Profile Management

Best practices

A Windows user profile is a collection of folders, files, registry, and configuration settings defining the environment for a user who logs on with a particular user account. Users can customize these settings depending on the administrative configuration.

Configure Profile Management from one location

There are three locations from which you can configure Profile Management. To configure Profile Management, use one of the following ways:

  • A GPO in Active Directory
  • Policies in Citrix Studio
  • Workspace Environment Management

We recommend that you choose only one of the three locations to configure Profile Management.

Watch this video to learn more:

Expert Advice on Citrix Profile Management Deployment Methods

Profile Management supports deleting stale cookies for Internet Explorer 10 and Internet Explorer 11. You can use the Process Internet cookie files on logoff policy to delete stale cookies to avoid cookie folder bloat. In addition, add the following folders to the list of folders that you want to mirror:

  • AppData\Local\Microsoft\Windows\INetCookies

  • AppData\Local\Microsoft\Windows\WebCache

  • AppData\Roaming\Microsoft\Windows\Cookies

Outlook and Office 365

Microsoft recommends Cached Exchange Mode so that a consistent online and offline Microsoft Outlook experience is enabled. You can turn on the Cached Exchange Mode from the Microsoft Outlook client. For more information, see https://docs.microsoft.com/en-us/exchange/outlook/cached-exchange-mode.

When you use Cached Exchange Mode, there is always a copy of a user’s Exchange mailbox in an Offline Outlook Data File (*.ost). The file can grow large.

We recommend avoiding storing Microsoft Outlook data locally or on shared drives. Use the Enable native Outlook search experience feature instead. With this feature, the Offline Outlook Data File (*.ost) and the Microsoft search database specific to the user roam along with the user profile. This feature improves the user experience when searching mail in Microsoft Outlook. For more information on using this feature, see Enable native Outlook search experience.

Profile streaming with Microsoft Credentials Roaming enabled

By default, the following folders in the configuration file are excluded from profile streaming:

  • AppData\Local\Microsoft\Credentials

  • Appdata\Roaming\Microsoft\Credentials

  • Appdata\Roaming\Microsoft\Crypto

  • Appdata\Roaming\Microsoft\Protect

  • Appdata\Roaming\Microsoft\SystemCertificates

If you configure profile streaming exclusion manually, ensure to add the preceding folders to “Profile streaming exclusion list–directories.”

Start menu roaming

Applications pinned to the Start menu might disappear on the following operating systems after several logons:

  • Windows 10 Version 1607 and later, 32-bit and 64-bit
  • Windows Server 2016 Standard and Datacenter editions
  • Windows Server 2019 Standard and Datacenter editions
  • Windows 10 Enterprise for Virtual Desktops

Note:

You cannot use the same policy for both Windows 10 and Windows Server 2016/2019. Configure separate policies for VDI and shared desktop platforms, or if using Profile Management 2103 or later, use automatic configuration.

Automatically enable Start menu roaming

If you are using Profile Management 2103 or later, Start menu roaming is enabled automatically.

If you are using Profile Management 2106 or later, we recommend you enable the Accelerate folder mirroring policy, which is located under Profile Management > File system > Synchronization. This setting provides better user logon and logoff experience for the folder mirroring feature. For more information, see Accelerate folder mirroring.

Manually enable Start menu roaming on Windows 10

If you are using Profile Management 2012 or earlier, follow these steps:

  1. Go to Profile Management > File system > Synchronization.

  2. Set the Folders to mirror policy to Enabled, and then add the following folders to the list of folders to mirror:
    • Appdata\Local\Packages
    • Appdata\Local\Microsoft\Windows\Caches
    • !ctx_localappdata!\TileDataLayer (applicable only to Windows 10 version 1607 and earlier)

    Note:

    Starting with Citrix Profile Management 1912, a folder added to Default exclusion list – directories or Exclusion list – directories cannot be synchronized even if you add it to Folders to mirror. Ensure that you remove the appdata\local\packages folder from the exclusion lists before you add it to Folders to mirror.

