Get me outta here!

Citrixology

by Lal Mohan

Menu

Skip to content
  • About Me
  • Citrix
    • Citrix Cloud
    • NetScaler
    • WEM & UPM
    • XenApp & XenDesktop
    • Citrix Storefront
  • WVD
  • VMware
    • Workspace One

Tag Archives: Citrix UPM baseline policies

Citrix User Profile Manager (UPM) – Baseline Policies

August 6, 2018 by Lal Mohan

I always wanted to document this so it would help me for my next assignment, but I never did. As a result, I was always having to refer my previous customer environments or As-Built documents for this information which was quite a pain. Well, that’s gonna change today as I am going to put this up on my blog so that it can becomes my quick and easy reference place.

As mentioned in the title, this is going to be the baseline policy set upon which you can build yours with any specific policies pertaining to your environment, Also, all the settings that I have mentioned here may not be applicable or work for you or you may even not see all of them due to older UPM version, XenApp version etc etc.

Please note that some of the settings found in newer UPM versions aren’t listed here as well. I will continue to update it as Citrix releases new UPM versions but this should give you a good start nonetheless.

Exclusion List – Directories

$Recycle.Bin 
AppData\LocalLow 
!ctx_internetcache! 
!ctx_localappdata!\Microsoft\Windows\Burn 
!ctx_localappdata!\Microsoft\Windows\CD Burning 
!ctx_localappdata!\Microsoft\Windows Live 
!ctx_localappdata!\Microsoft\Windows Live Contacts 
!ctx_localappdata!\Microsoft\Terminal Server Client 
!ctx_localappdata!\Microsoft\Messenger 
!ctx_localappdata!\Microsoft\OneNote 
!ctx_localappdata!\Microsoft\Outlook 
!ctx_localappdata!\Microsoft\AppV 
!ctx_localappdata!\Windows Live 
!ctx_localappdata!\Sun 
!ctx_roamingappdata!\Sun\Java\Deployment\cache 
!ctx_roamingappdata!\Sun\Java\Deployment\log 
!ctx_roamingappdata!\Sun\Java\Deployment\tmp 
AppData\Local\Microsoft\Windows\INetCache 
AppData\Local 
AppData\Roaming\Citrix\PNAgent\AppCache 
AppData\Roaming\Citrix\PNAgent\Icon Cache 
AppData\Roaming\Citrix\PNAgent\ResourceCache 
AppData\Roaming\ICAClient\Cache 
AppData\Roaming\Sun\Java\Deployment\cache 
AppData\Roaming\Sun\Java\Deployment\log 
AppData\Roaming\Sun\Java\Deployment\tmp 
Citrix 
Java 
Local Settings 
Music 
My Pictures 
My Videos 
Pictures 
Videos 
AppData\Roaming\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys 
AppData\Roaming\Macromedia\FlashPlayer\#SharedObject 
Downloads 
Saved Games 
Searches 
Application Data\Sun\Java\Deployment\cache 
Application Data\Sun\Java\Deployment\log 
Application Data\Sun\Java\Deployment\tmp 
Local Settings\Application Data\Microsoft\AppV 
Local Settings\Application Data\Microsoft\Messenger 
Local Settings\Application Data\Microsoft\OneNote 
Local Settings\Application Data\Microsoft\Outlook 
Local Settings\Application Data\Microsoft\Terminal Server Client 
Local Settings\Application Data\Microsoft\Windows Live 
Local Settings\Application Data\Microsoft\Windows Live Contacts 
Local Settings\Application Data\Microsoft\Windows\Burn 
Local Settings\Application Data\Microsoft\Windows\CD Burning 
Local Settings\Application Data\Sun 
Local Settings\Application Data\Windows Live 
Local Settings\Temporary Internet Files 
AppData\Local\Microsoft\AppV 
AppData\Local\Microsoft\Messenger 
AppData\Local\Microsoft\OneNote 
AppData\Local\Microsoft\Outlook 
AppData\Local\Microsoft\Terminal Server Client 
AppData\Local\Microsoft\Windows Live 
AppData\Local\Microsoft\Windows Live Contacts 
AppData\Local\Microsoft\Windows\Burn 
AppData\Local\Microsoft\Windows\CD Burning 
AppData\Local\Sun 
AppData\Local\Windows Live 
AppData\Local\microsoft\windows\Temporary Internet Files 
AppData\Local\Microsoft\Windows\INetCookies 
AppData\local\Google\Chrome\User Data\Default\Media Cache 
AppData\Local\Google\Chrome\User Data\Default\Cache 
AppData\local\Google

Exclusion List – Files

Application Data\VMware\hgfs.dat 
AppData\local\Google\Chrome\User Data\Default\ChromeDWriteFontCache 
AppData\*.tmp
!ctx_localappdata!\Microsoft\Windows\UsrClass.dat*
AppData\*.xar
AppData\*.wbk
AppData\*.asd
AppData\*.log
AppData\*.dmp
AppData\*.trc

Directories to Synchronize

AppData\Roaming\Microsoft\Credentials 
AppData\Roaming\Microsoft\Crypto 
AppData\Roaming\Microsoft\Protect 
AppData\Roaming\Microsoft\SystemCertificates 
AppData\Local\Microsoft\Credentials 
AppData\Roaming\Microsoft\Signatures 
AppData\Local\Microsoft\Vault 
%LOCALAPPDATA%\Microsoft\Credentials
!ctx_localappdata!\Microsoft\Windows\Notifications
!ctx_Startmenu
AppData\Local\MultiDrive

Files to Synchronize

AppData\LocalLow\Sun\Java\Deployment\security\exception.sites 
AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs 
AppData\LocalLow\Sun\Java\Deployment\deployment.properties 
AppData\Local\Microsoft\Office\*.qat 
AppData\Local\Microsoft\Office\*.OfficeUI 
AppData\LocalLow\Google\GoogleEarth\*.kml 
AppData\Local\Citrix\PNAgent\Icon Cache\*.ico 
AppData\Local\Microsoft\Windows\INetCache\wpad.dat 
AppData\Local\Google\Chrome\User Data\First Run 
AppData\Local\Google\Chrome\User Data\Local State 
AppData\Local\Google\Chrome\User Data\Default\History 
AppData\Local\Google\Chrome\User Data\Default\Preferences 
AppData\Local\Google\Chrome\User Data\Default\Favicons 
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Folders to Mirror

AppData\Roaming\Microsoft\Windows\Cookies 
AppData\Local\Microsoft\Vault 
AppData\Local\Microsoft\Windows\WebCache
!ctx_localappdata!\TileDataLayer

Log Settings

Define events or actions which Profile management logs in depth: 
Common warnings                                        Enabled 
Common information                                     Enabled 
File system notifications                              Enabled 
File system actions                                    Enabled 
Registry actions                                       Enabled 
Registry differences at logoff                         Enabled 
Active Directory actions                               Enabled 
Policy values at logon and logoff                      Enabled 
Logon                                                  Enabled 
Logoff                                                 Enabled 
Personalized user information                          Enabled

Log Settings                                                                                                Enabled

Enable Logging                                                                                          Enabled

Maximum size of the log file                                                                  Enabled

Maximum size in bytes                                                                            10485760

Profile Handling

Delay before deleting cached profiles                                                  Enabled

Delay(Seconds)                                                                                          0

Delete locally cached profiles on logoff                                               Enabled

Local profile conflict handling                                                              Enabled

If both a local Windows user profile and a
Citrix user profile in the user store both exist:                                  Delete local profile

Registry Exclusion List

Software\Microsoft\AppV 
Software\Microsoft\Windows\CurrentVersion\UFH\SHC 
Software\Microsoft\Installer\Products\4645D6EBF1B0CC6498379F56F16E4AA5
Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify

Enable Default Exclusion List

Software\Microsoft\AppV\Client\Integration                Enabled
Software\Microsoft\AppV\Client\Publishing                 Enabled
Software\Microsoft\Speech_OneCore                         Enabled

Streamed user profiles

Always cache                                                                                                 Enabled

Cache files this size or larger (megabytes):                                             1

Profile streaming                                                                                          Enabled
Streamed user profile groups                                                                    Disabled
Timeout for pending area lock files (days)                                             Enabled

Timeout for pending area lock files (days)                                              1

Advanced settings

Disable automatic configuration                                                              Disabled
Number of retries when accessing locked files                                     Enabled
Number of retries:                                                                                       5
Process Internet cookie files on logoff                                                    Enabled

Profile Management

Active write back                                                                                         Enabled
Enable Profile management                                                                      Enabled
Excluded groups                                                                                          Disabled
Path to user store                                                                                         Enabled

Process logons of local administrators                                                   Enabled
Processed groups                                                                                        Disabled

Spread the love:

  • Twitter
  • Facebook
  • LinkedIn
  • Pinterest
  • Reddit
  • Email
  • Print
  • Pocket
  • Tumblr

Like this:

Like Loading...
Group Policy Profile Management User Profile Management XenApp XenApp 5.0 XenApp 6.5 XenApp 7.5 XenDesktop XenDesktop 7 Citrix Profile ManagementCitrix UPM baseline policiesCitrix UPM Best PracticesCitrix UPM PoliciesUser profile Manager policiesXenAppXenDesktop 4 Comments

Post navigation

Translate this blog

Recent Posts

  • Integrate Azure MFA with NetScaler Gateway for Two-Factor Authentication
  • Microsoft Windows Virtual Desktops (WVD) or Citrix – The Big Question answered!
  • Desktop Restart – Citrix Storefront Power Management
  • Citrix Machine Creation Services (MCS) – Primer For On-Prem Vs Azure
  • Microsoft DirectAccess breaks Citrix/XenApp application launches – Fix

RSS Citrix Blogs

  • Mennesker og teknologi baner vei for helt nye måter å jobbe på
  • Success Readiness: A foundation for best-in-class customer experience
  • Using Citrix ADM to speed up Citrix ADC pooled capacity configuration
  • Minimizing complexity with service mesh lite architecture
  • Congratulations to the Citrix Americas Partner of the Year Winners for 2020!
  • Citrix TIPs: PIV Key / Smart Card Auth for Citrix Director
  • Drive better outcomes throughout the customer experience journey
  • Tolly Group confirms Citrix ADC’s performance leadership
  • UK workers would forego a chunk of their salary to go remote permanently
  • Reflecting on the most popular HDX innovations of the past two years

RSS Google Cloud Platform

  • Eventarc: A unified eventing experience in Google Cloud
  • The democratization of data and insights: making real-time analytics ubiquitous
  • How we’re helping to reshape the software supply chain ecosystem securely
  • Cloud Profiler provides app performance insights, without the overhead
  • Loading complex CSV files into BigQuery using Google Sheets
  • Top 5 trends for API-powered digital transformation in 2021
  • Think big: Why Ricardo chose Bigtable to complement BigQuery
  • Deeper map customization with zoom level customization and industry optimized map styles
  • What’s new with Google Cloud
  • Lock Statistics: Diagnose performance issues in Cloud Spanner

RSS Trending

  • A deep dive into the Citrix HDX FIDO2 and Windows Hello optimized virtual channel with virtual desktops and apps using USB, NFC, BLE, and built-in authenticators
  • Using Windows Hello FIDO2 capability with web browsers, Microsoft WVD, Teams, and native Windows apps for passwordless logins using your fingerprint or face
  • How to use Azure AD Conditional Access to add a Terms of Use EULA to Citrix Workspace, Microsoft WVD, Office 365, and SaaS apps
  • How to report on Microsoft Authenticator password-less phone sign-in & FIDO2 security key usage using Azure AD & Azure Monitor Log Analytics
  • How to use FIDO2 security keys remotely inside a virtual desktop session hundreds of miles away using Citrix HDX USB redirection and Microsoft Azure AD
  • Work from home reality and making positive IT decisions in response to the COVID-19 Coronavirus pandemic
  • How to use Microsoft WVD, Windows 10 multi-session, FSLogix, & MSIX app attach to build an Azure-powered virtual desktop experience
  • Driving Modern Passwordless Authentication: Citrix Workspace and Microsoft Azure Active Directory
  • Why Windows Hello for Business, Microsoft Authenticator, and FIDO2 are not a suggestion, but a requirement for your Azure AD powered enterprise – PART 2
  • Understanding the passwordless authentication renaissance and how to plan your Microsoft Windows based organization for this change – PART 1

RSS VMware EUC Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS Citrix Guru

  • A look at the upcoming Citrix Identity Platform improvements in Citrix Cloud
  • TOP 10 upcoming features in Citrix Cloud [2019]
  • Citrix Managed Desktops Service is a glimpse into the future of Citrix Cloud services
  • I’ve tested Nutanix Xi Frame and it is…
  • Everything you need to know about WVD, Windows 10 EVD and Citrix
  • EUC Masters Retreat 2019: the conference you want to attend
  • Renewed as Citrix Technology Professional (CTP) for 2019
  • First words from the 2019 Citrix Technology Professionals
  • LTSR vs. CR: Citrix wants customers off LTSR
  • Ultimate Citrix App Layering Guide 2019

RSS Microsoft Azure Blog

  • Azure and HITRUST publish shared responsibility matrix
  • Helping retailers navigate the future
  • Azure SQL Database named among the top 3 databases of 2020
  • Introducing Azure Health Bot—an evolution of Microsoft Healthcare Bot with new functionality
  • 4 common analytics scenarios to build business agility
  • Watch this new series to help you navigate and adopt the cloud
  • 5 ways to save costs by running .NET apps on Azure
  • Azure Cost Management and Billing 2020 year in review
  • Defining roles and responsibilities for cloud cost optimization
  • Azure Stack HCI delivers world-class hyperconverged infrastructure

RSS Amazon AWS

  • New – AWS Transfer Family support for Amazon Elastic File System
  • Amazon Location – Add Maps and Location Awareness to Your Applications
  • New –  FreeRTOS Long Term Support to Provide Years of Feature Stability
  • Announcing AWS IoT Greengrass 2.0 – With an Open Source Edge Runtime and New Developer Capabilities
  • New – AWS IoT Core for LoRaWAN to Connect, Manage, and Secure LoRaWAN Devices at Scale
  • Announcing Amazon Managed Service for Grafana (in Preview)
  • Join the Preview – Amazon Managed Service for Prometheus (AMP)
  • New – AWS Systems Manager Consolidates Application Management
  • New – AWS Systems Manager Fleet Manager
  • Introducing AWS Systems Manager Change Manager

Blog Stats

  • 471,432 hits

Archives

Create a website or blog at WordPress.com
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
%d bloggers like this: