An introduction to LoginAM

I’ve been missing a technical introduction to LoginAM lately. Visiting the website gives you a nice overview of the product some screenshots and what more. But there’s no technical overview of the specifics of LoginAM. So I’ll dedicate this post to LoginAM newbies trying to get a grasp of all the possibilities LoginAM grants you.

LoginAM Infrastructure

It’s simple. LoginAM requires a single server. On that single server we’ll install LoginAM for you. Apart from all the files we’ll install the main install folder is also shared. SMB is our primary method of communicating between the server and the client machines. Besides that we’re also installing Internet Information Services. This is part of a new release (will be released in november 2016). The web server is for serving our new web based user interface.

LoginAM Web Based User Interface
LoginAM Web Based User Interface


Plugins are what provide all basic features to LoginAM. We’ve got a bunch of them so I’ll explain them below. Keep in mind I can’t explain all functionality in such a short time so I’ll only cover the most important ones.

Deployment – the first and most used plugin. It provides the basis for most packages. It records what has been processed so it won’t process configured actions twice. Mostly used for installing applications. But it can also be used for other single time actions like copying configuration files or importing registry items. It also provides integration with WSUS so we can easily deploy hotfixes to the clients. Read more on WSUS integration here.

System configuration – Probably the second most used plugin. It provides the ability to run actions at every boot. Meaning you can use this plugin to configure items that might need to be reconfigured on a regular basis. This plugin can also be run on demand at any given time even while users are online. Apart from that the plugin provides integration with Active Directory for the computer object. It can move the computer object to an organization unit and create the organization unit if needed.

Imaging – the imaging plugin provides the features to use LoginAM with golden image based technologies like Citrix Provisioning Services. The plugin provides feature to generalize application that needs such as most anti-virus scanners or for example the SCOM agent. It also provides the possibility for you to configure the seal command needed to seal the image.

Security – the security plugin has 2 functions. On one hand it can secure a folder using NTFS permissions and an Active Directory group. On the other hand it can create the group(s) needed for usage with NTFS permissions. The group(s) created here can also be re used in the next plugin

Shortcuts – the shorcuts plugin can create shortcuts (dohhh). Interesting enough it can create 4 types of shortcuts. It can place a traditional windows shortcuts on the desktop or in the start menu of the user. The other 3 are RDS RemoteApp, XenDesktop published applications and VMware published applications. We integrate with all 3 big VDI vendors.

User Environment – the user environment plugin can be as a basic user environment manager. It runs after the user logs on using a logonscript. You can configure all sorts of actions in this plugin.

Active Directory – this is a simple plugin that holds general settings related to active directory. These settings are utilized by multiple other plugins.

Hypervisor – this plugin provides you with a point to configure all settings related to the hypervisor integration we provide. The hypervisor integration provides you with the possibility to deploy and configure machines using the new image management feature from the web. In the future this will be extended with more functionality.

SCCM connector – this plugin provides you with the ability to import packages and applications from an SCCM server. Using this functionality you won’t have to re-package all applications you might already have configured in SCCM.

Maintenance – the maintenance plugin is one of my favorites. It’s an intelligent piece of scheduling software for deploying the changes you’ve configured in LoginAM. It’s a bit of a complex process. So if you want to learn more read up in this other blogpost.

Collections, layers and packages

We’ve discussed all plugins with all features now. But how do we get those changes the plugins can provide to the client machines? This is done using a 3-tiered logical system.

Collections are at the highest level. Each client machine is a member of a single collection. Plugin settings are set on these collections. So for example all the machine in “Collection A” are configured to be placed in a Organizational Unit.

The second tier is layers. Each layer is a logical grouping of packages. For example a Citrix Session Host layer will consist of a package to disable Internet Explorer Enhanced Security, a package to install Desktop Experience and a package to install the Citrix Virtual Desktop Agent.

Lastly we have packages. These are the workhorses of LoginAM. A package contains all logic to get an application, change or something else to a client machine. Packages are divided, like collections, by plugins. Each plugin has, as mentioned above, certain functionality with which you can get a change or application in the exact manner you want it to to the client machine.

Within the package is where the fun begins. Each of the plugins already grant you the specific functionality we talked about earlier. But to be able to automate each application you obviously need something to perform the actions needed to get the application or change fully automated. For that we’ve got 2 items, ActionSets and ActionItems. ActionSets being a set of ActionItems. ActionSets are nice to group a couple of ActionItems logically. You can also apply filters to ActionSets  (we’ve got a big set of pre-configured filters ready for you to use). ActionItems are pre-configured actions to make your life easier. We’ve got ActionItems for installing msi files, msu files, copying files/folder, importing registry files and much more. Currently we’re up to 41 ActionItems. You can find a complete list of ActionItems here.

LoginAM User Interface
LoginAM User Interface

What happens on the client machine

We’re very light weight on the client machine. We’ve got a couple of items on a machine that is being managed by LoginAM.

  1. A PowerShell module. 99% of all actions on client machines are handled by this module.
  2. Registry key (HKLM:\Software\Automation Machine). This key contains some basic settings for LoginAM and contains the list of packages already installed by the deployment plugin.
  3. A cache folder (%programdata%\Automation Machine). This folder holds a cached config of the relevant files from the LoginAM fileshare. It also holds logging a temp folder and some other stuff.
  4. A couple of scheduled tasks (in the Automation Machine folder). These are the “kick off” points for Automation Machine. They handle log housekeeping, initiating maintenance, initiating user usage reporting and, most importantly, the Startup task. Read more on the startup task here. All the scheduled tasks do is start powershell which in turn starts a command within the module.


Leave a Reply