  3. Set the Files to synchronize policy to Enabled, and then add the following file to the list of files to synchronize.
    • Appdata\Local\Microsoft\Windows\UsrClass.dat*

Manually enable Start menu roaming on Windows Servers

If you are using Profile Management 2012 or earlier, follow these steps:

  1. Go to Profile Management > Advanced settings, and then set the Disable automatic configuration policy to Enabled.

  2. Go to Profile Management > File system > Synchronization.

  3. Set the Folders to mirror policy to Enabled, and then add the following folder to the list of folders to mirror:

    • Appdata\Local\Microsoft\Windows\Caches
  4. Set the Exclusion list – directories policy to Enabled, and then add the following folder to the list of folders to exclude:

    • Appdata\Local\Packages
  5. Set the Exclusion list – files policy to Enabled, and then add the following file to the list of files to exclude:

    • Appdata\Local\Microsoft\Windows\UsrClass.dat*

Synchronize profiles efficiently

Insufficiently synchronized user profiles can result in slow logons, losses of user settings, and profile corruption. It can also need excessive administrative efforts. To synchronize profiles efficiently, follow the recommendations described in this article.

Folder redirection

Folder redirection is a feature of Microsoft Windows that you can use with Profile Management. Folder redirection plays a key role in delivering a successful profile solution.

To use folder redirection, ensure that the relevant users are in the OU that Profile Management manages. We recommend that you configure folder redirection using a GPO in Active Directory.

For example, you can redirect the following folders by enabling the corresponding policies under User Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix > Profile Management > Folder Redirection:

Documents, Pictures, Music, Videos, Favorites, Contacts, Downloads, Links, Searches, and Saved Games

Note:

  • Folder redirection eliminates the need to copy the data in those folders each time users log on and thus accelerates user logons.
  • We strongly recommend not enabling Folder Redirection for AppData (Roaming) and Start Menu because it might cause issues in applications and the Start menu.
  • Do not redirect the Desktop folder if it is too large. Otherwise, a black screen might occur when a user logs on.

Include and exclude files and folders

Profile Management lets you specify files and folders that you do not want to synchronize by customizing inclusion and exclusion lists. To avoid profile bloat, exclude cache files for third party applications, for example, Chrome cache files located at Appdata\Local\Google\Chrome\UserData\Default\Cache. For more information, see Include and exclude items.

Profile streaming

Profile Management fetches files in a profile from the user store to the local computer only when users access them after they log on. Doing so speeds up the logon process and reduces the profile size. For example, if a file is not used, it is never copied to the local profile folder. You can also use the Always cache policy to impose a lower limit on the size of files that are streamed. Any file this size or larger is cached locally as soon as possible after logon.

You can enable both the Enable profile streaming for folders and the Profile streaming policies to eliminate the need to fetch folders that are not accessed.

Enable profile streaming for folders

Active Write Back and Registry

This feature decreases logoff times compared to the Profile streaming feature, especially when there are many changed files. This feature synchronizes modified files and folders (but not registry entries) to the user store during the session, but before logoff.

Profile Management 5.0 and later supports enhanced processing for cookies when using Internet Explorer 10 and Internet Explorer 11. To avoid cookie folder bloat, use the Process Internet cookie files on logoff policy to delete stale cookies. You can add the following folders to the list of folders to mirror:

  • AppData\Local\Microsoft\Windows\INetCookies
  • AppData\Local\Microsoft\Windows\WebCache
  • AppData\Roaming\Microsoft\Windows\Cookies

For more information, see Process Internet cookie files on logoff.

Troubleshooting best practice

Always use the Profile Management configuration checker tool (UPMConfigCheck) to identify potential configuration errors. For more information on this tool, see Knowledge Center article CTX132805.

When Profile Management does not work, first validate whether the User Store configured is accessible.

Windows 10 Start menu customization

We recommend using a partial lockdown customization layout and deploying the customization through Group Policy. For more information about customizing the layout of the Start menu, see https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-start-layout.

Best practices