User personalization layer
The user personalization layer feature for Citrix Virtual Apps and Desktops extends the capabilities of non-persistent machine catalogs. User personalization layers preserve users’ data and locally installed applications across sessions. Powered by Citrix App Layering, this feature replaces Personal vDisk (PvD).
Like PvD, the user personalization layer feature supports Citrix Provisioning and Machine Creation Services (MCS) in a non-persistent machine catalog. You install the feature components alongside the Virtual Delivery Agent within the master image.
The user personalization layer feature does not work when installed on a layer within App Layering. Either deploy user personalization layers in Citrix Virtual Apps and Desktops, or use App Layering user layers enabled in an image template, not both.
A VHD file stores any applications that the user installs locally. The VHD, which is mounted on the image, acts as the user’s own user layer virtual hard drive.
This document includes instructions for deploying and configuring the user personalization layer feature. It describes the requirements for successful deployment, limitations, and known issues.
To use the User personalization layer feature, you must first deploy it using the steps detailed in the article. Until then, the feature is not available for you to use.
Aside from the following exceptions, all applications that a user installs locally on the desktop are supported in the user personalization layer.
The following applications are the exception and are not supported on the user personalization layer:
- Enterprise applications, such as MS Office and Visual Studio.
- Applications that modify the network stack or hardware. Example: a VPN client.
- Applications that have boot level drivers. Example: a virus scanner.
Applications with drivers that use the driver store. Example: a printer driver.
You can make printers available using Windows Group Policy Objects (GPOs).
Do not allow users to install any unsupported applications locally. Rather, install these applications directly on the master image.
Applications that require a local user or administrator account
When a user installs an application locally, the app goes into their user layer. If the user then adds or edits a local user or group, the changes do not persist beyond the session.
Add any required local user or group in the master image.
The user personalization layer feature requires the following components:
- Citrix Virtual Apps and Desktops 7 1909 or later
- Virtual Delivery Agent (VDA), version 1912
- Citrix Provisioning, version 1909 or later
- Windows File Share (SMB), or Azure Files with on-prem AD authentication enabled
You can deploy the User personalization layer feature on the following Windows versions when the OS is deployed as single session. Support is limited to a single user on a single session.
- Windows 10 Enterprise x64, version 1607 or later
- Windows 10 Multi-Session (Azure Files supported)
- Windows Server 2016 (Azure Files supported)
- Windows Server 2019 (Azure Files supported)
For Citrix Virtual Apps and Desktops 7, use of Azure Files with User personalization layers is supported on Windows Server 2019, Windows Server 2016v, and Windows 10 client.
User personalization layer is only supported as a Server VDI deployment. For deployment details, see the Server VDI article.
User personalization layer supports just one user at a time per machine, and then the machine has to reboot to reset the disks. You cannot use user personalization layer with multi-session server operating systems, only with single-session server systems. User personalization layer works with non-persistent desktops only.
Uninstall the user personalization layer feature, if installed. Reboot the master image before installing the latest release.
Set up your file share
The user personalization layer feature requires Windows Server Message Block (SMB) storage. To create a Windows file share, follow the usual steps for the Windows operating system that you are on.
For more about using Azure Files with Azure-based catalogs, see Set up Azure Files storage for User personalization layers.
Follow the recommendations in this section for a successful user personalization layer deployment.
Profile Management solution
User personalization layer stores all changes the user makes for a single machine catalog image. To add enhanced capabilities such as roaming profile data across multiple catalog images, Citrix recommends also using Profile Management. Refer to the Profile Management documentation for more details.
When using Profile Management with the user personalization layer feature, clear deletion of the user’s information on logoff. You can clear deletion using a Group Policy Object (GPO) or the policy on the Delivery Controller (DDC).
For details about available Profile Management policies, see Profile Management policy descriptions and defaults.
Microsoft System Center Configuration Manager (SCCM)
If you are using SCCM with the user personalization layer feature, follow the Microsoft guidelines for preparing your image in a VDI environment. Refer to this Microsoft TechNet article for more information.
