TSE + MetaFrame 1.8. Must migrate anonymous applications to explicit. Published apps accessed via web client. Instead of providing access to individual users, provided access to Domain\Domain Users. Since these profiles will not exist on the Citrix server before the users log on, how can I manage the accounts and can domain\domain users be put in to the Anonymous group so that profiles are removed on exit? Thanks for any help.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Domain Users - Profiles on Citrix Server 1
- Thread starter citrix98
- Start date
-
1
- #2
CitrixEngineer
Technical User
You could set up a "Central" profile store, by entering the Terminal Server Profile path in UMD on the Terminal Servers (you won't see this option on the PDC, unless the PDC is a Terminal Server).
Point this to a folder on the same server that houses the Home Directories (as a guideline) - but you may need to set up individual shares for each user for security.
Now, when users log in, the profile will be downloaded from the Central store, then removed when they log off (not always, though - you need to make routine checks for rogue profiles that remain on the T/S!).
I hope this helps - I can provide more granularity, if needed. CitrixEngineer@yahoo.co.uk
Point this to a folder on the same server that houses the Home Directories (as a guideline) - but you may need to set up individual shares for each user for security.
Now, when users log in, the profile will be downloaded from the Central store, then removed when they log off (not always, though - you need to make routine checks for rogue profiles that remain on the T/S!).
I hope this helps - I can provide more granularity, if needed. CitrixEngineer@yahoo.co.uk
rocketbabe
IS-IT--Management
I would like more granularity if possible since this is similiar to what I'm trying to do.
I have a Windows 2000 server running Citrix MF 1.8. I need to get the user profiles under control on this server. We want to do as you suggested, have one Central profile store which everyone accesses when they log on, and ideally removed when they log off. The problem is that they need to have a mapping to their individual home directories which are on other non-Citrix servers in the network.
Can I do this by entering a path to the Terminal Server Profile on the Terminal Server tab in UMD? And then entering a Terminal Services Home Directory on that same tab pointing to their normal network home directory?
Also, what is the best way to create this one Central profile?
Thanks for your help!
Rocketbabe
I have a Windows 2000 server running Citrix MF 1.8. I need to get the user profiles under control on this server. We want to do as you suggested, have one Central profile store which everyone accesses when they log on, and ideally removed when they log off. The problem is that they need to have a mapping to their individual home directories which are on other non-Citrix servers in the network.
Can I do this by entering a path to the Terminal Server Profile on the Terminal Server tab in UMD? And then entering a Terminal Services Home Directory on that same tab pointing to their normal network home directory?
Also, what is the best way to create this one Central profile?
Thanks for your help!
Rocketbabe
CitrixEngineer
Technical User
Essentially that's exactly how you would do it. It doesn't matter where the Profiles and Home Directories are stored, as long as they are accessible - and you only need specify a Terminal Server Home Directory if that differs from their regular one.
Here's a quick checklist;
1. Create a share on the file server that is to hold the central profile store.
2. Give that share permissions so that users can write to it (it's their profile after all!). At one site I had to create individual shares with individual permissions for all users, because of the IT departments policy. This can be done by extracting the usernames into a CSV file and parsing it with a batch file.
3. In MMC point the users Terminal Server Profile to that location.
4. Create and apply all Group Policies before any user logs in. This will enable you to set controls over user file locations and other settings.
5. Using a test user, make sure that the profile looks and behaves the way you want it to. If you give that user admin rights, then everything you tweak as that user should propagate to the default user, and all users should get the new settings. Use another test user to check.
6. I can't emphasise enough how important it is to test this thoroughly. Get some existing users to pilot the new profiles over a period of a couple of weeks.
7. As a suggestion, have all users logon to published apps, and keep a "clean" desktop. Ie if the desktop is published, you can use PN to create icons for only those apps relevant to particular users.
I hope this is granualar enough - as you are beginning to see, there is quite a lot to this - but it's well worth the time and effort.
I hope this helps CitrixEngineer@yahoo.co.uk
Here's a quick checklist;
1. Create a share on the file server that is to hold the central profile store.
2. Give that share permissions so that users can write to it (it's their profile after all!). At one site I had to create individual shares with individual permissions for all users, because of the IT departments policy. This can be done by extracting the usernames into a CSV file and parsing it with a batch file.
3. In MMC point the users Terminal Server Profile to that location.
4. Create and apply all Group Policies before any user logs in. This will enable you to set controls over user file locations and other settings.
5. Using a test user, make sure that the profile looks and behaves the way you want it to. If you give that user admin rights, then everything you tweak as that user should propagate to the default user, and all users should get the new settings. Use another test user to check.
6. I can't emphasise enough how important it is to test this thoroughly. Get some existing users to pilot the new profiles over a period of a couple of weeks.
7. As a suggestion, have all users logon to published apps, and keep a "clean" desktop. Ie if the desktop is published, you can use PN to create icons for only those apps relevant to particular users.
I hope this is granualar enough - as you are beginning to see, there is quite a lot to this - but it's well worth the time and effort.
I hope this helps CitrixEngineer@yahoo.co.uk
rocketbabe
IS-IT--Management
A few more questions...
The specific problem that we're having is 1) profiles are eating up disk space on our 4GB "system" partion and we want to move them to our larger data partition. and 2) we're having a problem with the server hanging periodically which we suspect is because of users' OpenGL Screensavers that they've activated on their Citrix Profiles. This maxes out the processor preventing any further connections to the server.
Our thought was to 1)move the profiles onto the other drive and 2) while doing that, give users' a locked down desktop so they can't activate screensavers, etc.
I forgot to mention that this is a Windows 2000 server in an NT 4.0 domain. What "group policy" or system policy would you recommend applying? Can I even apply any policies since this is a non-native environment?
And this may be a dumb question, but how do you create that locked down profile? Do I create the Central Profile Store on my data partition, then create a new "TEST" user in UMD with the terminal services tab configured with a Profile path to this Central Profile Store. Then do I give this user Domain Admin rights or can I give it lesser admin rights?
Once I log in as this user and tweak the desktop to show only the icons I want to, do I just log off and that becomes the default user profile? How do I make this then the mandatory profile?
These may be obvious questions. But I have tried various things to get this solution to work and it never seems to work completely. So I'm obviously missing a step somewhere.
Thanks for your patience and your help!
Rocketbabe
The specific problem that we're having is 1) profiles are eating up disk space on our 4GB "system" partion and we want to move them to our larger data partition. and 2) we're having a problem with the server hanging periodically which we suspect is because of users' OpenGL Screensavers that they've activated on their Citrix Profiles. This maxes out the processor preventing any further connections to the server.
Our thought was to 1)move the profiles onto the other drive and 2) while doing that, give users' a locked down desktop so they can't activate screensavers, etc.
I forgot to mention that this is a Windows 2000 server in an NT 4.0 domain. What "group policy" or system policy would you recommend applying? Can I even apply any policies since this is a non-native environment?
And this may be a dumb question, but how do you create that locked down profile? Do I create the Central Profile Store on my data partition, then create a new "TEST" user in UMD with the terminal services tab configured with a Profile path to this Central Profile Store. Then do I give this user Domain Admin rights or can I give it lesser admin rights?
Once I log in as this user and tweak the desktop to show only the icons I want to, do I just log off and that becomes the default user profile? How do I make this then the mandatory profile?
These may be obvious questions. But I have tried various things to get this solution to work and it never seems to work completely. So I'm obviously missing a step somewhere.
Thanks for your patience and your help!
Rocketbabe
CitrixEngineer
Technical User
I'll have to go back to my docs, but I'm sure that NT/W2k will store locally cached profiles whatever. It's the roaming part that you can move.
If the profiles are getting so big, then they need trimming down. No profile should be >2Mb, IMO. Maybe users are saving documents into the profiles. In this case, the standard NT4 system policy will allow you to modify file locations. All policies should be set up on the PDC.
If you delete all screensavers except the blank screen from the Citrix server, then users can't activate them ;-)
After configuring a default profile with a test user, what I normally do is copy that users ntuser.dat to the Default users ntuser.dat. I know others have different ways of configuring profiles that are more elegant.
Note that if you make changes to a policy or roaming profile, and you use this method, you will need to delete that central profiles of users that require the changes.
It is also a good idea to delete all locally cached profiles on a regular basis. These should be removed by the server when the users log off, so are essentially unecessary. It just gets a bit hairy if users save work into the profiles!
There's quite a lot to investigate here - if I were you I would read up on policies and profiles before going any further. There's a steep learning curve, but once the pennies start to drop it becomes almost second nature. You can start with the white paper on Microsoft's site. At 168 pages, it's an excellent cure for insomnia.
You can also have a look at my FAQ on this site... Please note that it's far from complete/perfect. All comments are welcomed.
hope this helps CitrixEngineer@yahoo.co.uk
If the profiles are getting so big, then they need trimming down. No profile should be >2Mb, IMO. Maybe users are saving documents into the profiles. In this case, the standard NT4 system policy will allow you to modify file locations. All policies should be set up on the PDC.
If you delete all screensavers except the blank screen from the Citrix server, then users can't activate them ;-)
After configuring a default profile with a test user, what I normally do is copy that users ntuser.dat to the Default users ntuser.dat. I know others have different ways of configuring profiles that are more elegant.
Note that if you make changes to a policy or roaming profile, and you use this method, you will need to delete that central profiles of users that require the changes.
It is also a good idea to delete all locally cached profiles on a regular basis. These should be removed by the server when the users log off, so are essentially unecessary. It just gets a bit hairy if users save work into the profiles!
There's quite a lot to investigate here - if I were you I would read up on policies and profiles before going any further. There's a steep learning curve, but once the pennies start to drop it becomes almost second nature. You can start with the white paper on Microsoft's site. At 168 pages, it's an excellent cure for insomnia.
You can also have a look at my FAQ on this site... Please note that it's far from complete/perfect. All comments are welcomed.
hope this helps CitrixEngineer@yahoo.co.uk
rocketbabe
IS-IT--Management
I'm getting closer to having this figured out, but I need clarification on a few things...
"Maybe users are saving documents into the profiles"...How would they do this? Is this what happens if a user saves a document on the Desktop during a Citrix session? If so , would the document actually be saved on the Citrix server?
What if they save it in a My Documents folder that got mapped from the user profile? Wouldn't the file then get saved in whatever folder the My Documents folder is mapped to? I want to delete some of the bigger profiles on my server but I'm afraid of getting rid of important files that accidently got "saved into the profiles". How do documents get "saved into profiles"?
And if I need to use a system policy to "modify file locations", I'm assuimg this means modifying whatever folders the documents are getting saved in to within their profiles?
"Delete all locally cached profiles on a regular basis..." Is there a way to do this automatically, for example, when the user logs off? I found a Microsoft article in tech net that has a registry hack to do this in NT4.0, but how do I do it in Windows 2000?
Thanks for your help on this. I see the end in sight...
Rocketbabe
"Maybe users are saving documents into the profiles"...How would they do this? Is this what happens if a user saves a document on the Desktop during a Citrix session? If so , would the document actually be saved on the Citrix server?
What if they save it in a My Documents folder that got mapped from the user profile? Wouldn't the file then get saved in whatever folder the My Documents folder is mapped to? I want to delete some of the bigger profiles on my server but I'm afraid of getting rid of important files that accidently got "saved into the profiles". How do documents get "saved into profiles"?
And if I need to use a system policy to "modify file locations", I'm assuimg this means modifying whatever folders the documents are getting saved in to within their profiles?
"Delete all locally cached profiles on a regular basis..." Is there a way to do this automatically, for example, when the user logs off? I found a Microsoft article in tech net that has a registry hack to do this in NT4.0, but how do I do it in Windows 2000?
Thanks for your help on this. I see the end in sight...
Rocketbabe
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
Why should Citrix Metaframe not recommended to be installed in a PDC. What are all the issues it will have if installed.
The desktop, My Documents, My Pictures and the Temporary Internet Files folders are all part of the user profile, so if a user saves files on the desktop or in My Documents these increase the space that his/her profile use. As CitrixEngineer mentioned you can point the My Documents for example to the users home directory. That way the profile only contains a pointer for the My Documents folder to a network location and not the actual files which frees up space in the profiles.
Hope this helps
/Hof
Hope this helps
/Hof
CitrixEngineer
Technical User
The PDC really has enough to do managing the domain, authentication and so on. Generally PDCs are relatively low-memory machines.
Terminal Servers should really be left to the single job of serving applications to users. Any other services running on these machines are resources taken away from the users.
The issues would include;
1. Poor session performance and regular out of memory errors
2. Slow login times
3. Poor response across the domain for network services
I hope this helps CitrixEngineer@yahoo.co.uk
Terminal Servers should really be left to the single job of serving applications to users. Any other services running on these machines are resources taken away from the users.
The issues would include;
1. Poor session performance and regular out of memory errors
2. Slow login times
3. Poor response across the domain for network services
I hope this helps CitrixEngineer@yahoo.co.uk
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question