Get me outta here!

Citrixology

by Lal Mohan

Menu

Skip to content
  • About Me
  • Citrix
    • Citrix Cloud
    • NetScaler
    • WEM & UPM
    • XenApp & XenDesktop
    • Citrix Storefront
  • WVD
  • VMware
    • Workspace One

Tag Archives: Citrix UPM baseline policies

Citrix User Profile Manager (UPM) – Baseline Policies

August 6, 2018 by Lal Mohan

I always wanted to document this so it would help me for my next assignment, but I never did. As a result, I was always having to refer my previous customer environments or As-Built documents for this information which was quite a pain. Well, that’s gonna change today as I am going to put this up on my blog so that it can becomes my quick and easy reference place.

As mentioned in the title, this is going to be the baseline policy set upon which you can build yours with any specific policies pertaining to your environment, Also, all the settings that I have mentioned here may not be applicable or work for you or you may even not see all of them due to older UPM version, XenApp version etc etc.

Please note that some of the settings found in newer UPM versions aren’t listed here as well. I will continue to update it as Citrix releases new UPM versions but this should give you a good start nonetheless.

Exclusion List – Directories

$Recycle.Bin 
AppData\LocalLow 
!ctx_internetcache! 
!ctx_localappdata!\Microsoft\Windows\Burn 
!ctx_localappdata!\Microsoft\Windows\CD Burning 
!ctx_localappdata!\Microsoft\Windows Live 
!ctx_localappdata!\Microsoft\Windows Live Contacts 
!ctx_localappdata!\Microsoft\Terminal Server Client 
!ctx_localappdata!\Microsoft\Messenger 
!ctx_localappdata!\Microsoft\OneNote 
!ctx_localappdata!\Microsoft\Outlook 
!ctx_localappdata!\Microsoft\AppV 
!ctx_localappdata!\Windows Live 
!ctx_localappdata!\Sun 
!ctx_roamingappdata!\Sun\Java\Deployment\cache 
!ctx_roamingappdata!\Sun\Java\Deployment\log 
!ctx_roamingappdata!\Sun\Java\Deployment\tmp 
AppData\Local\Microsoft\Windows\INetCache 
AppData\Local 
AppData\Roaming\Citrix\PNAgent\AppCache 
AppData\Roaming\Citrix\PNAgent\Icon Cache 
AppData\Roaming\Citrix\PNAgent\ResourceCache 
AppData\Roaming\ICAClient\Cache 
AppData\Roaming\Sun\Java\Deployment\cache 
AppData\Roaming\Sun\Java\Deployment\log 
AppData\Roaming\Sun\Java\Deployment\tmp 
Citrix 
Java 
Local Settings 
Music 
My Pictures 
My Videos 
Pictures 
Videos 
AppData\Roaming\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys 
AppData\Roaming\Macromedia\FlashPlayer\#SharedObject 
Downloads 
Saved Games 
Searches 
Application Data\Sun\Java\Deployment\cache 
Application Data\Sun\Java\Deployment\log 
Application Data\Sun\Java\Deployment\tmp 
Local Settings\Application Data\Microsoft\AppV 
Local Settings\Application Data\Microsoft\Messenger 
Local Settings\Application Data\Microsoft\OneNote 
Local Settings\Application Data\Microsoft\Outlook 
Local Settings\Application Data\Microsoft\Terminal Server Client 
Local Settings\Application Data\Microsoft\Windows Live 
Local Settings\Application Data\Microsoft\Windows Live Contacts 
Local Settings\Application Data\Microsoft\Windows\Burn 
Local Settings\Application Data\Microsoft\Windows\CD Burning 
Local Settings\Application Data\Sun 
Local Settings\Application Data\Windows Live 
Local Settings\Temporary Internet Files 
AppData\Local\Microsoft\AppV 
AppData\Local\Microsoft\Messenger 
AppData\Local\Microsoft\OneNote 
AppData\Local\Microsoft\Outlook 
AppData\Local\Microsoft\Terminal Server Client 
AppData\Local\Microsoft\Windows Live 
AppData\Local\Microsoft\Windows Live Contacts 
AppData\Local\Microsoft\Windows\Burn 
AppData\Local\Microsoft\Windows\CD Burning 
AppData\Local\Sun 
AppData\Local\Windows Live 
AppData\Local\microsoft\windows\Temporary Internet Files 
AppData\Local\Microsoft\Windows\INetCookies 
AppData\local\Google\Chrome\User Data\Default\Media Cache 
AppData\Local\Google\Chrome\User Data\Default\Cache 
AppData\local\Google

Exclusion List – Files

Application Data\VMware\hgfs.dat 
AppData\local\Google\Chrome\User Data\Default\ChromeDWriteFontCache 
AppData\*.tmp
!ctx_localappdata!\Microsoft\Windows\UsrClass.dat*
AppData\*.xar
AppData\*.wbk
AppData\*.asd
AppData\*.log
AppData\*.dmp
AppData\*.trc

Directories to Synchronize

AppData\Roaming\Microsoft\Credentials 
AppData\Roaming\Microsoft\Crypto 
AppData\Roaming\Microsoft\Protect 
AppData\Roaming\Microsoft\SystemCertificates 
AppData\Local\Microsoft\Credentials 
AppData\Roaming\Microsoft\Signatures 
AppData\Local\Microsoft\Vault 
%LOCALAPPDATA%\Microsoft\Credentials
!ctx_localappdata!\Microsoft\Windows\Notifications
!ctx_Startmenu
AppData\Local\MultiDrive

Files to Synchronize

AppData\LocalLow\Sun\Java\Deployment\security\exception.sites 
AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs 
AppData\LocalLow\Sun\Java\Deployment\deployment.properties 
AppData\Local\Microsoft\Office\*.qat 
AppData\Local\Microsoft\Office\*.OfficeUI 
AppData\LocalLow\Google\GoogleEarth\*.kml 
AppData\Local\Citrix\PNAgent\Icon Cache\*.ico 
AppData\Local\Microsoft\Windows\INetCache\wpad.dat 
AppData\Local\Google\Chrome\User Data\First Run 
AppData\Local\Google\Chrome\User Data\Local State 
AppData\Local\Google\Chrome\User Data\Default\History 
AppData\Local\Google\Chrome\User Data\Default\Preferences 
AppData\Local\Google\Chrome\User Data\Default\Favicons 
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Folders to Mirror

AppData\Roaming\Microsoft\Windows\Cookies 
AppData\Local\Microsoft\Vault 
AppData\Local\Microsoft\Windows\WebCache
!ctx_localappdata!\TileDataLayer

Log Settings

Define events or actions which Profile management logs in depth: 
Common warnings                                        Enabled 
Common information                                     Enabled 
File system notifications                              Enabled 
File system actions                                    Enabled 
Registry actions                                       Enabled 
Registry differences at logoff                         Enabled 
Active Directory actions                               Enabled 
Policy values at logon and logoff                      Enabled 
Logon                                                  Enabled 
Logoff                                                 Enabled 
Personalized user information                          Enabled

Log Settings                                                                                                Enabled

Enable Logging                                                                                          Enabled

Maximum size of the log file                                                                  Enabled

Maximum size in bytes                                                                            10485760

Profile Handling

Delay before deleting cached profiles                                                  Enabled

Delay(Seconds)                                                                                          0

Delete locally cached profiles on logoff                                               Enabled

Local profile conflict handling                                                              Enabled

If both a local Windows user profile and a
Citrix user profile in the user store both exist:                                  Delete local profile

Registry Exclusion List

Software\Microsoft\AppV 
Software\Microsoft\Windows\CurrentVersion\UFH\SHC 
Software\Microsoft\Installer\Products\4645D6EBF1B0CC6498379F56F16E4AA5
Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify

Enable Default Exclusion List

Software\Microsoft\AppV\Client\Integration                Enabled
Software\Microsoft\AppV\Client\Publishing                 Enabled
Software\Microsoft\Speech_OneCore                         Enabled

Streamed user profiles

Always cache                                                                                                 Enabled

Cache files this size or larger (megabytes):                                             1

Profile streaming                                                                                          Enabled
Streamed user profile groups                                                                    Disabled
Timeout for pending area lock files (days)                                             Enabled

Timeout for pending area lock files (days)                                              1

Advanced settings

Disable automatic configuration                                                              Disabled
Number of retries when accessing locked files                                     Enabled
Number of retries:                                                                                       5
Process Internet cookie files on logoff                                                    Enabled

Profile Management

Active write back                                                                                         Enabled
Enable Profile management                                                                      Enabled
Excluded groups                                                                                          Disabled
Path to user store                                                                                         Enabled

Process logons of local administrators                                                   Enabled
Processed groups                                                                                        Disabled

Spread the love:

  • Twitter
  • Facebook
  • LinkedIn
  • Pinterest
  • Reddit
  • Email
  • Print
  • Pocket
  • Tumblr

Like this:

Like Loading...
Group Policy Profile Management User Profile Management XenApp XenApp 5.0 XenApp 6.5 XenApp 7.5 XenDesktop XenDesktop 7 Citrix Profile ManagementCitrix UPM baseline policiesCitrix UPM Best PracticesCitrix UPM PoliciesUser profile Manager policiesXenAppXenDesktop 4 Comments

Post navigation

Translate this blog

Recent Posts

  • Implement Rate Limiting on NetScalers (Citrix ADCs)
  • Integrate Azure MFA with NetScaler Gateway for Two-Factor Authentication
  • Microsoft Windows Virtual Desktops (WVD) or Citrix – The Big Question answered!
  • Desktop Restart – Citrix Storefront Power Management
  • Citrix Machine Creation Services (MCS) – Primer For On-Prem Vs Azure

RSS Citrix Blogs

  • Are you protecting your third-party contractors from cyberattacks?
  • Automate your VDA upgrades — at scale!
  • Citrix Features Explained: Browser security in Citrix Secure Private Access
  • Citrix extends the Windows 365 Cloud PC experience for the modern workplace
  • ABAC vs. RBAC: What’s the Difference?
  • Citrix DaaS: entrega de desktops virtuais oferecidos como serviço na nuvem
  • CitrixのPooled Licenseでハイブリットワークに対応可能な柔軟な運用を
  • Streamline accounting workflows and document sharing with Citrix ShareFile and Citrix RightSignature
  • Citrix Features Explained: Increase app security with Citrix Secure Private Access
  • Citrix ADC with Google Anthos: Modern app delivery and security for hybrid multi-cloud

RSS NetScaler Rocks!!