User layer size
A user layer is a thin-provisioned disk that expands as space on the disk is used. The default size allowed for a user layer is 10 GB, the minimum we recommend.
During installation, if the value is set to zero (0), the default user layer size is set to 10 GB.
If you want to change the user layer size, you can enter a different value for the User Layer Size Studio policy. See Step 5: Create delivery group custom policies, under Optional: Click Select next to User Layer Size in GB.
Tools for overriding the User Layer Size (Optional)
You can override the User Layer Size by using a Windows tool to define a quota on the user layer file share.
Use one of the following Microsoft quota tools to set a hard quota on the user layer directory named Users:
- File Server Resource Manager (FSRM)
- Quota Manager
Increasing the quota affects new user layers and expands existing ones. Decreasing the quota only affects new user layers. Existing user layers never decrease in size.
Deploy a User personalization layer
When deploying the user personalization feature, you define the policies within Studio. You then assign the policies to the delivery group bound to the machine catalog, where the feature is deployed.
If you leave the master image with no user personalization layer configuration, the services remain idle and do not interfere with authoring activities.
If you set the policies in the master image, the services attempt to run and mount a user layer within the master image. The master image would exhibit unexpected behaviors and instability.
To deploy the user personalization layer feature, complete the following steps in this order:
- Step 1: Verify availability of a Citrix Virtual Apps and Desktops environment.
- Step 2: Prepare your master image.
- Step 3: Create a machine catalog.
- Step 4: Create a delivery group.
- Step 5: Create delivery group custom policies.
Step 1: Verify that the Citrix Virtual Apps and Desktops environment is available
Be sure that your Citrix Virtual Apps and Desktops environment is available to use with this new feature. For setup details, see Install and configure Citrix Virtual Apps and Desktops.
Step 2: Prepare your master image
To prepare your master image:
Locate the master image. Install your organization’s enterprise applications and any other apps your users generally find useful.
If you are deploying Server VDI, follow the steps in the Server VDI article. Be sure to include the optional component, the User personalization layer. For details, see the Command-line options for installing a VDA.
If you are using Windows 10, install Virtual Delivery Agent (VDA) 1912. If an older version of the VDA is already installed, uninstall the old version first. When installing the new version, be sure to select and install the optional component, the Citrix User Personalization Layer, as follows:
- Click the tile, Virtual Delivery Agent for Windows Desktop OS:
- Environment: Select either Create a master MCS image or Create a master image using Citrix Provisioning or third-party provisioning tools.
Core Components: Click Next.
Additional Components: Check Citrix User Personalization Layer.
- Click through the remaining installation screens, configuring the VDA as needed, and click Install. The image reboots one or more times during installation.
Leave Windows updates disabled. The user personalization layer installer disables Windows updates on the image. Leave the updates disabled.
The image is ready for you to upload into Studio.
Step 3: Create a machine catalog
In Studio, follow the steps to create a machine catalog. Use the following options during catalog creation:
Select Operating System and set it to Single session OS.
Select Machine Management and set it to Machines that are power managed. For example, virtual machines or blade PCs.
Select Desktop Experience and set it to either pooled-random or pooled-static catalog type, as in the following examples:
Pooled-static: If you select pooled-static, configure desktops to discard all changes and clear virtual desktops when the user logs off, as shown in the following screenshot:
User personalization layer does not support pooled-static catalogs configured to use Citrix Personal vDisk or assigned as dedicated virtual machines.
If you are using MCS, select Master Image and the snapshot for the image created in the previous section.
Configure the remaining catalog properties as needed for your environment.
Step 4: Create a delivery group
Create and configure a delivery group, including machines from the machine catalog you created. For details, see the Create Delivery Groups.
Step 5: Create delivery group custom policies
To enable mounting of user layers within the Virtual Delivery Agents, you use the configuration parameters to specify:
- Where on the network to access the user layers.
- How large to permit the user layer disks to grow.
To define the parameters as custom Citrix policies in Studio and assign them to your delivery group.
In Studio, select Policies in the navigation pane:
Select Create Policy in the Actions pane. The Create Policy window appears.
