This article demonstrates the steps for setting up Citrix User Profiles using Citrix UPM. If you are utilizing FSLogix, you can configure user profiles by referring to the blog post titled How to Set Up Citrix User Profiles using FSLogix.
To minimize network load and enhance the user logon process, consider redirecting user profile folders, such as Documents, Downloads, Desktop, Pictures, etc., to a network share. For guidance on configuring Folder Redirection for Citrix user profiles, consult the blog post titled “How to Set Up Folder Redirection in Citrix“.
For those interested in using OneDrive for folder redirection of Windows known folders, please refer to the blog post titled “Move Windows Known Folders to OneDrive Using Intune“.
Table of Contents
Steps to Setup Citrix User Profiles using UPM
- Step 1: Import Citrix ADMX and ADML Templates
- For creating a GPO to Enable and Configure Citrix User profiles, Import ADMX and ADML Group policy template files on the domain controller.
- Step 2: Ensure Citrix Profile Management Service is Running
- Check and confirm that the Citrix Profile Management Service is running on each Virtual Delivery Agent (VDA).
- Step 3: Set Up a Network Share for User Profiles
- Create a network share where user profiles will be stored. This should be accessible to all relevant VDAs.
- Step 4: Enable Citrix Profile Management via Group Policy (Using Group Policy Configuration for Citrix UPM)
- Utilize Group Policy to enable and configure Citrix Profile Management. The configuration settings will include parameters like profile paths, file exclusions, and other relevant configurations.
- Step 5 – Verify Citrix User Profile Folder
- After the user creates a session on Citrix, the User Profile will be generated. Verify the profile folder to confirm if the setup is functioning correctly.
Step 1 – Import Citrix ADMX and ADML Templates
To set up and configure Citrix User Profiles, we will create a Group Policy Object (GPO) in Active Directory using the Group Policy Management Console. But first, you will need to import Citrix ADMX and ADML templates.
Import Citrix ADMX and ADML Templates
- Open the Citrix Installation ISO and navigate to the following location: \x64\ProfileManagement\ADM_Templates\en.
- Copy the files ctxprofile7.15.4000.admx and ctxprofile7.15.4000.adml. Note that the version number may vary based on your Citrix version.
- Paste the ADMX file into C:\Windows\PolicyDefinitions\ and the ADML file into C:\Windows\PolicyDefinitions\en-US.
If you are using a Central Store for Group Policies, paste these files into the appropriate store location. For details on the location of the Central Store, please refer to the link: Central GPO Store PolicyDefinitions folder.
Note
Step 2 – Ensure Citrix Profile Management Service on the VDA is Running
The Citrix Profile Management Service should be set to ‘Automatic‘ and running on all Citrix Virtual Delivery Agent (VDA) servers.
Step 3 – Create a Network Share on File Server (User Store)
Create a network share folder named ‘ctx_upm_profiles‘ and configure both share permissions and NTFS permissions. To Configure the permissions, follow the permissions configuration outlined in the post ‘How to Set Up Folder Redirection in Citrix‘ for reference.
Refer to the section titled ‘Create a Network Share and Configure Share and NTFS Permissions‘ for guidance on configuring share and NTFS permissions for the ‘ctx_upm_profiles’ folder. After sharing the folder, make a note of the UNC path as we will use it later during the GPO configuration.
Step 4 – Configure Citrix UPM using Group Policy
To create a GPO and configure Citrix UPM, follow the steps below:
- Log in to the Domain Controller and open the Group Policy Management Console (gpmc.msc).
- Create a new Group Policy or use an existing one. In this example, the same group policy used earlier for folder redirection, named ‘Citrix – Folder Redirection‘ will be used to enable Citrix Profile Management.
- Configure all settings under the following Group Policy Path: Computer Configuration | Policies | Administrative Templates | Profile Management.
- Some settings are essential to enable Citrix Profile Management, such as ‘Enable Profile Management‘ and ‘Path to User Store‘. Additionally, other settings are configured based on best practices. The table below outlines each setting configured in this setup.
