’ve pinned this to the taskbar for demonstration purposes).
Another file with the same name that was in my ‘Documents’ folder has also synced, but displays an overlay, reflecting my In-Location Sync configuration:
In this example, we used the DataNow ADMX to build a DataNow Windows client configuration within minutes. Which allows a user to be silently on-boarded to DataNow. Because we’re using the legacy profile folder locations by using In-Location Sync, we avoid having to do a 2-stage copy which results in the following benefits:
- Logon times are not affected since we’re not having to copy data at logon
- Legacy applications which rely on known profile folder locations are not affected
- Windows Search can continue to index content in folders synced by DataNow (which isn’t possible through certain other methods of redirection such symbolic links)
- Largely transparent to users, especially when combined with the intelligent bandwidth control settings also in the ADMX file
- Happier users = Happy admins!
I hope this blog has been useful, thanks for reading!