Uso de Citrix User Profile Manager – Citrix UPM
Citrix User Profile Manager es un nuevo producto de Citrix que esperemos nos sirva para quitarnos un poco los dolores de cabeza. De todos es sabido que en los entornos Citrix uno de los mayores problemas es el de la gestión de los perfíles móviles, con esta nueva aplicación esperamos que sea todo un poco más fácil. Así que no esperemos más y descargar la aplicación, que es gratuita desde la web de Citrix en MyCitrix: AKI. Es una utilidad que se integra con el Directorio Activo, ya que lo que genera en sí es una plantilla que deberemos importar en alguna política para posteriormente configurarla y aplicarla a los usuarios.
Así que una vez bajado Citrix User Profile Manager, procederemos a instalarlo en un servidor. ¿donde instalarlo? Pues como lo único que genera es una plantilla, podemos instalarlo en un puesto y posteriormente copiar la plantilla ADM al controlador de dominio, o instalarlo en él directamente. “Next” para comenzar con la instalación,
Debemos aceptar el acuerdo de licencia “I accept the terms in the license agreement” & “Next”,
Seleccionamos el path de instalación, por defecto será: “C:Archivos de programaCitrixUser Profile Manager” & “Next”,
Pulsamos en “Install” para que empiece ya a instalar….
… esperamos unos segundos mientras lo instala…
OK, instalado, pulsamos en “Finish” para salir del asisntente de instalación.
Debemos reiniciar tras la instalación, así que cuando podamos lo reinciamos.
Una vez reiniciado el servidor, ya podemos configurar Citrix User Profile Manager, para ello, debemos abrir la consola “Administración de directivas de grupo” en “Herramientas Administrativas”. Debemos crear una nueva política o GPO para configurar UPM. Así que donde nos interese, con botón derecho > “Crear y vincular un GPO aquí…”
Indicamos un nombre descriptivo y aceptamos.
Editamos la directiva que acabamos de crear con botón derecho > “Editar…”,
Y agregamos la plantilla donde nos interese, sea en “Configuración del equipo” o en “Configuración de usuario”, con botón derecho en “Plantillas administrativas” & “Agregar o quitar plantillas…”
Pulsamos en “Agregar”,
Buscamos el fichero UserProfileManager.adm y lo abrimos.
Pulsamos en “Cerrar”,
Si vamos a “Plantillas administrativas” > “UserProfileManager” tenemos “Microsoft Settings”:
“Delete cached copies of roaming profiles”: Determines whether the system saves a copy of a user’s roaming profile on the local computer’s hard drive when the user logs off.
This setting, and related settings in this folder, together describe a strategy for managing user profiles residing on remote servers. In particular, they tell the system how to respond when a remote profile is slow to load.
Roaming profiles reside on a network server. By default, when users with roaming profiles log off, the system also saves a copy of their roaming profile on the hard drive of the computer they are using in case the server that stores the roaming profile is unavailable when the user logs on again. The local copy is also used when the remote copy of the roaming user profile is slow to load.
If you enable this setting, any local copies of the user’s roaming profile are deleted when the user logs off. The roaming profile still remains on the network server that stores it.
Important: Do not enable this setting if you are using the slow link detection feature of Windows 2000 Professional and Windows XP Professional. To respond to a slow link, the system requires a local copy of the user’s roaming profile.
“Prevent Roaming Profile changes from propagating to the server”: This setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.
By default, when a roaming profile user logs on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similiarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.
Using the setting, you can prevent changes made to a roaming profile on a particular computer from being persisted.
If you enable this setting, the following occurs on the affected computer: At login, the user receives their roaming profile. But, any changes a user makes to their profile will not be merged to their roaming profile when they log off.
If this setting is disabled or not configured, the default behavior occurs, as indicated above.
Note: This setting only affects roaming profile users.
“Only allow local user profiles”: This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.
Using the setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.
If you enable this setting, the following occurs on the affected computer: At first logon, the user receives a new local profile, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile.
If you disable this setting or do not configure it, the default behavior occurs, as indicated above.
If you enable both the “Prevent Roaming Profile changes from propagating to the server” setting and the “Only allow local user profiles” setting, roaming profiles are disabled.
Note: This setting only affects roaming profile users.
“Set path for TS Roaming Profiles”: Specifies whether Terminal Services uses the specified network path for roaming user profiles.
You can use this setting to specify a network share where the profiles are stored, allowing users to access the same profile for sessions on all terminal servers in the same organizational unit. By default, Terminal Services stores all user profiles locally on the terminal server.
To use this setting, type the path to the network share in the form ComputernameSharename. Do not specify a placeholder for user alias, because Terminal Services automatically appends this at logon. If the specified network share does not exist, Terminal Services displays an error message at the server and stores the user profiles locally.
If the status is set to Enabled, Terminal Services uses the specified path as the root directory for all user profiles. The profiles themselves are contained in subdirectories named for the alias of each user.
If the status is set to Disabled or Not Configured, user profiles are stored locally on the server, unless specified otherwise by the server administrator.
Note: The roaming profiles specified with this setting apply to Terminal Services connections only; a user might also have a Windows roaming profile, in which case the Terminal Services roaming profile always takes precedence in a Terminal Services session.
If the don’t append user name checkbox is selected then Terminal Services will not automatically append the user name at logon. It is recommended to set this option only if you want to specify a mandatory profile to use for all Terminal Services users.
En “Plantillas administrativas” > “UserProfileManager” > “UserProfileManager settings”:
“Processed groups”: If this setting is configured, UserProfileManager will process only members of these user groups. If this setting is disabled or not configured, UserProfileManager will process all users.
“Process logons of local administrators”:Specifies whether logons of members of the local group administrators are processed by UserProfileManager.
If this setting is disabled or not configured logons of local administrators are not processed by UserProfileManager.
This setting has no effect on Windows Vista/Server 2008 if UAC is enabled.
“Path to the (mandatory) profile”:The path to the (mandatory) user profile should be set here.
This setting overwrites any other profile path, regardless of whether it is set in the Active Directory user account or via group policy.
If this setting is enabled the path configured here is used for every user. If this setting is disabled or not configured then Windows standard mechanisms for locating the user profile are used.
The path should be specified as UNC path in the form “serversharedirectory”.
This setting has no effect on Windows Vista/Server 2008.
“Path to the user settings”:Sets the path to the directory in which the user settings (registry changes and synchronized directories) are saved.
The path can be an absolute UNC path (Example: “serversharedir”) or a path relative to the home directory (Example: “Windows”).
In both cases the following types of variables can be used:
System environment variables enclosed in percent signs (Example: “%ProfileVer%” -> “W2k3”) and attributes of the Active Directory user object enclosed in hashes (Example: “#cn#” -> “John Doe”).
If this setting is disabled or not configured the user settings are saved in the subdirectory “Windows” of the home directory.
En “Plantillas administrativas” > “UserProfileManager” > “UserProfileManager settings” > “Advanced settings”:
“Do not set the user profile type to roaming”:Activation of this setting disables the function to set the type of the user profile to roaming during logon and back to mandatory during logoff.
If this setting is activated, certificates containing private keys cannot be imported.
If this setting is disabled or not configured, the profile type is set to roaming and certificates can be used without limitation.
“Prevent roaming profiles from being written back”: Prevents roaming profiles from being written back to the network during logoff by setting the profile type to “temporary”. The effect of this setting is similar to the Windows 2003 policy setting “Prevent Roaming Profile changes from propagating to the server”.
This setting should only be used in special circumstances.
If this setting is disabled or not configured, the corresponding function is not active.
“Number of retries when accessing locked files”: Sets the number of retries when accessing locked files over the network.
If this setting is disabled or not configured the default value of 5 retries is used.
“Directory of the USN change DB”: Sets the path to the directory in which the USN change database is saved. Example: “D:DataUSN-DB”.
This database will be autocreated and used only when file or directory synchronization is configured.
If this setting is disabled or not configured, the database will be created in the directory where UserProfileManagerService.exe is located.
En “Plantillas administrativas” > “UserProfileManager” > “UserProfileManager settings” > “Log Settings”:
“Enable logging (debug mode)”:Activation of this setting enables debug mode (verbose logging). In debug mode extensive status information is logged in the log files in “%SystemRoot%System32LogfilesUserProfileManager”.
Part of logon/logoff processing is done in the context of the user using impersonation. It is recommended to set write permissions for the users group on the log folder so that UserProfileManager can write to the log files during impersonation, too.
If this setting is disabled or not configured only errors are logged.
“Log Settings”: Detailed log settings.
Define events or actions which UserProfileManager will log in-depth.
If this setting is not configured, user names, warnings and general information will be logged.
“Maximum size of the log file”: Sets the maximum size of the log file in bytes. If the log file grows beyond this size an existing backup (.bak) of the file is deleted, the log file renamed to .bak and a new log file is created.
The log file is created in “%SystemRoot%System32LogfilesUserProfileManager”.
If this setting is disabled or not configured the default value of 128 KB is used.
En “Plantillas administrativas” > “UserProfileManager” > “UserProfileManager settings” > “Registry”
“Exclusion list”: List of registry keys in the HKCU hive which are ignored during logoff processing. Example: “SoftwarePolicies”.
If this setting is disabled, no registry keys are excluded.
If this setting is not configured, the following default values are used:
– SoftwarePolicies
– SoftwareMicrosoftWindowsCurrentVersionPolicies
– SoftwareMicrosoftWindowsShellNoRoam
– SoftwareMicrosoftWindowsCurrentVersionExplorerTrayNotify
“Inclusion list”:List of registry keys in the HKCU hive which are processed during logoff. Example: “SoftwareAdobe”.
If this setting is enabled, only keys on this list are processed. If this setting is disabled or not configured, the complete HKCU hive is processed.
En “Plantillas administrativas” > “UserProfileManager” > “UserProfileManager settings” > “File system”:
“Exclusion list – files”: List of files which will be ignored during synchronization und archiving.
Filenames are relative to the user profile path. Example: “DesktopDesktop.ini” ignores the file Desktop.ini in the desktop directory.
If this setting is disabled or not configured, no files are excluded.
“Exclusion list – directories”: List of directories which will be ignored during synchronization und archiving.
Paths are relative to the user profile path. Sample: “Desktop” ignores the desktop directory.
If this setting is disabled, no directories are excluded.
If this setting is not configured, the following default values are used:
– Application DataICAClientCache
– Application DataSunJavaDeploymentcache
– Application DataSunJavaDeploymentlog
– Application DataSunJavaDeploymenttmp
En “Plantillas administrativas” > “UserProfileManager” > “UserProfileManager settings” > “File system” > “Synchronization”:
“Profile directories to synchronize”:List of directories, which are synchronized (saved and restored) during logoff and logon. During logoff, changed files in a directory are copied to the subdirectory sPBackup of the user settings path. During logon, the previously saved files are copied back to the user profile.
This path is relative to the user profile. Example: “Desktop” specifies the desktop directory of each user.
If this setting is disabled, no directories are synchronized during logon/logoff.
If this setting is not configured, the following default values are used:
– Application Data
– Desktop
– My Documents
“Profile files to synchronize”: List of files, which are synchronized (saved and restored) during logoff and logon. During logoff, changed files are copied to the subdirectory sPBackup of the user settings path. During logon, the previously saved files are copied back to the user profile.
This path is relative to the user profile. Example: “putty.rnd” specifies a file created by Putty in the root of the user profile.
If this setting is disabled or not configured, no single files are synchronized during logon/logoff.
En “Plantillas administrativas” > “UserProfileManager” > “UserProfileManager settings” > “File system” > “Archiving”:
“Profile directories to save into an archive file”:The content of each directory in the list is saved/restored recursively during logon/logoff.
During logoff, all files and subdirectories are compressed into an archive file, which is copied to the subdirectory sPBackup of the user settings path. During logon the previously saved files are expanded back to the user profile.
This path is relative to the user profile. Example: “Desktop” specifies the desktop directory of each user.
If this setting is disabled, no directories are archived.
If this setting is not configured, the following default values are used:
– Cookies
– Favorites
– NetHood
– PrintHood
– Recent
– SendTo
– Templates
En “Plantillas administrativas” > “UserProfileManager” > “UserProfileManager settings” > “File system” > “Archiving” > “Advanced settings”:
“Maximum usage of virtual memory during creation of an archive”: If archive files are used by UserProfileManager (depending on configuration) they are created in virtual memory and written directly to disk without the need for temporary files.
With this option the maximum amount of virtual memory to be used when creating an archive can be set – indirectly the maximum size of archive files is being set.
www.bujarra.com – Héctor Herrero –
nh*****@bu*****.com
– v 1.0