Profile Management 2103

Profile Management best practices

A Windows user profile is a collection of folders, files, registry,and configuration settings defining the environment for a user who logs on with a particular user account. Users can customize these settings depending on the administrative configuration.

Windows 10 compatibility

Citrix Profile Management supports the latest version of Windows 10 available at the release time of Profile Management. It also supports all earlier versions of Windows 10. For example, Citrix Profile Management Version 1912 was shipping at a time when the latest version of Windows 10 was 1909 (RS7). Profile Management 1912 supports Windows 1909 (RS7) and all earlier versions of Windows 10.

The following table summarizes the recommended Microsoft Windows 10 operating systems for different versions of Profile Management:

Profile Management version Windows 10 version Notes
2012 Windows 10 2010 Citrix Virtual Apps and Desktops 7 2012
2009 Windows 10 2004 Citrix Virtual Apps and Desktops 7 2009
2006 Windows 10 2004 Citrix Virtual Apps and Desktops 7 2006
2003 Windows 10 2004 Citrix Virtual Apps and Desktops 7 2003
1912 Windows 10 1909 (RS7) Citrix Virtual Apps and Desktops 7 1912
1909 Windows 10 1903 (RS6) Citrix Virtual Apps and Desktops 7 1909
1906 Windows 10 1903 (RS6) Citrix Virtual Apps and Desktops 7 1906
1903 Windows 10 1809 (RS5) Citrix Virtual Apps and Desktops 7 1903
1811 Windows 10 1809 (RS5) Citrix Virtual Apps and Desktops 7 1811
1808 Windows 10 1803 (RS4) Citrix Virtual Apps and Desktops 7 1808
7.18 Windows 10 1803 (RS4) XenApp and XenDesktop 7.18
7.17 Windows 10 1709 (RS3) XenApp and XenDesktop 7.17
7.16 Windows 10 1703 (RS2) XenApp and XenDesktop 7.16
7.15 Long Term Service Release Windows 10 1703 (RS2) XenApp and XenDesktop 7.15 LTSR with the latest Cumulative Update

Note:

Attempts to upgrade an OS where Citrix user profiles exist might fail. To proceed with the upgrade, remove Citrix user profiles from the local machine.

Windows 10 Start menu customization

We recommend using a partial lockdown customization layout and deploying the customization through Group Policy. For more information about customizing the layout of the Start menu, see https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-start-layout.

Start menu roaming

Applications pinned to the Start menu might disappear on the following operating systems after several logons:

  • Windows 10 Version 1607 and later, 32-bit and 64-bit
  • Windows Server 2016 Standard and Datacenter editions
  • Windows Server 2019 Standard and Datacenter editions
  • Windows 10 Enterprise for Virtual Desktops

For Windows 10: To ensure that Start menu roaming works properly on Windows 10, enable automatic configuration, or set the Disable automatic configuration policy to Enable and then complete the following configuration steps:

Tip:

Automatic configuration works for Profile Management 2103 and later. Manual configuration works for all Profile Management versions.

  1. Enable the Folders to mirror policy and then add the following folders to the list of folders to mirror:
    • Appdata\Local\Packages
    • Appdata\Local\Microsoft\Windows\Caches
    • !ctx_localappdata!\TileDataLayer (applicable only to versions earlier than Windows 10 version 1703)

    Note:

    Starting with Citrix Profile Management 1912, a folder added to Default exclusion list – directories or Exclusion list – directories cannot be synchronized even if you add it to Folders to mirror. Ensure that you remove the appdata\local\packages folder from the exclusion lists before you add it to Folders to mirror.

  2. Enable the Files to synchronize policy and then add the following folder to the list of files to synchronize:
    • Appdata\Local\Microsoft\Windows\UsrClass.dat*

For Windows Server: To ensure that Start menu roaming works properly on Windows Server 2016 and Windows Server 2019, enable automatic configuration, or set the Disable automatic configuration policy to Enable and then complete the following configuration steps:

Tip:

Automatic configuration works for Profile Management 2103 and later. Manual configuration works for all Profile Management versions.

  1. Enable the Folders to mirror policy and then add the following folder to the list of folders to mirror:

    • Appdata\Local\Microsoft\Windows\Caches
  2. Enable the Exclusion list – directories policy and then add the following folder to the list of folders to exclude:

    • Appdata\Local\Packages
  3. Enable the Exclusion list – files policy and then add the following file to the list of files to exclude:

    • Appdata\Local\Microsoft\Windows\UsrClass.dat*

      Note:

      You cannot use the same policy for both Windows 10 and Windows Server 2016/2019. Configure separate policies for VDI and shared desktop platforms, or if using Profile Management 2013 and later, use automatic configuration.

Outlook and Office 365

Microsoft recommends Cached Exchange Mode so that a consistent online and offline Microsoft Outlook experience is enabled. You can turn on the Cached Exchange Mode from the Microsoft Outlook client. For more information, see https://docs.microsoft.com/en-us/exchange/outlook/cached-exchange-mode.

