Yet another challenge that I’ve faced when deploying virtual desktops is retaining signatures across desktop pools or when a desktop pool is refreshed in the case of statically assign pools. Active Directory redirected folders solves half of the problem since a user’s signatures are stored in the %appData% folder and by redirecting this folder to a file server, the user will have access to it across desktops but what most may notice is that the assignment doesn’t. This means that the user will always have to go back into their signature properties and reassign the new and reply signatures. This can quickly become a major annoyance to users as desktop images can be refreshed numerous times. If you’re forced to use scripts to handle the roaming because the business does not want to use Citrix’s User Profile Management, then one of the ways to do it is similar to one of my previous posts where we need to first locate the registry key that stores this information and then use a combination of log on and log off batch files to export and import the setting back in.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Note that there is a caveat to this workaround and it’s that if the only case that it doesn’t catch is as follows:
- User has an Outlook profile configured with signature assigned.
- Administrator makes modifications to the master image and updates the machine.
- User logs into a new virtual desktop for the first time, makes changes to their signature or Outlook settings and then logs off.
In the situation above, the changes the user made to their Outlook profile will not be saved because their virtual desktop has just been refreshed. However, when the user logs back on the second time, the changes will then be preserved. I haven’t had the chance to spend more time on modifying the batch file to correct this problem but will update this post when I figure it out.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
The signature assignment is actually stored in the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
I originally didn’t bother to look into what was stored in this registry key but when I finally realized what happens when you simply export and import this key back into the registry, I decided to take a deeper look. Although I still don’t know all the details of what each subkey represents, the top level Outlook key represents the profile that is displayed in the following mail profiles for the Windows desktop operating system:
So if you were to browse HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\ and you see multiple keys, each key represents the profile you have configured. The problem with simply exporting and importing this key upon log on and log off which is a part of the workaround I’m about to demonstrate is that when you launch Outlook for the first time after you’ve refreshed your desktop image, it does not treat the imported profile as a usable profile (most likely because of the encryption keys generated from the previous desktop). Hence, if you’ve configured a custom.msp file to automatically configure an Outlook profile, it will rename the profile to BACKUP OF Outlook and create a new Outlook profile:
What’s interesting is that the signature settings get copied over and everything looks fine until you browse the account’s settings and notice that you have multiple entries as such:
An additional entry will be created every time you refresh your desktop image which causes the Outlook first run to create a new profile. This doesn’t appear to affect the Outlook in any way but imagine performing several hundreds of refreshes later. I’m sure Outlook would eventually get affected at some point if this list gets too long so rather than leaving it as such, I’ve made some changes to the GPO that I will be using.
The process goes as such:
- When the user logs on, the batch file will try to import the file hkcuOutlookSignature.reg from %appdata% which is on a fileserver because redirected profiles are set up. Now if this is a new user and has never logged onto the network, this hkcuOutlookSignature.reg will not exist but this is ok because nothing will get imported. The user will proceed with launching Outlook, fill in the information and the registry key will be created.
- When the user logs off, 2 batch files will be executed:
- The first batch file will check to see if the key BACKUP OF Outlook exists and if it doesn’t, it will exit. If the BACKUP OF Outlook does exist, it will delete the Outlook key and all its subkeys, recreate the Outlook key, copy all of the subkeys in the BACKUP OF Outlook key into the Outlook key then delete the BACKUP OF Outlook key.
- One the first batch file has executed, another batch file will export the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook out to the hkcuOutlookSignature.reg file to the user’s %appdata% folder located on a file server.
- The next time the desktops get refreshed and the user logs onto a fresh desktop without this registry key, the log on script will automatically import the Outlook profile into registry, Outlook will create a new profile, rename the old profile but the new profile will have all of the user’s signature settings. Once the user logs off again, step #2 will execute and thus will clean up the profile.
The following is what the export and import batch files will look like:
Import – Log On
cmd /c regedit /C /S “%appdata%\hkcuOutlookSignature.reg”
Export – Log Off
Batch File #1
rem This line checks to see if "BACKUP OF Outlook" exists and if it doesn’t, it will exit
@echo off && reg query "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\BACKUP OF Outlook" || exit
rem The following line will run if "BACKUP OF Outlook" does exist
reg delete "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook" /f
reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook" /f
reg copy "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\BACKUP OF Outlook" "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook" /s /f
reg delete "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\BACKUP OF Outlook" /f
Batch File #2
cmd /c regedit /E “%appdata%\hkcuOutlookSignature.reg” "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook"
------------------------------------------------------------------------------------------------------------------------------------------------------
Once these batch files are created, proceed with creating a new GPO and assign it to the OU with the user accounts (or elsewhere and filter out who gets the policy by using groups):
**Note that the policy has “Outlook User Infor” in as the name because I bundled in the batch file I used for transporting user info settings cross desktops which is the post I wrote previous to this one.
Open up the policy and navigate to User Configuration –> Policies –> Windows Settings –> Scripts (Logon/Logoff)
From here, assign the batch files to the Logon and Logoff nodes:
If you have more than one site in your Active Directory, force replication and ensure that the new GPO is available in the site that you’re going to test in. Use a combination of gpupdate/force and gpresult -r on the desktops to ensure that the policy is applied to the user before trying to restart and refresh your images.
2 comments:
Thanks for the great post. I am trying to import the outlook settings using the reg key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles and get prompted to choose an Outlook profile when Outlook starts. You don't seem to list this as a problem in your post. How did you get around this?
HI,
I did the same but new profile start?
As
Post a Comment