Profile Management best practices
A Windows user profile is a collection of folders, files, registry,and configuration settings defining the environment for a user who logs on with a particular user account. Users can customize these settings depending on the administrative configuration.
Windows 10 compatibility
Citrix Profile Management supports the latest version of Windows 10 available at release time of Profile Management. It also supports all earlier versions of Windows 10. For example, Citrix Profile Management Version 1912 was shipping at a time when the latest version of Windows 10 was 1909 (RS7). Profile Management 1912 supports Windows 1909 (RS7) and all earlier versions of Windows 10.
The following table summarizes the recommended Microsoft Windows 10 operating systems for different versions of Profile Management:
Profile Management version | Windows 10 version | Notes |
---|---|---|
1912 | Windows 10 1909 (RS7) | Citrix Virtual Apps and Desktops 7 1912 |
1909 | Windows 10 1903 (RS6) | Citrix Virtual Apps and Desktops 7 1909 |
1906 | Windows 10 1903 (RS6) | Citrix Virtual Apps and Desktops 7 1906 |
1903 | Windows 10 1809 (RS5) | Citrix Virtual Apps and Desktops 7 1903 |
1811 | Windows 10 1809 (RS5) | Citrix Virtual Apps and Desktops 7 1811 |
1808 | Windows 10 1803 (RS4) | Citrix Virtual Apps and Desktops 7 1808 |
7.18 | Windows 10 1803 (RS4) | XenApp and XenDesktop 7.18 |
7.17 | Windows 10 1709 (RS3) | XenApp and XenDesktop 7.17 |
7.16 | Windows 10 1703 (RS2) | XenApp and XenDesktop 7.16 |
7.15 Long Term Service Release | Windows 10 1703 (RS2) | XenApp and XenDesktop 7.15 LTSR with the latest Cumulative Update |
Note:
Attempts to upgrade an OS where Citrix user profiles exist might fail. To proceed with the upgrade, remove Citrix user profiles from the local machine.
Windows 10 Start menu customization
We recommend using a partial lockdown customization layout and deploying the customization through Group Policy. For more information about customizing the layout of the Start menu, see https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-start-layout.
Start menu roaming
Applications pinned to the Start menu might disappear on the following operating systems after several logons:
- Windows 10 version 1607 and newer, 32-bit and 64-bit
- Windows Server 2016 Standard and
Datacenter
editions - Windows Server 2019 Standard and
Datacenter
editions - Windows 10 Enterprise for Virtual Desktops
To ensure that Start menu roaming works properly on the preceding operating systems, complete the following configuration steps:
- Enable the Folders to mirror policy and then add the following folders to the list of folders to mirror:
Appdata\Local\Packages
Appdata\Local\Microsoft\Windows\Caches
-
!ctx_localappdata!\TileDataLayer
(applicable only to versions earlier than Windows 10 version 1703)
Note:
Starting with Citrix Profile Management 1912, a folder added to Default exclusion list – directories or Exclusion list – directories cannot be synchronized even if you add it to Folders to mirror. Ensure that you remove the
appdata\local\packages
folder from the exclusion lists before you add it to Folders to mirror. - Enable the Files to synchronize policy and then add the following folder to the list of files to synchronize:
Appdata\Local\Microsoft\Windows\UsrClass.dat*
Outlook and Office 365
Microsoft recommends Cached Exchange Mode so that a consistent online and offline Microsoft Outlook experience is enabled. You can turn on the Cached Exchange Mode from the Microsoft Outlook client. For more information, see https://docs.microsoft.com/en-us/exchange/outlook/cached-exchange-mode.
When you use Cached Exchange Mode, there is always a copy of a user’s Exchange mailbox in an offline folder file (*.ost). The file can grow large.
We recommend avoiding storing Microsoft Outlook data locally or on shared drives. Use the Enable native Outlook search experience feature instead. With this feature, the Outlook offline folder file (*.ost) and the Microsoft search database specific to the user roam along with the user profile. This feature improves the user experience when searching mail in Microsoft Outlook. For more information on using this feature, see Enable native Outlook search experience.
