6.8.5.8448 Release Notes (Feb 15, 2023)

Important:
For Existing Software Installations: Liquidware supports upgrades to existing ProfileUnity installations that are current on support contracts. However, it may be to your advantage to migrate to a new installation due to several architectural and feature changes. See the Upgrading Options section below for more information on upgrade or migration options. See the Feature Updates Affecting Product Behavior Post Upgrade section below for more information on product changes that may affect your decision on whether to upgrade or migrate your currently installed version.

Product Updates

ProfileUnity Management Console

This upgrade addresses Common Vulnerability and Exposure (CVE) items CVE-2012-6708, CVE-2018-1285.

For additional information, refer to http://cve.mitre.org/index.html.

• The ProfileUnity Console can now enumerate trusted domains when building filters or making other assignments.
• When in the Administration section, users logging into the console without authenticating to the domain can now generate and download ProfileUnity as a Service credentials.
• Administration > Settings has a new section, License Servers, that will show all registered license servers.
• ProfileUnity can now manage MSIX and MSIX App Attach with its new MSIX Apps module. This module handles MSIX for offline use and App Attach for the non-persistent use cases. ProfileUnity supports UNC or Cloud paths for MSIX. Cloud does not support App Attach as when downloading from the cloud it is a full download already. The feature to Register from Network will just run the register over the network and the MSIX will extract and run locally. When registering from local cache, the MSIX is downloaded in the background to the user. If you keep the MSIX name the same while just replacing the MSIX file, that will cause a background download and swap on the next login for the user. For App Attach, if you provide the path to the VHDX or CIM file, it assumes the MSIX is next to the VHDX or CIM file when performing the register.
• ProfileUnity can now manage App-V with its new App-V Apps module. ProfileUnity supports UNC or Cloud paths for App-V. The feature to Register from Network will just run the register over the network. When registering from local cache, the App-V is downloaded in the background to the user. If you keep the App-V name the same while just replacing the App-V file, that will cause a background download and swap on the next login for the user.
• The console now supports Secure Active Directory communications using StartTLS.
• Templates changes
  • Modern ADAL Accounts - 6.8.3 applies to all modern operating systems and is position 1.
    • This helps with retaining passwords for O365 applications.
  • Active setup is now Win2022 UID to 2022; it was 2019.
    • This avoids overlap of this rule between 2019 and 2022.
  • Internet Explorer is rarely used, and these rules are not needed for the average customer. You can re-enable these rules if you have an application that is still leveraging Internet Explorer.
    • Internet Explorer user defined login and log-off scripts are disabled.
    • Internet Explorer Portability rule is disabled.
  • Registry add commands in the Application Launcher module for tmp and temp environment variables have been moved to the Environment Variables module.
  • Windows Options rules are added for the following Windows Options but are disabled by default. If you need to retain any of these Windows Options, you will need to enable this Windows Option rule and enable its matching Portability rule.
    • Volume Level
    • Caps Lock
    • Number Lock
    • Scroll Lock
    • User Installed Fonts
    • System Installed Fonts
  • The following Portability rules are in the templates but are disabled. If you need to retain any of these Windows Options, you will need to enable the Windows Option rule and enable its matching Portability rule.
    • Volume Level
    • Caps Lock
    • Number Lock
    • Scroll Lock
    • User Installed Fonts
    • System Installed Fonts
  • Trigger Points are enabled for all built-in Filters.
• The console has a Report Management feature to report on applications and shortcuts that are being provisioned by FlexApp, FlexApp One, MSIX and App-V. This gives you a per login assessment before deployment.
• Under the GPO Integration section of the Guided Configuration Wizard, there is an Override INI Path field. This will override the deployment path of the Client Tools for this configuration.
• During the Guided Configuration Wizard, you can now use global variables so that the cloud path can be mass updated easily later.
• The Authentication section within Administration > Settings tab has been moved to the Access and Authentication tab.
• Within Administration > Access and Authentication > Access Management, you can assign an existing role to a user or group that has been given access. This feature also supports mass action for assign and unassign.
• Modules now have mass actions, update filter, delete selected, enable selected and disable selected in 'Lightning' menu button.
• Manage Connection Strings under Administration > Settings > Client Settings now has a copy to clipboard option. This is useful when setting the license connection string via GPO vs using the clientsettings.xml file.
• You can unhide the Profile Cleanup module under Administration > Settings > Miscellaneous. This feature is very powerful and must be used with caution. This will delete and remove the entire user local copy of the profile, which could include user authored data. This feature is also NOT installed by default with the Client install, see Profile Cleanup Module No Longer Working in 6.8.0+ for steps on how to enable the client side of Profile Cleanup.
• When building your own configuration templates, you can now add more than one GPO startup script along with PowerShell scripts. Any time this template is deployed the GPO startup script changes.
• FlexDisk Management is hidden by default on new installations, it can be unhidden under Administration > Settings > Miscellaneous. Even though FlexDisk is supported, it is highly recommended that VHDX is used for the best flexibility and compatibility with new ProfileUnity and FlexApp features. New features within ProfileUnity and FlexApp will not undergo any kind of considered development effort to support FlexDisk.
• FlexDisk user group lookups during login will now use the already provided Windows token vs waiting for an Active Directory query to occur.
• When editing a configuration, you will now see an overlay number of the module. This informs you what is enabled vs the total number of rules that exist. For example, if you see that the portability module has an overlay icon of 30/39, that means out of the 39 rules only 30 are enabled.
• The ProfileUnity Management Console now supports SAML integration for authenticating to the console for SSO support to your SAML provider. Currently the only SAML provider supported is Azure Active Directory.
• When viewing Configuration Management there are two new columns that show Last Deployed By and Last Deployed Date.
