Citrix Profile Management Settings

Note:

Some options work only with specific versions of Profile Management. Consult the Profile Management documentation for details.

Workspace Environment Management (WEM) supports the features and operation of the current version of Citrix Profile Management. In the WEM administration console, the Citrix Profile Management Settings (in Policies and Profiles) supports configuring all settings for the current version of Citrix Profile Management.

In addition to using WEM to configure Citrix Profile Management features, you can use Active Directory GPOs, Citrix Studio policies, or .ini files on the VDA. We recommend that you use the same method consistently.

Main Citrix Profile Management settings

Get started with Profile Management by applying basic settings. Basic settings include processed groups, excluded groups, user store, and more.

Enable Profile Management Configuration. When enabled, you can configure and apply your settings. Enabling this option creates Profile Management related registries in the user environment. The option controls whether WEM deploys Profile Management settings you configure in the console to the agent. If disabled, none of the Profile Management settings are deployed to the agent.

Enable Profile Management. Controls whether to enable the Profile Management service on the agent machine. If disabled, the Profile Management service does not work.

You might want to disable Profile Management completely so that settings already deployed to the agent will no longer be processed. To achieve the goal, do the following:

1. Clear the Enable Profile Management check box and wait for the change to apply automatically or apply the change manually for immediate effect.

   Note:

   The change takes some time to take effect, depending on the value you specified for SQL Settings Refresh Delay in Advanced Settings. For the change to take effect immediately, refresh agent host settings and then reset Profile Management settings for all related agents. See Administration.

2. After the change takes effect, clear the Enable Profile Management Configuration check box.

Set processed groups. Lets you specify which groups are processed by Profile Management. Only the specified groups have their Profile Management settings processed. If left empty, all groups are processed.

Set excluded groups. Lets you specify which groups are excluded from Profile Management.

Process logons of local administrators. If enabled, local administrator logons are treated the same as non-administrator logons for Profile Management.

Set path to user store. Lets you specify the path to the user store folder.

Migrate user store. Lets you specify the path to the folder where the user settings (registry changes and synchronized files) were saved. Type the user store path that you previously used. Use this option along with the Set path to user store option.

Enable active write back. If enabled, profiles are written back to the user store during the user’s session, preventing data loss.

• Enable active write back registry. If enabled, registry entries are written back to the user store during the user’s session, preventing data loss.
• Enable active write back on session lock and disconnection. If enabled, profile files and folders are written back only when a session is locked or disconnected. If both this option and the Enable active write back registry option are enabled, registry entries are written back only when a session is locked or disconnected.

Enable offline profile support. If enabled, profiles are cached locally for use while not connected.

Profile container settings

These options control Profile Management profile container settings.

Enable Profile Container. If enabled, Profile Management maps the listed folders to the profile disk stored on the network, thus eliminating the need to save a copy of the folders to the local profile. Specify at least one folder to include in the profile container.

Enable folder exclusions. If enabled, Profile Management excludes the listed folders from the profile container. Specify at least one folder to exclude from the profile container.

Enable folder inclusions. If enabled, Profile Management keeps the listed folders in the profile container when their parent folders are excluded. Folders on this list must be subfolders of the excluded folders. This means that you must use this option in combination with the Enable Folder Exclusions for Profile Container option. Specify at least one folder to include in the profile container.

Enable exclusive access to profile container. If enabled, the profile container allows one access at a time.

Enable VHD auto-expansion for profile container. If enabled, when the profile container reaches 90% utilization, it automatically expands by 10 GB, with a maximum capacity of 80 GB. Depending on your needs, you can adjust the default auto-expansion settings using the following options:

• Auto-expansion trigger threshold (%). Lets you specify the utilization percentage of storage capacity at which the profile container triggers auto-expansion.

• Auto-expansion increment (GB). Lets you specify the amount of storage capacity (in GB) by which the profile container automatically expands when auto-expansion is triggered.

• Auto-expansion limit (GB). Lets you specify the maximum storage capacity (in GB) to which the profile container can automatically expand when auto-expansion is triggered.

Set users and groups to access profile container. Lets you specify which AD domain users and groups have Read & Execute permission on profile containers. By default, a profile container is accessible only to its owner.

Profile handling

These settings control Profile Management profile handling.

Delete local cached profiles on logoff. If enabled, locally cached profiles are deleted when the user logs off.

Set delay before deleting cached profiles. Lets you specify a delay (in seconds) before cached profiles are deleted on logoff.

Enable Migration of Existing Profiles. If enabled, existing Windows profiles are migrated to Profile Management on logon.

Automatic migration of existing application profiles. If enabled, existing application profiles are migrated automatically. Profile Management performs the migration when a user logs on and there are no user profiles in the user store.

Enable local profile conflict handling. Configures how Citrix Workspace Environment Management handles cases where Profile Management and Windows profiles conflict.

Enable template profile. If enabled, this uses a template profile at the indicated location.

Template profile overrides local profile. If enabled, the template profile overrides local profiles.

Template profile overrides roaming profile. If enabled, the template profile overrides roaming profiles.

Template profile used as Citrix mandatory profile for all logons. If enabled, the template profile overrides all other profiles.

Advanced settings

These options control advanced Profile Management settings.

Applications

Enable search index roaming for Microsoft Outlook users. If enabled, the user-specific Microsoft Outlook offline folder file (*.ost) and Microsoft search database are roamed along with the user profile. This feature improves the user experience when searching mail in Microsoft Outlook.

• Outlook search index database – backup and restore. If enabled, Profile Management automatically saves a backup of the last known good copy of the search index database. When there is a corruption, Profile Management reverts to that copy. As a result, you no longer must manually reindex the database when the search index database becomes corrupted.

• Enable concurrent session support. Provides native Outlook search experience in concurrent sessions. If enabled, each concurrent session uses a separate Outlook OST file.

  • Maximum number of VHDX disks for storing Outlook OST files. Lets you specify the maximum number of VHDX disks for storing Outlook OST files. If unspecified, only two VHDX disks can be used to store Outlook OST files (one file per disk). If more sessions start, their Outlook OST files are stored in the local user profile. Supported values: 1–10.

Enable OneDrive container. If enabled, Profile Management roams OneDrive folders with users by storing the folders on a VHDX disk. The disk is attached during logons and detached during logoffs.

Enable UWP app roaming. If enabled, UWP (Universal Windows Platform) apps roam with users. As a result, users can access the same UWP apps from different devices.

Enable UWP app load acceleration. Lets you accelerate the loading of UWP apps and improve their consistency in non-persistent environments. By default, Windows stores UWP App registration information locally on each machine, which can be lost upon restart in non-persistent environments. With this policy enabled, Profile Management creates a VHDX container for each machine to store the UWP app registration data, speeding up user logon and preventing data loss on restarts.

Enable use of application definition files. Lets you enter the path to the definition files. If enabled, only the settings included in the definition file are synchronized. Specify a folder where the Citrix virtual apps optimization definition files are located. For more information about creating definition files, see Create a definition file.

VHD settings

Default capacity of VHD containers (GB). Lets you specify the default storage capacity (in GB) of each VHD container.

Customize storage path for VHDX files. Lets you specify a separate path to store VHDX files. By default, VHDX files are stored in the user store. Policies that use VHDX files include the following: Profile container, Search index roaming for Outlook, and Accelerate folder mirroring. If enabled, VHDX files of different policies are stored in different folders under the storage path.

Enable VHD disk compaction. If enabled, VHD disks are automatically compacted on user logoff when certain conditions are met. This policy enables you to save the storage space consumed by the profile container, OneDrive container, and mirror folder container. Depending on your needs and the resources available, you can adjust the default VHD compaction settings and behavior using the Disable defragmentation for VHD disk compaction, Set free space ratio to trigger VHD disk compaction, and Set number of logoffs to trigger VHD disk compaction options in Advanced settings.

• Set freeable space ratio to trigger VHD disk compaction. Applicable when Enable VHD disk compaction is enabled. Lets you specify the freeable space ratio to trigger VHD disk compaction. When the freeable space ratio exceeds the specified value on user logoff, disk compaction is triggered.

  • Freeable space ratio = (current VHD file size – required minimum VHD file size*) ÷ current VHD file size

    Obtained using the GetSupportedSize method of the MSFT_Partition class from the Microsoft Windows operating system.

