Get me outta here!

Citrixology

by Lal Mohan

Menu

Skip to content
  • About Me
  • Citrix
    • Citrix Cloud
    • NetScaler
    • WEM & UPM
    • XenApp & XenDesktop
    • Citrix Storefront
  • WVD
  • VMware
    • Workspace One

Tag Archives: Citrix UPM Policies

Citrix User Profile Manager (UPM) – Baseline Policies

August 6, 2018 by Lal Mohan

I always wanted to document this so it would help me for my next assignment, but I never did. As a result, I was always having to refer my previous customer environments or As-Built documents for this information which was quite a pain. Well, that’s gonna change today as I am going to put this up on my blog so that it can becomes my quick and easy reference place.

As mentioned in the title, this is going to be the baseline policy set upon which you can build yours with any specific policies pertaining to your environment, Also, all the settings that I have mentioned here may not be applicable or work for you or you may even not see all of them due to older UPM version, XenApp version etc etc.

Please note that some of the settings found in newer UPM versions aren’t listed here as well. I will continue to update it as Citrix releases new UPM versions but this should give you a good start nonetheless.

Exclusion List – Directories

$Recycle.Bin 
AppData\LocalLow 
!ctx_internetcache! 
!ctx_localappdata!\Microsoft\Windows\Burn 
!ctx_localappdata!\Microsoft\Windows\CD Burning 
!ctx_localappdata!\Microsoft\Windows Live 
!ctx_localappdata!\Microsoft\Windows Live Contacts 
!ctx_localappdata!\Microsoft\Terminal Server Client 
!ctx_localappdata!\Microsoft\Messenger 
!ctx_localappdata!\Microsoft\OneNote 
!ctx_localappdata!\Microsoft\Outlook 
!ctx_localappdata!\Microsoft\AppV 
!ctx_localappdata!\Windows Live 
!ctx_localappdata!\Sun 
!ctx_roamingappdata!\Sun\Java\Deployment\cache 
!ctx_roamingappdata!\Sun\Java\Deployment\log 
!ctx_roamingappdata!\Sun\Java\Deployment\tmp 
AppData\Local\Microsoft\Windows\INetCache 
AppData\Local 
AppData\Roaming\Citrix\PNAgent\AppCache 
AppData\Roaming\Citrix\PNAgent\Icon Cache 
AppData\Roaming\Citrix\PNAgent\ResourceCache 
AppData\Roaming\ICAClient\Cache 
AppData\Roaming\Sun\Java\Deployment\cache 
AppData\Roaming\Sun\Java\Deployment\log 
AppData\Roaming\Sun\Java\Deployment\tmp 
Citrix 
Java 
Local Settings 
Music 
My Pictures 
My Videos 
Pictures 
Videos 
AppData\Roaming\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys 
AppData\Roaming\Macromedia\FlashPlayer\#SharedObject 
Downloads 
Saved Games 
Searches 
Application Data\Sun\Java\Deployment\cache 
Application Data\Sun\Java\Deployment\log 
Application Data\Sun\Java\Deployment\tmp 
Local Settings\Application Data\Microsoft\AppV 
Local Settings\Application Data\Microsoft\Messenger 
Local Settings\Application Data\Microsoft\OneNote 
Local Settings\Application Data\Microsoft\Outlook 
Local Settings\Application Data\Microsoft\Terminal Server Client 
Local Settings\Application Data\Microsoft\Windows Live 
Local Settings\Application Data\Microsoft\Windows Live Contacts 
Local Settings\Application Data\Microsoft\Windows\Burn 
Local Settings\Application Data\Microsoft\Windows\CD Burning 
Local Settings\Application Data\Sun 
Local Settings\Application Data\Windows Live 
Local Settings\Temporary Internet Files 
AppData\Local\Microsoft\AppV 
AppData\Local\Microsoft\Messenger 
AppData\Local\Microsoft\OneNote 
AppData\Local\Microsoft\Outlook 
AppData\Local\Microsoft\Terminal Server Client 
AppData\Local\Microsoft\Windows Live 
AppData\Local\Microsoft\Windows Live Contacts 
AppData\Local\Microsoft\Windows\Burn 
AppData\Local\Microsoft\Windows\CD Burning 
AppData\Local\Sun 
AppData\Local\Windows Live 
AppData\Local\microsoft\windows\Temporary Internet Files 
AppData\Local\Microsoft\Windows\INetCookies 
AppData\local\Google\Chrome\User Data\Default\Media Cache 
AppData\Local\Google\Chrome\User Data\Default\Cache 
AppData\local\Google

Exclusion List – Files

Application Data\VMware\hgfs.dat 
AppData\local\Google\Chrome\User Data\Default\ChromeDWriteFontCache 
AppData\*.tmp
!ctx_localappdata!\Microsoft\Windows\UsrClass.dat*
AppData\*.xar
AppData\*.wbk
AppData\*.asd
AppData\*.log
AppData\*.dmp
AppData\*.trc

