Embed Size (px)
Citation preview
www.citrix.com
Citrix Presentation Server FAQ
FAQ DATASHEET
Profile Management
Frequently Asked Questions
Table of Contents
GENERAL QUESTIONS ..................................................................................2
USER’S PROFILE AND SETTINGS .................................................................. 4
SERVICE INSTALLATION AND CONFIGURATION .......................................... 6
ASSIGNING PROFILES ................................................................................. 9
MIGRATING PROFILES ................................................................................ 10
2
FAQ DATASHEET
GENERAL QUESTIONS
How does Profile management work?
During logon, the Profile management service manages the user settings in a Citrix user profile. Upon logoff, it merges back only changed user settings to the centrally stored user settings (user‘s store). Profile management is able to ensure the deltas are tracked correctly and that designated settings are saved based on the latest change only. A more in depth overview of Citrix Profile management is located here: http://community.citrix.com/x/AoEAAg
Are any changes required with profiles or on the file share?
The users must have write access to their centrally stored profile location. It is best to
use the existing user‘s home directory since permissions are already set correctly. But
any UNC path may be defined as long as it uniquely and correctly resolves for every
user.
Since the Profile management service runs before the user logs on, only system
environment variables and AD attributes may be used. There are two user environment
variables that are allowed by exception. These are %USERNAME% and
%USERDOMAIN%. Basically, any variable that is set before a user logs onto a system
may be leveraged in the configuration.
When do the profile keys get written back to the user’s central store?
Deltas to the user‘s profile are written back to the user‘s central store during logoff.
The HKEY_CURRENT_USER registry settings are scanned and only the deltas are
merged back to the NTUSER.DAT within the user‘s central store. Any changes in the
file or folders that have been configured to be captured are copied back to the user‘s
central store.
Does last writer win?
Last writer wins is prevented when it comes to the entire registry hive. Only the last
write to defined files, folders, or registry keys win. Profile management is able to detect
deltas and thus ensure that only the defined settings are overwritten. Compare this with
roaming profiles wherein the entire profile is overwritten and thus the last write wins.
Please see this blog for more in depth details:
http://community.citrix.com/x/OIENAg
3
FAQ DATASHEET
How does Profile management improve logon/logoff performance?
Profile management is capable of reducing user logon time by enabling administrators
to exclude (and include) certain files and folders in order to prevent extraneous settings
from needlessly being copied with the profile. For example, some applications may
create folders and files that account for tens or hundreds of megabytes—data that is
really not required. By excluding these items, the profile is thus smaller, and smaller
profiles load faster. Alternatively, you could elect to only include specific files and
folders, thus keeping to a minimum the amount of profile data being managed within
the user‘s profile.
There are a couple blogs on this topic:
Profile Bloat: http://community.citrix.com/x/A4AaAg
Improve logon speed: http://community.citrix.com/x/HYXuAg
How does Profile management address profile bloat?
As described in the previous question, Profile management enables administrators to exclude (and include) certain files and folders in order to prevent extraneous settings from needlessly being copied with the profile. For example, some applications may create folders and files in the ‗Application Data‘ profile folder that account for tens or hundreds of megabytes, which are excess baggage. By excluding these files and folders, it minimizes the extra data being stored in a profile. Please refer to this blog for more in depth discussion on Profile Bloat: http://community.citrix.com/x/A4AaAg
Why do folders I’ve excluded still show up in the user’s store?
A more accurate description of the exclusion capability would have been ‗contents
exclusion‘ list. Essentially any folders on the exclusion list will have the contents
excluded but the folder structure will still be created in the user store.
Is profile corruption reduced or managed better?
Often profile corruption occurs from an application improperly creating or writing
settings, which is often referred to as profile inconsistency. Less likely to occur is
corruption as the result of a network connectivity error – which in most cases the OS
manages and recovers properly. Corruption exposure of this nature is reduced by
minimizing the amount of data that is copied and also limiting the extent of damage to
specific data if corruption occurs.
Please refer to this blog for more in depth discussion on profile corruption vs.
inconsistency: http://blogs.sepago.de/helge/2008/07/02/corrupt-user-profiles-do-
they-even-exist/
4
FAQ DATASHEET
User’s Profile and Settings
Where are the user’s profile settings and files stored?
The user‘s profile settings can be stored either on an administratively defined UNC path
or a path relative to the user‘s home directory. By default, the folder created in the
%HOMESHARE% directory is named Windows but can be any name as defined in the
configuration.
In both cases, it may include as part of the path variables such as %USERNAME% and
%USERDOMAIN%. The user needs write access to this folder. Within this path or
folder, there is at least one subfolder named UPM_Profile which contains the user‘s
profile data.
When using the extended synchronization capability (please refer to Admin Guide for
details), each drive letter will have an additional folder which follows the naming
schemata UPM_Drive_<DriveLetter> (e.g. UPM_Drive_E for E:\).