• Disable defragmentation for VHD disk compaction. Applicable when Enable VHD disk compaction is enabled. Lets you specify whether to disable file defragmentation for VHD disk compaction.

• Set number of logoffs to trigger VHD disk compaction. Applicable when Enable VHD disk compaction is enabled. Lets you specify the number of user logoffs to trigger VHD disk compaction. When the number of logoffs since the last compaction reaches the specified value, the disk compaction is triggered again.

Enable exclusive access to profile container. If enabled, the profile container allows one access at a time.

Enable exclusive access to OneDrive container. If enabled, the OneDrive container allows one access at a time.

User store

Set number of retries when accessing locked files. Configures the number of times the WEM agent retries accessing locked files. Supported values: 0–100.

Replicate user stores. If enabled, Profile Management replicates a user store to multiple paths on each logoff, in addition to the path that the Set path to user store option specifies. To synchronize to the user stores files and folders modified during a session, enable active write-back. Enabling the option can increase system I/O and might prolong logoffs.

By default, when multiple user stores are available, Profile Management selects the store with the latest profile data. If more than one store has the latest profile, Profile Management selects the one configured earliest. With the User store selection method option, you can now enable Profile Management to select the store with the best access performance.

When you enable the Replicate user store policy for the container-based profile solution, the Enable in-session policy container failover among user stores policy is automatically enabled to ensure profile redundancy for the entire session. With this policy enabled, if Profile Management loses connection to the active profile container during a session, it automatically switches to another available one. If you disable this policy, profile container failover occurs only at user logon.

Note:

Enabling this policy requires that only the profile container is enabled in your deployment. If any other containers, such as OneDrive, UWP, Outlook, folder mirroring, or Profile streaming for pending area, is enabled, this policy doesn’t take effect.

Enable credential-based access to user store. If disabled, Profile Management impersonates the current user to access user stores. Thus, make sure that the current user can directly access the user stores. If enabled, Profile Management accesses the user stores on behalf of the user through the connections configured for relevant services in Advanced Settings > File Shares > SMB shares. (When needed, Profile Management accesses the selected SMB shares that host the user stores.) Enabling this setting lets you put user stores in file shares (for example, Azure Files) that the current user has no permission to access. When using this option, consider the following:

• To add SMB shares hosting your user stores, go to Advanced Settings > File Shares > SMB shares.

• SMB shares you select in File Shares for relevant services appear here. Profile Management accesses the selected SMB shares as needed.

IMPORTANT:

Disabling this setting deletes all user store connections that the WEM agent previously established.

• When adding or editing credentials, complete the following fields:

  • Server share. Enter a UNC path that specifies a server share.
  • User name. Enter the name in the form domain\username.
  • Password. Enter the password to be used to access the server share.
  • Show password. Control whether to show or hide the password.

Other options

Disable automatic configuration. If enabled, dynamic configuration is disabled.

Enable asynchronous processing for user Group Policy on logon. If enabled, Profile Management roams with users a registry value that Windows uses to determine the processing mode for the next user logon — synchronous or asynchronous processing mode. If the registry value does not exist, synchronous mode is applied. Enabling the option ensures that the actual processing mode is applied each time users log on. If disabled, asynchronous mode can’t be applied as expected if users:

• Log on to different machines.
• Log on to the same machine where the Delete locally cached profiles on logoff option is enabled.

Process Internet cookie files on logoff. If enabled, stale cookies are deleted on logoff.

Alert user when profile size exceeds quota. If enabled, users receive a notification message when their profile size exceeds a quota. With this feature, you can customize the quota limit and the notification content based on the default settings. The supported quota range is 0–100,000 MB.

Log off user if problems occur. If enabled, users are logged off rather than switched to a temporary profile if a problem occurs.

Join the Citrix Customer Experience Improvement Program. If enabled, Profile Management uses the Customer Experience Improvement Program (CEIP) to help improve the quality and performance of Citrix products by collecting anonymous statistics and usage information. For more information on the CEIP, see About the Citrix Customer Experience Improvement Program (CEIP).

Log settings

These options control Profile Management logging.

Enable Logging. Enables/disables logging of Profile Management operations.

Configure Log Settings. Lets you specify which types of events to include in the logs.

Set Maximum Size of Log File. Lets you specify a maximum size in bytes for the log file.

Set Path to Log File. Lets you specify the location at which the log file is created.

Registry

These options control Profile Management registry settings.

NTUSER.DAT Backup. If selected, Profile Management maintains a last known good backup of the NTUSER.DAT file. If Profile Management detects corruption, it uses the last known good backup copy to recover the profile.

Enable Default Exclusion List. Default list of registry keys in the HKCU hive that are not synchronized to the user’s profile. If selected, registry settings which are selected in this list are forcibly excluded from Profile Management profiles.

Enable Registry Exclusions. Registry settings in this list are forcibly excluded from Profile Management profiles.

Enable Registry Inclusions. Registry settings in this list are forcibly included in Profile Management profiles.

File system

These options control file system exclusions for Profile Management.

Enable Logon Exclusion Check. If enabled, configures what Profile Management does when a user logs on when a profile in the user store contains excluded files or folders. (If disabled, the default behavior is Synchronize excluded files or folders). You can select one of the following behaviors in the list:

Synchronize excluded files or folders (default). Profile Management synchronizes these excluded files or folders from the user store to local profile when a user logs on.

Ignore excluded files or folders. Profile Management ignores the excluded files or folders in the user store when a user logs on.

Delete excluded files or folder. Profile Management deletes the excluded files or folders in the user store when a user logs on.

Enable Default Exclusion List - Directories. Default list of directories ignored during synchronization. If selected, folders which are selected in this list are excluded from the Profile Management synchronization.

Enable File Exclusions. If enabled, the listed files are not included in a user’s Profile Management profile. This allows you to exclude specific folders known to contain large amounts of data which the user does not need to have as part of their Profile Management profile. The list is pre-populated with default Windows 7 exclusions, and can be pre-populated with default Windows XP exclusions instead.

Enable Folder Exclusions. If enabled, the listed folders are not included in a user’s Profile Management profile. This allows you to exclude specific folders known to contain large amounts of data which the user does not need to have as part of their Profile Management profile. The list is pre-populated with default Windows 7 exclusions, and can be pre-populated with default Windows XP exclusions instead.

Profile Cleansing. Opens the Profiles Cleanser wizard, which allows you to delete existing profiles.

To delete existing profiles, click Browse to navigate to the folder where user profiles are stored, click Scan Profiles Folder, and then select the profile folder that you want to clean up in the Profiles Cleanser window. After that, click Cleanse Profiles to start the cleanup.

Cleanse Profiles. Cleans the selected profiles per the folder exclusion settings.

Scan Profiles Folder. Scans the specified folder with the specified recursion settings to find user profiles and then displays all profiles found.

Profiles Root Folder. The root folder of your user profiles. You can also browse to this folder if you like.

Search Recursivity. Controls how many levels of recursion the user profile search goes through.

Synchronization

These options control Profile Management synchronization settings.

Enable Directory Synchronization. If enabled, the listed folders are synchronized to the user store.

Enable File Synchronization. If enabled, the listed files are synchronized to the user store, ensuring that users always get the most up-to-date versions of the files. If files have been modified in more than one session, the most up-to-date files are kept in the user store.

Enable Folder Mirroring. If enabled, the listed folders are mirrored to the user store on logoff, ensuring that files and subfolders in mirrored folders stored in the user store are the same as the local versions. See below for more information about how folder mirroring works.

• Files in mirrored folders will always overwrite files stored in the user store on session logoff, irrespective of whether they are modified.
• If extra files or subfolders are present in the user store compared to the local versions in mirrored folders, those extra files and subfolders are deleted from the user store on session logoff.

Enable Large File Handling. If enabled, large files are redirected to the user store, thereby eliminating the need to synchronize those files over the network.

Note:

Some applications do not allow concurrent file access. Citrix recommends that you take application behavior into consideration when you define your large file handling policy.

Streamed user profiles

These options control streamed user profile settings.

Enable Profile Streaming. If disabled, none of the settings in this section are processed.

Enable Profile Streaming for Folders. If enabled, folders are fetched only when they are being accessed. This setting eliminates the need to traverse all folders during user logons, thus saving bandwidth and reducing the time to synchronize files.

