It’s been quite the challenge while setting up roaming profiles for a new Citrix XenDesktop 5.5 farm in an environment that has no redirected folders and scripts to allow users to roam between workstations while maintaining the same look, feel and access to their desktop, my documents, favorites and application folders. Most of the companies I’ve worked in the past have had these policies set up but because one of the recent clients, I had to put on my Microsoft thinking cap to assist in getting these set up in parallel.
The redirected folders were easy enough to set up but as some of us may know, they do not redirect all folders and also doesn’t retain Outlook profile information. This meant that whenever the desktops are recomposed and the user logs onto a fresh desktop, they will receive the following prompt:
Not a big deal if the user has just been migrated to the new Citrix XenDesktop environment and understand this is their new desktop but it will quickly become a big deal if they receive this prompt every time IT updates the image of the pool that their desktop is in. I’ve always told clients that simple annoyances like these are what gives the users a negative impression virtual desktops and as small as this issue may seem, it needs to be dealt with.
So how do we address this? You can search long and hard in the Office Customization Tool menu and Office 2010 GPO adm file but you won’t find any way of retaining or skipping this prompt upon first launch. Before we continue on with the solution, let’s look into the registry where this information is actually stored:
As shown in the screenshot above, this information is actually stored in the registry under:
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo
This key is created in the HKCU when Outlook launches and the user enters their information. I’m sure there are multiple ways of transporting this information across desktops but the way that I went with was simply to create a log on and off batch (you can use script as well) file and assign it to the user accounts via Active Directory Group Policy.
The process goes as such:
- When the user logs on, the batch file will try to import the file hkcuOutlookUserInfo.reg from %appdata% which is on a fileserver because redirected profiles are set up. Now if this is a new user and has never logged onto the network, this hkcuOutlookUserInfo.reg will not exist but this is ok because nothing will get imported. The user will proceed with launching Outlook, fill in the information and the registry key will be created.
- When the user logs off, the batch file will export the HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo out to the hkcuOutlookUserInfo.reg file to the user’s %appdata% folder located on a file server.
- The next time the desktops get refreshed and the user logs onto a fresh desktop without this registry key, the log on script will automatically import the file into registry and thus Outlook will not prompt the user for this information.
I can’t say this is the most elegant solution but unless you have deep pockets to purchase applications such as AppSense then this may be one of the few ways you can get by this annoyance.
The following is what the export and import batch files will look like:
Export
cmd /c regedit /E %appdata%\hkcuOutlookUserInfo.reg "HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo"
Import
cmd /c regedit /C /S %appdata%\hkcuOutlookUserInfo.reg
------------------------------------------------------------------------------------------------------------------------------------------------------
Once these batch files are created, proceed with creating a new GPO and assign it to the OU with the user accounts (or elsewhere and filter out who gets the policy by using groups):
**Note that the policy has “and Signature” in as the name because I bundled in the batch file I used for transporting signatures cross desktops. I’ll be writing another post on how to do this in a similar manner.
Open up the policy and navigate to User Configuration –> Policies –> Windows Settings –> Scripts (Logon/Logoff)
From here, assign the batch files to the Logon and Logoff nodes:
If you have more than one site in your Active Directory, force replication and ensure that the new GPO is available in the site that you’re going to test in. Use a combination of gpupdate/force and gpresult -r on the desktops to ensure that the policy is applied to the user before trying to restart and refresh your images.
No comments:
Post a Comment