Thursday, June 7, 2012

Relocating Internet Explorer’s temporary internet files in a Citrix XenApp environment with Active Directory GPO

One of the challenges using Citrix XenApp published applications from desktops is when you attempt to open files through Internet Explorer because the Internet Explorer resides on the desktop while the application, such as MS Project, resides on the Citrix XenApp server.  What ends up happening is that the file that’s being opened is temporarily downloaded to the desktop’s temporary internet files folder and the Citrix published application, residing on the server, attempts to reach into the same folder path on its own attached storage to open the file.  So let’s say the temporary internet files location on the desktop is C:\Temporary, the Citrix XenApp server would attempt to open the file on its own C:\Temporary and subsequently fail.  The following is a post I wrote earlier in the week about this:

Unable to launch project files from web pages with Microsoft Project published with Citrix XenApp 6.5

As mentioned in the post above, the solution is to simply redirect the Temporary Inter Files folder from the path of the local drive of desktop to another folder that the Citrix XenApp can also access. 


Since both the desktop and the XenApp server needs to be able to access the drive with the same name, the logical choice would be to use a folder such as the user’s home drive.  I’ve had mixed results with redirecting the temporary internet files folder to the user’s home drive and have found that the performance can be extremely poor.  One of the more recent tests I’ve done involved MS Project files that were 100KB and 987KB.  The smaller MS Project file opened within reasonable time while the larger file took at least 10 times longer.  This prompted me to go with another solution and that was to redirect the file to a local on the desktop but was also accessible by the server.

Path to Redirect Temporary Internet Files

The choices I usually propose to clients to test are as follows:

Redirect to user’s home drive – the path would be the full UNC path such as \\fileserver\users$\%username%

**Note that you cannot use the %homedrive% variable as the policy we’ll be configuring won’t work as expected.

Redirect to the user’s desktop’s C drive – the first thought I had was to redirect the temporary internet files folder to \\%computername%\users\%username% but this meant that I would need to share out the users folder and some administrators wouldn’t like that so the alternative I usually prefer is to create a folder and share it out so the path would look something like this \\%computername%\TIE.

Group Policy for Redirection

Unfortunately, you won’t find a GPO setting within the Internet Explorer node that will allow you to select a path to redirect the files.  The only way to do it cleanly without using a script is to use the Group Policy Preferences feature provided with Windows Server 2008 R1 or R2 domain controllers (or alternatively a Windows 7 desktop with Group Policy Management tools installed) to edit 2 registry keys.  The reason why I say cleanly is because one of the two registry keys’ value is stored in hexadecimal format which means you can’t simply use a script to fill the value out with a string.  I only have any screenshots that have redirect the path to the user’s home folder so the following example will show that.  If you choose to redirect to a folder on the local computer then modify the path as required.

The 2 registry keys are as follows:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Cache – Type –> REG_EXPAND_SZ


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Cache – Type –> REG_SZ


These 2 keys can be easily modified via the following Group Policy Preferences GPO:




Change the Action value to Replace:



Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders:



Change the value to the shared path accessible by both the desktop and server of your choice:


Create a second registry item:



Change the Action value to Replace:



Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders:



Change the value to the shared path accessible by both the desktop and server of your choice:


You should now see 2 registry entries in the policy:


Apply this policy to the user object and force a policy update.  Once the policy has been refreshed, you will notice the change in the temporary internet files location the next time you log on.

One of the questions I’ve been asked in the past is how we can automate the task of creating the new folder and sharing it out.  If you’re using this with virtual desktops then the easiest way is to actually modify the master template.  Otherwise, if you’re using physical desktops, then you’ll need to use a script.

1 comment:

Sootie said...

This fixed a similar but unrelated issue for me where apps would work only after you logged on via rdp once first.

Much appreciated post thanks Terrance!