Enable Profile Streaming for Pending Area. If enabled, files in the pending area are fetched to the local profile only when they are requested. This ensures optimum logon experience in concurrent session scenarios. The pending area is used to ensure profile consistency while profile streaming is enabled. It temporarily stores profile files and folders changed in concurrent sessions. By default, this option is disabled. All files and folders in the pending area are fetched to the local profile during logon.

Always Cache. If enabled, files of the specified size (in MB) or larger will always be cached.

Set timeout for pending area lock files: Frees up files so they are written back to the user store from the pending area after the specified time if the user store remains locked when a server becomes unresponsive.

Set streamed user profile groups. This list determines which user groups streamed profiles are used for.

Enable Profile Streaming Exclusion List - Directories. If selected, Profile Management does not stream folders in this list, and all the folders are fetched immediately from the user store to the local computer when users log on.

File deduplication

These options control Profile Management file deduplication settings.

Identical files can exist among various user profiles. Separating those files from the user store and storing them in a central location saves storage space by avoiding duplicates. You can specify files that you want to include in the shared store on the server hosting the user store. Specify the file names with paths relative to the user profile.

Enable File Inclusions. If enabled, Profile Management generates the shared store automatically. It then centrally stores the specified files in the shared store rather than in each user profile in the user store. Doing so reduces the load on the user store by avoiding file duplication, thus reducing your storage cost.

Enable File Exclusions. If enabled, Profile Management excludes the specified files from the shared store. You must use this option along with the Enable File Inclusions option. Specify at least one file to exclude from the shared store.

Cross-platform settings

These options control cross-platform settings.

Enable cross-platform settings. If disabled, none of the settings in this section are processed.

Set cross-platform settings groups. Lets you specify the user groups for which cross-platform profiles are used.

Set path to cross-platform definitions. Lets you specify the path to your cross-platform definition files.

Set path to cross-platform setting store. Lets you specify the path to your cross-platform setting store.

Enable source for creating cross-platform settings. Enables a source platform for cross-platform settings.

App access control

This feature lets you add rules to control end user access to applications or to enforce machine-level redirections for files, folders, and registry values and keys.

There are two ways that you can create rules:

• GUI-based tool - WEM Tool Hub > Rule Generator for App Access Control
• PowerShell tool – available with the Profile Management installation package

Folder redirection

This feature lets you configure rule sets to redirect the paths of local folders to new locations. Each rule set specifies where you want to redirect the folders based on the users accessing them. A rule set mainly includes:

• Redirection rules. Specify which local folders you want to redirect and where to redirect them (such as a network location).
• Assignments. Specify the users to whom you assign the redirection rules.

To add a rule set for a configuration set, follow these steps:

1. Go to the Profile Management Settings page of the target configuration set.
2. Click the Folder redirection link above the search box.
3. On the Folder redirection page that appears, click Add rule set.
4. On the Add rule set page that appears, follow these steps to complete the settings:
   1. On the Redirection rules page, select the folders to redirect, specify the redirection destinations, and then click Next.
      • You can redirect a folder to a network location, the user’s home directory (only for certain folders), or the local user profile location.
      • By default, the Move contents to new location option is selected, identifying that after you set or modify a redirection target path, contents from the previous path are automatically moved to the new one. To prevent this behavior, clear the option.
   2. On the Assignments page, select users, groups, or OUs to which you want to assign the redirection rules, and then click Next. Default groups include Everyone and Administrators. To add a group, click Add new target.
   3. On the Additional settings page, specify the following settings for the rule set, and then click Next:
      • Grant access to administrators: Whether to grant the local Administrators group access to the redirection target paths. By default, those paths are accessible exclusively to the profile owner.
      • Grant access to specific users and groups: Whether to grant specific users and groups access to the redirection target paths. After selecting this option, click Add user/group to specify the users and groups as needed.
      • Include domain name: Whether to include the %userdomain% environment variable as part of the UNC path.
      • Set a priority for this rule set by entering a numeric value. Greater numbers indicate higher priority. When multiple rule sets apply to the same target, the one with the higher priority wins.
   4. Enter a descriptive name for this rule set and review settings. To adjust, click the corresponding step in the left pane.
   5. Click Done.

Note:

Currently, end users must log on twice for newly deployed rule sets to take effect.