Workplace and profiles

Working with Citrix XenApp, Microsoft Remote Desktop Services, or other types of workplace can be challenging when it comes to managing profiles. Most of the times mandatory profiles are used in these types of environments, but every time a user logs off their settings are flushed. Users are keen on there settings so there comes user profile visualization in to play. Tools that can virtualize user settings are Microsoft UEV, Appsense, VMWare UEM and RES Workspace Manager.

Since I like to work with local profiles instead of mandatory profiles (the fact that I don't have to update my profile after several Windows updates) I have to make sure that profiles are deleted after a user logs off. To do so, we have to trick Windows into believing the local profile is a guest or temporary profile.

In the past I always used a Powershell script to trick windows to believe the profile is a guest or temporary profile. Since Powershell isn't that quick I have created an executable made in C# which does it's work quicker. This article describes how to use the executable in RES Workspace manager. But I will also give some pointers on how to use the executable with other means.

Add to Workspace Manager

Download the attached zip file. Extract it and add the executable to the custom resources in RES Workspace Manager. You can place the executable in the root or in a separate folder of the custom resources.

Now the executable will be pushed to all the agents. It's time to create a logoff task. Head to Composition>Actions by Event > At Logoff

Right click in the actions tab and click New.

Configure the task as shown in this picture:

LogoffTask

 

 

 

Now the logoff task is in place, we have to configure a GPO with the following settings:

ProfileClean

 

Now that the GPO is created link it to the correct OU's and test out your local profiles in combination with RES WM. Look on the target machine to see if the profile get's deleted.

Using other types of management

When not using RES Workspace Manager as profile management tool. You still are able to use the executable. Only thing is that a user doesn't have the rights to edit the registry. That's why I recommend making a Group Policy (Machine\Policies\Windows Settings\Security Settings\Registry) to enable domain users to edit MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. That way when the user logs off the profile state gets set to the correct value and the profile will be deleted.

Please leave a comment if you have something to say about this article, or if you want to say thanks or discuss.


Comments powered by CComment