Profile Management best practices 编辑
A Windows user profile is a collection of folders, files, registry, and configuration settings defining the environment for a user who logs on with a particular user account. Users can customize these settings depending on the administrative configuration.
Configure Profile Management from one location
There are three locations from which you can configure Profile Management. To configure Profile Management, use one of the following ways:
- A GPO in Active Directory
- Policies in Citrix Studio
- Workspace Environment Management
We recommend that you choose only one of the three locations to configure Profile Management.
Watch this video to learn more:
Cookie handling
Profile Management supports deleting stale cookies for Internet Explorer 10 and Internet Explorer 11. You can use the Process Internet cookie files on logoff policy to delete stale cookies to avoid cookie folder bloat. In addition, add the following folders to the list of folders that you want to mirror:
AppData\Local\Microsoft\Windows\INetCookies
AppData\Local\Microsoft\Windows\WebCache
AppData\Roaming\Microsoft\Windows\Cookies
Improve user logon performance
Profile Management provides various policies to improve user logon performance. Examples include the Streamed user profiles, Accelerate folder mirroring, and Profile container policies. These policies are helpful in scenarios where user profiles keep growing with daily use.
This section provides two Profile Management solutions that let you improve user logon performance.
Enable streamed profiles and accelerate folder mirroring
After deploying the user store in your environment, enable the following policies to improve user logon performance:
Go to Profile Management > Streamed user profiles, and then enable Profile streaming and Enable profile streaming for folders.
Go to Profile Management > File system, and then enable Accelerate folder mirroring.
Enable the profile container for the full profile
You can deploy the VHDX-based Citrix profile solution (called profile container) to improve logon performance. Those VHDX files are dynamically attached on user logons. To deploy the VHDX-based solution, enable the profile container to store the full user profile as follows:
- Go to Profile Management > Profile container settings.
- Enable Profile container and enter an asterisk (*) to the profile container list.
Performance comparisons
We recommend the preceding solutions based on our tests with a typical user profile. For more information, see Knowledge Center article CTX463658. As shown in the following tables, user logon and logoff times dropped significantly after we deployed either solution.
Test results of enabling the Streamed user profiles and Accelerating folder mirroring policies:
Parameters | Before | After |
---|---|---|
Logon time / Total logon time | 53.81 s / 56.48 s | 1.80 s / 4.45 s |
Logoff time / Total logoff time | 42.49 s / 43.67 s | 5.62 s / 6.89 s |
Test results of enabling the Profile container policy for the full profile:
Parameters | Before | After |
---|---|---|
Logon time / Total logon time | 53.81 s / 56.48 s | 2.66 s / 5.26 s |
Logoff time / Total logoff time | 42.49 s / 43.67 s | 3.63 s / 4.99 s |
Outlook and Office 365
Microsoft recommends Cached Exchange Mode so that a consistent online and offline Microsoft Outlook experience is enabled. You can turn on the Cached Exchange Mode from the Microsoft Outlook client. For more information, see https://docs.microsoft.com/en-us/exchange/outlook/cached-exchange-mode.
When you use Cached Exchange Mode, there is always a copy of a user’s Exchange mailbox in an Offline Outlook Data File (*.ost). The file can grow large.
We recommend avoiding storing Microsoft Outlook data locally or on shared drives. Use the Enable native Outlook search experience feature instead. With this feature, the Offline Outlook Data File (*.ost) and the Microsoft search database specific to the user roam along with the user profile. This feature improves the user experience when searching mail in Microsoft Outlook. For more information on using this feature, see Enable native Outlook search experience.
Profile streaming with Microsoft Credentials Roaming enabled
By default, the following folders in the configuration file are excluded from profile streaming:
AppData\Local\Microsoft\Credentials
Appdata\Roaming\Microsoft\Credentials
Appdata\Roaming\Microsoft\Crypto
Appdata\Roaming\Microsoft\Protect
Appdata\Roaming\Microsoft\SystemCertificates
If you configure profile streaming exclusion manually, ensure to add the preceding folders to “Profile streaming exclusion list–directories.”
Start menu roaming
Applications pinned to the Start menu might disappear on the following operating systems after several logons:
- Windows 10 Version 1607 and later, 32-bit and 64-bit
- Windows Server 2016 Standard and
Datacenter
editions - Windows Server 2019 Standard and
Datacenter
editions - Windows 10 Enterprise for Virtual Desktops
Note:
You cannot use the same policy for both Windows 10 and Windows Server 2016/2019. Configure separate policies for VDI and shared desktop platforms, or if using Profile Management 2103 or later, use automatic configuration.
Automatically enable Start menu roaming
If you are using Profile Management 2103 or later, Start menu roaming is enabled automatically.
If you are using Profile Management 2106 or later, we recommend you enable the Accelerate folder mirroring policy, which is located under Profile Management > File system > Synchronization. This setting provides better user logon and logoff experience for the folder mirroring feature. For more information, see Accelerate folder mirroring.
Manually enable Start menu roaming on Windows 10
If you are using Profile Management 2012 or earlier, follow these steps:
Go to Profile Management > File system > Synchronization.
- Set the Folders to mirror policy to Enabled, and then add the following folders to the list of folders to mirror:
Appdata\Local\Packages
Appdata\Local\Microsoft\Windows\Caches
!ctx_localappdata!\TileDataLayer
(applicable only to Windows 10 version 1607 and earlier)
Note:
Starting with Citrix Profile Management 1912, a folder added to Default exclusion list – directories or Exclusion list – directories cannot be synchronized even if you add it to Folders to mirror. Ensure that you remove the
appdata\local\packages
folder from the exclusion lists before you add it to Folders to mirror. - Set the Files to synchronize policy to Enabled, and then add the following file to the list of files to synchronize.
Appdata\Local\Microsoft\Windows\UsrClass.dat*
Manually enable Start menu roaming on Windows Servers
If you are using Profile Management 2012 or earlier, follow these steps:
Go to Profile Management > Advanced settings, and then set the Disable automatic configuration policy to Enabled.
Go to Profile Management > File system > Synchronization.
Set the Folders to mirror policy to Enabled, and then add the following folder to the list of folders to mirror:
Appdata\Local\Microsoft\Windows\Caches
Set the Exclusion list – directories policy to Enabled, and then add the following folder to the list of folders to exclude:
Appdata\Local\Packages
Set the Exclusion list – files policy to Enabled, and then add the following file to the list of files to exclude:
Appdata\Local\Microsoft\Windows\UsrClass.dat*
Synchronize profiles efficiently
Insufficiently synchronized user profiles can result in slow logons, losses of user settings, and profile corruption. It can also need excessive administrative efforts. To synchronize profiles efficiently, follow the recommendations described in this article.
Folder redirection
Folder redirection is a feature of Microsoft Windows that you can use with Profile Management. Folder redirection plays a key role in delivering a successful profile solution. To use folder redirection, ensure that the relevant users are in the OU that Profile Management manages. Citrix recommends that you configure folder redirection using a GPO in Active Directory. For example, you can redirect the following folders under User Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix > Profile Management > Folder Redirection:
- AppData (Roaming)
- Desktop
- Start menu
- Documents
- Pictures
- Music
- Videos
- Favorites
- Contacts
- Downloads
- Links
- Searches
- Saved Games
Redirect all applicable folders of the preceding list. To exclude folders from redirection, add a policy that excludes those folders, for example, the Saved Games folder, from synchronization or roaming. After that, the Saved Games folder exists only on the users’ machines. If the machines are non-persistent, the folder is deleted on logoff.
Note:
- Folder redirection eliminates the need to copy the data in those folders each time users log on and thus accelerates user logons.
- Redirecting the AppData folder might cause issues in some applications.
- The folders must be redirected to a file server that shares a subnet with the Citrix servers.
- Do not redirect the desktop folder if it is too large. Otherwise, a black screen might occur on when a user logs on.
Include and exclude files and folders
Profile Management lets you specify files and folders that you do not want to synchronize by customizing inclusion and exclusion lists. To avoid profile bloat, exclude cache files for third party applications, for example, Chrome cache files located at Appdata\Local\Google\Chrome\UserData\Default\Cache. For more information, see Include and exclude items.
Profile streaming
Profile Management fetches files in a profile from the user store to the local computer only when users access them after they log on. Doing so speeds up the logon process and reduces the profile size. For example, if a file is not used, it is never copied to the local profile folder. You can also use the Always cache policy to impose a lower limit on the size of files that are streamed. Any file this size or larger is cached locally as soon as possible after logon.
You can enable both the Enable profile streaming for folders and the Profile streaming policies to eliminate the need to fetch folders that are not accessed.
Active Write Back and Registry
This feature decreases logoff times compared to the Profile streaming feature, especially when there are many changed files. This feature synchronizes modified files and folders (but not registry entries) to the user store during the session, but before logoff.
Internet Explorer 10/11 cookie support
Profile Management 5.0 and later supports enhanced processing for cookies when using Internet Explorer 10 and Internet Explorer 11. To avoid cookie folder bloat, use the Process Internet cookie files on logoff policy to delete stale cookies. You can add the following folders to the list of folders to mirror:
- AppData\Local\Microsoft\Windows\INetCookies
- AppData\Local\Microsoft\Windows\WebCache
- AppData\Roaming\Microsoft\Windows\Cookies
For more information, see Process Internet cookie files on logoff.
Troubleshooting best practice
Always use the Profile Management configuration checker tool (UPMConfigCheck) to identify potential configuration errors. For more information on this tool, see Knowledge Center article CTX132805.
When Profile Management does not work, first validate whether the User Store configured is accessible.
Windows 10 Start menu customization
We recommend using a partial lockdown customization layout and deploying the customization through Group Policy. For more information about customizing the layout of the Start menu, see https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-start-layout.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论