The EmPsHost.exe Process

Version 1

    Verified Product Versions

    AppSense Environment Manager 10.0AppSense Environment Manager 8.6AppSense Environment Manager 8.5AppSense Environment Manager 8.4

    Introduction

    On an endpoint running Environment Manager, you may find a process running occasionaly named EmPsHost.exe.

    This process is installed by the Environment Manager Agent installer and is a required process for PowerShell actions and conditions in your configuration.

    Detail

    EMPSHost.exe is intended to provide a constrained environment to allow non-interactive powershell snippets to be used as conditions or actions.

    The surrogate process utilizes the .NET framework and as such there is a delay during .NET initialization but this is so customers can take advantage of the following additional logic.

    When utilising the EmPsHost.exe shell (the default host within EM Policy), the following additional logic is carried out to ensure that the script is allowed to execute:

    • Environment Manager overrides execution policies and bypasses any restrictions to enable the PowerShell scripts to run;
    • Execution polices for users and computers can also be set through Group Policy which override all PowerShell execution policies. A user policy which does not allow any scripts; OR
    • Only those which are signed, will not affect the running of PowerShell Custom Actions if they are run as System. However, if run as the current user the user policy will not allow the scripts and the Custom action will fail. A computer policy which does not allow any scripts or only those which are signed, will not allow the running of any PowerShell Custom Actions

    Further information on this logic is within the 'Powershell Scripts' section of the Policy Guide.

    As a result of the above, running Powershell script Custom Actions within EM Policy will carry additional overhead during execution when compared to running natively.

    The behaviour of the Environment Manager agent can be reverted to use the native PowerShell host and is documented further in the Environment Manager Product Guide.

    This can be configured either within the configuration to apply to all clients, or locally within the registry to test on a single client.

    Via the Configuration

    The "Custom Settings" dialog is accessed either via the Tools > Custom Settings option within Environment Manager 8.4, or Manage > Advanced Settings > Custom Settings in Environment Manager 8.5.

    Within the Custom Settings dialog, click Add then scroll down to "Custom Scripts", and select "PowerShellLoadUserProfile" and click Ok. Un-check "Use Default" and edit the Setting to "True", then click Ok and save the configuration.

    Via the Registry
    Registry Key: HKEY_LOCAL_MACHINE\Software\AppSense\Environment Manager
    Value Name:   PowerShellLoadUserProfile
    Value Type:   REG_DWORD
    Value Data:   1