Directories to Synchronize

AppData\Roaming\Microsoft\Credentials 
AppData\Roaming\Microsoft\Crypto 
AppData\Roaming\Microsoft\Protect 
AppData\Roaming\Microsoft\SystemCertificates 
AppData\Local\Microsoft\Credentials 
AppData\Roaming\Microsoft\Signatures 
AppData\Local\Microsoft\Vault 
%LOCALAPPDATA%\Microsoft\Credentials
!ctx_localappdata!\Microsoft\Windows\Notifications
!ctx_Startmenu
AppData\Local\MultiDrive

Files to Synchronize

AppData\LocalLow\Sun\Java\Deployment\security\exception.sites 
AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs 
AppData\LocalLow\Sun\Java\Deployment\deployment.properties 
AppData\Local\Microsoft\Office\*.qat 
AppData\Local\Microsoft\Office\*.OfficeUI 
AppData\LocalLow\Google\GoogleEarth\*.kml 
AppData\Local\Citrix\PNAgent\Icon Cache\*.ico 
AppData\Local\Microsoft\Windows\INetCache\wpad.dat 
AppData\Local\Google\Chrome\User Data\First Run 
AppData\Local\Google\Chrome\User Data\Local State 
AppData\Local\Google\Chrome\User Data\Default\History 
AppData\Local\Google\Chrome\User Data\Default\Preferences 
AppData\Local\Google\Chrome\User Data\Default\Favicons 
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Folders to Mirror

AppData\Roaming\Microsoft\Windows\Cookies 
AppData\Local\Microsoft\Vault 
AppData\Local\Microsoft\Windows\WebCache
!ctx_localappdata!\TileDataLayer

Log Settings

Define events or actions which Profile management logs in depth: 
Common warnings                                        Enabled 
Common information                                     Enabled 
File system notifications                              Enabled 
File system actions                                    Enabled 
Registry actions                                       Enabled 
Registry differences at logoff                         Enabled 
Active Directory actions                               Enabled 
Policy values at logon and logoff                      Enabled 
Logon                                                  Enabled 
Logoff                                                 Enabled 
Personalized user information                          Enabled

Log Settings                                                                                                Enabled

Enable Logging                                                                                          Enabled

Maximum size of the log file                                                                  Enabled

Maximum size in bytes                                                                            10485760

Profile Handling

Delay before deleting cached profiles                                                  Enabled

Delay(Seconds)                                                                                          0

Delete locally cached profiles on logoff                                               Enabled

Local profile conflict handling                                                              Enabled

If both a local Windows user profile and a
Citrix user profile in the user store both exist:                                  Delete local profile

Registry Exclusion List

Software\Microsoft\AppV 
Software\Microsoft\Windows\CurrentVersion\UFH\SHC 
Software\Microsoft\Installer\Products\4645D6EBF1B0CC6498379F56F16E4AA5
Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify

Enable Default Exclusion List

Software\Microsoft\AppV\Client\Integration                Enabled
Software\Microsoft\AppV\Client\Publishing                 Enabled
Software\Microsoft\Speech_OneCore                         Enabled

Streamed user profiles

Always cache                                                                                                 Enabled

Cache files this size or larger (megabytes):                                             1

Profile streaming                                                                                          Enabled
Streamed user profile groups                                                                    Disabled
Timeout for pending area lock files (days)                                             Enabled

Timeout for pending area lock files (days)                                              1

Advanced settings

Disable automatic configuration                                                              Disabled
Number of retries when accessing locked files                                     Enabled
Number of retries:                                                                                       5
Process Internet cookie files on logoff                                                    Enabled

Profile Management

Active write back                                                                                         Enabled
Enable Profile management                                                                      Enabled
Excluded groups                                                                                          Disabled
Path to user store                                                                                         Enabled

Process logons of local administrators                                                   Enabled
Processed groups                                                                                        Disabled

Spread the love:

  • Twitter
  • Facebook
  • LinkedIn
  • Pinterest
  • Reddit
  • Email
  • Print
  • Pocket
  • Tumblr

Like this:

Like Loading...
Group Policy Profile Management User Profile Management XenApp XenApp 5.0 XenApp 6.5 XenApp 7.5 XenDesktop XenDesktop 7 Citrix Profile ManagementCitrix UPM baseline policiesCitrix UPM Best PracticesCitrix UPM PoliciesUser profile Manager policiesXenAppXenDesktop 4 Comments

Post navigation

Translate this blog

Recent Posts

  • Implement Rate Limiting on NetScalers (Citrix ADCs)
  • Integrate Azure MFA with NetScaler Gateway for Two-Factor Authentication
  • Microsoft Windows Virtual Desktops (WVD) or Citrix – The Big Question answered!
  • Desktop Restart – Citrix Storefront Power Management
  • Citrix Machine Creation Services (MCS) – Primer For On-Prem Vs Azure

RSS Citrix Blogs

  • Now in Preview: Service continuity for ChromeOS and Safari for MacOS
  • Create custom virtual channels with Citrix Workspace app for HTML5
  • Citrix ADC with Google Anthos: Multi-layered API protection for modern apps
  • What’s new with the Citrix ITSM Adapter service
  • Get Inspired: Microsoft recognizes Citrix in Partner of the Year Awards
  • Leverage video marketing for brand awareness with the Citrix Ready Spotlight Video Contest 2022
  • What’s new with Citrix DaaS and Citrix Virtual Apps and Desktops — June 2022
  • 10 reasons to try Citrix DaaS Standard for Azure
  • Making healthcare IT better for patients, clinicians, and organizations
  • Citrix research highlights common threats across industry verticals

RSS NetScaler Rocks!!

