I always wanted to document this so it would help me for my next assignment, but I never did. As a result, I was always having to refer my previous customer environments or As-Built documents for this information which was quite a pain. Well, that’s gonna change today as I am going to put this up on my blog so that it can becomes my quick and easy reference place.
As mentioned in the title, this is going to be the baseline policy set upon which you can build yours with any specific policies pertaining to your environment, Also, all the settings that I have mentioned here may not be applicable or work for you or you may even not see all of them due to older UPM version, XenApp version etc etc.
Please note that some of the settings found in newer UPM versions aren’t listed here as well. I will continue to update it as Citrix releases new UPM versions but this should give you a good start nonetheless.
Exclusion List – Directories
$Recycle.Bin AppData\LocalLow !ctx_internetcache! !ctx_localappdata!\Microsoft\Windows\Burn !ctx_localappdata!\Microsoft\Windows\CD Burning !ctx_localappdata!\Microsoft\Windows Live !ctx_localappdata!\Microsoft\Windows Live Contacts !ctx_localappdata!\Microsoft\Terminal Server Client !ctx_localappdata!\Microsoft\Messenger !ctx_localappdata!\Microsoft\OneNote !ctx_localappdata!\Microsoft\Outlook !ctx_localappdata!\Microsoft\AppV !ctx_localappdata!\Windows Live !ctx_localappdata!\Sun !ctx_roamingappdata!\Sun\Java\Deployment\cache !ctx_roamingappdata!\Sun\Java\Deployment\log !ctx_roamingappdata!\Sun\Java\Deployment\tmp AppData\Local\Microsoft\Windows\INetCache AppData\Local AppData\Roaming\Citrix\PNAgent\AppCache AppData\Roaming\Citrix\PNAgent\Icon Cache AppData\Roaming\Citrix\PNAgent\ResourceCache AppData\Roaming\ICAClient\Cache AppData\Roaming\Sun\Java\Deployment\cache AppData\Roaming\Sun\Java\Deployment\log AppData\Roaming\Sun\Java\Deployment\tmp Citrix Java Local Settings Music My Pictures My Videos Pictures Videos AppData\Roaming\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys AppData\Roaming\Macromedia\FlashPlayer\#SharedObject Downloads Saved Games Searches Application Data\Sun\Java\Deployment\cache Application Data\Sun\Java\Deployment\log Application Data\Sun\Java\Deployment\tmp Local Settings\Application Data\Microsoft\AppV Local Settings\Application Data\Microsoft\Messenger Local Settings\Application Data\Microsoft\OneNote Local Settings\Application Data\Microsoft\Outlook Local Settings\Application Data\Microsoft\Terminal Server Client Local Settings\Application Data\Microsoft\Windows Live Local Settings\Application Data\Microsoft\Windows Live Contacts Local Settings\Application Data\Microsoft\Windows\Burn Local Settings\Application Data\Microsoft\Windows\CD Burning Local Settings\Application Data\Sun Local Settings\Application Data\Windows Live Local Settings\Temporary Internet Files AppData\Local\Microsoft\AppV AppData\Local\Microsoft\Messenger AppData\Local\Microsoft\OneNote AppData\Local\Microsoft\Outlook AppData\Local\Microsoft\Terminal Server Client AppData\Local\Microsoft\Windows Live AppData\Local\Microsoft\Windows Live Contacts AppData\Local\Microsoft\Windows\Burn AppData\Local\Microsoft\Windows\CD Burning AppData\Local\Sun AppData\Local\Windows Live AppData\Local\microsoft\windows\Temporary Internet Files AppData\Local\Microsoft\Windows\INetCookies AppData\local\Google\Chrome\User Data\Default\Media Cache AppData\Local\Google\Chrome\User Data\Default\Cache AppData\local\Google
Exclusion List – Files
Application Data\VMware\hgfs.dat AppData\local\Google\Chrome\User Data\Default\ChromeDWriteFontCache AppData\*.tmp !ctx_localappdata!\Microsoft\Windows\UsrClass.dat* AppData\*.xar AppData\*.wbk AppData\*.asd AppData\*.log AppData\*.dmp AppData\*.trc
Directories to Synchronize
AppData\Roaming\Microsoft\Credentials AppData\Roaming\Microsoft\Crypto AppData\Roaming\Microsoft\Protect AppData\Roaming\Microsoft\SystemCertificates AppData\Local\Microsoft\Credentials AppData\Roaming\Microsoft\Signatures AppData\Local\Microsoft\Vault %LOCALAPPDATA%\Microsoft\Credentials !ctx_localappdata!\Microsoft\Windows\Notifications !ctx_Startmenu AppData\Local\MultiDrive
Files to Synchronize
AppData\LocalLow\Sun\Java\Deployment\security\exception.sites AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs AppData\LocalLow\Sun\Java\Deployment\deployment.properties AppData\Local\Microsoft\Office\*.qat AppData\Local\Microsoft\Office\*.OfficeUI AppData\LocalLow\Google\GoogleEarth\*.kml AppData\Local\Citrix\PNAgent\Icon Cache\*.ico AppData\Local\Microsoft\Windows\INetCache\wpad.dat AppData\Local\Google\Chrome\User Data\First Run AppData\Local\Google\Chrome\User Data\Local State AppData\Local\Google\Chrome\User Data\Default\History AppData\Local\Google\Chrome\User Data\Default\Preferences AppData\Local\Google\Chrome\User Data\Default\Favicons AppData\Local\Google\Chrome\User Data\Default\Bookmarks AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
Folders to Mirror
AppData\Roaming\Microsoft\Windows\Cookies AppData\Local\Microsoft\Vault AppData\Local\Microsoft\Windows\WebCache !ctx_localappdata!\TileDataLayer
Log Settings
Define events or actions which Profile management logs in depth:
Common warnings Enabled
Common information Enabled
File system notifications Enabled
File system actions Enabled
Registry actions Enabled
Registry differences at logoff Enabled
Active Directory actions Enabled
Policy values at logon and logoff Enabled
Logon Enabled
Logoff Enabled
Personalized user information Enabled
Log Settings Enabled
Enable Logging Enabled
Maximum size of the log file Enabled
Maximum size in bytes 10485760
Profile Handling
Delay before deleting cached profiles Enabled
Delay(Seconds) 0
Delete locally cached profiles on logoff Enabled
Local profile conflict handling Enabled
If both a local Windows user profile and a
Citrix user profile in the user store both exist: Delete local profile
Registry Exclusion List
Software\Microsoft\AppV Software\Microsoft\Windows\CurrentVersion\UFH\SHC Software\Microsoft\Installer\Products\4645D6EBF1B0CC6498379F56F16E4AA5 Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify
Enable Default Exclusion List
Software\Microsoft\AppV\Client\Integration Enabled Software\Microsoft\AppV\Client\Publishing Enabled Software\Microsoft\Speech_OneCore Enabled
Streamed user profiles
Always cache Enabled
Cache files this size or larger (megabytes): 1
Profile streaming Enabled
Streamed user profile groups Disabled
Timeout for pending area lock files (days) Enabled
Timeout for pending area lock files (days) 1
Advanced settings
Disable automatic configuration Disabled
Number of retries when accessing locked files Enabled
Number of retries: 5
Process Internet cookie files on logoff Enabled
Profile Management
Active write back Enabled
Enable Profile management Enabled
Excluded groups Disabled
Path to user store Enabled
Process logons of local administrators Enabled
Processed groups Disabled
Citrixology 
Leave a comment