So recently I have been implementing UE-V for a customer running Windows 10 1709 and I was reminded of an issue/feature that has been around since 1607. The issue manifests itself in the fact that no user folder settings get created on your UE-V data share, the reason of course is that the default inbox templates are not automatically getting registered by the UE-V client. This is by design and outlined in the following Microsoft document – https://docs.microsoft.com/en-us/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows

Assuming you have already verified your share permissions are correct (as outlined in this link – https://docs.microsoft.com/en-us/windows/configuration/ue-v/uev-deploy-required-features#deploy-a-ue-v-settings-storage-location), you can verify which templates are registered and the number of them by running the following PowerShell commands;

# Registered Templates
Get-UEVTemplate | FT TemplateName, Enabled

# Registered Template Count
(Get-UEVTemplate | Measure).Count

So now to registering the built in inbox templates, which of course is straight forward. There is a PowerShell command to do this and there are a number of good blog posts on how to register the templates manually, Jörgen Nilsson for example has this one – http://ccmexec.com/2017/02/ue-v-windows-10-1607-powershell-and-ue-v-template-share/.

So I thought rather than manually registering the templates I thought I would show you how to automate the process via a Configuration Baseline in ConfigMgr.

Configuration Item Settings

  1. Firstly we need to configure a Configuration Item, so start the Wizard and give it a meaningful name
  2. Limit the CI to your client OSes where UE-V is supported and add a new item. Select the setting type as “Script” and the data type as “Boolean“, as what we are going to do is implement a PowerShell script that will report on the status of the inbox registrations
  3. The next step is to define the Discovery scriptBelow is the required PowerShell script, it works by reading the contents of the Inbox Registration folder (C:\ProgramData\Microsoft\UEV\InboxTemplates) and then reading through each of the XML’s to find a value to match registrations against. If all of the templates are registered it returns a true value, if all or some are not registered it returns a false value

    Discovery Script:

    # Specify UE-V Folder Inbox Templates Location
    $InboxTemplatesSrc = "$env:ProgramData\Microsoft\UEV\InboxTemplates"
    
    # Get Inbox templates details
    $InboxTemplates = Get-ChildItem -Path $InboxTemplatesSrc -Filter *.XML | Select -Property FullName
    
    # Get Registered Template List
    $RegisteredTemplates = Get-UevTemplate | Select -Property TemplateID
    
    function CheckInboxTemplates {
      try {
        if ((Get-UevStatus).UEVEnabled -eq $true) {
          # Run UEV inbox templates registration check			
          foreach ($Template in $InboxTemplates.Fullname) {
            #Write-Host "Reading template from $Template"
            $TemplateXML = Get-Content -Path $Template
            $TemplateID = $TemplateXML.SettingsLocationTemplate.ID
            #Write-Host "Template ID = $TemplateID"
            if ($RegisteredTemplates.TemplateID -notcontains $TemplateID) {
              $AllRegisteredTemplates = $false
            }
          }
          if ($AllRegisteredTemplates -eq $false) {
            Return $false
          }
          else {
            Return $true
          }
          
        }
      }
      catch [System.Exception]
      {
        Write-Output $_.Exception.Message
      }
    }
    
    $TemplatesRegistered = CheckInboxTemplates | Out-Host
  4. In order to do something with the returned true or false value, we need a script to dynamically register the missing templates

    Remediation Script:

    # Specify UE-V Folder Inbox Templates Location
    $InboxTemplatesSrc = "$env:ProgramData\Microsoft\UEV\InboxTemplates"
    
    # Get Inbox templates details
    $InboxTemplates = Get-ChildItem -Path $InboxTemplatesSrc -Filter *.XML | Select -Property FullName
    
    # Get Registered Template List
    $RegisteredTemplates = Get-UevTemplate | Select -Property TemplateID
    
    function RegisterInboxTemplates {
      try {
        if ((Get-UevStatus).UEVEnabled -eq $true) {
          foreach ($Template in $InboxTemplates.Fullname) {
            #Write-Host "Reading template from $Template"
            $TemplateXML = Get-Content -Path $Template
            $TemplateID = $TemplateXML.SettingsLocationTemplate.ID
            #Write-Host "Template ID = $TemplateID"
            if ($RegisteredTemplates.TemplateID -notcontains $TemplateID) {
              #Write-Host "Registering template $TemplateID"
              Register-UevTemplate -Path $Template
            }
          }
        }
      }
      catch [System.Exception]
      {
        Write-Output $_.Exception.Message
      }
    }
    
    RegisterInboxTemplates | Out-Host
    
    
    
  5. Now you need create a Compliance Rule to allow for the script to run the remediation script in the event of a false value being detected:

Configuration Baseline

With the configuration item now created, we can go about creating a configuration baseline and deploying the CB to a collection.

  1. Give your Configuration Baseline a name (CB – UE-V Template Registration is used in this example) and then add the configuration item created earlier to it:
  2. Deploy your newly created CB to a collection, sit back, and wait for the numbers to be returned:
  3. After each evaluation schedule you defined when deploying the CB, you should now see your compliance count increasing:

UEV Data Content

At this stage you should now see folders being created for each of your user’s on the UE-V data share that you defined in your GPO. Contained within each of these user folders you should see something similar to the below:

(1529)

Maurice Daly

Maurice has been working in the IT industry for the past 18 years and currently working in the role of Principal Consultant with TrueSec. With a focus on OS deployment through SCCM/MDT, group policies, active directory, virtualisation and office 365, Maurice has been a Windows Server MCSE since 2008 and was awarded Enterprise Mobility MVP in March 2017.

There are no comments.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.