  • An error has occurred; the feed is probably down. Try again later.

RSS Google Cloud Platform

  • What’s new with Google Cloud
  • More support for structured logs in new version of Go logging library
  • What GKE users need to know about Kubernetes' new service account tokens
  • Find your solution more easily with our new Solution Finder
  • Built with BigQuery: How Exabeam delivers a petabyte-scale cybersecurity solution
  • Cloud Monitoring metrics, now in Managed Service for Prometheus
  • Announcing Apigee Advanced API Security for Google Cloud
  • Bonjour Paris: New Google Cloud region in France is now open
  • Cloud TPU v4 records fastest training times on five MLPerf 2.0 benchmarks
  • Jumpstart your location experiences with new integrations from across Google

RSS Trending

  • How to allow remote users to enroll smartcard certificates on a YubiKey over an HDX session for certificate lifecycle management using Citrix Virtual Apps and Desktops Service
  • FIDO Alliance Authenticate conference session recap on Citrix Workspace strong authentication with FIDO2
  • A deep dive into the Citrix HDX FIDO2 and Windows Hello optimized virtual channel with virtual desktops and apps using USB, NFC, BLE, and built-in authenticators
  • Using Windows Hello FIDO2 capability with web browsers, Microsoft WVD, Teams, and native Windows apps for passwordless logins using your fingerprint or face
  • How to use Azure AD Conditional Access to add a Terms of Use EULA to Citrix Workspace, Microsoft WVD, Office 365, and SaaS apps
  • How to report on Microsoft Authenticator password-less phone sign-in & FIDO2 security key usage using Azure AD & Azure Monitor Log Analytics
  • How to use FIDO2 security keys remotely inside a virtual desktop session hundreds of miles away using Citrix HDX USB redirection and Microsoft Azure AD
  • Work from home reality and making positive IT decisions in response to the COVID-19 Coronavirus pandemic
  • How to use Microsoft WVD, Windows 10 multi-session, FSLogix, & MSIX app attach to build an Azure-powered virtual desktop experience
  • Driving Modern Passwordless Authentication: Citrix Workspace and Microsoft Azure Active Directory

RSS Citrix Guru

  • A look at the upcoming Citrix Identity Platform improvements in Citrix Cloud
  • TOP 10 upcoming features in Citrix Cloud [2019]
  • Citrix Managed Desktops Service is a glimpse into the future of Citrix Cloud services
  • I’ve tested Nutanix Xi Frame and it is…
  • Everything you need to know about WVD, Windows 10 EVD and Citrix
  • EUC Masters Retreat 2019: the conference you want to attend
  • Renewed as Citrix Technology Professional (CTP) for 2019
  • First words from the 2019 Citrix Technology Professionals
  • LTSR vs. CR: Citrix wants customers off LTSR
  • Ultimate Citrix App Layering Guide 2019

RSS Microsoft Azure Blog

  • MLOps Blog Series Part 3: Testing scalability of secure machine learning systems using MLOps
  • Microsoft Cost Management updates – June 2022
  • Azure Orbital Ground Station as Service extends life and reduces costs for satellite operators
  • MLOps Blog Series Part 2: Testing robustness of secure machine learning systems using machine learning ops
  • See how 3 industry-leading companies are driving innovation in a new episode of Inside Azure for IT
  • Responsible AI investments and safeguards for facial recognition
  • Azure IoT increases enterprise-level intelligent edge and cloud capabilities
  • Simplify and centralize network security management with Azure Firewall Manager
  • Discover how you can innovate anywhere with Azure Arc
  • Azure powers rapid deployment of private 4G and 5G networks

RSS Amazon AWS

  • AWS Week in Review – July 4, 2022
  • AWS Week in Review – June 27, 2022
  • New – Amazon SageMaker Ground Truth Now Supports Synthetic Data Generation
  • Now in Preview – Amazon CodeWhisperer- ML-Powered Coding Companion
  • AWS IoT ExpressLink Now Generally Available – Quickly Develop Devices That Connect Securely to AWS Cloud
  • New – High Volume Outbound Communication with Amazon Connect Outbound Campaigns
  • AWS Week in Review – June 20, 2022
  • AWS Week in Review – June 13, 2022
  • New – Amazon EC2 R6id Instances with NVMe Local Instance Storage of up to 7.6 TB
  • Modernize Your Mainframe Applications & Deploy Them In The Cloud

Blog Stats

  • 611,090 hits

Archives

Create a website or blog at WordPress.com
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Citrixology
    • Join 113 other followers
    • Already have a WordPress.com account? Log in now.
    • Citrixology
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: