| This article shows the steps on how to setup Citrix User Profiles using Citrix UPM. If you are using FSLogix then you can configure user profiles using blog post: How to Setup Citrix User Profiles using FSLogix. To reduce network load and speed up the user logon process, you can also redirect user’s profile folders such as Documents, Downloads, Desktop, Pictures etc. to a network share. For configuration of Folder redirection for citrix user profile you can use use the blog post: How to Setup Folder redirection in Citrix. If you want to utilize OneDrive for folder redirection of Windows known folders then you can check blog post: Move windows known folders to Onedrive using Intune. |
You can setup Citrix User Profiles either using FSLogix or by using Citrix UPM. In this blog post, we will see step by step how to configure Citrix user profiles using Citrix UPM. For Setting up citrix user profile management, there are three things required.
First make sure Citrix Profile Management Service is running on each VDA, Second is a network share where the users profile will be stored and Third is to Enable Citrix Profile Management via Group Policy or Citrix Policies. (I will be using Group Policy Configuration to enable / configure Citrix UPM).
For Configuration of the Profile Management settings, you may have to import the ADMX and ADML (Group Policy Administrative Templates) files for profile Management in Group Policy. You can find administrative template in the Citrix Installation ISO -> \x64\ProfileManagement\ADM_Templates\en.
Copy ctxprofile7.15.4000.admx and ctxprofile7.15.4000.adml (the file name could be different in your case depending upon the version of citrix virtual apps and desktops you are using) and paste it in C:\windows\PolicyDefinitions\ and C:\windows\PolicyDefinitions\en-US path respectively. If you are using a central GPO Store then copy it to Central GPO Store PolicyDefinitions folder.
Citrix Profile Management ADMX File Location
Citrix Profile Management ADMX and ADML files can be found in the Citrix Installation media at \x64\ProfileManagement\ADM_Templates\en location. Please find below screenshot for the same:
Citrix Profile Management Service on VDA
Citrix Profile Management Service should be in Automatic and Running state on all Citrix VDA servers.
Create Network Share on File Server (User Store)
Create a network share folder name ctx_upm_profiles and configure share permissions and NTFS permissions. You need to configure the permissions similar to as it has been configured in the post: How to Setup Folder redirection in Citrix.
Refer to the section “Create a Network Share and configure share and NTFS Permissions” to configure share and NTFS Permissions for ctx_upm_profiles folder. Once this folder is shared, note down the UNC path of the folder, we will use this path later while configuring the GPO.
Configure Citrix UPM using Group Policy
Citrix UPM settings are computer configuration based settings so a restart of VDA servers may be needed to get the policy affected.
- Login to the Domain Controller and open group policy management console (gpmc.msc)
- Create a new Group Policy or use the existing one, I have use the same group policy which i had created earlier for folder redirection called Citrix – Folder Redirection to enable citrix profile management.
- All the settings will be configured under below Group Policy Path Computer Configuration | Policies | Administrative Templates | Profile Management.
- There are some settings which are minimum required settings to enable Citrix Profile Management e.g. Enable Profile Management and Path to User Store. Other settings which are configured as best practices. Below table shows each setting which I have configured in my setup.
