Configuring profiles for XenApp or XenDesktop with Citrix Profile Management 3

Print Friendly, PDF & Email

Well, We finally have a new version of salvation for those of us who work with roaming profile environments, the great Citrix Profile Management product 3.0 that will help us manage our roaming profiles using Active Directory policies. The Profile Management agent must be installed on the XenApp servers and these GPOs must be configured with the parameters that interest us, we can even migrate from a traditional configuration of mobile profiles with CPM.

The advantages offered by Citrix Profile Management are important compared to the traditional ones that we can configure with the possibilities given by the Active Directory or directly edit on the record.

Here are the main new features of the version 3:

– Citrix Streamed User Profiles! In streaming environments, giving a much faster login and logout thanks to the obtaining of 'parts’ of profiles from the warehouse, only when they are needed.
– Active profile rewriting. Improves profile integrity if sessions end abnormally.
– Microsoft Windows Server Support 2008 R2.
– Installation Improvements. It performs error checks during installation and if it finds an error it logs it in the Event Viewer. In addition, a new parameter when installing CPM from the command line avoids having files .ini (Configuration).
– Diagnostic Enhancements. You can monitor the performance of streaming profiles using a Performance Monitor counter and log files.
– Software and documentation are in French, German, Spanish, Japanese and Simplified Chinese.

Profile Management can also be distributed with Merchandising Server and Citrix Receiver (Citrix Delivery Center)!!!

Profile Management must be installed on each XenApp server if our environment is that, or on each XenDesktop desktop; or directly on the PCs if our profile environment would run on the PCs. We can install it by wizard or command line, Subsequent restart is mandatory.

Or we can configure it to be installed from a direct in silent mode… Be careful that it will restart the server once installed!

And once we have it installed on all our affected computers, we will have to configure it using templates in the Active Directory, So from the console “Group Policy Management” we create a GPO in an organizational unit where we have such computers with the software installed.

We give it a name…

We edit the directive,

And we must add the template that we will have downloaded along with the Profile Manager installers, from In “Team Setup” > “Policies” > “Administrative templates” Right Button “Add or remove templates…”,

We select the ADM with our language & “Open”,

Click on “Close” Once we have it and we can configure the policies that interest us.

In “Team Setup” > “Policies” > “Administrative templates” > “Classic administrative templates (ADM)” > “Citrix” > “Profile Management”:

Enable Profile Manager:
By default, to facilitate distribution, Profile Management does not process logins or logoffs.
You can enable processing by enabling this parameter.
If this parameter is set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, Profile Management does not process Windows user profiles in any way.

Groups prosecuted:
Both local computer groups and domain groups can be used (Local, Global and universal). Domain groups must be specified in the format: <DOMAIN NAME>GROUP NAME>.
If this parameter is set here, Profile Management processes only members of these user groups.
If this parameter is disabled, Profile Management processes all users.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, Members of all user groups are processed.

Process logins from local administrators:
Specifies whether Profile Management processes group member sign-ins “Administrators” local.
If this parameter is disabled, Profile Management does not process logins from local administrators.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, Administrators will not be processed.

Path to the user store:
Defines the path with the directory where the user's parameters are saved, i.e. registry changes and synchronized files (The user store).
It can be an absolute UNC path or a path relative to the home directory (Home).
In both cases, The following types of variables can be used: System environment variables enclosed in percentage signs (%) and Active Directory user object attributes enclosed between pound signs (#).
Examples:
The Windows%ProfileVer% folder saves user parameters in the WindowsW2k3 subfolder of the user store (if %ProfileVer% is a system environment variable that resolves to W2k3).
servidorpunto_compartido#SAMAccountName# saves the user parameters in the path servidorpunto_compartidoJohnSmith (if #SAMAccountName# resolves to JohnSmith for the current user).
Unable to use user environment variables, except %username% and %userdomain%.
If this parameter is disabled, user parameters are saved in the Windows subdirectory of the home directory (Home).
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, the Windows directory on the main unit is used.

Active rewrite:
With this parameter, files and folders (Not Registry Entries) that are modified can be synchronized with the user store in the middle of a session, Before the End of the Session.

In “Team Setup” > “Policies” > “Administrative templates” > “Classic administrative templates (ADM)” > “Citrix” > “Profile Management”> “Profile Management”:

Delete locally cached profiles when logging out:
Specifies whether locally cached profiles are deleted after logging out.
If this parameter is enabled, The locally cached user profile is deleted after you log off. This option is recommended for endpoint servers.
If this parameter is disabled, Cached profiles are not deleted.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, Cached profiles are not deleted.

