How to Setup Citrix User Profiles using Citrix UPM

by Leave a comment
This article shows the steps on how to setup Citrix User Profiles using Citrix UPM.

If you are using FSLogix then you can configure user profiles using blog post:
How to Setup Citrix User Profiles using FSLogix.

To reduce network load and speed up the user logon process, you can also redirect user’s profile folders such as Documents, Downloads, Desktop, Pictures etc. to a network share. For configuration of Folder redirection for citrix user profile you can use use the blog post:
How to Setup Folder redirection in Citrix.

If you want to utilize OneDrive for folder redirection of Windows known folders then you can check blog post:
Move windows known folders to Onedrive using Intune.

You can setup Citrix User Profiles either using FSLogix or by using Citrix UPM. In this blog post, we will see step by step how to configure Citrix user profiles using Citrix UPM. For Setting up citrix user profile management, there are three things required.

First make sure Citrix Profile Management Service is running on each VDA, Second is a network share where the users profile will be stored and Third is to Enable Citrix Profile Management via Group Policy or Citrix Policies. (I will be using Group Policy Configuration to enable / configure Citrix UPM).

For Configuration of the Profile Management settings, you may have to import the ADMX and ADML (Group Policy Administrative Templates) files for profile Management in Group Policy. You can find administrative template in the Citrix Installation ISO -> \x64\ProfileManagement\ADM_Templates\en.

Copy ctxprofile7.15.4000.admx and ctxprofile7.15.4000.adml (the file name could be different in your case depending upon the version of citrix virtual apps and desktops you are using) and paste it in C:\windows\PolicyDefinitions\ and C:\windows\PolicyDefinitions\en-US path respectively. If you are using a central GPO Store then copy it to Central GPO Store PolicyDefinitions folder.

Citrix Profile Management ADMX File Location

Citrix Profile Management ADMX and ADML files can be found in the Citrix Installation media at \x64\ProfileManagement\ADM_Templates\en location. Please find below screenshot for the same:

Citrix Profile Management ADMX File Location

Citrix Profile Management Service on VDA

Citrix Profile Management Service should be in Automatic and Running state on all Citrix VDA servers.

Citrix Profile Management Service on VDA

Create Network Share on File Server (User Store)

Create a network share folder name ctx_upm_profiles and configure share permissions and NTFS permissions. You need to configure the permissions similar to as it has been configured in the post: How to Setup Folder redirection in Citrix.

Refer to the section “Create a Network Share and configure share and NTFS Permissions” to configure share and NTFS Permissions for ctx_upm_profiles folder. Once this folder is shared, note down the UNC path of the folder, we will use this path later while configuring the GPO.

Configure Citrix UPM using Group Policy

Citrix UPM settings are computer configuration based settings so a restart of VDA servers may be needed to get the policy affected.

  • Login to the Domain Controller and open group policy management console (gpmc.msc)
  • Create a new Group Policy or use the existing one, I have use the same group policy which i had created earlier for folder redirection called Citrix – Folder Redirection to enable citrix profile management.
  • All the settings will be configured under below Group Policy Path Computer Configuration | Policies | Administrative Templates | Profile Management.
  • There are some settings which are minimum required settings to enable Citrix Profile Management e.g. Enable Profile Management and Path to User Store. Other settings which are configured as best practices. Below table shows each setting which I have configured in my setup.
Profile SettingPath of the SettingValue
Enable Profile Management…\Profile Management\Enabled
Path to User Store…\Profile Management\\\<server>\ctx_upm_profiles\#SAMAccountName#
Customer Experience Improvement Program…\Profile Management\Disabled
Process logons of local administrators…\Profile Management\Disabled (It helps when troubleshooting because, if Profile Management is misconfigured and prevents user logons, you are still able to log on as an administrator.)
Enable Logging…Profile Management\Log SettingsEnabled
Maximum size of Log File…Profile Management\Log SettingsEnabled
Maximum Size in bytes: 10485760 (10 MB)
Path to Log File…Profile Management\Log SettingsC:\ctx_upm_logs
Local Profile Conflict Handling…Profile Management\Profile HandlingEnabled

if both a local Windows user profile and a Citrix user profile in the user store both exist: Delete Local Profile or Rename Local profile according to your preference.
Migration of Existing Profiles…Profile Management\Profile HandlingEnabled

