We have just released Workspace Control 2022.2 (10.9.0.0), which contains one major new feature, several compatibility updates and bug fixes.

We’ve also included several workflow improvements based on ideas submitted via the Ivanti Community.

New features

Audit trail – versioning

While adding details to the audit trail, our engineers added another great feature: an export button. Using the export button allows the administrator to create a building block of the configuration as it was available before the object was changed. This way, any changed object can be reverted to its previous state, even if the object was deleted. For the past several years, the audit trail has already stored the XML data from before and after the change. This means that we have a full version history of configuration objects, and you can now export any previous version to a new building block.

export previous state to building block in Ivanti Workspace Control

User Voice — Ivanti Ideas

We are continuing to review and respond to your feature enhancement requests. Thank you for continuing to submit these requests and for voting on the requests that others have previously submitted!

These ideas and votes act as input to our roadmap. In addition to including requests that received a lot of votes, we also try to include some quick wins. 

Please refer to the release notes for details on all of the User Voice feature requests and other feature enhancements that are included in this service update. The following are a couple of the more noteworthy additions:

Audit trail — details

Until this version, the audit trail never showed the exact changes applied to an object in the Workspace Control console. An enhancement was made by adding a “Show details” button to the audit properties.

Show details button in audit trail properties in Ivanti Workspace Control

When clicking the “Show details” button, a new form appears, and the changes are visible. Workspace Control compares the old XML data with the new XML data. Changed data shows up in blue, deleted data in red, and configuration data that was added shows in green.

Audit trail details in Ivanti Workspace Control

Diagnostics — logoff events

When troubleshooting issues in a user session, the user event log is the common first place to start. This log only shows what happened during the logon of the session. Starting with the 10.9.0.0 release, logoff events are also shown in the user event log.

Logoff events in user event log in Ivanti Workspace Control

Enhancements and improvements

Security — authorized owners

In our January release, we added authorized owners to our application security portfolio.

The feature is based on NTFS ownership and enables administrators to allow applications to be started only if the configured NTFS owner matches the file owner of the executable. A vanilla Windows OS can now be quickly secured by simply enabling authorized owner security, because any executable shipped with the operating system installation will be owned by one of the owners listed below:

  • SYSTEM
  • BUILTIN\Administrators
  • %ComputerName%\Administrator
  • NT Service\TrustedInstaller

There are, however, some exceptions. Applications like Microsoft Teams that install as the logged-on user will not match the authorized owners rules. The teams.exe NTFS file owner will be the logged-on user and therefore will be blocked when the user tries to start the application.

With our April 2022.2 release, it is now possible to overrule the feature with basic application security. This means that, for example, Microsoft Teams or OneDrive can be started even though the NTFS ownership doesn’t match the authorized owners rule list. Also, allowed processes can be blocked now by adding an application security rule. We will adjust this feature in an upcoming release by implementing the customer feedback we receive.

More information is available in the administration guide.

Export to CSV

Over the past several releases, we have standardized the export functionality and, as a result, it is easier to create reports based on logging data or to create documentation based on list views. In this release we added export functions to the following nodes:

  • Diagnostics > Logon Performance
  • Administration > Relay Servers

Export to TXT

Maintenance tasks have been enhanced with export options. This allows the results presented in the Workspace Control console to be extracted and used for further analysis. Data from the following two maintenance tasks can now be exported:

  • Search for non-existing users
  • Verify SIDs for groups and users

Compatibility updates

Drive and port mappings — Fast Connect

Issues have been reported in Windows 10 and Server 2022 where the feature “Fast Connect” might not always work as expected. In multitenant environments, the incorrect user account might be used to map a drive, which then could end up in locked user accounts. This can be solved by applying the following registry change.

Key

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\RES\Workspace Manager

Value

AddDeferFlagsDuringFastConnect

Type

REG_SZ

Data

Yes

Tracing – default name

After installing Ivanti Workspace Control, the default trace file name was still RESTracelog. The default name for a clean installation of the 10.8.0.0 version of Workspace Control will be IWCTracelog.

Operating system support

For several years, since Workspace Control version 10.4, Microsoft Windows Server 2012, Windows 7 and Windows 8.0 were supported only as best effort. Since Workspace Control 2022 version 10.8.0.0, the specified operating systems are no longer supported, and with Workspace Control 2022.2 version 10.9.0.0 the installation or upgrade of Workspace Control on machines running these operating systems will not be possible anymore.

Integrations – VMware DEM Flex configuration INI files

We implemented the import functionality of Flex Framework Configuration INI files many years ago in the product. Lately, we have seen several VMware Dynamic Environment Manager (DEM) customers moving back to Ivanti Workspace Control. To serve these customers better we optimized the code to be fully compatible with the import of Flex configuration files generated by the VMware DEM Application Profiler. Flex configuration files can now be converted into user settings in just a few clicks.

convert Flex configuration files into user settings in Ivanti Workspace Control

More information is available in the administration guide.

Integrations – Ivanti Neurons for Edge Intelligence

Since version 10.5.0.0, the Workspace Control console was capable of showing an integrated overview of Ivanti Neurons for Edge Intelligence. This functionality is still available, but the integration will be removed with the release of 10.9.0.0. Ivanti Neurons for Edge Intelligence and our other Ivanti Neurons offerings will still be available as a separate standalone Ivanti product. Please visit our demo videos page for more information.

Integrations – Remote Assistance

Prior to this release, starting Remote Assistance for a session running on Windows Server 2019 and higher would present the administrator with a user selection box. Microsoft now allows the passthrough of the session information. Ivanti Workspace Control 2022.2 now integrates with this new functionality and seamlessly connects to the selected session.