6.8.7.9083 Release Notes (November 20, 2024)

Important:
For Existing Software Installations: Liquidware supports upgrades to existing ProfileUnity installations that are current on support contracts. However, it may be to your advantage to migrate to a new installation due to several architectural and feature changes as well as a requirement to break apart clustered installations prior to upgrading. See the Upgrading to 6.8.7 section below for more information on upgrade or migration options. See the Feature Updates Affecting Product Behavior Post Upgrade section below for more information on product changes that may affect your decision on whether to upgrade or migrate your currently installed version.

Product Updates

ProfileUnity Management Console

  • .NET 8 Upgrade: The ProfileUnity Console's license service has been upgraded to .NET 8, providing improved security, performance, and future compatibility.
  • Multi-Administrator Configuration Locking: Administrators working on the same configuration are now prevented from making simultaneous edits, avoiding the risk of lost changes. A lock mechanism ensures that only one admin can edit a configuration at a time, with a timeout in place.
  • Enhanced SAML Authentication: ProfileUnity now supports multiple, concurrent Consoles integrated for authentication in a single Entra ID Tenant.
  • MongoDB Upgrade: MongoDB has been upgraded to version 7.0, delivering enhanced performance, reliability, and security for ProfileUnity.
  • Microsoft Azure AVD App Attach Integration: FlexApp inventory can now sync directly with Azure AVD's App Attach inventory. This feature allows FlexApp-only customers to manage host pools and FlexApp assignments through a unified interface, eliminating the need to log into the ProfileUnity console for these tasks.
  • Windows IoT Support: ProfileUnity and FlexApp now support Windows IoT devices. Within the console, administrators can filter behaviors specifically for Windows IoT, differentiating them from full Windows environments for more tailored management.
  • Custom PowerShell Filters: Filters in ProfileUnity now support PowerShell script conditions, enabling unlimited filtering scenarios. This addition provides flexibility to create advanced conditions that determine if the filter should be applied.
  • Cloud Path Browsing: Cloud paths can now be browsed within the ProfileUnity console, just like UNC paths. This allows for a more streamlined setup when working with cloud storage locations.
  • Application Preservation Mode: A new feature to optimize logoff times for non-persistent desktops by halting the reverse playback of FlexApps. This feature is configurable per configuration within the ProfileUnity console, under the main module settings.
  • Optimized Templates: All system templates have been updated to reduce the size of profile backups and improve performance during login and logoff.
  • Improved Active Directory Group Search: Searching through Active Directory groups within the ProfileUnity console has been enhanced for faster and more intuitive user experiences.
  • Credential Testing for Cloud Services: Administrators can now test cloud credentials directly within the Add Cloud Credential screen using a newly added test button, without needing to rely on the template wizard.
  • Expanded Role-Based Access Control (RBAC): FlexApp inventory is now integrated into RBAC. Administrators can limit access so that users can check in FlexApp packages into the ProfileUnity console without giving them access to other configuration areas.
  • Shortcut Details in FlexApp Inventory: Application shortcut details are now visible within FlexApp package details, providing more comprehensive management capabilities.
  • Improved Active Directory Query Handling: Authentication and access control operations have been optimized by breaking out users and groups, speeding up Active Directory queries within the console.