  • An error has occurred; the feed is probably down. Try again later.

RSS Google Cloud Platform

  • Google Cloud establishes European Advisory Board
  • Run your fault-tolerant workloads cost-effectively with Google Cloud Spot VMs, now GA
  • Built with BigQuery: Material Security’s novel approach to protecting email
  • Get more insights with the new version of the Node.js library
  • What’s new with Google Cloud
  • Humans or bots: a guidebook to protect from a range of digital fraud
  • Unlock real-time insights from your Oracle data in BigQuery
  • Announcing PSP's cryptographic hardware offload at scale is now open source
  • GKE workload rightsizing — from recommendations to action
  • New Research shows Google Cloud Skill Badges build in-demand expertise

RSS Trending

  • How to allow remote users to enroll smartcard certificates on a YubiKey over an HDX session for certificate lifecycle management using Citrix Virtual Apps and Desktops Service
  • FIDO Alliance Authenticate conference session recap on Citrix Workspace strong authentication with FIDO2
  • A deep dive into the Citrix HDX FIDO2 and Windows Hello optimized virtual channel with virtual desktops and apps using USB, NFC, BLE, and built-in authenticators
  • Using Windows Hello FIDO2 capability with web browsers, Microsoft WVD, Teams, and native Windows apps for passwordless logins using your fingerprint or face
  • How to use Azure AD Conditional Access to add a Terms of Use EULA to Citrix Workspace, Microsoft WVD, Office 365, and SaaS apps
  • How to report on Microsoft Authenticator password-less phone sign-in & FIDO2 security key usage using Azure AD & Azure Monitor Log Analytics
  • How to use FIDO2 security keys remotely inside a virtual desktop session hundreds of miles away using Citrix HDX USB redirection and Microsoft Azure AD
  • Work from home reality and making positive IT decisions in response to the COVID-19 Coronavirus pandemic
  • How to use Microsoft WVD, Windows 10 multi-session, FSLogix, & MSIX app attach to build an Azure-powered virtual desktop experience
  • Driving Modern Passwordless Authentication: Citrix Workspace and Microsoft Azure Active Directory

RSS Citrix Guru

  • A look at the upcoming Citrix Identity Platform improvements in Citrix Cloud
  • TOP 10 upcoming features in Citrix Cloud [2019]
  • Citrix Managed Desktops Service is a glimpse into the future of Citrix Cloud services
  • I’ve tested Nutanix Xi Frame and it is…
  • Everything you need to know about WVD, Windows 10 EVD and Citrix
  • EUC Masters Retreat 2019: the conference you want to attend
  • Renewed as Citrix Technology Professional (CTP) for 2019
  • First words from the 2019 Citrix Technology Professionals
  • LTSR vs. CR: Citrix wants customers off LTSR
  • Ultimate Citrix App Layering Guide 2019

RSS Microsoft Azure Blog

  • Announcing Azure DNS Private Resolver: Now in preview
  • Microsoft and AT&T demonstrate 5G-powered video analytics
  • Microsoft session highlights from SAP Sapphire 2022
  • Manage Red Hat workloads seamlessly on Azure
  • Accelerating innovation in the diabetic foot market with Azure Health Data Services
  • Join us and the developer community to celebrate Azure Static Web Apps
  • Announcing new voices and emotions to Azure Neural Text to Speech
  • Azure Health Data Services: Engineering product for partners
  • Streamline Azure workloads with ExpressRoute BGP community support
  • Customize your secure VM session experience with native client support on Azure Bastion

RSS Amazon AWS

  • AWS Backup Now Supports Amazon FSx for NetApp ONTAP
  • AWS Week in Review – May 16, 2022
  • Amazon EC2 Now Supports NitroTPM and UEFI Secure Boot
  • AWS Week in Review – May 9, 2022
  • AWS Week in Review – May 2, 2022
  • Amazon MSK Serverless Now Generally Available–No More Capacity Planning for Your Managed Kafka Clusters
  • New – Storage-Optimized Amazon EC2 Instances (I4i) Powered by Intel Xeon Scalable (Ice Lake) Processors
  • New AWS Wavelength Zone in Toronto – The First in Canada
  • AWS Week in Review – April 25, 2022
  • Amazon SageMaker Serverless Inference – Machine Learning Inference without Worrying about Servers

Blog Stats

  • 602,548 hits

Archives

Create a website or blog at WordPress.com
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Citrixology
    • Join 113 other followers
    • Already have a WordPress.com account? Log in now.
    • Citrixology
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: