Citrix Profile Management 5.2.0 which is bundled with XenDesktop or XenApp 7.5 / 7.6 hasn’t changed much other than the agent now included when the VDA (Virtual Delivery Agent) is installed onto your application server:
C:\Program Files\Citrix\User Profile Manager
… but as I had to configure it for an environment I recently deployed, I thought I’d screenshot the configuration process so I have a updated Citrix Profile Management post to refer to. More information about Profile Management 5.x can be found at the following URL: http://support.citrix.com/proddocs/topic/user-profile-manager-5-x/upm-wrapper-kib.html
Obtaining the Profile Management Active Directory ADM
The adm template for the Profile Management configuration settings can be found in the following folder of the XenDesktop / XenApp 7.5 / 7.6 installation media:
Note that Citrix has also included the ability to configure Profile Management settings directly from within the CItrix Studio’s policy node as shown here:
The reason why I prefer to use Active Directory GPO rather than the Citrix policy node in the Studio is because an Active Directory GPO is always going to be visible as compared to policies defined within Citrix which means a regular non-Citrix administrator that does not have access to the Citrix Studio would see an Active Directory GPO and know that a set of settings are being applied to these computer objects.
Setting up File Share to store Profiles
I’ve written a previous blog post for setting up the share to store the Profile Management so I’ll simply refer to it rather than rewrite the instructions:
Setting Share and NTFS permissions for redirected profile and home folders with commands
Creating a new Profile Management Active Directory GPO
Locate the Organization Unit that contains the application servers that you will published with the XenApp 7.6 Delivery Controllers and create a new GPO:
Note that if you haven’t blocked inheritance for the OU containing your application servers then I would suggest you do as it is recommended to block inheritance so computer configuration GPOs are not unintentionally applied to the application server (i.e. software install, various configurations):
Configuring the Profile Management GPO
With the GPO created and assigned to the OU containing the application server, open the properties of the GPO, select the Administrative Templates node, click on the Action tab and then Add/Remove Templates…:
Click on the Add… button in the Add/Remove Templates window:
Navigate to the folder containing the ctxprofile5.2.0.adm file and open the file:
Continue and click on the Close button with the policy template loaded:
Navigate to Computer Configuration –> Policies –> Administrative Templates –> Classic Administrative Templates –> Citrix –> Profile Management:
Configure the following settings in the Profile Management node:
Enable Profile management –> Enabled
Processed groups –> Disabled
Process logons of local administrators –> Enabled
Path to user store –> Enabled
Absolute path or path relative to the home directory: \\<fileServer>\<shareName>\%username%
Active write back –> Enabled
Navigate to the Profile handling node and enable the following settings:
- Delete locally cached profiles on logoff
- Local profile conflict handling
- Select Rename local profile for Citrix user profile in the user store both exist:
Note that the reason why I enable the Local profile conflict handling and set the configuration to rename the file is because if you’re implementing this policy after the application has been in production for a while, users will notice that the first server they log onto will get their profiles relocated to the file server but when they log onto a second server their local profiles would continue to load. Enabling this configuration will ensure that the roamed profiles will get applied to every server.
Navigate to the File system node and open the Exclusion list – directories setting:
Add the following directories into the exclusion list:
- Local Settings
With the configuration above set, Citirx Profile Management should start maintaining the same profile for users logging onto the application servers.
Additional GPO Configuration
One of the common issues I’ve come across during my previous XenApp deployments is that blocking the Computer Configuration GPOs may not be enough because users also have User Configuration GPOs that may affect the logon or overall operational performance of the application server. To reduce the risk that User Configuration policies creating unintentional effects, we can use the a loopback policy set to replace mode by navigating to Computer Configuration –> Policies –> Administrative Templates –> System –> Group Policy and enable the Configure user Group Policy loopback processing mode:
Any required User Configuration settings that need to get re-applied to the user can be configured in the same Profile Management GPO or create a new GPO but with the loopback mode enabled set to Merge.
I’m not sure what it is but I’ve had 2 environments where as soon as I turn on Profile Management, users’ profiles would have the Use check boxes to select items configuration automatically enabled:
While not an issue that would render the server inaccessible, I find it extremely annoying so I’m going to include the GPO settings here in case I run into this issue again in the future.