Manage Installed Applications on Host Pools

Warning: Nerdio Manager does not install the BgInfo Azure extension during any automation or management process. However, the BgInfo extension may be installed either through a scripted action directly, or unintentionally, as stated in the Azure PowerShell module issues report.

Nerdio Manager allows you to leverage FSLogix App Masking technology to automatically discover applications installed on a host pool and configure rules to determine which users can access which applications. User access can be controlled at the individual application level and can be assigned by user or security group. Multiple applications can be grouped together for consolidated access management. Simply install all the required applications on the desktop image, update the session hosts, and define which users can access which applications.

Note: FSLogix App Masking is currently not supported in AAD joined host pool scenarios.

Note: This process does not work by simply hiding shortcuts. It actually hides all the components of the application. For example, if you create a rule to hide Chrome from all users:

The Chrome folder in Program Files appears to the user to be empty. In fact, the folder is not empty, it is just hidden from the user.
Chrome is unpinned from the taskbar, if necessary.
The Chrome desktop shortcut is removed, if necessary.
The user does not find Chrome when performing a Cortana search.

The following steps must be performed in order to manage the installed apps:

Discover and edit installed applications: The discovery is automatically performed whenever a host pool is created or re-imaged. In addition, it is also runs every few days in order to find applications that may have been added (not through a re-image process). Alternatively, the discovery can be run manually.
Create rule sets: Create rule sets to determine which users have access to which applications.
Apply the rule sets to the session hosts VMs: Apply the selected rule sets to all the session host VMs. You can wait to perform this when a session host is created or re-imaged. Alternatively, you can manually apply the selected rule sets immediately.

These steps are discussed in detail below.

Discover and Edit Installed Applications

The first step to managing the installed applications is to discover the applications that are installed. In addition, Nerdio Manager allows you to edit and manually add applications.

To discover and edit the installed applications:

Locate the host pool you wish to work with.
From the action menu, select Applications> Installed apps.
Note the date and time the discovery was last performed.

Note: If the host pool was created recently, you may not see any discovered applications because a discovery has not yet been performed yet. You may need to wait up to 48 hours or initiate a manual discovery.
If desired, select (nn apps) to see a list of discovered applications and additional details.
If desired, select Discover apps to perform a manual discovery.
- Enter the following information:
- Session Host VM: From the drop-down list, select the session host VM you want to use to perform the discovery.
- Select Advanced to perform any of the following:
  - Select to remove a discovered application.
  - Edit the name or installation directory information for any discovered application, if desired.
  - Select to add an application and its installation directory. The discovery process looks for all the components of this application in this directory and automatically detects them.
- Once you have entered all the desired information, select Run now.
- Watch the discovery process's progress in the tasks pane. Be sure to wait for the task to finish before continuing.
  
  Note: If the session host VM is powered off, the system powers on the VM to perform the discovery.

Create Rule Sets

The next step to managing the installed applications is to create rule sets. In essence, you determine which users have access to which applications.

To create rule sets:

Locate the host pool you wish to work with.
From the action menu, select Applications> Installed apps.
Select Add rule set.
Enter the following information:
- Rule Set Name: Type the name of the rule set.
- Enabled: Select this option to enable the rule set.
  
  Note: Only rule sets that are enabled are applied to hosts.
- Applications: From the drop-down list, select the discovered applications to add to the rule set.
  - If desired, expand the application to see its details.
  - Edit, add, or delete the application's components, as desired.
  - Rule Type: App Masking: This allows you to manage access of installed components.
  - Rule Type: Redirection: This enables you to dynamically redirect a folder, file , registry key, or value to an alternative based on the user or group. For example, as shown above, you can have an app use a different license file for the sales team.
  - Rule Type: App Container: This enables you to dynamically redirect a folder to another attached disk. For example, as shown above, redirect to another drive that contains the licenses for the sales team.
- Apply to all users: When this option is selected (default), the applications are available only to users you specify in the Exclude users and groups field. The applications are hidden and unavailable for any other users.
  Note:
  - Unselect this option if you need to make the applications available for all users.
  - If you still need to restrict access for some users or groups, include those in the Apply only the following users and groups field.
    
    Note that the Apply only the following users and groups field becomes available only when the Apply to all users option is disabled.
- Exclude local administrators: Select this option to not apply this rule to the local administrators group.
- Exclude users and groups: Select the users to exclude from the allowlist or the blocklist.
Select Save & apply to save the rule and apply it immediately to all session host VMs. Select Save & close to save the rule.

Note: When you select Save & close, the rule is applied when a session hosts are created or re-imaged. Alternatively, you can manually apply the rule later on when desired.

Manage and Apply Rule Sets

Nerdio Manager allows you to manage rule sets. This includes applying rule sets, deleting, editing, etc.

To manage rule sets:

Locate the host pool you wish to work with.
From the action menu, select Applications> Installed apps.
You may select multiple rules and then Select bulk action to perform a bulk action on the selected rules.
From the action menu next to each rule set, you can:
- Select Edit to edit the rule set.
- Select Apply to hosts to immediately apply the rule set to all session hosts. (see below)
- Select Disable to disable the rule set.
- Select Delete to delete the rule set.
- Select Assign to change the rule set assignments.
In addition, you can:
- Select Discover apps to immediately start the applications discovery process. (see above)
- Select Add rule set to add a new rule set. (see above)
- Select Apply all rule sets to immediately apply all the rule sets to all the session hosts. (see below)

To apply rule sets:

Select Apply to hosts (for a single rule or selected rules) or Apply all rule sets (for all rules).
Enter the following information:
- How to apply: From the drop-down list, select how the rule set should be applied.
  - Clear all existing FSLogix rule sets on hosts: Select this option to clear all the FSLogix rule sets on the hosts before applying this rule set.
  - Clear only Nerdio Manager created rule sets on hosts: Select this option to clear all the rule sets that were created by Nerdio Manager on the hosts before applying this rule set.
  - Do not clear any rule sets, overwrite rule sets being applied only: Select this option to leave all the existing rule sets alone and only overwrite the rule set that is being applied.
- Process hosts in groups of: Type the number of concurrent actions to execute during this bulk operation.
- Number of failures before aborting: Type the number of failures that causes the process to stop.
- Messaging: Toggle on the Messaging to send messages to active users.
  - Delay: From the drop-down list, select the number of minutes to wait after sending the message before starting the process.
  - Message: Type the message you want to send to the users.
Once you have entered all the desired information, select OK.

The rule set application process starts.

Export Rule Sets

Nerdio Manager allows you to export rule sets to either a JSON file or a host pool.

To export rule sets:

Locate the host pool you wish to work with.
From the action menu, select Applications> Installed apps.
Select the rule set(s) you wish to export.
From Select bulk action action menu, select Export rule sets.
Enter the following information:
- Export to: From the drop-down list, select the export destination.
  
  Note: When exporting to a JSON file, the file is downloaded to the browser's default download folder.
- Destination host pool: When exporting to a host pool, from the drop-down list, select the host pool.
Once you have entered all the desired information, select OK.

The rule set export process starts.

Import Rule Sets

Nerdio Manager allows you to import rule sets that were previously exported in a JSON file or from a host pool.

To import rule sets:

Locate the host pool you wish to work with.
From the action menu, select Applications> Installed apps.
From the Add rule set action menu, select Import rule sets.
Enter the following information:
- Import from: From the drop-down list, select the import location.
- Host pool: When importing from a host pool, from the drop-down list, select the host pool.
- JSON file: When importing from a JSON file, select the file.
- Activate imported rule sets: Select this option to activate the imported rule sets after they are imported.
Once you have entered all the desired information, select Install.

The rule set import process starts.