Follow

Before ProfileUnity (Logon/Logoff) User Defined Scripts will execute from all configurations

Product: ProfileUnity-FlexApp

Product Version: 6.5.x

Expires on: 365 days from publish date

Updated: March 10, 2017

 

Problem:

Multiple ProfileUnity configurations are residing in the same folder (INI Path) Each Configuration is configured to run with specific filter. "Require Filter for Execution" 

Example:

2017-03-10_13_39_34-lmconsole2_-_Remote_Desktop_Connection.png

Symptoms:

All user defined scripts which are set to:

"Before ProfileUnity at Logon" and "Before ProfileUnity at Logoff"

are running from all PU Configurations in the same INI Path folder.

 

Possible Resolution(s): 

This is a defect which will be fixed in ProfileUnity 7.0

Workaround 1)

Use "Require Group Membership for Execution" setting.

Example:

2017-03-10_13_44_15-lmconsole2_-_Remote_Desktop_Connection.png

Workaround 2) 

Separate the ini to a separate folders INI Path folders:

1) Create ..Netlogon\ProfileUnity\Ini1 and copy the first ini there. 

2) Set the Group Policy to look for the ProfileUnity in different (Netlogon\ProfileUnity\Ini1) path

3) Create ..Netlogon\ProfileUnity\Ini2 and copy the second ini there. 

4) Set the Group Policy to look for the ProfileUnity in different (Netlogon\ProfileUnity\Ini2) path

 

Workaround 3) 

The workaround is to set appropriate ACL permissions on INI files. This way it is possible to restrict/allow file access for certain groups. 

For example, an administrator created two configuration files (.ini) and saved them in Profile Unity a netlogon folder.

Default1.ini

Default2.ini

 

In Default1.ini there is a user-defined script configured called test1.bat

In Default2.ini there is a user-defined script configured called test2.bat

 

The administrator wants to run test1.bat for Accounting only.

Therefore, it will be necessary to allow access to Default1.ini for the Accounting group (at least read rights) and restrict permissions to read for the sales group. 

In below example, the accounting group has read rights to the INI file. The sales group does not have any rights to read/execute the file therefore it will not execute the script that is a part of the configuration. Example of restricting access to the file is shown below:

 Accounting group can read the Default1.ini file

 Sales group does not have permissions to read the Default1.ini file

 

 

NOTE: Replacing a configuration file (.ini) does not overwrite the ACL settings. Therefore, the maintenance is much easier, because it is not necessary to manually edit the configuration permissions.

 

Please contact Liquidware Labs Support for additional help with configuration at: Support@liquidwarelabs.com

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.