Citrix User Profile Manager: How Registry Exclusion Lists Can Mess Up Group Policy Processing

From time to time I get asked about the differences between Citrix’s and Immidio’s profile management products. Here are some common questions along with my answers. Can the product be used to provide a single profile on multiple platforms? Citrix Profile Management 3.x does not have cross-platform capabilities built in. That means you cannot use an XP profile on Windows 7, but you can use the same profile on 32 and 64 bit Windows, if you dare. Citrix has a beta version of PM with cross-platform support for MS Office and Internet Explorer. Flex Profiles does not have true cross-platform capabilities either, but it can be used to make settings available cross-platform that have the same format on all platforms. Example: HKCU\Software\Paint.NET is probably a no-brainer whereas copying HKCU\Software\Microsoft\Internet Explorer around is probably a bad idea. Can the product be used on SBC, VDI and fat clients? This is true for both Citrix PM and Flex Profiles (licensing restrictions may apply). Can the product be used to preconfigure a user’s environment? Both Citrix Profile Management and Immidio Flex Profiles are classic profile management products without the capability to set up a specific user environment or distribute updated settings to all users. That is typically referred to as “user environment management” and two free implementations are Microsoft’s Group Policy Preferences and Pierre Marmignon’s Virtual User Environment Manager. Of course there are many alternatives by companies like AppSense or RES. Can portions of the profile be saved during a session as well as at logoff and at disconnects? Citrix Profile Management loads (respectively streams) the profile at logon and writes changes back at logoff. It also has a feature called “active write back” which, if enabled, causes changed files to be written back to the user store immediately. This works for files only, not for registry keys. Flex Profiles typically is configured to import settings at logon and export again at logoff. Since Flex uses a simple tool for the imports/exports it is conceivable to call that tool during a session as well. There is, however, no built-in support for that. Neither is there for exporting settings at disconnects. Can it be configured what to save and what not? Both products are very flexible when it comes to which parts of the profile should be saved. Yet there is one major difference: by default, Profile Management saves everything whereas Flex Profiles saves nothing. As a consequence, PM just works out of the box whereas Flex needs to be configured for each application individually.

This article is part of Helge’s Profile Toolkit, a set of posts explaining the knowledge and tools required to tame Windows user profiles. Setting up a network share on a file server for hosting user profiles is not too difficult if you follow the steps outlined in this article. The recommendations I give here apply to both Windows roaming profiles and Citrix Profile Management (UPM) profiles.