| Profile Setting | Path of the Setting | Value |
|---|---|---|
| Enable Profile Management | …\Profile Management\ | Enabled |
| Path to User Store | …\Profile Management\ | \\<server>\ctx_upm_profiles\#SAMAccountName# |
| Customer Experience Improvement Program | …\Profile Management\ | Disabled |
| Process logons of local administrators | …\Profile Management\ | Disabled (It helps when troubleshooting because, if Profile Management is misconfigured and prevents user logons, you are still able to log on as an administrator.) |
| Enable Logging | …Profile Management\Log Settings | Enabled |
| Maximum size of Log File | …Profile Management\Log Settings | Enabled Maximum Size in bytes: 10485760 (10 MB) |
| Path to Log File | …Profile Management\Log Settings | C:\ctx_upm_logs |
| Local Profile Conflict Handling | …Profile Management\Profile Handling | Enabled if both a local Windows user profile and a Citrix user profile in the user store both exist: Delete Local Profile or Rename Local profile according to your preference. |
| Migration of Existing Profiles | …Profile Management\Profile Handling | Enabled Types of user profiles to be migrated if the user store is empty: Roaming and Local |
| Delete locally cached profiles on logoff | …Profile Management\Profile Handling | Enabled |
| Profile streaming | …Profile Management\Streamed User Profiles | Enabled |
| Profile Streaming Exclusion list | …Profile Management\Streamed User Profiles | Enabled List of directories to exclude from profile Streaming: List1 |
| Exclusion list- Files | …Profile Management\File system | Enabled List of files to Exclude: !ctx_localappdata!\Microsoft\Windows\UsrClass.dat* |
| Directories to synchronize | …Profile Management\File system\Synchronization | Enabled List of directories to synchronize: AppData\Local\Microsoft\Credentials Appdata\Roaming\Microsoft\Credentials Appdata\Roaming\Microsoft\Crypto Appdata\Roaming\Microsoft\Protect Appdata\Roaming\Microsoft\SystemCertificates |
| Files to Synchronize | …Profile Management\File system\Synchronization | Enabled List 2 (Files to Synchronize) |
| List1 (List of directories to exclude from profile Streaming) |
|---|
| Exclusion list-directories [These are part of Default Exclusions from UPM 5.3 onwards] !ctx_internetcache! AppData\Local\Google\Chrome\User Data\Default\Cache AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images AppData\Local\Google\Chrome\User Data\Default\JumpListIcons AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld AppData\Local\GroupPolicy AppData\Local\Microsoft\AppV AppData\Local\Microsoft\Messenger AppData\Local\Microsoft\Office\15.0\Lync\Tracing AppData\Local\Microsoft\OneNote AppData\Local\Microsoft\Terminal Server Client AppData\Local\Microsoft\UEV AppData\Local\Microsoft\Windows Live AppData\Local\Microsoft\Windows Live Contacts AppData\Local\Microsoft\Windows\Application Shortcuts AppData\Local\Microsoft\Windows\Burn AppData\Local\Microsoft\Windows\CD Burning AppData\Local\Microsoft\Windows\Notifications AppData\Local\Packages AppData\Local\Sun AppData\Local\Windows Live !ctx_localsettings!\Temp AppData\Roaming\Microsoft\AppV\Client\Catalog AppData\Roaming\Sun\Java\Deployment\cache AppData\Roaming\Sun\Java\Deployment\log AppData\Roaming\Sun\Java\Deployment\tmp $Recycle.Bin AppData\LocalLow Tracing new path for Temporary Internet Files in Windows 8 and later AppData\Local\Microsoft\Windows\INetCache If running Office 365 with Shared Computer Activation, then exclude !ctx_localappdata!\Microsoft\Office\15.0\Licensing !ctx_localappdata!\Microsoft\Office\16.0\Licensing |
| List 2 (Files to Synchronize) |
|---|
| AppData\LocalLow\Sun\Java\Deployment\security\exception.sites AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs AppData\LocalLow\Sun\Java\Deployment\deployment.properties AppData\Local\Google\Chrome\User Data\First Run AppData\Local\Google\Chrome\User Data\Local State AppData\Local\Google\Chrome\User Data\Default\Bookmarks AppData\Local\Google\Chrome\User Data\Default\Favicons AppData\Local\Google\Chrome\User Data\Default\History AppData\Local\Google\Chrome\User Data\Default\Preferences |
As the GPO settings are computer based, when applied to Citrix VDA Servers it will create the registry entries in below registry path on each Citrix VDA Server. Make sure you can see the registry entries and values as you have configured in the GPO. If you do not see the registry entries, it could be that the GPO is not getting applied or not configured correctly.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\UserProfileManager\
Citrix Profile Folder
Once the user logs on to Citrix, A Citrix UPM profile folder using user’s samAccountname is created at the user store location we configured in the GPO. Below screenshot shows the Citrix user profile of a user.
External References
User Profile Best Practices for XenApp
https://support.citrix.com/article/CTX120285
Citrix Profile Management Recommended Exclusions and Inclusions
https://support.citrix.com/article/CTX230538
How to Synchronize Profile Efficiently
https://support.citrix.com/article/CTX224498