Client

  • .NET Core 8.0 Upgrade: The client installation now includes .NET Core 8.0 instead of the previous .NET Core 6.x, ensuring enhanced performance, security, and future compatibility.
  • Faster Logoffs: Client logoffs are now 50% faster out-of-the-box when FlexApps are active on the system. This performance improvement is enhanced even further when Application Preservation Mode is enabled.
  • 7-Zip Upgrade: The version of 7-Zip used by ProfileUnity has been upgraded, providing improved security and performance.
  • Expanded File Association Support: ProfileUnity now supports file associations for both the msteams and ms-teams protocols, streamlining opening of Microsoft Teams.
  • Filter Performance Boost: The performance of systems using a large number of filters has been significantly improved, resulting in faster operation and more efficient processing.
  • Cloud Path Support for User-Defined Scripts: User-defined scripts can now be stored and executed from cloud paths. For example, scripts located in Azure Blob Storage can be referenced directly (e.g., az://configuration_blob/scripts/rest.ps1), providing more flexibility for distributed environments.
  • Cloud Path Support for Filters: Filters that rely on folder or file paths now support cloud-based file checks. For example, a filter condition such as if exist az://my_blob/.../file.txt will evaluate to true if the specified cloud file is present.
  • Extended Client License Leases Request: The client license service now allows laptops to take up to 12 hours to request a lease license, which will be valid for 90 days, ensuring more flexibility for mobile users.
  • Parallel Logon Portability Rules: Logon portability rules now run in parallel, significantly reducing login times and improving overall efficiency.
  • ProfileDisk Mount Time Visibility: The ProfileDisk mount time per user is now recorded and visible in the Windows Registry under HKLM\Software\WOW6432Node\Liquidware Labs\ProfileDisk\<user sid>\ProfileAttachTimeMs, providing administrators with insight into the mounting performance.
  • Updated File Association Management: Both administrator-driven and user-driven file association handling has been updated to work with new changes from Microsoft, referenced in KB5043178, which attempts to restrict third-party vendors from managing file associations.
  • Multi Rule FlexApp playback boost: When configuring many FlexApp rules that could apply to a user, the playback time of many rules is now on par to having all the users FlexApp within a single rule.

FlexApp

  • .NET 8 Upgrade: FlexApp has been upgraded to .NET 8, providing improved security, performance, and future compatibility.
  • Improved FlexApp VHDx Mounting: FlexApp VHDx files now mount under the system account by default. This requires domain computers to have Read and Execute permissions on the file share. This change resolves issues caused by authentication tokens that previously expired after 10 hours. Mounting under the system account ensures that the authentication token never expires. If the required system permissions are not present, the mount will failover to the user like in previous versions.
  • Enhanced File System and Registry Filter Drivers: FlexApp's file system and registry filter drivers have been updated to improve security, performance, and overall compatibility with newer versions of windows.
  • FlexDisk VDDK Library Update: The FlexDisk VDDK library has been updated to maintain compatibility with newer versions of VMware vSphere, ensuring seamless integration with VMware environments.
  • Optimized Cloud Storage with FA1 Format: FlexApp Core now uses the FlexApp One format by default for storing FlexApp packages in the cloud. This format supports compression, greatly improving the user experience by reducing the amount of data transferred over the internet for block caching. This results in faster access and more efficient local block caching.
  • Registry Value Reversal on Logoff: Native registry values that have been merged with FlexApp registry values are now properly reversed during logoff, ensuring a clean and accurate profile state for the next session.
  • Automatic Shortcut Cleanup: FlexApp shortcuts created by the "Click-to-Layer" feature are now automatically removed during system shutdown, leading to a smoother user experience without lingering shortcuts.
  • Automatic File Association with Click-to-Layer: FlexApp's Click-to-Layer feature now automatically applies to any file associations present in the FlexApp package. For example, if a text editor is layered on demand, clicking a .txt file will trigger the FlexApp to playback and open the file with the packaged application.
  • Cloud Storage Support for Published Apps: FlexApp when used with published applications, or Remote App, now support FlexApps stored in cloud storage, allowing seamless on-demand application delivery from the cloud.
  • Dynamic Priority Management: FlexApp introduces Dynamic Priority Management, which elevates the priority of the FlexApp currently in focus by the user. This feature ensures that even under high system load, the active FlexApp receives priority, enhancing performance and user experience. In some cases, FlexApp can even outperform its native installed version of the application.
  • Automatic Cache Rebuild: FlexApp now automatically rebuilds an interrupted cache job, eliminating the need for the user to log off and back on to complete the cache. This ensures uninterrupted workflow even if caching is temporarily disrupted.
  • Reduced Elevated Processes: FlexApps that process automatic startup items within user space previously ran with elevated privileges. These processes will no longer be elevated, reducing the attack surface, and improving overall security by limiting elevated processes running within user space.

FlexApp Packaging Console Improvements

  • .NET 8 Upgrade: The FlexApp Packaging Console installs .NET 8, providing improved security, performance, and future compatibility.
  • Improved Azure Blob Performance: Uploading and downloading FlexApp packages from Azure Blob Storage is now faster, improving overall performance and efficiency for cloud-based environments.
  • Preservation of ACL Changes During High-Compatibility Captures: FlexApp applications that modify Access Control Lists (ACLs) on files or folders during High-Compatibility captures now preserve these changes within the package, ensuring that the application runs correctly when deployed.
  • WebView2 Runtime Support: The FlexApp Packaging Console runtime tools now include WebView2 runtimes, improving compatibility and functionality with web-based components in FlexApp applications.
  • Improved Capture Feedback: The FlexApp Packaging Console now provides more visible feedback to indicate when the system is preparing for capture after the "Start Capture" button is clicked. This makes the process clearer and reduces any uncertainty for the user.
  • Enhanced Version Field Functionality: The FlexApp Package Version field now supports a "tab-like" function when entering periods (.), streamlining the process of specifying package versions.
  • Faster High-Compatibility Captures: High-Compatibility captures no longer require running the compact tool, as they are automatically compacted because of how they are written too. This results in faster captures and a more efficient packaging process.
  • App Volumes conversion Support: The FlexApp Packaging Console now supports converting applications from Omnissa App Volumes into FlexApp. After selecting the option to convert App Volumes, a pop-up guide provides detailed steps, including the action to attach the App Volumes VMDKs or VHDx app stacks for conversion.
  • Mandatory OS Optimizations: OS optimizations are now mandatory during the installation and setup of the FlexApp packaging console. These optimizations help maintain a clean package and ensure the highest compatibility during application playback.

FlexApp One Improvements

  • Proxy Support for OAuth: FlexApp One now supports proxy settings within Internet Options when using the OAuth feature, improving flexibility in environments where proxies are required for OAuth authentication.
  • New FlexApp Filter Drivers: Both FlexApp Core and FlexApp One have been updated with new filter drivers. The FlexApp engine will prompt users to install the new driver during activation if a newer version is detected. Notably, both the old and new drivers can coexist, allowing older and newer FlexApp One packages to run side by side without needing to remove the older driver version.
  • Shortcut Information via CLI: The FlexApp One Engine now includes a command-line interface (CLI) flag that enables users to print out package shortcut information.
  • Custom Log Path via CLI: The FlexApp One Engine now supports a CLI flag to specify a custom log file path, giving administrators more flexibility in directing log output to the desired location for troubleshooting.
  • AppStream support: AppStream support was added for publishing FlexApp One CTL shortcuts to AppStream Dynamic App API.

Issues Resolved

ProfileUnity Management Console

  • Fixed an issue where the console UI would spin at inconsistent intervals and not log in.
  • Fixed an issue where the SAML integration only supported one console per Entra ID tenant.
  • Fixed an issue where, within filters, you were unable to add multiple Entra ID Group conditions to the same filter.
  • Fixed an issue where Active Directory user group searches returned no results after upgrading.
  • Fixed an issue where Entra ID Groups Filter Secret was missing from INI after an upgrade.
  • Fixed an issue where the Machine Group Membership filter was missing the "is not" match type.
  • Fixed an issue where the Administrative Templates module had no way to update the ADMx for existing rules.
  • Fixed an issue where the console installer would allow a custom install path to the root of a drive letter.
  • Fixed an issue where, within the ADM module, IE sites and zones via ADMX were not working.

Client

  • Fixed an issue where IcaClientAddress and IcaClientName filters were no longer working.
  • Fixed an issue where PDF file association was not working.
  • Fixed an issue where shiminit was not expanding environment variables.
  • Fixed an issue where Azure group calls to Graph were repeated for each filter instead of just once up-front.
  • Fixed an issue where version 6.8.6 R1 couldn't read some older INI files or even a 6.8.6 R1 INI.
  • Fixed an issue where client installation failed to complete when run by a local administrator using a domain account for the client service.
  • Fixed an issue where client service INI filename changes caused files to remain in cache.
  • Fixed an issue where FlexApp One, MSIX, and App-V files were not removed from cache when the last config rule for the module was deleted.
  • Fixed an issue where the Compact Tool didn’t support /EraseBK while compacting A new /EraseBkInline option has been added.

FlexApp

  • Fixed an issue where you were unable to install Citrix VDA when the Container Service was running.
  • Fixed an issue where the FlexApp service would crash with System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:...\Data\appinstall.cap'.
  • Fixed an issue where x86 print drivers were not captured.
  • Fixed an issue where a captured Citrix Workspace did not play back correctly.
  • Fixed an issue where Start Menu shortcuts may not show when folder was overlapping with existing software.