When you use Cached Exchange Mode, there is always a copy of a user’s Exchange mailbox in an offline folder file (*.ost). The file can grow large.

We recommend avoiding storing Microsoft Outlook data locally or on shared drives. Use the Enable native Outlook search experience feature instead. With this feature, the Outlook offline folder file (*.ost) and the Microsoft search database specific to the user roam along with the user profile. This feature improves the user experience when searching mail in Microsoft Outlook. For more information on using this feature, see Enable native Outlook search experience.

Configuring Profile Management from one location

There are three locations from which you can configure Profile Management. To configure Profile Management, use HDX policies in Citrix Studio, or a GPO in Active Directory. You can also configure Profile Management using Workspace Environment Management.

We recommend that you choose only one of the three locations to configure Profile Management.

Watch this video to learn more:

Expert Advice on Citrix Profile Management Deployment Methods

Troubleshooting best practice

Always use the Profile Management configuration checker tool (UPMConfigCheck) to identify potential configuration errors. For more information on this tool, see Knowledge Center article CTX132805.

When Profile Management does not work, first validate whether the User Store configured is accessible.

Profile Management now supports deleting stale cookies for Internet Explorer 10 and Internet Explorer 11. You can use the “Process Internet cookie files on logoff” policy to delete stale cookies to avoid cookie folder bloat. In addition, add the following folders to the list of folders that you want to mirror:

  • AppData\Local\Microsoft\Windows\INetCookies

  • AppData\Local\Microsoft\Windows\WebCache

  • AppData\Roaming\Microsoft\Windows\Cookies

Profile streaming with Microsoft Credentials Roaming enabled

By default, the following folders in the configuration file are excluded from profile streaming:

  • AppData\Local\Microsoft\Credentials

  • Appdata\Roaming\Microsoft\Credentials

  • Appdata\Roaming\Microsoft\Crypto

  • Appdata\Roaming\Microsoft\Protect

  • Appdata\Roaming\Microsoft\SystemCertificates

If you configure profile streaming exclusion manually, ensure to add the preceding folders to “Profile streaming exclusion list–directories.”

Synchronizing profiles efficiently

Insufficiently synchronized user profiles can result in slow logons, losses of user settings, and profile corruption. It can also need excessive administrative efforts. To synchronize profiles efficiently, follow the recommendations described in this article.

Folder redirection

Folder redirection is a feature of Microsoft Windows that you can use with Profile Management. Folder redirection plays a key role in delivering a successful profile solution.

To use folder redirection, ensure that the relevant users are in the OU that Profile Management manages. We recommend that you configure folder redirection using a GPO in Active Directory.

For example, you can redirect the following folders by enabling the corresponding policies under User Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix > Profile Management > Folder Redirection:

Documents, Pictures, Music, Videos, Favorites, Contacts, Downloads, Links, Searches, and Saved Games

Note:

  • Folder redirection eliminates the need to copy the data in those folders each time users log on and thus accelerates user logons.
  • We strongly recommend not enabling Folder Redirection for AppData (Roaming) and Start Menu because it might cause issues in applications and the Start menu.
  • Do not redirect the Desktop folder if it is too large. Otherwise, a black screen might occur when a user logs on.

Include and exclude files and folders

Profile Management lets you specify files and folders that you do not want to synchronize by customizing inclusion and exclusion lists. To avoid profile bloat, exclude cache files for third party applications, for example, Chrome cache files located at Appdata\Local\Google\Chrome\UserData\Default\Cache. For more information, see Include and exclude items.

Profile streaming

Profile Management fetches files in a profile from the user store to the local computer only when users access them after they log on. Doing so speeds up the logon process and reduces the profile size. For example, if a file is not actually used, it is never copied to the local profile folder. You can also use the Always cache policy to impose a lower limit on the size of files that are streamed. Any file this size or larger is cached locally as soon as possible after logon.

You can enable both the Enable profile streaming for folders and the Profile streaming policies to eliminate the need to fetch folders that are not accessed.

Enable profile streaming for folders

Active Write Back and Registry

This feature decreases logoff times compared to the Profile streaming feature, especially when there are many changed files. This feature synchronizes modified files and folders (but not registry entries) to the user store during the session, but before logoff.

Profile Management 5.0 and later supports enhanced processing for cookies when using Internet Explorer 10 and Internet Explorer 11. To avoid cookie folder bloat, use the Process Internet cookie files on logoff policy to delete stale cookies. You can add the following folders to the list of folders to mirror:

  • AppData\Local\Microsoft\Windows\INetCookies
  • AppData\Local\Microsoft\Windows\WebCache
  • AppData\Roaming\Microsoft\Windows\Cookies

For more information, see Process Internet cookie files on logoff.

Profile Management best practices