User personalization layer
The user personalization layer feature for Citrix Virtual Apps and Desktops extends the capabilities of non-persistent machine catalogs. User personalization layers preserve users’ data and locally installed applications across sessions. Powered by Citrix App Layering, this feature replaces Personal vDisk (PvD).
Like PvD, the user personalization layer feature supports Citrix Provisioning and Machine Creation Services (MCS) in a non-persistent machine catalog. You install the feature components alongside the Virtual Delivery Agent on the master image.
A VHD file stores any applications that the user installs locally. The VHD, which is mounted on the image, acts as the user’s own user layer virtual hard drive.
This document includes instructions for deploying and configuring the user personalization layer feature. It describes the requirements for successful deployment, limitations, and known issues.
To use the User personalization layer feature, you must first deploy it using the steps detailed in the article. Until then, the feature is not available for you to use.
Aside from the following exceptions, all applications that a user installs locally on the desktop are supported in the user personalization layer.
The following applications are the exception and are not supported on the user personalization layer:
- Enterprise applications, such as MS Office and Visual Studio.
- Applications that modify the network stack or hardware. Example: a VPN client.
- Applications that have boot level drivers. Example: a virus scanner.
Applications with drivers that use the driver store. Example: a printer driver.
You can make printers available using Windows Group Policy Objects (GPOs).
Do not allow users to install any unsupported applications locally. Rather, install these applications directly on the master image.
Applications that require a local user or administrator account
When a user installs an application locally, the app goes into their user layer. If the user then adds or edits a local user or group, the changes do not persist beyond the session.
Add any required local user or group in the master image.
The user personalization layer feature requires the following components:
- Citrix Virtual Apps and Desktops 7 1909 or later
- Virtual Delivery Agent (VDA), version 1912
- Citrix Provisioning, version 1909 or later
- Windows File Share (Server Message Block protocol, SMB)
You can deploy the user personalization layer feature on the following Windows versions when the OS is deployed as single session. Support is limited to a single user on a single session.
- Windows 10 Enterprise x64, version 1607 or later
- Windows 10 Multi-Session*
- Windows Server 2016*
- Windows Server 2019*
*For Citrix Virtual Apps and Desktops 7, Azure Files with user personalization layers is supported on Windows Server 2019, Windows Server 2016v, and Windows 10 client. Desktop VDAs running Windows 10 and single-user server VDAs running Windows server 2016 or 2019 are also supported.
When using a Server OS, UPL is supported only as a Server VDI deployment For details, see the Server VDI article.
If you installed the preview version of the user personalization layer feature, uninstall the software and reboot the master image before installing this release.
Set up your file share
The user personalization layer feature requires Windows Server Message Block (SMB) storage. To create a Windows file share, follow the usual steps for the Windows operating system that you are on.
For details about using Azure Files with Azure-based catalogs, see Set up Azure Files storage for User personalization layers.
Follow the recommendations in this section for a successful user personalization layer deployment.
Profile Management solution
User personalization layer stores all changes the user makes for a single machine catalog image. To add enhanced capabilities such as roaming profile data across multiple catalog images, Citrix recommends also using Profile Management. Refer to the Profile Management documentation for more details.
When using Profile Management with the user personalization layer feature, clear deletion of the user’s information on logoff. You can clear deletion using a Group Policy Object (GPO) or the policy on the Delivery Controller (DDC).
For details about available Profile Management policies, see Profile Management policy descriptions and defaults.
Microsoft System Center Configuration Manager (SCCM)
If you are using SCCM with the user personalization layer feature, follow the Microsoft guidelines for preparing your image in a VDI environment. Refer to this Microsoft TechNet article for more information.
Maximum user layer size
We recommend at least 10 GB as the user layer size.
During installation, the value zero (0) results in the default user layer size of 10 GB.
A quota set in Windows can override the maximum user layer size
You can override the maximum user layer size by defining a quota for the user layer file share. The user layer size is set to a maximum of the quota size.
To set a hard quota on the user layer size, use either of Microsoft’s quota tools:
- File Server Resource Manager (FSRM)
- Quota Manager
The quota must be set on the user layer directory named Users.
Increasing or decreasing the quota only impacts new user layers. It does not change the maximum size of existing user layers. Existing user layers remain unchanged when the quota is updated.
Deploy a user personalization layer
When deploying the user personalization feature, you define the policies in the Full Configuration management interface. You then assign the policies to the delivery group bound to the machine catalog, where the feature is deployed.
If you leave the master image with no user personalization layer configuration, the services remain idle and do not interfere with authoring activities.
If you set the policies in the master image, the services attempt to run and mount a user layer within the master image. The master image would exhibit unexpected behaviors and instability.
To deploy the user personalization layer feature, complete the following steps in this order:
- Step 1: Verify availability of a Citrix Virtual Apps and Desktops environment.
- Step 2: Prepare your master image.
- Step 3: Create a machine catalog.
- Step 4: Create a delivery group.
- Step 5: Create delivery group custom policies.
Step 1: Verify that the Citrix Virtual Apps and Desktops environment is available
Be sure that your Citrix Virtual Apps and Desktops environment is available to use with this new feature. For setup details, see Install and configure Citrix Virtual Apps and Desktops.
Step 2: Prepare your master image
To prepare your master image:
Locate the master image. Install your organization’s enterprise applications and any other apps your users generally find useful.
If you are deploying Server VDI, follow the steps in the Server VDI article. Be sure to include the optional component, User personalization layer. For details, see the Command-line options to install a VDA.
