Enable file deduplication
Identical files can exist in various user profiles in the user store. Having duplicate instances of files stored in the user store increases your storage cost.
File deduplication policies let Profile Management remove duplicate files from the user store and store one instance of them in a central location (called shared store). Doing so avoids file duplication in the user store, thus reducing your storage cost.
To enable file deduplication and specify files to include in the shared store, configure the following policies:
- File deduplication > Files to include in the shared store for deduplication
- (Optional) File deduplication > Files to exclude from the shared store
After you configure file deduplication policies, Profile Management creates the shared store in the same path as the user store. For example,
-
Path to the user store:
\\server\profiles$\%USERDOMAIN%\%USERNAME%\!CTX_OSNAME!!CTX_OSBITNESS!
-
Path to the shared store:
\\server\profiles$\%USERDOMAIN%\SharedFilesStore
Include files in the shared store for deduplication
If duplicated files exist in the user store, enable file deduplication and specify files to include in the shared store for deduplication.
Important:
Since all files deduplicated into the shared store can be read by all domain users, we recommend against deduplicating personal and sensitive data.
Detailed steps are as follows:
- Open the Group Policy Management Editor.
- Access Policies > Administrative Templates: Policy definitions (ADMX files) > Citrix Components > Profile Management > File deduplication.
- Double-click Files to include in the shared store for deduplication.
- Select Enabled.
- In the List of files to include in the shared store field, click Show.
-
Enter the file names with paths relative to the user profile.
Wildcards are supported with the following considerations:
- Wildcards in file names are applied recursively. To restrict them only to the current folder, use the vertical bar (
|
). - Wildcards in folder names are not applied recursively.
Examples:
-
Downloads\profilemgt_x64.msi
— The profilemgt_x64.msi file in the Downloads folder -
*.cfg
— Files with the .cfg extension in the user profile folder and its subfolders -
Music\*
— Files in the Music folder and its subfolders -
Downloads\*.iso
— Files with the .iso extension in the Downloads folder and its subfolders -
Downloads\*.iso|
— Files with the .iso extension only in the Downloads folder -
AppData\Local\Microsoft\OneDrive\*\*.dll
— Files with the .dll extension in any immediate subfolder of the AppData\Local\Microsoft\OneDrive folder
- Wildcards in file names are applied recursively. To restrict them only to the current folder, use the vertical bar (
- Click OK and OK again.
Configuration precedence
- If this setting is disabled, the shared store is disabled.
- If this setting isn’t configured here, the value from the .ini file is used.
- If this setting is not configured either here or in the .ini file, the shared store is disabled.
Exclude files from the shared store
Wildcard characters let you include a group of files in the shared store all at once. To exclude some files from the group, enable and configure the Files to exclude from the shared store policy as follows:
- Open the Group Policy Management Editor.
- Access Policies > Administrative Templates: Policy definitions (ADMX files) > Citrix Components > Profile Management > File deduplication.
- Double-click Files to exclude from the shared store.
- Select Enabled.
- In the List of files to exclude from the shared store field, click Show.
-
Enter the file names with paths relative to the user profile.
Wildcards are supported with the following considerations:
- Wildcards in file names are applied recursively. To restrict them only to the current folder, use the vertical bar (
|
). - Wildcards in folder names are not applied recursively.
Examples:
-
Downloads\profilemgt_x64.msi
— The profilemgt_x64.msi file in the Downloads folder -
*.tmp
— Files with the .tmp extension in the user profile folder and its subfolders -
AppData\*.tmp
— Files with the .tmp extension in the AppData folder and its subfolders -
AppData\*.tmp|
— Files with the .tmp extension only in the AppData folder -
Downloads\*\a.txt
— The a.txt file in any immediate subfolder of the Downloads folder
- Wildcards in file names are applied recursively. To restrict them only to the current folder, use the vertical bar (
- Click OK and OK again.
Configuration precedence
- If this setting is disabled, no files are excluded.
- If this setting isn’t configured here, the value from the .ini file is used.
- If this setting is not configured either here or in the .ini file, no files are excluded.
Configure shared store security settings
If no shared store exists, Profile Management automatically creates one with the following permission settings:
- Domain computers: Full control access
- Domain users: Read access
Since the default settings grant full control access to domain computers, we recommend you manually create the shared store and implement credential-based access for improved security. To do so, follow these steps:
-
Create the shared store folder at the same directory level as the
%USERNAME%
parameter in the Path to user store setting. For example, the Path to user store setting is\\SERVER\UPM_USER_STORE\%USERNAME%.%USERDOMAIN%\!CTX_OSNAME!!CTX_OSBITNESS!
, then the shared store folder must be\\SERVER\UPM_USER_STORE\SharedStore
. -
Grant the following permissions for the shared store. As shown in this figure, the user
SharedStoreManagementUser
is the credential used to access the shared store. -
On each VDA, add Windows credentials for the
SharedStoreManagementUser
user account to access the shared store. You can use Windows Credential Manager or Workspace Environment Management for this purpose. See the procedures described in Enable credential-based access to user stores for details.