Search

Using session variables in AppSense Environment Manager

In AppSense EM policy configuration you can work with environment variables and session variables. Using variables enables you to add a more complex logic to your policy configuration than you would be able to achieve with default actions and conditions. While both can be set or deleted, environment variables can also be appended. The scope and lifetime of these variables also differs.

An environment variable is local to the operating system and saved in the registry. When set, it can be used inside the policy configuration (child actions and future triggers) but is also available by other programs.

Session variables are local to the policy configuration and only exist during the user’s session. You can compare it with a variable created in a PowerShell or Visual Basic script. It only exists during the execution of the script. They can be used anywhere inside Environment Manager and are particularly useful when used in custom actions and conditions. You can even use them in Windows Personalization. I prefer using session variables when a variable does not need to be persisted and also think it is a clean way to use variables inside a policy configuration.

Session variables in actions and conditions

In this part I would like to demonstrate how session variables can be used in actions and conditions. You first have to set the variable. From then on the variable exists and can be used.

I have created a small configuration that sets the “Department” variable and uses it to map the correct drive and printer.

First create the variable and give it a value according to the OU membership of a user. Because it is a session variable, nothing is written in the registry of the user.

After that I am able to use the “Department” variable in a “Map Drive” action. You can reference it by enclosing round brackets and preceding it with a $. In this case, drive E:\ is mapped to \\FileServer\sales if the user AD object is a member of the Sales OU or to \\FileServer\finance if the user is a member of the Finance OU.

You can also use session variables inside conditions. In the next example every user would get a specific printer depending on the department.

Starting with EM 8.5 you are able to insert session variables into a custom action or condition. This way you are able to import previously created session variables and modify its value.

In the next example I will log on as a user of the sales department. A custom action that imports and modifies the department session variable is launched. After that a second custom action will launch to show the session variable on condition that the value has changed.

To be able to show what happens I need to uncheck “Prevent script from running interactively” under options.

Then I need to insert the session variable in to the script by clicking “Insert” and selecting the variable. Some PowerShell code is automatically added.’

The department variable is altered by using following code:

$Temp = New-Object -ComObject “EmClient.SetValue”

$Temp.Name = “Department”

$Temp.Value = $Department

$Temp.Apply(“”)

I also need to add the PowerShell equivalent of “pause” to the end of the script to keep the powershell window open to see what has happened:

Write-Host

Write-Host “Press any key to continue …”

$x = $host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)

Write-Host

So the content of the custom action would look like this:

#============================================================

#EM Auto Generated Start

#This code was automatically inserted and should NOT be modified

import-module ((Get-ItemProperty ‘HKLM:\SOFTWARE\AppSense\Environment Manager’).ClientPath + ‘EmCmdlet.dll’)

#EM Auto Generated End

#============================================================

(Get-SessionVariable “Department”)

$Department

$Department = “finance”

$Temp = New-Object -ComObject “EmClient.SetValue”

$Temp.Name = “Department”

$Temp.Value = $Department

$Temp.Apply(“”)

Write-Host

Write-Host “Press any key to continue …”

$x = $host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)

Write-Host

The second custom action only shows the value of $Department on condition it has been altered to finance.

So when all actions launch, the first powershell window is shown:

When I press a key, the next window is shown:

SESSION VARIABLES AND PERSONALIZATION

Another interesting application of session variables is in EM Windows Personalization. Using session variables in a condition on a Windows personalization group, you can switch personalization on or off depending on the value of the session variable.

The screenshot below shows the Windows Personalization group “Test” that personalizes “Taskbar” settings. A condition has been added to have personalization work on the condition that the variable Department has the value finance.

If the value is something else, personalization will not work for this group. Please note that if you want to prevent Windows Personalization from happening at logon using session variables, you will have to define the variable at the “Pre-Session” Trigger. Else it will only prevent personalization from happening at logoff.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline!