This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 2%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Hi,
For security reason, we would like to hide "powershell" and "cmd.exe" from users.
While it's easy to create rules for that (and it works), logon scripts have stopped working.
I'm wondering if it's possible to activate some rules after the users logon process ?
It would be great if it was a per rule option instead a global one.
Regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 18%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELK%3C/text%3E%3C/svg%3E)
Hello @dejan.markovic ,
Thanks for your information. I've synced with our internal team that customer can submit feature suggestions here:
https://techcommunity.microsoft.com/t5/azure-virtual-desktop/idb-p/AzureVirtualDesktop
Thanks for your cooperation! Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.
Hello @dejan.markovic ,
Thanks for your query.
1.What's your deployment environment and Windows version?
2.How did you set the logon scripts? Is there any error message in the event log?
3.What's your configuration of app masking and profile container?
For your reference:
Tutorial: Implement FSLogix Application Masking
: https://video2.skills-academy.com/en-us/fslogix/implement-application-masking-tutorial
Published Application on WVD and Powershell Logon Script
: https://video2.skills-academy.com/en-us/answers/questions/288768/published-application-on-wvd-and-powershell-logon.html
Best regards,
Leila
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
1.What's your deployment environment and Windows version?
We are using the product on Windows Server 2019 (with Citrix Xendesktop) and using FSLogix_Apps_2.9.7654.46150
2.How did you set the logon scripts? Is there any error message in the event log?
The logon scripts are pushed by GPO at user level.
There is no error message the script is simply not processed.
3.What's your configuration of app masking and profile container?
The profile is managed by Citrix UPM
The application masking is quite simple:
Hiding file:
%systemfolder32%\cmd.exe
%systemfolder64%\cmd.exe
When the rule is applied to target the script is not processed. One of our example is a script for Outlook signature update and maintenance not processed anymore when the rule is activated.
The goal of my request is to process scripts during logon process and once logged, hide cmd.exe and powershell too.
Regards
Hello @dejan.markovic ,
Thanks for your information. Since Citrix is out of our MS scope, we just troubleshoot from fslogix side.
1.Will it work if you downgrade to FSLogix 2004 (2.9.7349.30108)?
2.What about changing the include/exclude groups to "update" instead of "replace" in the GPO:
https://www.meinekleinefarm.net/caution-fslogix-2009-2-9-7621-30127-profiles-wont-logoff-completely/
3.Did you have the Run logon scripts synchronously parameter enabled in the group policies? If you disable this policy and have the app masking enabled at the same time, will the logon script be applied?
1.Will it work if you downgrade to FSLogix 2004 (2.9.7349.30108)?
Hi, it's exactly the same.
2.What about changing the include/exclude groups to "update" instead of "replace" in the GPO:
https://www.meinekleinefarm.net/caution-fslogix-2009-2-9-7621-30127-profiles-wont-logoff-completely/
I don't think my question has something to deal with this point. I'll try to explain better bellow (I hope).
3.Did you have the Run logon scripts synchronously parameter enabled in the group policies? If you disable this policy and have the app masking enabled at the same time, will the logon script be applied?
Yes my scripts are runing synchronously.
I'll try to explain in a different way:
Both product version (FSLogix_Apps_2.9.7654.46150 and FSLogix_Apps_2.9.7349.30108) are working as planned by my rule:
CMD.EXE command is hidden for users.
I was hopping that there is a way to have something like 'do not hide during logon'
As I understand, it's not possible.
I'm familiar with Ivanti 'appsense application manager' and I agree that both applications are not comparable.
While Ivanty AM controls the users access rights, Fslogix is masking apps.
With Ivanti AM there is an option called 'Ignore restrictions during logon' and I was hopping something similar exists under Fslogix.