• A new module was added called AppStream Apps. This module was designed to take natively installed applications and dynamically display them to the user in the Amazon AppStream portal when the ProfileUnity filter is true. The feature has enabled per user/group assignments based on AD or ADD group. You could also combine Application Restriction cloaking to keep users from finding other applications they are not assigned to. This feature is only supported on domain joined instances of AppStream, which is an Amazon limitation.
• When editing or creating a Portability Settings rule, the drop-down list of Rulesets to pick from is now sorted alphabetically.
• Portability Settings now has options to Force Save or Force Restore. This feature is useful when you have user settings being stored outside the ProfileDisk and non-persistent desktops. Currently these portability rules won’t execute because the tracking manifest is stored on the ProfileDisk, making Portability think nothing needs to be restored. This feature fixes that issue.
• Within the Virtual Disks module, you can now set the VHD Disk Label. For example, %username%_OST. This way, when looking at mounded disks in disk manager, you can see who the disk belongs to and its purpose.
• When deleting a FlexApp from Inventory Management, you now have the additional option to delete files from disk.
• Administration > Audit log now tracks configuration download events and deployment events.
• Filter Management, Portability Management, and Inventory Management now have a gear icon that will allow you to filter on what configurations and modules apply.
• MongoDB has been upgraded to 4.4.17.
• When applying your own SSL certificates to the ProfileUnity Management Console, ProfileUnity will automatically apply the certificate to the ProfileUnity Web Service, MongoDB, and the ProfileUnity License Service. If you have a cluster configuration you will need to login to each web console of the cluster nodes and apply the certificate one time on each cluster node.
• Within the Administration > Settings > Client Settings, the ProfileDisk Assignments list now includes assignments, path, multi-session, and size options.
• Configuration Management PDF and TXT exports now include the ProfileDisk Assignments.
• The Main module now has a Cloud Credentials Override option to use when deploying the configuration.
• The configuration INI now contains a field in the INI to include the name of the filters.
• Licensing handling has been moved out of the ProfileUnity Management Console service that hosts the WebUI and has been moved to its own License Service.
• "Toggle Search Toolbar" is now located in the upper right, above the columns, while also being located in the bottom left of the console lists with search capabilities.
• Inventory Management FlexApps that have Dependencies now show in their own column.
• ProfileDisk assignments within administration paths now support Global Variables.
• Inventory Management FlexApps now have columns for "Created By" and "Modified By."
• Inventory Management now has mass actions for Enable, Disable, and Delete.
• Within Administration > Settings > Database > Manage Database Connection, you can now copy the encrypted MongoDB connection string to the clipboard.
• Secondary Paths for FlexApps and Portability can be managed from the Main module of a configuration.
• Filters for Vista, 2008, and Windows 7 were removed.
• The Portability Legacy mode option was removed from the Main section of configurations.
• A new module was added called FlexApp One. This module works best when you need to run FlexApps 100% local because of an online/offline use case or when there is limited bandwidth. This feature supports UNC or Cloud paths. Cloud is full download, no block level sync. The Register from Network option will just run the EXE over the network; no local sync. The Register from Local Cache option downloads the EXE in the background to the user. If you keep the EXE name the same when upgrading the version of the FlexApp application, this will cause a background download and swap when the app is not in use or on the next login. Removing a FlexApp One from the list will automatically remove the FlexApp One from the user on their next login.
• The FlexApp UIA module was removed.
• The MAPI module was removed since MAPI profiles are built by Exchange Autodiscover.
• The FlexApp DIA module was renamed to FlexApp.
• FlexApp’s predictive block caching can be enabled or disabled from the FlexApp module. The feature tells FlexApp to pre-download the blocks needed for the application to execute locally. This does not solve the offline use case, however it will speed up the application execution time.
• When your ProfileUnity Console license includes FlexApp you will also have access to the FlexApp One module.
• Inventory Management and the FlexApp module now have a column to indicate if the layer has Predictive Block Cache enabled or disabled.
• Inventory Management FlexApp Import workflow is in line with the FlexApp Packaging Console.
• During the ProfileUnity Management Console install, the installer was using PowerShell to install Group Policy Management Console, the installer no longer uses PowerShell to install GPMC to better support Server 2022 for automated GPO creation. We now use windows API to install GPMC.
• Within Filters, when creating a machine Group Membership condition, you can now search for a machine group.
• License Management now tracks licenses by the user UPN and not the user SID. This better supports licensing for AAD joined devices, non-domain Frame and AppStream. Because of this change on upgrade of a ProfileUnity Management Console, all existing licenses tracked by SID will be purged and all license tracking will now be done via the users UPN.
• Cloud Templates now use "Restore Only Once" option for Portability rules. Most cloud desktops have a persistent profile of some type. Our portability version of the profile only needs to be restored when the persistent profile is deleted or becomes corrupt.
• On upgrade if your configuration has Portability rules, then the follow Windows Options rules will be checked: Retain User File Associations, Mapped Drive Refresh, Restart Spooler, and Printer Refresh. This will give your upgraded configuration the same behavior to releases prior to 6.8.5.
• The Registry Redirections module supports redirecting item items like HKLM\Software\MyBadApp to HKCU\Software\MyBadApp.
  • Does support session isolation, so you cannot do per user on multiuser Windows.
  • Does not support sub-keys or values, add one rule per sub-key, as needed.
• The Folder Redirection module supports Custom Folder Redirection. Select the Custom option, under the Folder and File field. Fill in your source path under Custom Path: C:\program files\MyBaddApp\settings. Fill in your Redirect to Folder path: C:\users\%username%\MyBaddApp\settings.
  • Redirection method.
    • Hard Redirect Uses our filter driver.
    • Soft Redirect uses a Windows symbolic link.
  • Existing file handling can help if you need a copy of the contents in the redirected path.
  • Redirection limitations.
    • You cannot nest hard redirects. For example, a profile disk mounted at C:\users\%username% level, would not allow you to use a hard redirect under %username%. If you want to create a ProfileDisk exclude rule, you would use a soft redirect.
  • It is NOT multi-session, so you cannot redirect program files paths to the ProfileDisk and have it be multiuser.