Types of user profiles to be migrated if the user store is empty: Roaming and Local
Delete locally cached profiles on logoff…Profile Management\Profile HandlingEnabled
Profile streaming…Profile Management\Streamed User ProfilesEnabled
Profile Streaming Exclusion list…Profile Management\Streamed User ProfilesEnabled

List of directories to exclude from profile Streaming:

List1
Exclusion list- Files…Profile Management\File systemEnabled

List of files to Exclude:
!ctx_localappdata!\Microsoft\Windows\UsrClass.dat*
Directories to synchronize…Profile Management\File system\SynchronizationEnabled

List of directories to synchronize:

AppData\Local\Microsoft\Credentials
Appdata\Roaming\Microsoft\Credentials
Appdata\Roaming\Microsoft\Crypto
Appdata\Roaming\Microsoft\Protect
Appdata\Roaming\Microsoft\SystemCertificates
Files to Synchronize…Profile Management\File system\SynchronizationEnabled
List 2 (Files to Synchronize)
List1 (List of directories to exclude from profile Streaming)
Exclusion list-directories [These are part of Default Exclusions from UPM 5.3 onwards]

!ctx_internetcache!
AppData\Local\Google\Chrome\User Data\Default\Cache
AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images
AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld
AppData\Local\GroupPolicy
AppData\Local\Microsoft\AppV
AppData\Local\Microsoft\Messenger
AppData\Local\Microsoft\Office\15.0\Lync\Tracing
AppData\Local\Microsoft\OneNote
AppData\Local\Microsoft\Terminal Server Client
AppData\Local\Microsoft\UEV
AppData\Local\Microsoft\Windows Live
AppData\Local\Microsoft\Windows Live Contacts
AppData\Local\Microsoft\Windows\Application Shortcuts
AppData\Local\Microsoft\Windows\Burn
AppData\Local\Microsoft\Windows\CD Burning
AppData\Local\Microsoft\Windows\Notifications
AppData\Local\Packages
AppData\Local\Sun
AppData\Local\Windows Live
!ctx_localsettings!\Temp
AppData\Roaming\Microsoft\AppV\Client\Catalog
AppData\Roaming\Sun\Java\Deployment\cache
AppData\Roaming\Sun\Java\Deployment\log
AppData\Roaming\Sun\Java\Deployment\tmp
$Recycle.Bin
AppData\LocalLow
Tracing
new path for Temporary Internet Files in Windows 8 and later
AppData\Local\Microsoft\Windows\INetCache                                        
If running Office 365 with Shared Computer Activation, then exclude
!ctx_localappdata!\Microsoft\Office\15.0\Licensing
!ctx_localappdata!\Microsoft\Office\16.0\Licensing
List 2 (Files to Synchronize)
AppData\LocalLow\Sun\Java\Deployment\security\exception.sites
AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
AppData\LocalLow\Sun\Java\Deployment\deployment.properties
AppData\Local\Google\Chrome\User Data\First Run
AppData\Local\Google\Chrome\User Data\Local State
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Google\Chrome\User Data\Default\Favicons
AppData\Local\Google\Chrome\User Data\Default\History
AppData\Local\Google\Chrome\User Data\Default\Preferences

As the GPO settings are computer based, when applied to Citrix VDA Servers it will create the registry entries in below registry path on each Citrix VDA Server. Make sure you can see the registry entries and values as you have configured in the GPO. If you do not see the registry entries, it could be that the GPO is not getting applied or not configured correctly.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\UserProfileManager\

Citrix Profile Folder

Once the user logs on to Citrix, A Citrix UPM profile folder using user’s samAccountname is created at the user store location we configured in the GPO. Below screenshot shows the Citrix user profile of a user.

Citrix Profile Folder UPM

External References

User Profile Best Practices for XenApp

https://support.citrix.com/article/CTX120285

Citrix Profile Management Recommended Exclusions and Inclusions
 
https://support.citrix.com/article/CTX230538

How to Synchronize Profile Efficiently

https://support.citrix.com/article/CTX224498

Leave a Comment