FlexApp Packaging Console

  • Fixed an issue where a persistent FlexApp Packaging Console could easily fill the C: drive after regular usage.
  • Fixed an issue where FlexApp was unable to capture “Etap 22.5” with an error of Invalid CAP file specified or Unable to read CAP contents.
  • Fixed an issue where FlexApp Packaging Console was unable to browse Azure Files share.
  • Fixed an issue where the Compact Tool had a fatal error, couldn't find a VHDx, and would fail the entire job.

FlexApp One Issues Resolved

  • Fixed an issue where FlexApp One was unable to create a mutex for a package with an error of Access is denied.
  • Fixed an issue where FlexApp One deactivation scripts did not always run.
  • Fixed an issue where the FlexApp One mutex was not being released in certain cases.
  • Fixed an issue where FlexApp One package would cause disks to disappear before the CAP was unloaded.
  • Fixed an issue where multi-session Windows and FlexApp One instances would remove prematurely, they now stay active.

ProfileUnity Component Versions

Component 6.8.7
Console UI 6.8.7.9083
FlexDisk Service 6.8.7.9083
Client.NET 6.8.7.9083
VirtFS 6.8.7.9083
LWL UserApp Player 6.8.7.9083
LWL UserApp Service 6.8.7.9083
LWL Elevation Service 6.8.7.9083
LWL License Service 6.8.7.9083
FPC 6.8.7.9083
FPC Player 6.8.7.9083
FPC VirtFS 6.8.7.9083

Known Issues and Limitations

Important: End-of-Life for ProfileUnity versions 6.8.x and 6.8.x
Effective 12/31/2024, Liquidware will be discontinuing all sales and technical support of the ProfileUnity versions listed in the knowledge base article entitled "End-of-Life for Following Versions of ProfileUnity 6.8.X." We encourage all customers who might still be utilizing these versions to upgrade to a more recent version to take advantage of the numerous technologies & feature enhancements as well as resolved support issues. For a full list of End-of-Life dates, refer to this URL: https://www.liquidware.com/support/sections/202062243-Updates

  • Windows 11 24H2 Support: Support for Windows 11 24H2 in ProfileUnity FlexApp will be included in a 6.8.7 R2 release, expected within 90 days. Currently, the only known limitation is with ProfileDisk functionality. As a workaround, you can use the system to mount and unmount the disk by enabling the Pdusecomputerperms option.
  • Windows Server 2025 Support: Support for Windows Server 2025 with ProfileUnity components, including the console, client, FlexApp, FlexApp One, FlexApp Packaging Console, and FlexApp Packaging Automation, will be available within 90 days in 6.8.7 R2.
  • FlexApp One Client Installation: FlexApp One managed by ProfileUnity will stop working if the previous version of the ProfileUnity client is uninstalled and then the 6.8.7 client is installed. For FlexApp One to continue working, the 6.8.7 client must be installed over the existing client version. 6.8.7 R2 will address this issue.
  • Black Screen Issue: Users may experience a brief black screen when ProfileUnity Client runs quickly.6.8.7 R2 will address this issue with a new config setting.
  • AD Group Lookups in Filters: AD group lookups for trusted domains in different forests may not enumerate correctly. This issue will be resolved in 6.8.7 R2.
  • UI Performance with Large Numbers of Module Rules: Large numbers of module rules in the ProfileUnity console can cause UI performance degradation. This will be improved in 6.8.7 R2.
  • Open Child Processes from Automation Software: FlexApp One engines launched via automation software may leave child processes open, complicating deployment management. This will be addressed in 6.8.7 R2.
  • Cluster Management Requirements: When performing cluster management tasks (e.g., adding/removing nodes), the ProfileUnity user account must belong to the local administrators group on all nodes.
  • AppStream Compatibility: FlexApp and FlexApp One cannot publish shortcuts to the AppStream Dynamic Application Framework in multi-session environments, as AppStream does not support the Dynamic Application Framework and multi-session use simultaneously.
  • IPv6 Cluster Upgrade Issue: Upgrading a ProfileUnity cluster with nodes that have an IPv6 address from a valid IPv6 DHCP scope may fail. For more information, see Clustering - Error Adding Third Cluster Node.
  • Marketplace Console Upgrade Issue: ProfileUnity Console deployments from the Amazon AWS Marketplace or Azure Marketplace may encounter issues during upgrades. Contact support@liquidware.com for assistance.
  • 32-Bit Windows Feature Deprecation: The following features no longer support 32-bit Windows: FlexApp, FlexApp Packaging Console, ProfileDisk, Custom Folder Redirection with Hard Redirect, and Registry Redirection.
  • Internet Explorer Compatibility: Using Internet Explorer to manage the ProfileUnity console is no longer supported. Performance collection is unavailable in developer tools on Internet Explorer 11 and Legacy Edge when ProfileDisk is enabled.
  • Unsupported Operating Systems: Windows 7, Windows Server 2008 R2, and Windows Server 2012 R2 are no longer supported.
  • Outlook File Previewer: The file previewer in Office 365 (FlexApp version) does not work. However, double-clicking the file functions correctly.
  • File Path Limit: Files with more than 260 characters cannot be processed by the Portability engine.
  • Root Certificate Update Requirement: If automatic root certificate updates are disabled, the ProfileUnity Management Console installation might fail due to a data1.cab certificate error. Federal and some commercial accounts following STIG guidelines may need to manually update root certificates to avoid this issue.
  • Folder Redirection on AppData: Using Folder Redirection on the entirety of AppData Local can cause issues on Windows 10/11 and Windows Server 2016/2019/2022.
  • Portability on AppData Local: Using Portability on all of AppData Local can lead to extended login times on Windows 10.
  • Windows Start Menu Migration: Pinned Start Menu items from Windows 10 may not migrate to Windows 11 when using Portability.
  • ProfileDisk Compatibility from Windows 10 to Windows 11: A ProfileDisk created on Windows 10 may not function correctly on Windows 11. Portability should be used to migrate to a new ProfileDisk on Windows 11
  • Console Logins: Active Directory, or LDAP, users that were manually added access to ProfileUnity Console are unable to logon if their common name doesn't match their username. See this KB article for workarounds.
  • ProfileUnity Client Service Account:Persistent workstations that leverage the ProfileUnity client service to run on-boot configurations do not process new iterations of existing startup configurations when deployed. See this KB article for workaround.

Upgrading to 6.8.7

The procedures and requirements for upgrading ProfileUnity & FlexApp differ based on certain factors, such as your existing version and whether or not you have multiple ProfileUnity Console nodes configured in a cluster. For information and procedures for your specific upgrade scenario, refer to the ProfileUnity & FlexApp Upgrade Guide.

Feature Updates Affecting Product Behavior Post Upgrade

Before upgrading to the latest version, be aware of the following product changes if you are not already running 6.8.5.

  • Disabled features and retaining enabled features
    • On upgrade, each configuration will have Printer Refresh, Restart Spooler, Mapped Drive Refresh and Retain User File Associations checked. This gives you the same behavior as prior releases.
    • If you are leveraging the ability to disable the Print Spooler Restart feature, you will apply this option with the new Windows Options, as the old method is no longer honored.
      • After upgrading and before deploying the new 6.8.6 configuration, go into the Windows Options configuration module and uncheck Restart Spooler.

      Note: Any workarounds for Refresh.exe and Refresh Visual Style (PUPThemes) are no longer needed as they do not run by default any longer.

    • If you are leveraging retaining Volume Level, Number Lock State, Caps Lock State, Scroll Lock State, User Installed Fonts and/or System Installed Fonts you will have to do the following.
      • Enable the corresponding feature in the Windows Options module in your configuration. Then add the corresponding portability rule to your configuration before deploying your configuration.
  • Multiple INIs and Require Group Membership for Execution
    • On upgrade of the ProfileUnity Client to 6.8.6, 6.8.6 will honor older INIs and 6.8.6 INIs that restrict INI execution to group membership. However, once you uncheck the option in the Main configuration module for Require Group Membership for Execution, you can NOT use this option again. It is permanently disabled. It is suggested to transition using the Require Filter for Execution setting to build the filter you need to restrict INI execution and then apply it to the configuration.
  • Multiple INIs with User Defined Scripts
    • By default in prior versions, ALL User Defined Scripts would execute regardless of Require Group Membership for Execution or Require Filter for Execution settings in the Main module. In 6.8.5 and up, User Defined Scripts will only execute if the configuration applies to the user or the User Defined Scripts filter applies to the user. For most customers, no action is required. However, if scripts that were applied from unattended configurations were helping, these scripts would need to be duplicated from configuration to configuration.