Spoofed Profile fails to delete at Logoff

Version 1

    Verified Product Versions

    Environment Manager 10.0Environment Manager 8.6Environment Manager 8.5Environment Manager 8.4Environment Manager 8.2Environment Manager 8.1Environment Manager 8.3


    Environment Manager can be configured to spoof the profile state from one to another. The use case for this is allow more or less access to sensitive resources during certain times (such as logon and logoff) but also to get profiles cleaned up. You may find that configuring a registry action as below does not have the desired effect:


    It has been found that this can be caused by faulty permissions on the C:\Windows\Temp folder. Environment Manager will store a session variable cache here by default to allow the variables to be persisted. Since $(UserSid) is a session variable, failure to create the cache in this location will also cause failure to get the correct registry path.

    The default permissions for the C:\Windows\Temp folder are as follows:

    Access: Full Control
    Applies To: This folder, subfolders and files
    Access: Full Control
    Applies To: Subfolders and files only
    Access: Full Control
    Applies to: This folder, subfolders and files
    Access: Special
    Applies To: This folder, subfolders and files
    Advanced Permissions: Traverse folder / execute file, Create files / write data, Create folders / append data.

    With the above default Windows permissions in place the handling of Environment Manager session variables should work as expected.

    TIP: If you have a business requirement to restrict permissions on C:\Windows\Temp and find that Environment Manager session variables don't work, consider changing the location that this store is saved into. You can do this by using the ValueStorePath engineering setting. You can find out more about this setting here: http://www.appsense.com/kb/160928095251122.