If you are using Windows 10, install Virtual Delivery Agent (VDA) 1912. If an older version of the VDA is already installed, uninstall the old version first. When installing the new version, be sure to select and install the optional component, Citrix User Personalization Layer, as follows:
- Click the tile, Virtual Delivery Agent for Windows Desktop OS:
- Environment: Select either Create a master MCS image or Create a master image using Citrix Provisioning or third-party provisioning tools.
Core Components: Click Next.
Additional Components: Check Citrix User Personalization Layer.
- Click through the remaining installation screens, configuring the VDA as needed, and click Install. The image reboots one or more times during installation.
Leave Windows updates disabled. The user personalization layer installer disables Windows updates on the image. Leave the updates disabled.
The image is ready for you to upload into the Full Configuration management interface.
Step 3: Create a machine catalog
In the Full Configuration interface, follow the steps to create a machine catalog. Use the following options during catalog creation:
Select Operating System and set it to Single-session OS.
Select Machine Management and set it to Machines that are power managed. For example, virtual machines or blade PCs.
Select Desktop Experience and set it to either pooled-random or pooled-static catalog type, as in the following examples:
*Pooled-static: If you select pooled-static, configure desktops to discard all changes and clear virtual desktops when the user logs off, as shown in the following screenshot:
User personalization layer does not support pooled-static catalogs configured to use Citrix Personal vDisk or assigned as dedicated virtual machines.
If you are using MCS, select Master Image and the snapshot for the image created in the previous section.
Configure the remaining catalog properties as needed for your environment.
Step 4: Create a delivery group
Create and configure a delivery group, including machines from the machine catalog you created. For details, see Create delivery groups.
Step 5: Create delivery group custom policies
To enable mounting of user layers within the Virtual Delivery Agents, use configuration parameters to specify:
- Where on the network to access the user layers.
- How large to permit the user layer disks to grow.
To define the parameters as custom Citrix policies in the Full Configuration interface and assign them to your delivery group.
In the Full Configuration interface, select Policies in the navigation pane:
Select Create Policy in the action bar. The Create Policy window appears.
- Type “user layer” into the search field. The following two policies appear in the list of available policies:
- User Layer Repository Path
User Layer Size GB
Changing the User Layer Size in the policy does not change the size of existing layers.
Click Select next to User Layer Repository Path. The Edit Setting window appears.
Enter a path in the format
\\server name or address\folder namein the Value field and then click Save:
Optional: Click Select next to User Layer Size in GB:
The Edit Setting window appears.
Optional: Change the default value of “0” to the maximum size (in GB) that the user layer can grow. Click Save.
If you keep the default value, the maximum user layer size is 10 GB.
Click Next to configure users and machines. Click the Delivery Group Assign link highlighted in this image:
In the Delivery group menu, select the delivery group created in the previous section. Click Save.
Enter a name for the policy. Click the check box to enable the policy, and click Finish.
Configure security settings on the user layer folder
As a domain administrator, you can specify more than one storage location for your user layers. Create a
\Users subfolder For each storage location (including the default location). Secure each location using the following settings.
|Setting name||Value||Apply to|
|Creator Owner||Modify||Subfolders and Files only|
|Owner Rights||Modify||Subfolders and Files only|
|Users or group:||Create Folder, Append Data, Traverse Folder, Execute File, List Folders, Read Data, Read Attributes||Selected Folder Only|
|System||Full Control||Selected Folder, Subfolders, and Files|
|Domain Admins and selected Admin group||Full Control||Selected Folder, Subfolders, and Files|
User layer messages
When a user is unable to access their user layer, they receive one of these notification messages.
User Layer In Use
We were unable to attach your user layer because it is in use. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.<!--NeedCopy-->
User Layer Unavailable
We were unable to attach your user layer. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.<!--NeedCopy-->
System not reset after user sign-out
This system was not shut down properly. Please log off immediately and contact your system administrator.<!--NeedCopy-->
Log files to use when troubleshooting
The log file, ulayersvc.log, contains the output of the user personalization layer software where changes are logged.
Keep the following limitations in mind when installing and using the user personalization layer feature.
- Do not configure the user personalization layer feature with persistent machine catalogs.
- Do not use Session hosts.
- Do not update the machine catalog with an image running a new OS install (even the same version of Windows 10). Best practice is to apply updates to the OS within the same master image used when creating the machine catalog.
- Do not use boot-time drivers, or any other early boot personalization for user-installed apps.
- Do not migrate PvD data to the user personalization layer feature.
- Do not migrate existing user layers from the full App Layering product to the user personalization layer feature.
- Do not change the user layer SMB path to access user layers created using a different master OS image.
Do not enable Secure Boot within User personalization layer virtual machines, as it is not currently supported.
When a user logs out of a session and then logs in again, the new session runs on a different machine in the pool. In a VDI environment, Microsoft Software Center lists an application as Installed on the first machine, but shows it as Unavailable on the second machine.
To find out the true status of the application, instruct the user to select the application in Software Center and click Install. SCCM then updates the status to the true value.
Software Center occasionally stops immediately after launching within a VDA that has the user personalization layer feature enabled. To avoid this issue, follow Microsoft’s recommendations for Implementing SCCM in a XenDesktop VDI environment. Also, make sure that the
ccmexecservice is running before you start the Software Center.
In Group Polices (Computer Settings), User layer settings override settings applied to the master image. Therefore, changes you make in Computer Settings using a GPO are not always present for the user on the next session login.
To get around this issue, create a User Logon Script that issues the command:
For example, one customer set the following command to run at each user login:
gpudate /Target:Computer /force
For best results, apply changes to Computer Settings directly on the user layer, after the user has logged in.