Ivanti Environment Manager Database/ Profile Cleanup

Share on twitter
Share on linkedin

A topic we often see overlooked or misunderstood within Ivanti Environment Manager Personalization is the built-in cleanup tasks relating to user profiles and their retention within the personalization database.

Over time in a living production environment, we expect to see some user accounts become inactive and no longer needed. We also expect application personalization includes and excludes to be modified from time to time as application versions or business needs change. As this takes place, some objects and settings stored within the database are no longer needed, and in turn waste valuable storage space.

Ivanti Environment Manager Personalization has several built-in maintenance tasks to help to keep the database clean and reduce storage requirements. Properly configuring these built-in cleanup tasks helps to reduce database size and improve overall performance and reliability. They also assure the database is as clean as possible prior to migrations – thus reducing the amount of data that is moved.

In this article we will discuss the four Personalization Advanced Settings shown below, and how each of them functions in relation to maintaining a clean database.

Personalization Advanced Settings:

Group Default Value Description
InactiveProfileExpiryDays
180
The expiry time (in days) for inactive profiles, after which time they are deleted. Set to 0 to disable this option.
InactiveUserExpiryADCheck
true
If set to true, users are only deleted if they no longer exist in active directory. This setting is only applicable if the InactiveUserExpiryDays is non-zero.
InactiveUserExpiryDays
180
The delay before endpoints clean extraneous data from profiles after a change to inclusions or exclusions. Set to 0 for no delay or -1 to disable the cleanup function.
ProfileCleanupDelayDays
30
The delay before endpoints clean extraneous data from profiles after a change to inclusions or exclusions. Set to 0 for no delay or -1 to disable the cleanup function.

InactiveProfileExpiryDays

Default Value: 180 days

This setting controls the number of days an application group within the user profile must be inactive (unexecuted) before its associated data is removed from the database.

Example: If a user is configured for Internet Explorer personalization but they have not opened IE for X number of days, the IE data within the user’s personalization profile will be removed from the database. This does not impact other applications in the user personalization profile. This setting helps to ensure old unused application data is not stored in the database if it is no longer being used by the user.

InactiveUserExpiryDays

Default Value: 180 days

This setting dictates how long a user must go without logging in on an endpoint with Environment Manager before their entire profile is deleted from the database.  If InactiveUsersExpiryADCheck is set to True, the system will check to see if the user account still exists in AD before deleting. If it does exist, then the profile will not be deleted until the AD account is also deleted.

Example: A user has left the company. After x number of days, the user’s entire personalization profile will be removed from the database.

InactiveUsersExpiryADCheck

Default Value: True

This setting, when enabled (True), will query AD to determine if the user’s account exists before the their personalization profile is deleted. If the AD account exists, even if disabled, the profile will not be removed from the database.

Setting this value to False will not check for the AD user object before deleting. If your organization does not delete inactive user accounts, you may consider setting this value to False.

Example 1: (Value=True, Account=Disabled) A user has left the company and the IT department has disabled their AD account. After x number of days, the clean up process will check and see that the users AD account still exists, and because it does, will not remove the profile from the database.

Example 2: (Value=True, Account=Deleted) A user has left the company and the IT department has deleted their AD account. After x number of days, the clean up process will check and see that the users AD account no longer exists, and thus the profile will be removed from the database.

Example 3: (Value=False, Account=Enabled) A user has left the company and the user account is no longer in use. After x number of days, the clean up process will remove the profile from the database, regardless of the AD user account status.

ProfileCleanupDelay Days

Default Value: 30 days

This setting controls the number of days that specific application personalization data remains in the user profile after the registry/file path is no longer part of the application group.

Example: An application group is configured for notepad and includes the registry key to personalize the font size that the user sets as default. When the user launches (and exits) notepad for the first time, these settings, by way of a registry key, are saved into the database.
Sometime later it is decided that notepad font size personalization is no longer needed, and the registry key is removed from the application group within EM Personlization. The unused font size registry key will remain in the database until X number of days pass, at which point they will be removed. Enabling this setting helps to reduce profile bloat with objects/settings that are no longer being personalized within an application group.

Configuring Environment Manager Advance Settings

To modify these settings, follow the steps below:

  1. Launch the Environment Manager console
  2. From the User Personalization Workspace, connect to your personalization server
  3. Under the “Manage” tab, click “Advanced Settings”
  4. Select the setting name you wish to modify and enter a new value
  5. Close advanced settings

 

Changes to EM Personalization are effective immediately and do not require a policy update on endpoints as it is a server side configuration. Cleanup actions run during nightly scheduled tasks.

Summary

Database cleanup is an important part of any Ivanti Environment Manager Personlization environment. Understanding and properly configuring these settings facilitate automated removal of inactive and unneeded data. These easily configurable settings help reduce storage requirements and maintain a healthy database with minimal administrative effort over the long haul as the environment matures and grows.

By submitting you agree to our privacy policy.

Alchemist: James Knox

Solutions Engineer

About Alchemy Technology


Alchemy Technology Group is an industry leading IT advisory, consulting and reseller firm focused on end user experience, security, data center transformation, cloud and automation.

Share

Share on twitter
Share on linkedin

Contact an Alchemist

Contact Alchemy Technology Group, and let the transformation begin.

By submitting you agree to our privacy policy.

By submitting you agree to our privacy policy.