Which profile is stored in a network location rather than on the local hard drive?
This topic describes the policies in the Profile Management .adm and .admx files. Show
For more information about the policies, see Profile Management policies. Sections in the .adm and .admx filesProfile Management policies reside in the following sections: Profile Management Profile Management\Folder Redirection (User Configuration) Profile Management\Profile handling Profile Management\Advanced settings Profile Management\Log settings Profile Management\Registry Profile Management\File system Profile Management\File system\Synchronization Profile Management\File deduplication Profile Management\Streamed user profiles Profile Management\Cross-platform settings In the Group Policy Object Editor, most of the policies appear under Computer Configuration > Administrative Templates > Classic Administrative Templates > Citrix. Redirected folder policies appear under User Configuration > Administrative Templates > Classic Administrative Templates > Citrix. In the Group Policy Editor, the policies appear under Computer Configuration unless the policies are under the section labeled User Configuration. Profile ManagementEnable Profile ManagementLets you enable Profile Management. By default, to ease deployment, Profile Management does not process logons or logoffs. Enable Profile Management only after you do all other setup tasks and test how Citrix user profiles behave in your environment. Configuration precedence:
Processed groupsLets you specify users whose profiles are processed. Specify users using the following user groups:
Configuration precedence:
Excluded groupsLets you specify users whose profiles aren’t processed. You can specify users by using the following user groups:
Configuration precedence:
Process logons of local administratorsLets you specify whether Profile Management processes logons of members of the Citrix virtual apps environments are the typical use cases of multi-session operating systems. If this policy is disabled or not configured on multi-session operating systems, Profile Management processes logons of domain users but not of local administrators. Citrix virtual desktops environments are the typical use cases of single-session operating systems. On single-session operating systems, Profile Management processes local administrator logons. Domain users with local administrator permissions are typically Citrix virtual desktops users with assigned virtual desktops. When a desktop experiences problems with Profile Management, this policy allows the user to log on by bypassing any logon processing and to troubleshoot the problems.
Configuration precedence:
Path to user storeLets you specify the storage path of the user store. The user store is the central network location where user profiles (registry changes and synchronized files) are stored. The path can be:
The following types of variables can be used in the path setting:
User environment variables cannot be used, except for Examples:
Important: Whichever attributes or variables you use, check that this policy expands to the folder one level higher than the folder containing NTUSER.DAT. For example, if this file exists in \server\profiles$\JohnSmith.Finance\Win8x64\UPM_Profile, set the path to the user store as \server\profiles$\JohnSmith.Finance\Win8x64 (not the \UPM_Profile subfolder). For more information on using variables when specifying the path to the user store, see the following topics:
Configuration precedence:
Migrate user storeLets you specify the storage path of the user store that Profile Management previously used (the If this setting is configured, the user settings stored in the previous user store are migrated to the current user store. The path can be an absolute UNC path or a path relative to the home directory. In both cases, you can use the following types of variables:
Examples:
Configuration precedence:
Active write backLets you enable the active write-back feature. With this feature enabled, Profile Management synchronizes files and folders that are modified on the local computer to the user store during a session. Configuration precedence:
Active write back registryLets you enable Profile Management to synchronize registry entries that are modified on the local computer to the user store during a session. Use this policy with the Active write back policy. Configuration precedence:
Offline profile supportLets you enable the offline profile feature. This feature allows profiles to synchronize with the user store at the earliest opportunity. This feature aims at laptop or mobile device users who often roam. When a network disconnection occurs, profiles remain intact on the laptop or device even after restart or hibernation. When mobile users start sessions, their profiles are updated locally. Profile Management synchronizes their profiles with the user store only after the network connection restores. Configuration precedence:
Profile Management\Advanced settingsNumber of retries when accessing locked filesLets you specify the number of retries when accessing locked files. Configuration precedence:
Process Internet cookie files on logoffSome deployments leave extra Internet cookies that Configuration precedence:
Disable automatic configurationProfile Management examines any Citrix virtual desktops environment, for example for the presence of personal vDisks, and configures Group Policy accordingly. Only Profile Management policies in the Not Configured state are adjusted, so any customizations you have made are preserved. This policy lets you speed up deployment and simplifies optimization. You do not need to configure this policy. However, you can disable automatic configuration when doing one of the following:
You can regard automatic configuration as a dynamic configuration checker that automatically configures the default policy settings according to environments at runtime. It eliminates the need to configure the settings manually. Runtime environments include:
Automatic configuration might change the following policies if the environment changes:
See the following table for the default status of the preceding policies on different OSs:
However, with automatic configuration disabled, all policies above default to Disabled. To ensure that Start menu roaming works properly on Windows 10, Windows Server 2016, and Windows Server 2019, follow these steps:
Configuration precedence:
Log off user if a problem is encounteredLets you specify whether Profile Management logs off users if a problem is encountered. If this policy is disabled or not configured, Profile Management gives a temporary profile to users if a problem is encountered. For example, the user store is unavailable. Configuration precedence:
Customer Experience Improvement ProgramBy default, the Customer Experience Improvement Program is enabled to help improve the quality and performance of Citrix products by sending anonymous statistics and usage data. If this setting isn’t configured here, the value from the .ini file is used. Enable search index roaming for OutlookWith this policy enabled, Profile Management provides native Outlook search experience to users by automatically roaming Outlook search data with user profiles. This policy requires extra storage to store the search index for Outlook. Log off and then log on again for this policy to take effect. Outlook search index database – backup and restoreLets you specify what Profile Management does during logon when the Enable search index roaming for Outlook policy is enabled. If this policy is enabled, Profile Management backs up the search index database each time the database is mounted successfully on logon. Profile Management treats the backup as the good copy of the search index database. When an attempt to mount the search index database fails due to database corruption, Profile Management reverts the search index database to the last-known good copy.
Enable concurrent session support for Outlook search data roamingLets Profile Management provide native Outlook search experience in concurrent sessions of the same user. Use this policy with the Search index roaming for Outlook policy. With this policy enabled, each concurrent session uses a separate Outlook OST file. By default, only two VHDX disks can be used to store Outlook OST files (one file per disk). If the user starts more sessions, their Outlook OST files are stored in the local user profile. You can specify the maximum number of VHDX disks for storing Outlook OST files. Enable multi-session write-back for profile containersLets you enable write-back for profile containers in multi-session scenarios.
If the policy is enabled, changes in all sessions are written back to profile containers. Otherwise, only changes in the first session are saved because only the first session is in read/write mode in profile containers. To use this policy for the FSLogix Profile Container, ensure that the following prerequisites are met:
Replicate user storesLets you replicate the remote user profile store to multiple paths on each logon and logoff. Doing so lets Profile Management provide profile redundancy for user logons. Enabling the policy increases system I/O and might prolong logoffs.
Enable credential-based access to user storesLets you enable credential-based access to user stores. By default, Citrix Profile Management impersonates the current user to access user stores. Therefore, it requires the current user to have permission to access the user store. In some situations, you want to put user stores in a storage repository (for example, Azure Files) that the current user has no permission to access. In those cases, enable this policy to let Profile Management access the user stores by using the credentials of the storage repository. To ensure that Profile Management can access user stores using credentials, save the credentials in Workspace Environment Management (WEM) or Windows Credential Manager. We recommend you use Workspace Environment Management to eliminate the need of configuring the same credentials for each machine running Profile Management. If you use the Windows Credential Manager, use the Local System account to securely save the credentials.