Configuring Profile Management from one location
There are three locations from which you can configure Profile Management. To configure Profile Management, use HDX policies in Citrix Studio, or a GPO in Active Directory. You can also configure Profile Management using Workspace Environment Management.
We recommend that you choose only one of the three locations to configure Profile Management.
Troubleshooting best practice
Always use the Profile Management configuration checker tool (UPMConfigCheck) to identify potential configuration errors. For more information on this tool, see Knowledge Center article CTX132805.
When Profile Management does not work, first validate whether the User Store configured is accessible.
Cookie handling
Profile Management now supports deleting stale cookies for Internet Explorer 10 and Internet Explorer 11. You can use the “Process Internet cookie files on logoff” policy to delete stale cookies to avoid cookie folder bloat. In addition, add the following folders to the list of folders that you want to mirror:
-
AppData\Local\Microsoft\Windows\INetCookies
-
AppData\Local\Microsoft\Windows\WebCache
-
AppData\Roaming\Microsoft\Windows\Cookies
Profile streaming with Microsoft Credentials Roaming enabled
By default, the following folders in the configuration file are excluded from profile streaming:
-
AppData\Local\Microsoft\Credentials
-
Appdata\Roaming\Microsoft\Credentials
-
Appdata\Roaming\Microsoft\Crypto
-
Appdata\Roaming\Microsoft\Protect
-
Appdata\Roaming\Microsoft\SystemCertificates
If you configure profile streaming exclusion manually, ensure to add the preceding folders to “Profile streaming exclusion list–directories.”
Synchronizing profiles efficiently
Insufficiently synchronized user profiles can result in slow logons, losses of user settings, and profile corruption. It can also need excessive administrative efforts. To synchronize profiles efficiently, follow the recommendations described in this article.
Folder redirection
Folder redirection is a feature of Microsoft Windows that you can use with Profile Management. Folder redirection plays a key role in delivering a successful profile solution.
To use folder redirection, ensure that the relevant users are in the OU that Profile Management manages. We recommend that you configure folder redirection using a GPO in Active Directory.
For example, you can redirect the following folders by enabling the corresponding policies under User Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix > Profile Management > Folder Redirection:
Documents, Pictures, Music, Videos, Favorites, Contacts, Downloads, Links, Searches, and Saved Games
Note:
- Folder redirection eliminates the need to copy the data in those folders each time users log on and thus accelerates user logons.
- We strongly recommend not enabling Folder Redirection for AppData (Roaming) and Start Menu because it might cause issues in applications and the Start menu.
- Do not redirect the Desktop folder if it is too large. Otherwise, a black screen might occur when a user logs on.
Include and exclude files and folders
Profile Management lets you specify files and folders that you do not want to synchronize by customizing inclusion and exclusion lists. To avoid profile bloat, exclude cache files for third party applications, for example, Chrome cache files located at Appdata\Local\Google\Chrome\UserData\Default\Cache. For more information, see Include and exclude items.
Profile streaming
Profile Management fetches files and folders in a profile from the user store to the local computer only when users access them after they log on. Doing so speeds up the logon process and reduces the profile size. For example, if a file is not actually used, it is never copied to the local profile folder. You can also use the Always cache policy to impose a lower limit on the size of files that are streamed. Any file this size or larger is cached locally as soon as possible after logon.
Active Write Back and Registry
This feature decreases logoff times compared to the Profile streaming feature, especially when there are many changed files. This feature synchronizes modified files and folders (but not registry entries) to the user store during the session, but before logoff.
Internet Explorer 10/11 cookie support
Profile Management 5.0 and later supports enhanced processing for cookies when using Internet Explorer 10 and Internet Explorer 11. To avoid cookie folder bloat, use the Process Internet cookie files on logoff policy to delete stale cookies. You can add the following folders to the list of folders to mirror:
- AppData\Local\Microsoft\Windows\INetCookies
- AppData\Local\Microsoft\Windows\WebCache
- AppData\Roaming\Microsoft\Windows\Cookies
For more information, see Process Internet cookie files on logoff.