In a VDI environment Citrix Profile Manager is installed on the virtual desktop instance. The installation is simple and straight forward and is a matter of clicking next at the default screens.
There are two ways of controlling Profile Manager; through the AD or through local INI files. The local INI files are not recommended for production so we will run through the installation using the Active Directory template.
You need to ensure you have setup a share location with the correct permissions for the profiles. Microsoft recommends the following:
NTFS Permissions for Roaming Profile Parent Folder
| User Account | Minimum Permissions Required |
| Creator Owner | Full Control, Subfolders and Files Only |
| Administrator | Full Control (Microsoft actually recommends none but it simplifies things if you give admins full control) |
| Security group of users needing to put data on share | List Folder/Read Data, Create Folders/Append Data - This Folder Only |
| Everyone | No permissions |
| Local System | Full Control, This Folder, Subfolders and Files |
Share level (SMB) Permissions for Roaming Profile Share
| User Account | Minimum Permissions Required |
| Everyone | No permissions |
| Security group of users needing to put data on share | Full Control |
Once you have the share setup you are ready to import the ADM template. By default it is copied into the installation directory of the Citrix Profile Manager (within the virtual desktop instance). From your AD server run the Group Policy Object Manager Console (Note: this console is not installed by default but can be downloaded from Microsoft). Browse to your XenDesktop OU and create a new GPO Object.
Right click the new GPO Object and select Edit to bring up the Group Policy Object Editor. Browse to the Administrative Templates under Computer Configuration.
Click Add/Remove Templates and browse to the XenDesktop ADM template.
Once you have imported the template you can browse to the Classic Administrator Templates\Citrix\Profile Management. At a minimum to get everything working you will need to configure the following:
1. Enable Profile Management
2. Processed Groups (Your XenDesktop AD Group)
3. Process logons of admins (optional)
4. Path to user store (your profile directory)
There are many other settings you can use to tweak how profiles act in your environment but this base set of steps should get you up in running.
No comments:
Post a Comment