Configuration precedence:
Specify the storage path for VHDX filesLets you specify a storage path to store VHDX files used in Profile Management. Citrix Profile Management provides the following VHDX-based policies: Enable native Outlook search experience, Citrix Profile Management profile container, and Accelerate folder mirroring. By default, VHDX files are stored in the user store. Configuration precedence:
Automatically reattach VHDX disks in sessionsWith this policy enabled, Profile Management ensures a high level of stability of VHDX-based policies. By default, this policy is enabled. When this policy is enabled, Profile Management monitors VHDX disks that are in use by VHDX-based policies. If any of the disks is detached, Profile Management reattaches the disk automatically. Enable asynchronous processing for user Group Policy on logonWindows provides two processing modes for user Group Policy: synchronous and asynchronous. Windows uses a registry value to determine the processing mode for the next user logon. If the registry value doesn’t exist, synchronous mode is applied. The registry value is a machine-level setting and doesn’t roam with users. Thus, asynchronous mode will not be applied as expected if users:
With this policy enabled, the registry value roams with users. As a result, processing mode is applied each time users log on. Enable OneDrive containerLets OneDrive folders roam with users. The OneDrive container is a VHDX-based folder roaming solution. Profile Management creates a VHDX file per user on a file share and stores the users’ OneDrive folders into the VHDX files. The VHDX files are attached when users log on and detached when users log off. Profile Management\Citrix Virtual Apps Optimization settingsEnable Citrix Virtual Apps OptimizationWhen you enable this feature, only the settings specific to the published applications a user launches or exits are synchronized. Configuration precedence:
Path to Citrix Virtual Apps optimization definitionsLets you specify a folder to store definition files of the Citrix virtual apps optimization. Configuration precedence:
Profile Management\Cross-platform settingsEnable cross-platform settingsLets you enable the cross-platform settings. The cross-platform settings feature is primarily used for migration from Windows 7 and Windows Server 2008 to Windows 8 and Windows Server 2012. This migration might also move from Microsoft Office 2003 or Office 2007 to Office 2010. By default, to ease deployment, cross-platform settings are disabled. Enable this policy only after thorough planning and testing of this feature. Configuration precedence:
Cross-platform settings user groupsLets you specify Windows user groups to which the cross-platform settings feature applies. For example, you can use this policy to process only the profiles from a test user group. Configuration precedence:
Path to cross-platform definitionsLets you specify the network location where the definition files reside. This path must be a UNC path. Users must have read access to this location, and administrators must have write access to it. The location must be a Server Message Block (SMB) or Common Internet File System (CIFS) file share. Configuration precedence:
Path to cross-platform settings storeLets you specify the path to the cross-platform settings store. The store refers to the folder in which users’ cross-platform settings are saved. This store resides in the user store where profile data shared by multiple platforms is located. Users must have write access to the store. The path can be an absolute UNC path or a path relative to the home directory. You can use the variables used in Path to user store. Configuration precedence:
Source for creating cross-platform settingsLets you specify a platform as the base platform if this policy is enabled in that platform’s OU. This policy migrates data from the base platform’s profiles to the cross-platform settings store. By default, this policy is disabled. Each platform’s own set of profiles are stored in a separate OU. Decide which platform’s profile data that you want to use as the base platform to seed the cross-platform settings store. With this policy enabled, when one of the following situations occurs, Profile Management migrates the data from the single-platform profile to the store.