Please make note that since the Profile management service must know its configuration before the user logs on, only system environment variables and AD attributes may be used. There are two user environment variables that are allowed by exception. These are %USERNAME% and %USERDOMAIN%. Basically any variable that is set before a user logs onto a system may be leveraged in the configuration.
How does folder redirection work with Profile management?
Folder Redirection is automatically recognized and Profile management will not sync
those folders and files. Folder redirection is recommended to ensure that user data
stored in those folders is segregated.
How does the files and folder synchronization functionality work?
During a session, Profile management monitors files/folders via the NTFS change
journal. Any changes are recorded internally. During logoff, a sophisticated algorithm
recognizes these deltas and performs only the required actions over the network.
Examples: If a file/folder was renamed during a session, it will not be copied again
during logoff. Instead, the file or folder on the network will simply be renamed.
If the attributes of a file/folder were changed, only the changed attributes are set during
logoff.
5
FAQ DATASHEET
If the content of a file was changed, the file will be copied during logoff.
How are the changes to files and folders tracked during the user’s session?
Profile management monitors the NTFS change journal. In order to be able to resolve
relative file names to the absolute paths, the file system has to be scanned once, which
takes typically 10-20 seconds. In order to avoid scanning during every subsequent
startup, a cache file is used. It is called UserProfileManager_<DriveLetter>.cache and is
located in the installation directory.
It's possible that there are environments where the system is not allowed to write to this
directory or the admin does not want software to write to this location and therefore
you can change the location by group policy.
6
FAQ DATASHEET
Service Installation and Configuration
Where should the Profile management service be installed?
The MSI package contains the service and supporting DLLs. This package should be
installed on any machine that will process the user‘s logon, such as the XenDesktop
virtual machines and XenApp servers.
Which OS and profile versions are supported?
Currently Windows XP, Vista, Windows Server 2003, Windows Server 2008 (including
R2) and Windows 7 are supported. Windows XP and Windows Server 2003 are known
as v1 profiles while Vista, Windows Server 2008 and Windows 7 are referred to as v2
profiles (profile folder names are usually ended in .v2). The operating system does not
allow these profile versions to be shared across platforms.
Please refer to this FAQ for more details around cross platform support.
How does the service retrieve its settings?
The service checks the GPO settings first, then secondarily the INI within the same
folder (where the service was installed) and then resorts to internal defaults. The INI
file exists in the same directory as the service executable (default location is \Program
Files\Citrix\User Profile Manager\).
Any setting that is not configured via group policy object will be looked up in the INI
file e.g. if it is ‗Not Configured‘ in GPO and there is an entry in the INI, it will use the
INI. If neither the GPO nor INI exists, the service will use its internal defaults. Please
note that in most customer scenarios, the INI file is not used to configure settings.
What are the internal default settings?
By default, if no policy settings are configured, the configuration is read from the INI
file that corresponds to the local system‘s language and version.
Example: UPMPolicyDefaults_V1Profile_en.ini for an English XP/Server 2003 system.
The INI file contains default settings that should work in most environments with
minimal modifications (e.g. enable the service). Profile management will save / restore
the user‘s registry settings and files/folders inside the profile. Some
files/folders/registry keys that typically do not contain relevant data are excluded by
default.
7
FAQ DATASHEET
If policy settings are not configured and an INI file is not present, Profile management
will synchronize the whole HKCU hive from the registry and everything in the user
profile.
Are local policies supported?
Yes. Although they present a similar challenge to INIs in having to centrally manage
their deployment. Also be aware that local policies carry the least precedence when
multiple policies apply. Please refer to this Microsoft article on precedence.
When will the service use the INI setting versus the GPO?
Using the Profile management group policy template, you can specify the exact
behavior of Profile management and adapt it to your environment. This is how most
customers configure Profile management.
The INI files settings will be used for any list setting not explicitly set (e.g. Enabled or
Disabled) in the GPO. When using group policy to configure Profile management, it is
recommended to rename the INI files (e.g. UPMPolicyDefaults_V1Profile_en.OLD) to
ensure the INI file settings are not unintentionally applied.
All settings will be read from the INI file if not configured via policy.
Is the installed service able to be cloned as part of a base image?
Yes. For example, Citrix Provisioning Services has successfully been tested.
Although I have activated the debug mode, not all of the information seems to be written into the log file.
Activating the debug mode does not automatically enable full logging. Verify the
checkboxes for all events you want to be logged in the configuration. Please note to
scroll down to enable the couple checkboxes that are below the horizontal scroll area.
I have changed an option in the GPO for Profile management but this setting does not seem to be operative on the computer.
Group policies are not refreshed immediately but instead based on specific events or
intervals. If you want them to be refreshed immediately, run gpupdate on the computer.
8
FAQ DATASHEET
I'm using "Folder Redirection" with my roaming profiles already. What do I have to consider when using Profile management?
You can easily combine Folder Redirection from the operating system with Profile
management‘s folder synchronization. If folders are redirected, Profile management
will ignore them. . In fact, Citrix recommends using folder redirection to ensure that
type of user data is segregated from the profile.