- Type ‘user layer’ into the search field. The following two policies appear in the list of available policies:
- User Layer Repository Path
User Layer Size GB
Increasing the size affects new user layers and expands existing user layers. Decreasing the size only affects new user layers. Existing user layers never decrease in size.
Click Select next to User Layer Repository Path. The Edit Setting window appears.
Enter a path in the Value field, and click OK:
Resulting paths example: For a user named Alex in CoolCompanyDomain, the path would be:
You can customize the path using the variables,
%USERDOMAIN%, and also machine environment variables. When expanded, these variables result in explicit paths.
Resulting paths example: For a user named Alex in CoolCompanyDomain, the path would be:
- Path format:
Optional: Click Select next to User Layer Size in GB:
The Edit Settings window appears.
Optional: Change the default value of 10 GB to the maximum size that each user layer can grow. Click OK.
Click Next to configure Users and Machines. Click the Delivery Group Assign link highlighted in this image:
In the Delivery Group menu, select the delivery group created in the previous section. Click OK.
Enter a name for the policy. Click the check box to enable the policy, and click Finish.
Configure security settings on the user layer folder
As a domain administrator, you can specify more than one storage location for your user layers. Create a
\Users subfolder For each storage location (including the default location). Secure each location using the following settings.
|Setting name||Value||Apply to|
|Creator Owner||Modify||Subfolders and Files only|
|Owner Rights||Modify||Subfolders and Files only|
|Users or group:||Create Folder/Append Data; Traverse Folder/Execute File; List Folder/Read Data; Read Attributes||Selected Folder Only|
|System||Full Control||Selected Folder, Subfolders, and Files|
|Domain Admins, and selected Admin group||Full Control||Selected Folder, Subfolders, and Files|
User layer messages
When a user is unable to access their user layer, they receive one of these notification messages.
User Layer In Use
We were unable to attach your user layer because it is in use. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.<!--NeedCopy-->
User Layer Unavailable
We were unable to attach your user layer. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.<!--NeedCopy-->
System not reset after user sign-out
This system was not shut down properly. Please log off immediately and contact your system administrator.<!--NeedCopy-->
Log files to use when troubleshooting
The log file, ulayersvc.log, contains the output of the user personalization layer software where changes are logged.
Keep the following limitations in mind when installing and using the user personalization layer feature.
Do not attempt to deploy the user personalization layer software on a layer within App Layering. Either deploy user personalization layers in Citrix Virtual Apps and Desktops, or enable user layers in an App Layering image template, not both. Either process produces the user layers you need.
Do not configure the user personalization layer feature with persistent machine catalogs.
Do not use Session hosts.
Do not update the machine catalog with an image running a new OS install (even the same version of Windows 10). Best practice is to apply updates to the OS within the same master image used when creating the machine catalog.
Do not use boot-time drivers, nor any other early boot personalization.
Do not migrate PvD data to the user personalization layer feature.
Do not migrate existing user layers from the full App Layering product to the user personalization layer feature.
Do not change the user layer SMB path to access user layers created using a different master OS image.
Do not enable Secure Boot within User personalization layer virtual machines. Secure Boot it is not currently supported.
When a user logs out of a session and then logs in again, the new session runs on a different machine in the pool. In a VDI environment, Microsoft Software Center lists an application as Installed on the first machine, but shows it as Unavailable on the second machine.
To find out the true status of the application, instruct the user to select the application in the Software Center and click Install. SCCM then updates the status to the true value.
Software Center occasionally stops immediately after launching within a VDA that has the user personalization layer feature enabled. To avoid this issue, follow Microsoft’s recommendations for Implementing SCCM in a XenDesktop VDI environment. Also, make sure that the
ccmexecservice is running before you start the Software Center.
In Group Polices (Computer Settings), User layer settings override settings applied to the master image. Therefore, the changes you make in Computer Settings using a GPO are not always present for the user on the next session login.
To get around this issue, create a User Logon Script that issues the command:
For example, one customer set the following command to run at each user login:
gpudate /Target:Computer /force
For best results, apply changes to Computer Settings directly on the user layer, after the user has logged in.