Citrix Profile Management Settings
Note:
Some options work only with specific versions of Profile Management. Consult the Profile Management documentation for details.
Workspace Environment Management (WEM) supports the features and operation of the current version of Citrix Profile Management. In the WEM administration console, the Citrix Profile Management Settings (in Policies and Profiles) supports configuring all settings for the current version of Citrix Profile Management.
In addition to using WEM to configure Citrix Profile Management features, you can use Active Directory GPOs, Citrix Studio policies, or .ini files on the VDA. We recommend that you use the same method consistently.
Main Citrix Profile Management settings
Get started with Profile Management by applying basic settings. Basic settings include processed groups, excluded groups, user store, and more.
Enable Profile Management Configuration. When enabled, you can configure and apply your settings. Enabling this option creates Profile Management related registries in the user environment. The option controls whether WEM deploys Profile Management settings you configure in the console to the agent. If disabled, none of the Profile Management settings are deployed to the agent.
Enable Profile Management. Controls whether to enable the Profile Management service on the agent machine. If disabled, the Profile Management service does not work.
You might want to disable Profile Management completely so that settings already deployed to the agent will no longer be processed. To achieve the goal, do the following:
-
Clear the Enable Profile Management check box and wait for the change to apply automatically or apply the change manually for immediate effect.
Note:
The change takes some time to take effect, depending on the value you specified for SQL Settings Refresh Delay in Advanced Settings. For the change to take effect immediately, refresh agent host settings and then reset Profile Management settings for all related agents. See Administration.
-
After the change takes effect, clear the Enable Profile Management Configuration check box.
Set processed groups. Lets you specify which groups are processed by Profile Management. Only the specified groups have their Profile Management settings processed. If left empty, all groups are processed.
Set excluded groups. Lets you specify which groups are excluded from Profile Management.
Process logons of local administrators. If enabled, local administrator logons are treated the same as non-administrator logons for Profile Management.
Set path to user store. Lets you specify the path to the user store folder.
Migrate user store. Lets you specify the path to the folder where the user settings (registry changes and synchronized files) were saved. Type the user store path that you previously used. Use this option along with the Set path to user store option.
Enable active write back. If enabled, profiles are written back to the user store during the user’s session, preventing data loss.
- Enable active write back registry. If enabled, registry entries are written back to the user store during the user’s session, preventing data loss.
- Enable active write back on session lock and disconnection. If enabled, profile files and folders are written back only when a session is locked or disconnected. If both this option and the Enable active write back registry option are enabled, registry entries are written back only when a session is locked or disconnected.
Enable offline profile support. If enabled, profiles are cached locally for use while not connected.
Profile container settings
These options control Profile Management profile container settings.
Enable Profile Container. If enabled, Profile Management maps the listed folders to the profile disk stored on the network, thus eliminating the need to save a copy of the folders to the local profile. Specify at least one folder to include in the profile container.
Enable Folder Exclusions for Profile Container. If enabled, Profile Management excludes the listed folders from the profile container. Specify at least one folder to exclude from the profile container.
Enable Folder Inclusions for Profile Container. If enabled, Profile Management keeps the listed folders in the profile container when their parent folders are excluded. Folders on this list must be subfolders of the excluded folders. This means that you must use this option in combination with the Enable Folder Exclusions for Profile Container option. Specify at least one folder to include in the profile container.
Enable Local Cache for Profile Container. If enabled, each local profile serves as a local cache of its profile container. If profile streaming is in use, locally cached files are created on demand. Otherwise, they are created during user logons. To use this setting, put an entire user profile in its profile container. This setting applies only to Citrix Profile Management profile containers.
Enable VHD disk compaction. If enabled, VHD disks are automatically compacted on user logoff when certain conditions are met. This policy enables you to save the storage space consumed by profile container, OneDrive container, and mirror folder container. Depending on your needs and the resources available, you can adjust the default VHD compaction settings and behavior using the Disable defragmentation for VHD disk compaction, Set free space ratio to trigger VHD disk compaction, and Set number of logoffs to trigger VHD disk compaction options in Advanced settings.
Profile handling
These settings control Profile Management profile handling.
Delete local cached profiles on logoff. If enabled, locally cached profiles are deleted when the user logs off.
Set delay before deleting cached profiles. Lets you specify a delay (in seconds) before cached profiles are deleted on logoff.
Enable Migration of Existing Profiles. If enabled, existing Windows profiles are migrated to Profile Management on logon.
Automatic migration of existing application profiles. If enabled, existing application profiles are migrated automatically. Profile Management performs the migration when a user logs on and there are no user profiles in the user store.
Enable local profile conflict handling. Configures how Citrix Workspace Environment Management handles cases where Profile Management and Windows profiles conflict.
Enable template profile. If enabled, this uses a template profile at the indicated location.
Template profile overrides local profile. If enabled, the template profile overrides local profiles.
Template profile overrides roaming profile. If enabled, the template profile overrides roaming profiles.
Template profile used as Citrix mandatory profile for all logons. If enabled, the template profile overrides all other profiles.
Advanced settings
These options control advanced Profile Management settings.
Set number of retries when accessing locked files. Configures the number of times the Agent retries accessing locked files.
Set directory of the MFT cache file. Lets you specify the MFT cache file directory. This option has been deprecated and will be removed in the future.
Enable application profiler. If enabled, defines application-based profile handling. Only the settings defined in the definition file are synchronized. For more information about creating definition files, see Create a definition file.
Process Internet cookie files on logoff. If enabled, stale cookies are deleted at logoff.
Delete redirected folders. If enabled, deletes local copies of redirected folders.
Disable automatic configuration. If enabled, dynamic configuration is disabled.
Log off user if a problem is encountered. If enabled, users are logged off rather than switched to a temporary profile if a problem is encountered.
Customer experience improvement program. If enabled, Profile Management uses the Customer Experience Improvement Program (CEIP) to help improve the quality and performance of Citrix products by collecting anonymous statistics and usage information. For more information on the CEIP, see About the Citrix Customer Experience Improvement Program (CEIP).
Enable multi-session write-back for profile containers. If enabled, Profile Management saves changes in multi-session scenarios for both FSLogix Profile Container and Citrix Profile Management profile containers. If the same user launches multiple sessions on different machines, changes made in each session are synchronized and saved to the user’s profile container disk.
Enable asynchronous processing for user Group Policy on logon. If enabled, Profile Management roams with users a registry value that Windows uses to determine the processing mode for the next user logon — synchronous or asynchronous processing mode. If the registry value does not exist, synchronous mode is applied. Enabling the option ensures that the actual processing mode is applied each time users log on. If disabled, asynchronous mode can’t be applied as expected if users:
- Log on to different machines.
- Log on to the same machine where the Delete locally cached profiles on logoff option is enabled.
Disable defragmentation for VHD disk compaction. Applicable when Enable VHD disk compaction is enabled. Lets you specify whether to disable file defragmentation for VHD disk compaction.
Set free space ratio to trigger VHD disk compaction. Applicable when Enable VHD disk compaction is enabled. Lets you specify the free space ratio to trigger VHD disk compaction. When the free space ratio exceeds the specified value on user logoff, disk compaction is triggered.
Free space ratio = (current VHD file size – required minimum VHD file size*) ÷ current VHD file size
* Obtained using the `GetSupportedSize` method of the `MSFT_Partition` class from the Microsoft Windows operating system.
Set number of logoffs to trigger VHD disk compaction. Applicable when Enable VHD disk compaction is enabled. Lets you specify the number of user logoffs to trigger VHD disk compaction. When the number of logoffs since the last compaction reaches the specified value, disk compaction is triggered again.
Replicate user stores. If enabled, Profile Management replicates a user store to multiple paths on each logoff, in addition to the path that the Set path to user store option specifies. To synchronize to the user stores files and folders modified during a session, enable active write-back. Enabling the option can increase system I/O and might prolong logoffs.
When you enable the Replicate user store policy for the container-based profile solution, the Enable in-session policy container failover among user stores policy is automatically enabled to ensure profile redundancy for the entire session. With this policy enabled, if Profile Management loses connection to the active profile container during a session, it automatically switches to another available one. If you disable this policy, profile container failover occurs only at user logon.
Note:
Enabling this policy requires that only the profile container is enabled in your deployment. If any other containers, such as OneDrive, UWP, Outlook, folder mirroring, or Profile streaming for pending area is enabled, this policy won’t take effect.
Customize storage path for VHDX files. Lets you specify a separate path to store VHDX files. By default, VHDX files are stored in the user store. Policies that use VHDX files include the following: Profile container, Search index roaming for Outlook, and Accelerate folder mirroring. If enabled, VHDX files of different policies are stored in different folders under the storage path.
Enable search index roaming for Microsoft Outlook users. If enabled, the user-specific Microsoft Outlook offline folder file (*.ost) and Microsoft search database are roamed along with the user profile. This improves the user experience when searching mail in Microsoft Outlook.
-
Outlook search index database – backup and restore. If enabled, Profile Management automatically saves a backup of the last known good copy of the search index database. When there is a corruption, Profile Management reverts to that copy. As a result, you no longer need to manually reindex the database when the search index database becomes corrupted.
-
Enable concurrent session support for Outlook search data roaming. Provides native Outlook search experience in concurrent sessions. If enabled, each concurrent session uses a separate Outlook OST file.
- Maximum number of VHDX disks for storing Outlook OST files. Lets you specify the maximum number of VHDX disks for storing Outlook OST files. If unspecified, only two VHDX disks can be used to store Outlook OST files (one file per disk). If more sessions start, their Outlook OST files are stored in the local user profile. Supported values: 1–10.
Enable OneDrive container. If enabled, Profile Management roams OneDrive folders with users by storing the folders on a VHDX disk. The disk is attached during logons and detached during logoffs.
Log settings
These options control Profile Management logging.
Enable Logging. Enables/disables logging of Profile Management operations.
Configure Log Settings. Lets you specify which types of events to include in the logs.
Set Maximum Size of Log File. Lets you specify a maximum size in bytes for the log file.
Set Path to Log File. Lets you specify the location at which the log file is created.
Registry
These options control Profile Management registry settings.
NTUSER.DAT Backup. If selected, Profile Management maintains a last known good backup of the NTUSER.DAT file. If Profile Management detects corruption, it uses the last known good backup copy to recover the profile.
Enable Default Exclusion List. Default list of registry keys in the HKCU hive that are not synchronized to the user’s profile. If selected, registry settings which are selected in this list are forcibly excluded from Profile Management profiles.
Enable Registry Exclusions. Registry settings in this list are forcibly excluded from Profile Management profiles.
Enable Registry Inclusions. Registry settings in this list are forcibly included in Profile Management profiles.
File system
These options control file system exclusions for Profile Management.
Enable Logon Exclusion Check. If enabled, configures what Profile Management does when a user logs on when a profile in the user store contains excluded files or folders. (If disabled, the default behavior is Synchronize excluded files or folders). You can select one of the following behaviors in the list:
Synchronize excluded files or folders (default). Profile Management synchronizes these excluded files or folders from the user store to local profile when a user logs on.
Ignore excluded files or folders. Profile Management ignores the excluded files or folders in the user store when a user logs on.
Delete excluded files or folder. Profile Management deletes the excluded files or folders in the user store when a user logs on.
Enable Default Exclusion List - Directories. Default list of directories ignored during synchronization. If selected, folders which are selected in this list are excluded from the Profile Management synchronization.
Enable File Exclusions. If enabled, the listed files are not included in a user’s Profile Management profile. This allows you to exclude specific folders known to contain large amounts of data which the user does not need to have as part of their Profile Management profile. The list is pre-populated with default Windows 7 exclusions, and can be pre-populated with default Windows XP exclusions instead.
Enable Folder Exclusions. If enabled, the listed folders are not included in a user’s Profile Management profile. This allows you to exclude specific folders known to contain large amounts of data which the user does not need to have as part of their Profile Management profile. The list is pre-populated with default Windows 7 exclusions, and can be pre-populated with default Windows XP exclusions instead.
Profile Cleansing. Opens the Profiles Cleanser wizard, which allows you to delete existing profiles.
To delete existing profiles, click Browse to navigate to the folder where user profiles are stored, click Scan Profiles Folder, and then select the profile folder that you want to clean up in the Profiles Cleanser window. After that, click Cleanse Profiles to start the cleanup.
Cleanse Profiles. Cleans the selected profiles per the folder exclusion settings.
Scan Profiles Folder. Scans the specified folder with the specified recursion settings to find user profiles and then displays all profiles found.
Profiles Root Folder. The root folder of your user profiles. You can also browse to this folder if you like.
Search Recursivity. Controls how many levels of recursion the user profile search goes through.
Synchronization
These options control Profile Management synchronization settings.
Enable Directory Synchronization. If enabled, the listed folders are synchronized to the user store.
Enable File Synchronization. If enabled, the listed files are synchronized to the user store, ensuring that users always get the most up-to-date versions of the files. If files have been modified in more than one session, the most up-to-date files are kept in the user store.
Enable Folder Mirroring. If enabled, the listed folders are mirrored to the user store on logoff, ensuring that files and subfolders in mirrored folders stored in the user store are the same as the local versions. See below for more information about how folder mirroring works.
- Files in mirrored folders will always overwrite files stored in the user store on session logoff, irrespective of whether they are modified.
- If extra files or subfolders are present in the user store compared to the local versions in mirrored folders, those extra files and subfolders are deleted from the user store on session logoff.
Enable Large File Handling. If enabled, large files are redirected to the user store, thereby eliminating the need to synchronize those files over the network.
Note:
Some applications do not allow concurrent file access. Citrix recommends that you take application behavior into consideration when you define your large file handling policy.
Streamed user profiles
These options control streamed user profile settings.
Enable Profile Streaming. If disabled, none of the settings in this section are processed.
Enable Profile Streaming for Folders. If enabled, folders are fetched only when they are being accessed. This setting eliminates the need to traverse all folders during user logons, thus saving bandwidth and reducing the time to synchronize files.
Enable Profile Streaming for Pending Area. If enabled, files in the pending area are fetched to the local profile only when they are requested. This ensures optimum logon experience in concurrent session scenarios. The pending area is used to ensure profile consistency while profile streaming is enabled. It temporarily stores profile files and folders changed in concurrent sessions. By default, this option is disabled. All files and folders in the pending area are fetched to the local profile during logon.
Always Cache. If enabled, files of the specified size (in MB) or larger will always be cached.
Set timeout for pending area lock files: Frees up files so they are written back to the user store from the pending area after the specified time if the user store remains locked when a server becomes unresponsive.
Set streamed user profile groups. This list determines which user groups streamed profiles are used for.
Enable Profile Streaming Exclusion List - Directories. If selected, Profile Management does not stream folders in this list, and all the folders are fetched immediately from the user store to the local computer when users log on.
File deduplication
These options control Profile Management file deduplication settings.
Identical files can exist among various user profiles. Separating those files from the user store and storing them in a central location saves storage space by avoiding duplicates. You can specify files that you want to include in the shared store on the server hosting the user store. Specify the file names with paths relative to the user profile.
Enable File Inclusions. If enabled, Profile Management generates the shared store automatically. It then centrally stores the specified files in the shared store rather than in each user profile in the user store. Doing so reduces the load on the user store by avoiding file duplication, thus reducing your storage cost.
Enable File Exclusions. If enabled, Profile Management excludes the specified files from the shared store. You must use this option along with the Enable File Inclusions option. Specify at least one file to exclude from the shared store.
Cross-platform settings
These options control cross-platform settings.
Enable cross-platform settings. If disabled, none of the settings in this section are processed.
Set cross-platform settings groups. Lets you specify the user groups for which cross-platform profiles are used.
Set path to cross-platform definitions. Lets you specify the path to your cross-platform definition files.
Set path to cross-platform setting store. Lets you specify the path to your cross-platform setting store.
Enable source for creating cross-platform settings. Enables a source platform for cross-platform settings.
App access control
This feature controls user access to files, folders, and registries. A typical use case is to apply rules to control user access to apps installed on machines — whether to make apps visible to relevant users.
Enable app access control. If enabled, Profile Management controls user access to items (such as files, folders, and registries) based on the rules you provide.
There are two ways that you can create application rules:
- GUI-based tool - WEM Tool Hub > Rule Generator for App Access Control
- PowerShell tool – available with the Profile Management installation package
Folder redirection
This feature lets you configure rule sets to redirect the paths of local folders to new locations. Each rule set specifies where you want to redirect the folders based on the users accessing them. A rule set mainly includes:
- Redirection rules. Specify which local folders you want to redirect and where to redirect them (such as a network location).
- Assignments. Specify the users to whom you assign the redirection rules.
To add a rule set for a configuration set, follow these steps:
- Go to the Profile Management Settings page of the target configuration set.
- Click the Folder redirection link above the search box.
- On the Folder redirection page that appears, click Add rule set.
- On the Add rule set page that appears, follow these steps to complete the settings:
- On the Redirection rules page, select the folders to redirect, specify the redirection destinations, and then click Next.
- You can redirect a folder to a network location, the user’s home directory (only for certain folders), or the local user profile location.
- By default, the Move contents to new location option is selected, identifying that after you set or modify a redirection target path, contents from the previous path are automatically moved to the new one. To prevent this behavior, clear the option.
- On the Additional settings page, specify the following settings for the rule set, and then click Next.
- Whether to grant the local Administrators group access to the redirection target paths. By default, those paths are accessible exclusively to the profile owner.
- Whether to include the %userdomain% environment variable as part of the UNC path.
- Set a priority for this rule set by entering a numeric value. Greater numbers indicate higher priority. When multiple rule sets apply to the same user, the one with the higher priority wins.
- On the Assignments page, select users, groups, or OUs to which you want to assign the redirection rules, and then click Next. Default groups include Everyone and Administrators. To add a group, click Add new target.
- Enter a descriptive name for this rule set and review settings. To adjust, click the corresponding step in the left pane.
- Click Done.
- On the Redirection rules page, select the folders to redirect, specify the redirection destinations, and then click Next.
Note:
Currently, end users must log on twice for newly deployed rule sets to take effect.