9
FAQ DATASHEET
Assigning Profiles
What are the methods to assign a profile to a user?
Leaving Profile management aside for a moment, Microsoft enables users to be assigned
profiles numerous ways. Either via their User Account Properties in Active Directory,
through Group Policy and even Terminal Service specific profiles (again through the
User Account Properties or Group Policy). Some methods are only available for a
specific type of operating system.
TS PROFILE: The GPO setting for assigning a Terminal Server profile is located in
‗Computer Configuration/Administrative Templates/Windows Components/Terminal
Services (Set path for TS Roaming Profiles)‘.
You may use the ‗Use mandatory profiles on the terminal server‘ to force mandatory
profile usage
The Terminal Server profile setting can also be set on individual accounts within the
User Account Properties pages within Active Directory e.g. configured on an individual
user basis. Typically it is much better to make this assignment via group policy.
Windows XP and Vista: The user‘s roaming profile setting can be set on individual
accounts within the User Account Properties pages. Additionally Windows Server 2008
Active Directory and Vista devices,, a GPO settings based on computers may be used.
This GPO setting is located at ‗Computer/Admin Templates/System/User Profile (Set
roaming profile path for all users logging onto this computer)‘.
What is the priority order for settings profiles for domain users if more than one method is used?
When Profile management is used to manage a user‘s profile, it will take precedence
over any other profile assignment. For users not assigned to Profile management, the
user may be assigned a profile using multiple methods. The actually profile that will be
used is based on the following precedence order:
Profile management profile
Terminal Services profile – GPO
Terminal Services profile – User Property
Roaming profile – GPO (only Windows 2008 AD and Vista)
Roaming profile – User Property
10
FAQ DATASHEET
Migrating Profiles
Will Profile management migrate my user’s profile to a Citrix user profile?
Profile management may be configured to automatically migrate existing roaming and
local profiles when the user logs on. You can also use a template profile or even the
default windows profile to create new Citrix user profiles. This behavior is part of the
configuration either using the INI file or GPO. Migrating mandatory profiles or even
the default windows profile by means of the template profile will be discussed below.
The document UserProfileManagerLogonLogoffChart.pdf can assist you in planning
and setting up your Profile management migration scenario(s).
Which profiles may be migrated to Profile management?
Profile management is capable of migrating Local and Roaming profiles. Mandatory
Profiles (.man profiles) are ignored by Profile management. To ensure Profile
management works correctly, deactivate the assignment of mandatory profiles to all
users.
BUT you could still leverage your mandatory profile for creating new profiles via the
Template Profile capability in Profile management. The next question covers this
scenario. This is in a way, a route to migrate the existing mandatory profile as a basis in
creating all users‘ new profiles.
How do I use the template profile in Profile management?
Profile management allows you to specify a template profile to be used as a basis for the
creation of new Citrix user profiles. Typically, a user having a profile created for the first
time will have it based on the Default User profile of the Windows device they are
logging onto. While this may be ok, it also means any variations between the various
devices‘ Default User profiles will result in differences in the base profile created for
those users. Thus you can view the Template Profile capability as essentially a Global
Default User profile.
To use a template profile the following settings must be configured:
Enable the ―Template profile‖ Group Policy setting
Set ―Path to the template profile‖ to the roaming, local, or mandatory profile you want to use as a template (you will need to rename the NTUSER.MAN to NTUSER.DAT before using a mandatory for template)
Optionally, select the check boxes to override existing user profiles
11
FAQ DATASHEET
Ensure the template profile does not contain any user-specific data.
How do I use my existing Mandatory profile for creating new user profiles?
Profile management allows you to specify a template profile to be used as a basis for the
creation of new Citrix user profiles. To use your mandatory profiles as the template
profile the following settings must be configured:
Enable the ―Template profile‖ Group Policy setting
Set ―Path to the template profile‖ to the mandatory profile you want to use as a template (you will need to rename the NTUSER.MAN to NTUSER.DAT before using a mandatory for template)
Optionally, select the check boxes to override existing user profiles
Please make note that since you have to rename the NTUSER.MAN to
NTUSER.DAT, you cannot use the same location for both a mandatory and template
profile.
www.citrix.com
About Citrix
Citrix Systems, Inc. (NASDAQ: CTXS) is the global leader and the most trusted name in Application Delivery. More than 230,000 organizations worldwide rely on Citrix to deliver any application to users anywhere
with the best performance, highest security and lowest cost. Citrix customers include 100 percent of the Fortune 100 companies and 99 percent of the Fortune Global 500, as well as hundreds of thousands of small
businesses and prosumers. Citrix has approximately 8,000 partners in more than 100 countries. Annual revenue in 2007 was $1.4 billion.
© 2009 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix XenApp™, Citrix Presentation Server™ and Citrix XenDesktop
TM are registered trademarks of Citrix Systems, Inc. in the United States and other
countries. Microsoft®, Windows®, and Sharepoint® are registered trademarks of Microsoft Corporation in the United States and other countries. All other trademarks and registered trademarks are the property of their
respective owners.