Migrating Existing Profiles:
Profile Management can dynamically migrate existing profiles during sign-in in case the user does not have any profiles in the user store.
During the login, the following takes place: If an existing Windows profile is found and the user does not yet have any Citrix user profiles in the user store, Windows profile is migrated (He copies) in the user store dynamically. After this process, Profile Management uses this user store profile in the current session and in any other sessions configured with the same user store path.
If this parameter is enabled, Profile migration can be enabled for mobile and local profiles (Default), For roaming profiles only, Only for local profiles, or you can disable profile migration altogether.
If profile migration is disabled and no Citrix user profile exists in the user store, the existing Windows mechanism is used to create new profiles, as would happen in an installation without Profile Management.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, All existing profile types are migrated.

Managing Local Profile Conflicts:
This parameter configures what Profile Management does when a profile exists in the user store and a local Windows user profile (not a Citrix user profile).
If this parameter is disabled or has the default value “Use your local profile”, Profile Management uses the local profile, but it does not modify it in any way.
If this parameter is defined with the “Delete your local profile”, Profile Management deletes the local Windows user profile, and then imports the Citrix user profile from the user store.”
If this parameter is defined with the “Rename your local profile”, Profile Management renames Windows local user profile (to back it up) and then import the profile the user store profile.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, existing local profiles are used.

Template Profile:
By default, New user profiles are created from the default user profile of the computer where the user first logs on. Alternatively, Profile Management can use a centrally stored template to create profiles of new users. Template profiles are identical to normal ones in that they can be located anywhere in the network. Use the UNC format to specify the path to templates. Users need read access to a template profile.
If this parameter is disabled, No templates are used.
If this parameter is enabled, Profile Management uses the template instead of using the default local profile when creating new user profiles.
If a user doesn't have a Citrix user profile, but a local Windows user profile exists, by default the local profile will be used (and the user store will be migrated, If this option is not disabled). This can be changed by checking the box to enable the “The template profile overwrites the local profile”.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, no templates will be used.

In “Team Setup” > “Policies” > “Administrative templates” > “Classic administrative templates (ADM)” > “Citrix” > “Profile Management”> “Advanced Parameters”:

Retries to access locked files:
Specifies how many times the attempt to access locked files will be repeated.
If this parameter is disabled, The default value of 5 Retries.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, The default value of 5 Retries.

Cache MFT file directory:
Defines the path to the directory where the cache file of the contents of the MFT directory is saved.
The route must be local. Do not use UNC routes.
Example:
D:DataUPMCache.
This cache is created automatically if it is not present when the MFT is scanned when the service is started.
If this parameter is disabled, the cache file is created in the folder where Profile Management was installed.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, The file is saved in the installation directory.

In “Team Setup” > “Policies” > “Administrative templates” > “Classic administrative templates (ADM)” > “Citrix” > “Profile Management”> “Logging Parameters”:

Enable Logging:
Enabling this parameter enables debug mode (Detailed Logging). In debug mode, detailed state information is saved in the log files located in “%SystemRoot%System32LogfilesUserProfileManager”.
If this parameter is disabled, only errors are logged.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, only errors are logged.

Logging Parameters:
Detailed log parameters.
Define the events or actions that Profile Management should log in detail.
If this parameter is not set here, Profile Management uses the parameters of the INI file.
If this parameter is not set here or in the INI file, General information and errors are logged.

Maximum log file size:
Defines the maximum log file size, in bytes. If the current log file grows and exceeds this size, The backup file is deleted (.Bak) existent, the current log file is renamed to .bak, and a new one is created.
The log file is created in “%SystemRoot%System32LogfilesUserProfileManager”.
If this parameter is disabled, the default value of 1 MB.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, the default value of 1 MB.

Path to log file:
Defines an alternate path where log files are saved.
The route must be local. Do not use UNC routes.
Example:
D:LogFilesProfileManagement.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, Default location is used “%SystemRoot%System32LogfilesUserProfileManager”.

In “Team Setup” > “Policies” > “Administrative templates” > “Classic administrative templates (ADM)” > “Citrix” > “Profile Management” > “System Registration”:

Exclusion List:
List of System Registry Keys in the HKCU Hive That Are Not Taken Into Account During Logoff.
For example:
SoftwarePolicies.
If this parameter is disabled, no system registry key is excluded.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, no system registry key is excluded.

Inclusion List:
List of System Registry Keys in the HKCU Hive That Are Processed During Logoff. Example: SoftwareAdobe.
If this parameter is enabled, Only the keys included in the list are processed.
If this parameter is disabled, the entire HKCU tree is processed.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, the entire HKCU tree is processed.

In “Team Setup” > “Policies” > “Administrative templates” > “Classic administrative templates (ADM)” > “Citrix” > “Profile Management” > “File System”:

File exclusion list:
List of files that are not considered during synchronization.
File names can be specified with absolute paths or with paths relative to the user's profile (%USERPROFILE%). Wildcards can be used. Wildcards are applied on a recurring basis.
Examples:
DesktopDesktop.ini excludes the Desktop.ini file that is in the Desktop directory. C:MyAppmyapp.tmp excludes the myapp.tmp file that is in the C directory:MyApp.
C:MyApp*.tmp excludes all files that have the .tmp extension and are located in the C directory:MyApp and its subfolders.
If this parameter is disabled, No files are excluded.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, No files are excluded.

Directory Exclusion List:
List of directories that are not considered during synchronization.
Folder names can be specified with absolute paths or with paths relative to the user's profile (%USERPROFILE%).
Examples:
If you enter “Desktop” (without the quotation marks) the Desktop directory is excluded from the user's profile.
C:MyApptmp excludes the C directory:MyApptmp.
If this parameter is disabled, No folder is excluded.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, No folder is excluded.

In “Team Setup” > “Policies” > “Administrative templates” > “Classic administrative templates (ADM)” > “Citrix” > “Profile Management” > “File System” > “Synchronization”:

Directories to sync:
Profile Management synchronizes each user's complete profile between the system where it is installed and the user store. You don't need to include subfolders of the user profile by adding them to this list.
This parameter can be used to include directories outside of the user's profile in the synchronization process. It also allows you to include directories that are inside excluded folders.
The paths in this list can be absolute or relative.
Relative paths are interpreted in relation to the user's profile.
Examples:
DesktopExcludeInclude specifies the Include subfolder that is located within the DesktopExclude folder.
C:MyAppData specifies the Data folder that is located within the C directory:MyApp.
Disabling this parameter achieves the same effect as enabling it and configuring it with an empty list.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, Only the folders in the user's profile that are not excluded will be synchronized.

Files to sync:
Profile Management synchronizes each user's complete profile between the system where it is installed and the user store. You don't need to include user profile files by adding them to this list.
This parameter can be used to include files outside of the user's profile in the synchronization process. It also allows you to include files that are inside excluded folders. folders.
The paths in this list can be absolute or relative.
Relative paths are interpreted in relation to the user's profile. Wildcards can be used, but only in file names. Wildcards cannot be nested and are applied on a recurring basis.
Examples:
AppDataLocalMicrosoftOfficeAccess.qat specifies a file that is located inside an excluded folder in the default configuration.
C:MyAppmyapp.cnf specifies the “myapp.cnf” on Route C:MyApp.
AppDataLocalMyApp*.cfg specifies all files with the .cfg extension that are located in the AppDataLocalMyApp profile folder and its subfolders.
Disabling this parameter achieves the same effect as enabling it and configuring it with an empty list.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, Only files in the user's profile that are not excluded will be synced.

In “Team Setup” > “Policies” > “Administrative templates” > “Classic administrative templates (ADM)” > “Citrix” > “Profile Management” > “Streaming User Profiles”:

Profile streaming:
With profile streaming, User profiles are synchronized on the local computer only when they are needed. Registry entries are immediately cached, but files and folders are only cached when users access them.

Always cache:
For a better user experience, there is an option to use this parameter with the Profile Streaming parameter. This imposes a lower limit on the size of files that are streamed. Files of this size or larger are cached as soon as possible after login. To be able to cache the entire profile, Set the limit to zero (This will cache all of the contents of the profile).

Waiting time (in days) for pending file area lock:
You can set a timeout to release user files so that they are rewritten to the user store from the pending files area, In case the user store is blocked because the server stops responding (For example, if it ceases to be operational). Use this parameter to avoid filling up the pending files area and to ensure that the user store always contains the most up-to-date files.

Streaming User Profile Groups:
Enter one or more Windows user groups.
If this parameter is enabled, Only the profiles of those group members are streamed. If this parameter is disabled, All user groups are processed.
If this parameter is not set here, the existing value in the INI file is used.
If this parameter is not set here or in the INI file, All users are processed.


Recommended Posts

Monitoring Citrix profiles with Centreon and Grafana
Read
Book - Citrix for IT Administrators - Free
Read
Migrating the Citrix UPM profile to FSLogix
Read
Exploiting our Citrix farm with Grafana
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Migrating to Citrix XenApp 6

12 of May de 2010

Using Citrix Dazzle

17 of May de 2010