Profile Setting | Path of the Setting | Value |
---|---|---|
Enable Profile Management | …\Profile Management\ | Enabled |
Path to User Store | …\Profile Management\ | \\<server>\ctx_upm_profiles\#SAMAccountName# |
Customer Experience Improvement Program | …\Profile Management\ | Disabled |
Process logons of local administrators | …\Profile Management\ | Disabled (It helps when troubleshooting because, if Profile Management is misconfigured and prevents user logons, you are still able to log on as an administrator.) |
Enable Logging | …Profile Management\Log Settings | Enabled |
Maximum size of Log File | …Profile Management\Log Settings | Enabled Maximum Size in bytes: 10485760 (10 MB) |
Path to Log File | …Profile Management\Log Settings | C:\ctx_upm_logs |
Local Profile Conflict Handling | …Profile Management\Profile Handling | Enabled if both a local Windows user profile and a Citrix user profile in the user store both exist: Delete Local Profile or Rename Local profile according to your preference. |
Migration of Existing Profiles | …Profile Management\Profile Handling | Enabled Types of user profiles to be migrated if the user store is empty: Roaming and Local |
Delete locally cached profiles on logoff | …Profile Management\Profile Handling | Enabled |
Profile streaming | …Profile Management\Streamed User Profiles | Enabled |
Profile Streaming Exclusion list | …Profile Management\Streamed User Profiles | Enabled List of directories to exclude from profile Streaming: List1 |
Exclusion list- Files | …Profile Management\File system | Enabled List of files to Exclude: !ctx_localappdata!\Microsoft\Windows\UsrClass.dat* |
Directories to synchronize | …Profile Management\File system\Synchronization | Enabled List of directories to synchronize: AppData\Local\Microsoft\Credentials Appdata\Roaming\Microsoft\Credentials Appdata\Roaming\Microsoft\Crypto Appdata\Roaming\Microsoft\Protect Appdata\Roaming\Microsoft\SystemCertificates |
Files to Synchronize | …Profile Management\File system\Synchronization | Enabled List 2 (Files to Synchronize) |
List1 (List of directories to exclude from profile Streaming) |
---|
Exclusion list-directories [These are part of Default Exclusions from UPM 5.3 onwards] !ctx_internetcache! AppData\Local\Google\Chrome\User Data\Default\Cache AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images AppData\Local\Google\Chrome\User Data\Default\JumpListIcons AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld AppData\Local\GroupPolicy AppData\Local\Microsoft\AppV AppData\Local\Microsoft\Messenger AppData\Local\Microsoft\Office\15.0\Lync\Tracing AppData\Local\Microsoft\OneNote AppData\Local\Microsoft\Terminal Server Client AppData\Local\Microsoft\UEV AppData\Local\Microsoft\Windows Live AppData\Local\Microsoft\Windows Live Contacts AppData\Local\Microsoft\Windows\Application Shortcuts AppData\Local\Microsoft\Windows\Burn AppData\Local\Microsoft\Windows\CD Burning AppData\Local\Microsoft\Windows\Notifications AppData\Local\Packages AppData\Local\Sun AppData\Local\Windows Live !ctx_localsettings!\Temp AppData\Roaming\Microsoft\AppV\Client\Catalog AppData\Roaming\Sun\Java\Deployment\cache AppData\Roaming\Sun\Java\Deployment\log AppData\Roaming\Sun\Java\Deployment\tmp $Recycle.Bin AppData\LocalLow Tracing new path for Temporary Internet Files in Windows 8 and later AppData\Local\Microsoft\Windows\INetCache If running Office 365 with Shared Computer Activation, then exclude !ctx_localappdata!\Microsoft\Office\15.0\Licensing !ctx_localappdata!\Microsoft\Office\16.0\Licensing |
List 2 (Files to Synchronize) |
---|
AppData\LocalLow\Sun\Java\Deployment\security\exception.sites AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs AppData\LocalLow\Sun\Java\Deployment\deployment.properties AppData\Local\Google\Chrome\User Data\First Run AppData\Local\Google\Chrome\User Data\Local State AppData\Local\Google\Chrome\User Data\Default\Bookmarks AppData\Local\Google\Chrome\User Data\Default\Favicons AppData\Local\Google\Chrome\User Data\Default\History AppData\Local\Google\Chrome\User Data\Default\Preferences |
As the GPO settings are computer-based, applying them to Citrix VDA Servers will create corresponding registry entries in the following registry path on each Citrix VDA Server.
Ensure that the registry entries and values match the configurations set in the GPO. If the registry entries are not visible, it may indicate that the GPO is not being applied or is not configured correctly.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\UserProfileManager\
Registry Entry Location
Step 5 – Verify Citrix User Profile Folder
After a user logs on to Citrix, a Citrix UPM profile folder is created using the user’s samAccountname
at the user store location configured in the GPO. The screenshot below illustrates the Citrix user profile for a specific user.
External References
- User Profile Best Practices for XenApp
- Citrix Profile Management Recommended Exclusions and Inclusions
- How to Synchronize Profile Efficiently