When a user logs off, processes are spawned to carry out the following actions:
- Environment Manager logoff policy actions
- Windows Settings Groups personalization sync to database
- Sync of any open applications at logoff
If the process is not able to carry out a query on the EmCoreService, the above may fail.
During a user logoff a process is spawned which queries to ensure that the EmCoreService (AppSense User Virtualization Manager) is running on the system and this process runs as the Interactively Logged-On User. If security templates have modified the permissions on this service, you may see the following log lines in Environement Manager logs:
L4 T14236 475984150 [IsEmCoreServiceRunning] [ENTER]
L1 T14236 475984150 [IsEmCoreServiceRunning] Failed to open the service : 5
L3 T14236 475984150 [IsEmCoreServiceRunning] Service is not running
L4 T14236 475984150 [IsEmCoreServiceRunning] [EXIT]
The error code '5' represents 'Access is Denied' and this points to the Interactively Logged-On Users being unable to query the status of the service and this is generally down to security templates being placed on th affected endpoints.
Windows has no in-built GUI tool for checking or modifying the permissions however you are able to use the command-line tool SC. Information on SC can be found here. The following command will provide an output of currently configured permissions:
SC SDShow "AppSense EmCoreService"
The below image displays the default permissions:
Alternatively, the service permissions can be seen in a GUI by running Process Explorer from SysInternals. As long as this is run as an elevated user, permissions on the service can be found by selecting EmCoreService.exe-->Services-->Permissions. Below is an image of the default permissions:
Process Explorer will allow you to configure these permissions directly through the GUI however you are also able to use the command-line process SC to carry out these modifications. Once configured as per the above image, you should find that your logoff logs contain the following:
L4 T9172 670885606 [IsEmCoreServiceRunning] [ENTER]
L3 T9172 670885606 [IsEmCoreServiceRunning] Service is running
L4 T9172 670885606 [IsEmCoreServiceRunning] [EXIT]
At this point, you should be seeing your Windows Settings data sync and your logoff actions to complete as expected.