Client

This upgrade addresses Common Vulnerability and Exposure (CVE) items CVE-2016-7804, CVE-2016-2335, CVE-2016-2334, CVE-2018-1285.

For additional information, refer to http://cve.mitre.org/index.html.

• ProfileDisk supports Secondary Paths. If the first path is not available, a new VHD will be created on the Secondary Path. Portability will restore even if you were to switch between the two disks.
  • It is best practice to have three file servers: one for Portability, one for the primary VHD, and one for Secondary Path. ProfileUnity really makes this usable with Portability.
  • You can set this path in Administration > Settings > Client Settings > ProfileDisk Assignments > Secondary Virtual Disk Path for Portability and FlexApp.
• The Shortcut module now supports the following Windows Style options: Normal, Minimized, and Maximized.
• The Drive Mapping module supports admin supplied username and password to connect to the drive share.
• The Shortcut module added an Action option for removing only ProfileUnity created shortcuts.
• The ADM/ADMX/ADML files have been updated with option for using the system account/domain computers for mounting ProfileDisks.
• Diag Tool now Includes .CAP files of all active FlexApps.
• Any processing of clientsettings.xml now supports Secondary Paths to obtain the file.
• When a FlexApp shortcut fails to exist, an Event Viewer message is posted about a layer failure.
• The use of curl.exe was phased out.
• When using Portability retention and a missing or corrupt archive is found, the Portability engine will automatically restore from the most recent retention archive.
• Any time cloud paths are provided for a Client install, the installer will check for valid credentials. If credentials are invalid or missing, they will be clearly logged. The Client will still install but without the parts of the install that needed to come from a cloud path.
• Logoff now respects the Client temporary path set in the registry or GPO.
• The Client License Service can now pick up any License Server Connection String changes applied from the registry or GPO without a restart.
• The Client License Service will now consume a license for ALL users when ProfileUnity as a Service is deployed. When running ProfileUnity as a Service, you are applying system wide changes and a license for all users logging into that system is required.
• Client no longer runs VHD.exe/FlexDisk unless FlexDisk is configured.
• Portability issues now include the computername, username, and archive name for any Portability errors when writing to Windows Event Log.
• The Diag Tool now collects subkeys as well for ProfileList registry key.
• At login, the Client can now run a ProfileDisk Health Check. It will warn and log off the user if a ProfileDisk is configured but failed to mount. This feature is controlled by the following configuration file LwL.ProfileUnity.Client.exe.config and by changing the ProfileDiskHealthCheck setting to true. The default value is false.
  • <setting name="ProfileDiskHealthCheck" serializeAs="String"
  • <value>False</value>
• The Client again supports pinned items to the Task bar and Start Menu on newer versions of Windows. However, Microsoft has worked very hard to lock out 3rd parties from accessing this part of Windows. The new method used can take up to 1 min to apply and could be flagged by aggressive antivirus or security software.
• LwL.ProfileUnity.Client.exe.config now has an option to disable container service restarts on logoff. Set the DiaDisableHardReverse value to true. The default value is false.
  • setting name="DiaDisableHardReverse" serializeAs="String">
  • <value>False</value>
• The Diag Tool now includes Event ID for the Windows Event Logs that it collects in the diag report.
• @PRIMARYGROUP now maps as expected.
• All KiXtart and VBS code had been removed.
• Diag Tool will not flag DLL hooking on ProfileUnity processes from the following products: AVG Technologies, McAfee, Symantec, Trend Micro, Sophos, Kaspersky, ESET, CrowdStrike, Cylance, FireEye, and Sentinel Lab Update.
• The Portability module can be run in a de-elevated process state for enhanced security. To enable this feature, you would edit the following file. Set the DeelevatePortability value to true. The default value is false.
  • C:\program Files\ProfileUnity\Client.net\LwL.ProfileUnity.Client.exe.config <setting name="DeelevatePortability" serializeAs="String"
  • <value>False</value>
• The ProfileUnity Client supports a custom logo for the login splash screen. To add your own logo, add a file called client-custom-logo-300x86.bmp, .jpg, .gif, .png, or .tif to the client.net.zip or C:\program Files\ProfileUnity\Client.net folder in the base image or you can do the following.
  • set C:\program Files\ProfileUnity\Client.net\LwL.ProfileUnity.Client.Splash.exe.config LogoImageLocation to a path to a custom logo file.
  • The splash logo size mode can be adjusted via C:\program Files\ProfileUnity\Client.net \LwL.ProfileUnity.Client.Splash.exe.config LogoSizeMode.
    • Valid values can be found at: https://docs.microsoft.com/en-us/dotnet/api/system.windows.forms.pictureboxsizemode?view=net-5.0
  • The splash colors can be adjusted via valid values LogoForeColor, LogoBackColor, SplashForeColor, SplashBackColor
    • Valid values can be found at: https://docs.microsoft.com/en-us/dotnet/api/system.drawing.knowncolor?view=net-5.0
• User Defined scripts are now in .NET and support filters.
• Block cached FlexApps now support playing back during an offline login.
• The ProfileUnity Client INI files are now cached for offline logins.
• Caching of clientsettings.xml and LwL.ProfileUnity.Client.Service.exe.creds are done for offline support.
• Classic Shell Start Menu code has been removed from the product.
• User and admin created file associations are more efficient during the login processing.
• Active Directory filter items are now supported when the machine is offline.
• The Virtual Disks module will only try to unmount VHDXs that exist before mounting. This should speed up the Virtual Disk module.
• Elevation is now supported with any level of LSA protection enabled. This is required for ProfileUnity to function on new Windows 10 and newer Windows 11.
• Filters now support Azure Active Directory user group membership.
• The IP Printers module is beta in this release. This module allows mapping of IP printers that are not tied to a print server.
• ProfileDisk volume labels now use %username%. This way, when looking at Disk Management, you can quickly see which ProfileDisk belongs to which user.
• When the ProfileDisk size is changed after the user’s disk was already created, the disk will automatically expand to the new size.
• ProfileDisk now supports using %homeshare% as part of the ProfileDisk VHDX path. This will cause a single user AD query to resolve %homeshare%.
• FlexApp Cloaking allows FlexApps on boot to be hidden. When the user logs in, the applications are unhidden based on filter assignments. This can greatly reduce the user experience of FlexApp playback time.
  • Step 1: Build an on-boot config with all the apps you want active on boot. Check the Enable Cloaking for on-boot FlexApps option in the Main module. Step 2: Build your user config assigning the same on-boot apps. If the filter is true, the application will appear for the user in milliseconds.
• On upgrades of on-boot applications, they will be visible to everyone logging into the desktop just like how it worked before 6.8.5. Block caching will now impersonate the user logging in, removing the need for domain computers to have permissions to the file share.
• On playback the following registry values will be ignored.
  • PendingFileRenameOperations
  • ProductName
• Block caching will now expire locally cached blocks after a block is aged for 180 days.
• On logoff or deactivate, printers and printer drivers will be removed from the OS.
• %CURRENTCAPPATH% is exposed to scripts in the event you need the working mount path for the layer.

FlexApp

This upgrade addresses Common Vulnerability and Exposure (CVE) items CVE-2018-1285

For additional information, refer to http://cve.mitre.org/index.html.

• The latest FlexApp Recipes can be found here.
• When performing a clone and import of a VHD FlexApp within the FlexApp Packaging Console, it will convert to VHDX. The volume will be converted to GPT and a unique disk ID will be set.
• The FlexApp Packaging Cconsole will force unique package names.
• The FlexApp Packaging Console now has a version tracking field that is visible throughout the product.
• The FlexApp Packaging Console supports merging packages into a single FlexApp package. When rolling out applications, you might have a need to merge two packages to avoid needing to re-package them. The existing packages would be copied into a single FlexApp package. Last write wins since this is a physical operation to the VHDX and registry values. The package you select from the package list and then click the merge action for will be the base application. If there are any conflicts between the application packages, the settings in the package selected from the “Package to Merge In” drop-down list will prevail.
• The FlexApp Packaging Console Extend feature now has a reboot option to pick up where you left off after a reboot.
• The FlexApp Packaging Console now automates Windows Resource Authentication. The best practice for the FlexApp Packaging Console is to be off the domain to avoid extra noise getting captured in the package. When doing this, it creates Windows Resource Authentication challenges. To solve this, log into the FlexApp Packaging Console with your ProfileUnity domain account. This account will be used to authenticate to any Windows share resources. If this account does not have access, then the administrator is prompted for credentials.
• Manually copying FlexApp packages between UNC Cloud storage paths and then importing them into the FlexApp Packaging Console is now supported.
• The FlexApp Packaging Console now checks for available free space before executing a clone.
• The FlexApp Packaging Console now supports cancel during a clone operation.
• The FlexApp Packaging Console now supports a custom working path for cloud clones. This path can be set from within settings by setting a path under the Temp Cloud Download Path.
• The FlexApp Packaging Console now validates cloud credentials before performing any cloud operations.
• Within the FlexApp Packaging Console Editor there is an overlay icon that shows at which level a file or folder redirection will occur back to the VHDX.
• The FlexApp Packaging Console supports bulk converting MSIXs to FlexApps. It is noted that if the MSIX inherently has a built-in limitation, just converting the MSIX into a FlexApp might not fix the MSIX limitation. Since the MSIX was created outside the control of the FlexApp Packaging Console, FlexApps current list of s excludes will be applied to the conversion to make sure the incoming MSIX is converted into a FlexApp as cleanly as possible without noise.
• The FlexApp Packaging Console supports bulk converting App-Vs to FlexApps. It is noted that if the App-V inherently has a built-in limitation, just converting the App-V into a FlexApp might not fix the App-V limitation. Since the App-V was created outside the control of the FlexApp Packaging Console, FlexApp current list of excludes will be applied to the conversion to make sure the incoming App-V is converted into a FlexApp as cleanly as possible without noise. Only App-Vs created with 5.X are supported for this conversation; App-Vs upgrades from 4.x to 5.x are NOT supported.
• During the clone process, the old package name text is now selectable in the clone package screen.
• Editing a package not assigned to a config, but still mounted by a user will discard changes.
• The FlexApp Packaging Console Package Scripts screen was updated to be clearer.
• The FlexApp Packaging Console Editor now has multi-select checkboxes.
• Any time the FlexApp Packaging Console captures HKCU registry values that contain the FlexApp Packaging Console administrator’s profile path, these values are replaced in real-time during playback. This fixes any applications that might try and resolve a profile path that does not exist.
• FlexApp Packaging Console long path depth support was added.
• When the FlexApp Packaging Console is cloning a VHD to VHDX, the disk is converted to a VHDX vs a file-by-file copy.
• After each of the FlexApp Packaging Console creates, commits, and writes functions, the package container is optimized for space.
• The FlexApp Packaging Console CAP file optimize step was removed, as it is no longer needed.
• The FlexApp Packaging Console supports FlexApp One bundling. The bundling process is automatic when checking the FlexApp One option. You can also default this option to be on or off in Settings. Any bundling feature that the FlexApp Packaging Console does not directly support can be added to the command line options in Settings. Under the Create options, you can execute a bulk create FlexApp Ones for existing FlexApps. To license your FlexApp One, put your FlexApp_One.lic into this path C:\Program Files (x86)\Liquidware Labs\FlexApp Packaging Console\FlexApp One Bundler. However, if you are using ProfileUnity to manage FlexApp Ones, the license on the FlexApp Packaging Console is not required.
• The FlexApp Packaging Console now has an Offline Packaging Mode option during login.
• The FlexApp Packaging Console will now secure permissions of any existing packages when they are unsecure at the source. In prior releases, the Client would secure them in real-time on playback, but that can add time to how long it takes for the application to be useable to the user.
• The FlexApp Packaging Console installer will now install all possible runtimes. A best practice is to install these on the FlexApp Packaging Console and on the desktops you are targeting for application layering. The runtime installer can also be downloaded from the ProfileUnity Management Console under Administration > Settings > ProfileUnity Tools with the Download Runtime Installation tool link. Installing the runtimes ahead of time, stops FlexApp packages from capturing the same runtimes repeatedly, which can cause conflict resolution events. These events can consume excess resources on the target desktops.
• The FlexApp Packaging Console now always displays its version in the title bar.
• The FlexApp Packaging Console metadata prompts occur in all places i.e., when a user clicks save in the editor or configures a package.
• The View a Package screen now has an indicator if "Pre-cache blocks exist”. Within FlexApp Packaging Console, you can now sort the package list.
• When viewing a package in the FlexApp Packaging Console, you can now see created and modified information.
• The FlexApp Packaging Console now has package optimization. Whenever a package is cloned or edited and the Optimize New Package option is checked, the package has the current capture excludes applied to it. This helps to keep packages from capturing things that can cause issues within Windows now or in the future. The list of things that need to be excluded continues to grow with each release of Windows and each release of the product.
• The FlexApp Packaging Console will allow duplicate package names when the package versions are different.
• The user now has a better indicator of when a capture is ready for them to start an installer.
• Package Capture - Please apply secure folder permissions during capture, i.e., Program Files.
• FlexApp AppData Local and Roaming now captures and plays back. Anything written to the user profile AppData folders is now captured as part of the FlexApp package. On playback, AppData folders are physically written to the user's profile if they do NOT exist. This feature also works when you are playing back applications on boot for existing logged in users or users logging in. We track the logged in and logging in sessions and will write into the profile. This is NOT designed for applications that install into AppData even though it might work. You will not have any version control since we physically write to this path only once. You have no way to backout the user profile path application. You “could” write your own delete on deactivation script to get around this, deleting what was laid down each time so that version handling can be done.
• FlexApp scripting now supports PowerShell PS1’s directly without needing to wrap the PS1 in a CMD script.
• The FlexApp Packaging Console capture excludes have been added in the following areas.
  • UAC
  • Defender
  • Group policy
  • (Default) registry value under top-level keys
• The FlexApp Packaging Console has a new capture mode called High compatibility mode capture. This process is NOT inline to the capture like today; the application is allowed to write directly to the file system natively. We take an inventory of the files on the system before capture, then again after the capture. FlexApp does NOT have to scan the file system for changes; we are using a filesystem technique using the file system journal. However, there is extra time added to the capture process to copy all the changes to the VHDX post capture. This new option should yield a higher success rate of capture. This setting can be set as a default under Default Capture Mode in Settings, as well.

Issues Resolved

ProfileUnity Management Console

• Fixed an issue where ProfileUnity had difficulty authenticating against a separate domain.
• Fixed an issue where Templates had "Apply Registry Rules" set but ruleset had none. Related to this, fixed an issue where a Portability rule had "Apply Filesystem Rules" unchecked and had Filesystem Rules in ruleset.
• Fixed an issue in 'Windows Options' module where the 'Wallpaper Style' column displayed "Translation missing for Enums.wallpaperstyletype"
• Fixed an issue where some default filters were missing in a fresh install.
• Fixed an issue where the console install failed when using a password that contains spaces.
• Fixed an issue with clustering where trial licenses were not updated on all nodes.
• Fixed an issue with multi-select rule list paging and selection.
• Fixed an issue where running GPO Integration was not pulling up an OU list on Windows Server 2019 or 2022.
• Fixed an issue where a second login was not updating the existing licensed user record.
• Fixed an issue where Managing the Database Connection failed when the ‘@’ character was included the prou_services password.
• Fixed an issue where Administration Grids were misaligned in Internet Explorer 11.
• Fixed an issue where Guided Configuration Wizard Automated GPO failed with 'Retrieving COM class' exception on Windows Server 2022.
• Fixed an issue where sometimes the ProfileUnity Management Console About screen displayed the wrong IP Address.
• Fixed an issue where Google Cloud Credentials were not added to the ProfileUnity Management Console correctly.
• Fixed an issue where S3 Validation failed when a period (".") was in the bucket name.
• Fixed an issue where you were unable to add a perpetual license with expired support.
• Fixed an issue with a security risk with a jQuery component dependency (CVE-2012-6708).
• Fixed an issue with the Shortcuts module where Quick Access Pinned Items did not accept UNC paths as a target path.
• Fixed an issue where uninstalls/upgrades failed if the original installing user's profile had been deleted.
• Fixed an issue where the Virtual Disks module and ProfileDisk Management accepted an invalid path format.
• Fixed an issue where upgrades/re-installs of the ProfileUnity Management Console each created a new firewall allow rule for port 8000.
• Fixed an issue where the ProfileDisk Group Assignments allowed a blank disk path.
• Fixed an issue where templates portability of ODBC was captured twice.
• Fixed an issue with Inventory Management where FlexApp Version details were showing incorrect values.
• Fixed an issue with the Shortcut module where the "Window Style" value was not showing in the grid.
• Fixed an issue where sorting the "Used in" field in Filter Management, Inventory Management, and Portability Management was not working.
• Fixed an issue with Filter Management where the Service Running Condition was not working with certain Match options.
• Fixed an issue with Filter Management where the Service Exists Condition was not working with certain Match options.
• Fixed an issue with Filter Management where the Operating System filter for Vista should have been removed because it is no longer supported.
• Fixed an issue with Filter Management where the Custom Function Condition was removed because it is no longer supported.
• Fixed an issue with Filter Management where filter condition values were not showing.
• Fixed an issue with the Administration screen that was redirecting to the login page after the Update button was clicked.
• Fixed an issue with Inventory Management where the FlexApp "Package Type" value was not showing correctly when clicking on the "View" icon.
• Fixed an issue where the Guided Configuration Wizard displayed an error message when running the GPO integration.
• Fixed an issue where using a password containing ‘@’ for prou_services caused a service CPU spike and excess network connections to MongoDB.
• Fixed an issue where the Registry module file imports with double-backslash(es) in the Value Name needed parsing.
• Fixed an issue with the Trigger Points module where the FlexApp option was missing from the Module dropdown list.
• Fixed an issue where ProfileDisk assignments allowed configuration without a file extension.
• Fixed an issue in License Management where the Licensing page was not updated after applying a new license.
• Fixed an issue with Inventory Management where FlexApp Package imports with long package names caused the console window to be larger than the browser window.
• Fixed an issue with Licensing Management where Licensed User lists did not have a 'Laptop' column in the export files.
• Fixed an issue where ProfileUnity as a Service configuration credentials could not be downloaded or deployed when using a local or restricted domain user account.
• Fixed an issue where the ProfileUnity Console Installer required an active internet connection.
• Fixed an issue with FlexDisk Management where vCenter Credentials could not be added when the prou_services password contained some special (encoded) characters.

Client

• Fixed an issue where Postflight left behind folders and argument files.
• Fixed an issue with the Shortcut module where Delete All was not recursive.
• Fixed an issue with the Shortcut module where Pinned Items failed to create on the Start Menu or Taskbar in Windows 10 1903/ERS/WVD.
• Fixed an issue where the logoff splash screen did not show the status text on Windows 10 ERS.
• Fixed an issue where PDF documents could not be searched when ProfileDisks was in use.
• Fixed an issue where Laptop users got prompted with an activation error when offline even when the license was activated.
• Fixed an issue with the Licensing Service where it did not consistently detect a laptop.
• Fixed an issue where Number Lock was turned off by Trigger Points.
• Fixed an issue where Portability single file replace restore operation was not working.
• Fixed an issue where Licensing failed when prou_services password contained ‘$$%’.
• Fixed an issue where empty filters failed to apply when using the 'Or' aggregate.
• Fixed an issue with the File Associations module where backup was leaving behind KiXtart reg keys in HKCU.
• Fixed an issue where Client License Service Process failed to fully run or create a log if the machine has WMI issues.
• Fixed an issue where Client License Service experienced a lot of log entries and CPU overhead checking for multi-user status.
• Fixed an issue where Windows Options Wallpaper, command prompt tab auto complete options were not working in Windows 10, 2016, and 2019 machines.
• Fixed an issue where if a Portability rule contained multiple individual registry values under the same registry key, only the first registry value would be saved.
• Fixed an issue where backup and restore of fonts would result in an exception for existing fonts.
• Fixed an issue where BadImageFormatException was seen on AWS WorkSpaces.
• Fixed an issue where there was a filters OU User parsing issue when DN used user's names such as, "Lastname, Firstname."
• Fixed an issue where Startup.Update failed if ProfileUnity as a Service Credential file account name was longer than 20 characters.
• Fixed an issue where certain logoff events failed to unmount Virtual Disk module disks.
• Fixed an issue with Inventory Management where System Memory, Resolution, and MAC address details are missing.
• Fixed an issue where the Command Service waited to unmount a ProfileDisk even when no ProfileDisk was mounted.
• Fixed an issue where Startup.Update was unable to use a local account in the credential file.
• Fixed an issue with the Client License Service where a locked configuration file caused the service to "use" a null connection string until it was restarted.
• Fixed an issue where the Command Service File Exist check was done as the logged-on user even when pdUseServiceCredentials=1.
• Fixed an issue where Filters Group Membership check against Administrators group was inaccurate due to elevation.
• Fixed an issue where Command Service Process Open triggers intermittently stopped working.
• Fixed an issue where Command Service Virtual Disk module disks were not detached on logoff.
• Fixed an issue where the Client ran ProfileDisk export command (lwl_profile_mgr.exe) even when Enabled=0 and/or INI Path did not exist.
• Fixed an issue where Command Service delete on merge VHD arguments were not implemented for PdUseComputerPerms multi-session ProfileDisk merges during logoff/unmount.
• Fixed an issue where Virtual Disk module multi-session merges were missing /W flag during logoff/unmount.
• Fixed an issue where Client License Service failed to start during installation if no clientsettings.xml file was present.
• Fixed an issue where Computer OU filters failed to apply.
• Fixed an issue where Portability did not find cloud-based manifest files and "always restored everything."
• Fixed an issue where MsiTracking against explorer.exe caused inability to rename files and other actions for certain DFS folder redirection targets.
• Fixed an issue where ProfileDisk failed to mount when a user logs in with their UPN.

FlexApp

• Fixed an issue where random BSOD appeared sometimes quickly and sometimes mid-session.
• Fixed an issue where Windows Updates or Upgrades failed when the Container Service was installed.
• Fixed an issue where VirtFSService was taking a large amount of CPU.
• Fixed an issue where Citrix XenApp Server crashed occasionally when the FlexApp Container service was running.
• Fixed an issue where there was a popup with BadImageFormatException on WorkSpaces/AppStream.
• Fixed a BSOD issue with SentinelOne.
• Fixed an issue where FlexApp did not recover from failed block requests.

FlexApp Packaging Console

• Fixed an issue where the user was unable to open Outlook after packaging Office365.
• Fixed an issue where the FlexApp Packaging Console allowed Configure, Scripts and Dependencies to be edited when packages were in use. When packages are in use you cannot make changes and any changes would be discarded.
• Fixed an issue where HKLM\Software\Classes was repeated numerous times in a package.
• Fixed an issue where sometimes when renaming a nested shortcut folder in Editing a Package caused invalid shortcut data.
• Fixed an issue where large captures failed with a timeout waiting on the CAP file.
• Fixed an issue where the Editor did not retain a new key's default value when data was modified.
• Fixed an issue where you could not select an installer on a CD drive for capture.
• Fixed an issue where editing a package that has registry entry paths, which contain the ending portion somewhere earlier in the path, caused duplicate entries in the editor.
• Fixed an issue where extraneous folders were being captured.
• Fixed an issue where importing a package with a plus sign ('+') in name fails.
• Fixed an issue where a cloned PBC package did not show in the list when PBC data was re-created after cloning.
• Fixed an issue where multiple blank duplicate services were created for certain packages.
• Fixed an issue where reboots initiated by the FlexApp Packaging Console did not unmount the disk first.
• Fixed an issue with the Runtime Tool where checking only '2015-2022' Redistributable failed to install.
• Fixed an issue where "(FlexApp)" tags did not show in appwiz.cpl.
• Fixed an issue where Cached blocks were not expiring as expected.
• Fixed an issue where PATH variable handling was not occurring.
• Fixed an issue where the console was removing captures of *App.VisualElementsManifest.xml from the VHD.

Component Versions

Component	6.8.5
Console UI	6.8.5.8448
FlexDisk Service	6.8.4.8420
Client.NET	6.8.5.8444
VirtFS	6.8.5.8444
LWL UserApp Player	6.8.5.8444
LWL UserApp Service	6.8.5.8444
LWL Elevation Service	6.8.5.8444
LWL License Service	6.8.5.8444
FPC	6.8.5.8444
FPC Player	6.8.5.8444
FPC VirtFS	6.8.5.8444

Known Issues and Limitations

Important: End-of-Life for ProfileUnity versions 6.8.1 and 6.8.2
Effective 12/31/2023, Liquidware will be discontinuing all sales and technical support of the ProfileUnity versions listed in the knowledge base article entitled "End-of-Life for Following Versions of ProfileUnity 6.8.X." We encourage all customers who might still be utilizing these versions to upgrade to a more recent version to take advantage of the numerous technologies & feature enhancements as well as resolved support issues. For a Full list of End-of-Life date refer to this URL: https://liquidwarelabs.zendesk.com/hc/en-us/articles/9970980852621-End-Of-Life-For-Following-Versions-of-ProfileUnity-6-8-X.

• Amazon S3 credential free option is not functional in this release.
• The Standalone ProfileUnity License Server is not yet supported in this release.
• Using Internet Explorer to manage the ProfileUnity console is no longer supported.
• Storing Network Share Credentials in the console for the FlexApp Packaging Console to use in the future is not functional in this release.
• Windows 7 and Windows 2008 R2 are not supported.
• Outlook file previewer does not work in a FlexApp version of Office 365. Double-clicking the file works fine.
• Performance collection is unavailable in developer tools on Internet Explorer 11 and Legacy Edge when ProfileDisk is enabled.
• Audit Management —Changing No Filter To Filter shows internal filter ID, not friendly name.
• Files that have more than 260 characters are not processed by the Portability engine.
• If the customer has automatic root certificate updates disabled, the ProfileUnity Management Console install might fail with data1.cab certificate error.
  • FED and some commercial accounts following federal STIG guidelines could have automatic root certificate updates disabled causing them to not have the latest root certificate. Our installer code was compiled with the latest root certificates.
• Using Folder Redirection on all of Appdata Local can cause Windows 10/11 and Windows Server 2016/2019/2022 issues.
• Using Portability on all of Appdata Local can cause long logins for Windows 10.
• When using Portability, Windows 10 that is pinned and Start Menu items do not migrate to Windows 11.
• ProfileDisk from Windows 10 does not work correctly on Windows 11. Portability must be used to migrate to a new Windows 11 ProfileDisk.
• Cloning Liquidware Cloud Apps in the FlexApp Packaging Console to the local disk is not working properly.

Upgrade Options

If your currently installed version of ProfileUnity is 6.8.1 or higher, use the ProfileUnity Upgrade Guide to upgrade to the latest version. Note that all ProfileUnity versions prior to 6.8.1 have reached their end-of-life and are no longer supported. If you need assistance upgrading, contact Support@Liquidware.com. The instructions below do not replace the Upgrade Guide but are meant to provide an overall summary of the upgrade and migration options available for the current version.

Before performing any upgrade, please perform a database backup from the Administration > Settings > Database section and take a snapshot of the virtual machine.

In-place Upgrade Option 1

1. Run the ProfileUnity-Net_6.8.5ga2.exe upgrade installer.
2. MongoDB will not be upgraded for improved security.
   • However, there is an upgrader called ProfileUnity.Mongo.Setup_4.4.17.exe that can be run to upgrade MongoDB. If you have a standalone console, run the MongoDB upgrader.
   • If you have a cluster, you will need to remove all the nodes from the cluster in the Administration > Settings > Clustering section. Once all nodes are now standalone, you can run the MongoDB upgrader. After all the standalone nodes are on the same upgraded version of MongoDB, you can add all the nodes back to the cluster.
3. MongoDB database traffic will not be encrypted.
   • If you have a single node, the database traffic does not leave the host.
   • Between cluster nodes, this traffic would not be encrypted.
4. RabbitMQ will not be removed even though RabbitMQ is no longer leveraged by ProfileUnity.
5. Upgrade the Client Tools on your image or desktops.
6. Once all the clients are upgraded, then you can upgrade the INI on the network to 6.8.5 and redeploy.

In-place Upgrade Option 2

1. If you have a cluster, you will need to remove all the nodes from the cluster in the Administration > Settings > Clustering section. Once all nodes are now standalone you proceed.
2. If you have a single ProfileUnity node, you can follow the steps below.
3. Uninstall the ProfileUnity Management Console.
4. Uninstall RabbitMQ.
5. Uninstall MongoDB.
6. Remove the MongoDB directory from C:\Program Files\MongoDB.
7. Install ProfileUnity-Net_6.8.5ga2.exe
   • MongoDB will be set up with encrypted database traffic.
8. Restore your database backup.
9. Email support@liquidware.com  to have your license reset.
10. Activate your license again.
11. If you have a single ProfileUnity node, you have completed all the necessary steps.
12. If you have a cluster, you will need to repeat all the above steps 2-8 on each node.
13. Once all nodes are running ProfileUnity 6.8.5, you can add all the nodes to the cluster again.
14. Upgrade the Client Tools.
15. Once all the clients are upgraded, then you can upgrade the INI on the network to 6.8.5 and redeploy.

Migrating to a New Installation of ProfileUnity

When migrating to a new install of ProfileUnity 6.8.5, RabbitMQ is not installed, MongoDB is upgraded, and MongoDB traffic is encrypted out of the box.

1. Install ProfileUnity-Net_6.8.5ga2.exe on a new machine.
2. Restore your database from backup in the Administration > Settings > Database section.
3. Email support@liquidware.com to have your license reset.
4. Upgrade the Client Tools with a new Client Settings file since the host name/FQDN changed.
5. If you are building a cluster, you need to repeat step 1 on two more nodes. Clustering requires a 3-node minimum and always needs an odd number of nodes.
6. Add nodes 2 and 3 to the cluster.
7. Upgrade the Client Tools with a new Client Settings file.
8. Once all the clients are upgraded then you can upgrade the INI on the network to 6.8.5 and redeploy.

Feature Updates Affecting Product Behavior Post Upgrade

Before upgrading to the latest version, be aware of the following product changes:

• Disabled features and retaining enabled features
  • On upgrade, each configuration will have Printer Refresh, Restart Spooler, Mapped Drive Refresh and Retain User File Associations checked. This gives you the same behavior as prior releases.
  • If you are leveraging the ability to disable the Print Spooler Restart feature, you will apply this option with the new Windows Options, as the old method is no longer honored.
    • After upgrading and before deploying the new 6.8.5 configuration, go into the Windows Options configuration module and uncheck Restart Spooler.

  Note: Any workarounds for Refresh.exe and Refresh Visual Style (PUPThemes) are no longer needed as they do not run by default any longer.

  • If you are leveraging retaining Volume Level, Number Lock State, Caps Lock State, Scroll Lock State, User Installed Fonts and/or System Installed Fonts you will have to do the following.
    • Enable the corresponding feature in the Windows Options module in your configuration. Then add the corresponding portability rule to your configuration before deploying your configuration.
• Multiple INIs and Require Group Membership for Execution
  • On upgrade of the ProfileUnity Client to 6.8.5, 6.8.5 will honor older INIs and 6.8.5 INIs that restrict INI execution to group membership. However, once you uncheck the option in the Main configuration module for Require Group Membership for Execution, you can NOT use this option again. It is permanently disabled. It is suggested to transition using the Require Filter for Execution setting to build the filter you need to restrict INI execution and then apply it to the configuration.
• Multiple INIs with User Defined Scripts
  • By default in prior versions, ALL User Defined Scripts would execute regardless of Require Group Membership for Execution or Require Filter for Execution settings in the Main module. Now in 6.8.5, User Defined Scripts will only execute if the configuration applies to the user or the User Defined Scripts filter applies to the user. For most customers, no action is required. However, if scripts that were applied from unattended configurations were helping, these scripts would need to be duplicated from configuration to configuration.