Profile Management

Enable file deduplication

Identical files can exist in various user profiles in the user store. Having duplicate instances of files stored in the user store increases your storage cost.

File deduplication policies let Profile Management remove duplicate files from the user store and store one instance of them in a central location (called shared store). Doing so avoids file duplication in the user store, thus reducing your storage cost. The deduplication is applied to the user store and each replicated user store.

To enable file deduplication and specify files to include in the shared store, configure the following policies:

  1. File deduplication > Files to include in the shared store for deduplication
  2. (Optional) File deduplication > Files to exclude from the shared store
  3. (Optional) File deduplication > Minimum size of files to deduplicate from profile containers

    Note:

    Starting with 2311, file deduplication policies also apply to profile containers. To ensure the optimal user logon experience, Profile Management deduplicates a maximum of 10 files from profile containers (although you can define more than 10 files in the Files to include in the shared store for deduplication policy). Deduplication occurs when a listed file is updated or created and exceeds the specified size, as long as there are fewer than 10 deduplicated files.

After you configure file deduplication policies, Profile Management creates the shared store in the same path as the user store. For example,

  • Path to the user store: \\server\profiles$\%USERDOMAIN%\%USERNAME%\!CTX_OSNAME!!CTX_OSBITNESS!

  • Path to the shared store: \\server\profiles$\%USERDOMAIN%\SharedFilesStore

Include files in the shared store for deduplication

If duplicated files exist in the user store, enable file deduplication and specify files to include in the shared store for deduplication.

Important:

Since all files deduplicated into the shared store can be read by all domain users, we recommend against deduplicating personal and sensitive data.

Detailed steps are as follows:

  1. Open the Group Policy Management Editor.
  2. Access Policies > Administrative Templates: Policy definitions (ADMX files) > Citrix Components > Profile Management > File deduplication.
  3. Double-click Files to include in the shared store for deduplication.
  4. Select Enabled.
  5. In the List of files to include in the shared store field, click Show.
  6. Enter the file names with paths relative to the user profile.

    Wildcards are supported with the following considerations:

    • Wildcards in file names are applied recursively. To restrict them only to the current folder, use the vertical bar (|).
    • Wildcards in folder names are not applied recursively.

    Examples:

    • Downloads\profilemgt_x64.msi — The profilemgt_x64.msi file in the Downloads folder
    • *.cfg — Files with the .cfg extension in the user profile folder and its subfolders
    • Music\* — Files in the Music folder and its subfolders
    • Downloads\*.iso — Files with the .iso extension in the Downloads folder and its subfolders
    • Downloads\*.iso| — Files with the .iso extension only in the Downloads folder
    • AppData\Local\Microsoft\OneDrive\*\*.dll — Files with the .dll extension in any immediate subfolder of the AppData\Local\Microsoft\OneDrive folder
  7. Click OK and OK again.

Configuration precedence

  1. If this setting is disabled, the shared store is disabled.
  2. If this setting isn’t configured here, the value from the .ini file is used.
  3. If this setting is not configured either here or in the .ini file, the shared store is disabled.

Exclude files from the shared store

Wildcard characters let you include a group of files in the shared store all at once. To exclude some files from the group, enable and configure the Files to exclude from the shared store policy as follows:

  1. Open the Group Policy Management Editor.
  2. Access Policies > Administrative Templates: Policy definitions (ADMX files) > Citrix Components > Profile Management > File deduplication.
  3. Double-click Files to exclude from the shared store.
  4. Select Enabled.
  5. In the List of files to exclude from the shared store field, click Show.
  6. Enter the file names with paths relative to the user profile.

    Wildcards are supported with the following considerations:

    • Wildcards in file names are applied recursively. To restrict them only to the current folder, use the vertical bar (|).
    • Wildcards in folder names are not applied recursively.

    Examples:

    • Downloads\profilemgt_x64.msi — The profilemgt_x64.msi file in the Downloads folder
    • *.tmp — Files with the .tmp extension in the user profile folder and its subfolders
    • AppData\*.tmp — Files with the .tmp extension in the AppData folder and its subfolders
    • AppData\*.tmp| — Files with the .tmp extension only in the AppData folder
    • Downloads\*\a.txt — The a.txt file in any immediate subfolder of the Downloads folder
  7. Click OK and OK again.

Configuration precedence

  1. If this setting is disabled, no files are excluded.
  2. If this setting isn’t configured here, the value from the .ini file is used.
  3. If this setting is not configured either here or in the .ini file, no files are excluded.

Specify the minimum size of files to deduplicate from profile containers

When profile containers are enabled, you can specify the minimum size of files to deduplicate from profile containers. By default, Profile Management deduplicates files from profile containers only when they exceed 256 MB. If necessary, you can increase this threshold size using these steps:

  1. Open the Group Policy Management Editor.
  2. Access Policies > Administrative Templates: Policy definitions (ADMX files) > Citrix Components > Profile Management > File deduplication.
  3. Double-click Minimum size of files to deduplicate from profile containers.
  4. Select Enabled.
  5. In the Minimum size in megabytes field, enter a value greater than 256 as needed.
  6. Click OK.

Configuration precedence

  1. If this setting is not configured here, the value from the .ini file is used.
  2. If this setting is not configured either here or in the .ini file, the value is 256.

Configure shared store security settings

If no shared store exists, Profile Management automatically creates one with the following permission settings:

  • Domain computers: Full control access
  • Domain users: Read access

Since the default settings grant full control access to domain computers, we recommend you manually create the shared store and implement credential-based access for improved security. To do so, follow these steps:

  1. Create the shared store folder at the same directory level as the %USERNAME% parameter in the Path to user store setting. For example, the Path to user store setting is \\SERVER\UPM_USER_STORE\%USERNAME%.%USERDOMAIN%\!CTX_OSNAME!!CTX_OSBITNESS!, then the shared store folder must be \\SERVER\UPM_USER_STORE\SharedStore.

  2. Grant the following permissions for the shared store. As shown in this figure, the user SharedStoreManagementUser is the credential used to access the shared store.

    Principal used for managing Shared Store

  3. On each VDA, add Windows credentials for the SharedStoreManagementUser user account to access the shared store. You can use Windows Credential Manager or Workspace Environment Management for this purpose. See the procedures described in Enable credential-based access to user stores for details.

Enable file deduplication