Profile Management\File systemExclusion list - filesLets you specify the files that Profile Management ignores during synchronization. File names must be paths relative to the user profile (%USERPROFILE%). Wildcards are allowed and are applied recursively. Examples:
Configuration precedence:
Enable Default Exclusion List - directoriesLets you specify the default list of directories that Profile Management ignores during synchronization. Use this policy to specify GPO exclusion directories without having to fill them in manually. Configuration precedent:
Exclusion list - directoriesLets you specify the folders that Profile Management ignores during synchronization. Folder names must be specified as paths relative to the user profile (%USERPROFILE%). Example:
Configuration precedence:
Logon Exclusion CheckLets you specify what Profile Management does if a profile in the user store contains excluded files or folders. Configuration precedence:
Large File Handling - Files to be created as symbolic linksLets you specify the files that are created as symbolic links. This setting is used to improve logon performance and to process large-size files. You can use wildcards in policies that refer to files. Example, To process the Offline Outlook Data File (* Those files cannot be accessed in multiple sessions simultaneously. Profile Management\File system\SynchronizationDirectories to synchronizeLets you specify folders that you want Profile Management to synchronize when their parent folders are excluded. Paths on this list must be relative to the user profile. Profile Management synchronizes each user’s entire profile between the system where it is installed and the user store. It is not necessary to include subfolders of the user profile by adding them to this list. Disabling this policy has the same effect as enabling it and configuring an empty list. Configuration precedence:
Files to synchronizeLets you specify files that you want Profile Management to synchronize when their parent folders are excluded. Paths on this list must be relative to the user profile. Wildcards can be used in file names and folder names. But wildcards are applied recursively only in file names. Examples:
Profile Management synchronizes each user’s entire profile between the system where it is installed and the user store. It is not necessary to include files in the user profile by adding them to this list. Disabling this policy has the same effect as enabling it and configuring an empty list. Configuration precedence:
Folders to mirrorThis policy can help solve issues involving any transactional folder (also known as a referential folder). That type of folder contains interdependent files, where one file references other files. With the policy, Profile Management processes a transactional folder and its contents as a single entity when synchronizing user profiles. Configuration precedence:
Accelerate folder mirroringWith both this policy and the Folders to mirror policy enabled, Profile Management stores mirrored folders on a VHDX-based virtual disk. It attaches the virtual disk during logons and detaches it during logoffs. Enabling this policy eliminates the need to copy the folders between the user store and local profiles and accelerates folder mirroring. Profile Management\File deduplicationIdentical files can exist among various user profiles in the user store. Having duplicate instances of files stored in the user store increases your storage cost. File deduplication policies let Profile Management remove duplicate files from the user store and store one instance of them in a central location (called shared store). Doing so avoids file duplications in the user store, thus saving your storage cost. Files to include in the shared store for deduplicationLets you enable file deduplication and specify files to include in the shared store for deduplication. Files to exclude from the shared storeLets you specify files to exclue from the shared store. Use this policy along with the Files to include in the shared store for deduplication policy. Profile Management\Log settingsEnable loggingLets you specify whether to enable logging for Profile Management. Enable this policy only when you are troubleshooting Profile Management. Configuration precedence:
Log settingsLets you select which events or actions Profile Management logs. Select them all only if you are requested to do so by Citrix personnel. Configuration precedence:
The check boxes for this policy correspond to the following settings in the .ini file: LogLevelWarnings, LogLevelInformation, LogLevelFileSystemNotification, LogLevelFileSystemActions, LogLevelRegistryActions, LogLevelRegistryDifference, LogLevelActiveDirectoryActions, LogLevelPolicyUserLogon, LogLevelLogon, LogLevelLogoff, and LogLevelUserName. Maximum size of the log fileLets you specify the maximum size of the Profile Management log file in bytes. The default value for the maximum size of the Profile Management log file is 10 MB. If you have sufficient disk space, increase the value. If the log file grows beyond the maximum size, the following happens:
The log file is created in Configuration precedence:
Path to log fileLets you configure an alternative path to store the log files. The path can point to a local drive or a network-based one (a UNC path):
This setting ensures that log files are preserved when the machine restarts. For virtual machines without a persistent hard drive, setting a UNC path allows you to retain the log files. But the system account for the machines must have write access to the UNC share. Use a local path for any laptops managed by the offline profiles feature. If a UNC path is used for log files, Citrix recommends that you apply an appropriate access control list to the log file folder. Access control ensures that only authorized user or computer accounts can access the stored files. Examples:
If this policy isn’t configured here, the value from the .ini file is used. If this policy is configured neither here nor in the .ini file, the default location %SystemRoot%\System32\Logfiles\UserProfileManager is used. Profile Management\Profile container settingsProfile containerLets you use a VHDX-based network disk (profile container) to store user profiles. You can use it to store a user profile in whole or in part. On user logon, the profile container is mounted to the user environment and the profile folders are available immediately. Enable local caching for profile containersLets you enable local caching for Citrix Profile Management profile containers. This policy takes effect only when the profile container is enabled for the entire user profile. With the policy set to Enabled, each local profile serves as a local cache of its Citrix Profile Management profile container. If profile streaming is in use, locally cached files are created on demand. Otherwise, they are created during user logons. Folders to exclude from profile containerLets you specify folders to exclude from the Citrix Profile Management profile container. Folders to include in profile containerLets you specify folders to keep in the Citrix Profile Management profile container when their parent folders are excluded. Folders on this list must be subfolders of the excluded folders. Otherwise, this setting does not work. Disabling this setting has the same effect as enabling it and configuring an empty list. Files to include in profile containerLets you specify files to include in the Citrix Profile Management profile container when their parent folders are excluded. Files on this list must be inside the excluded folders. Otherwise, this setting does not work. Files to exclude from profile containerLets you specify files to exclude from the Citrix Profile Management profile container. Profile Management\Profile handlingDelete locally cached profiles on logoffLets you specify whether locally cached profiles are deleted after logoff. If this policy is enabled, a user’s local profile cache is deleted after user logoff. This setting is recommended for terminal servers. If this policy is disabled, cached profiles are not deleted.
Configuration precedence:
Delay before deleting cached profilesLets you specify an optional extension to the delay before locally cached profiles are deleted on logoff. Extending the delay is useful if you know that a process keeps files or the user registry hives open during logoff. With large profiles, this setup can also speed up logoff. A value of 0 deletes the profiles immediately, at the end of the logoff process. Profile Management checks for logoffs every minute. A value of 60 ensures that profiles are deleted between one and two minutes after user logoffs depending on when the last check takes place. Important: This policy works only if Delete locally cached profiles on logoff is enabled. If this policy isn’t configured here, the value from the .ini file is used. If this policy is configured neither here nor in the .ini file, profiles are deleted immediately. Migration of existing profilesLets you specify Profile Management migrate which types of user profiles to the user store if the user store is empty. Profile Management can migrate existing profiles “on the fly” during logon if the user has no profile in the user store. Select Roaming if you are migrating roaming profiles or Remote Desktop Services profiles. The following event takes place during logons. If the user has a Windows profile instead of a Citrix user profile in the user store, Profile Management migrates the Windows profile to the user store. After this process, Profile Management uses the user store profile in the current and other sessions that are configured with the path to the same user store. Configuration precedence:
Automatic migration of existing application profilesThis setting enables or disables the automatic migration of existing application profiles across different operating systems. The application profiles include both the application data in the AppData folder and the registry entries under For example, you need to upgrade your operating system (OS) from Windows 10 version 1803
to Windows 10 version 1809. If this setting is enabled, Profile Management automatically migrates the existing application settings to Windows 10 version 1809 the first time each user logs on. The application data in the AppData folder and the registry entries under If there are several existing application profiles, Profile Management performs the migration in the following order of priority:
If this setting isn’t configured here, the setting from the .ini file is used. If this setting is neither configured here nor in the .ini file, it is disabled by default. Local profile conflict handlingLets you specify how Profile Management behaves if both a profile in the user store and a local Windows user profile (not a Citrix user profile) exist. Configuration precedence:
Template profileLets you specify the storage path of the profile you want to use as a template. This path is the full path of the folder containing the NTUSER.DAT registry file and any other folders and files required for the template profile. Important: Ensure that you do not include This policy does not support expansion of Active Directory attributes, system environment variables, or the Configuration precedence:
Profile Management\RegistryExclusion listLets you specify the registry keys in the HKCU hive that Profile Management ignores during logoff. Example: Software\Policies Configuration precedence:
Inclusion listLets you specify registry keys in the HKCU hive that Profile Management processes during logoff. Example: Software\Adobe. Configuration precedence:
Enable Default Exclusion List - Profile Management 5.5Lets you specify registry keys in the HKCU hive that Profile Management does not synchronize to the user profiles. Use this policy to specify GPO exclusion files without having to fill them in manually. Configuration precedence:
NTUSER.DAT backupLets you enable a backup of the last-known good copy of NTUSER.DAT and roll back when any corruption occurs. If you do not configure this policy here, Profile Management uses the value from the .ini file. If you configure this policy neither here nor in the .ini file, Profile Management does not back up NTUSER.DAT. Profile Management\Streamed user profilesProfile streamingLets you
enable the profile streaming feature. With this feature enabled, files in user profiles are fetched from the user store to the local computer only when users access them. The Configuration precedence:
Enable profile streaming for foldersLets you enable the profile streaming feature for folders in user profiles. With both this policy and the Profile streaming policy set to Enabled, folders in a user profile are fetched from the user store to the local computer only when users access them. Configuration precedence:
Always cacheLets you specify the lower limit on the size of files that are fetched from the user store to the local computer immediately after logon. When the profile streaming feature is enabled, files in user profiles are fetched to the local computers when users access them. This on-demand file-fetching mechanism causes slow loading when files that users request are large. With this policy enabled, Profile Management fetches files larger than a specified size to the local computers immediately after logon. To fetch the entire profile to the local computer immediately after logon, set this limit to zero. Configuration precedence:
Timeout for pending area lock filesLets you specify a timeout period (days) after which Profile Management frees up users’ files. When the timeout occurs, users’ files are written to the user store from the pending area if the user store remains locked when its storage server becomes unresponsive. Use this policy to prevent bloat in the pending area and to ensure that the user store always contains the most up-to-date files. Configuration precedence:
Streamed user profile groupsLets you specify Windows user groups whose user profiles are streamed. This policy streams the profiles of a subset of Windows user groups in the OU. The profiles of users in all other groups are not streamed. Configuration precedence:
Profile Streaming Exclusion list - directoriesLets you specify the folders that Profile Streaming ignores. Folder names must be specified as paths relative to the user profile. Examples: Entering Configuration precedence:
Enable profile streaming for pending areaLets you enable the profile streaming feature for files and folders in the pending area. The pending area is used to ensure profile consistency while profile streaming is enabled. It temporarily stores profile files and folders changed in concurrent sessions. By default, this policy is disabled, and all files and folders in the pending area are fetched to the local profile on logon. With this policy enabled, files in the pending area are fetched to the local profile only when they are requested. Use the policy with the Profile streaming policy to ensure optimal logon experience in concurrent session scenarios. The policy applies to folders in the pending area when the Enable profile streaming for folders policy is enabled. Profile Management\Folder Redirection (User Configuration)Lets you specify whether to redirect folders that commonly appear in profiles and specify the redirection target. Specify targets as UNC paths (for server shares or DFS namespaces) or as paths relative to users’ home directory. The home directory is typically configured with the If a policy isn’t configured here, Profile Management does not redirect the specified folder.
The Redirect
You might want to modify the path after the policy takes effect. However, consider potential data loss before you do so. The data contained in the redirected folder might be deleted if the modified path points to the same location as the previous path. For example, you specify the Contacts path as To avoid potential data loss, complete the following steps:
What profile is used when new user profiles are created?Local profiles are created when a user logs into their computer for the first time. They are called local profiles because they are stored directly on the computer's local hard disk on the computer desktop.
Which type of network consists of multiple Windows computers that share information?A peer-to-peer network (or workgroup) consists of multiple Windows computers that share information. No computer on the network serves as a central authoritative source of user information. Each computer maintains a separate list of users and groups in its own SAM database.
Which profile allows admins to setup user account s with specific settings?User Account Control (UAC) protects your computer from changes to Windows system settings by requiring that an administrator expressly permit certain types of changes.
Which security process records the occurrence of specific operating system events in the security log?Auditing is the security process that records the occurrence of specific operating system events in the Security log.
|