rakkad
asked on
Citrix 4.5 Presentation Server
I am new to Citrix 4.5 Presentation Server. Can someone tell me how tsprofiles are configured in the citrix environment i.e. within the citrix farm where is the setup location path?
Thanks
Thanks
User profiles are a very complex subject. Take a look at this: http://www.dabcc.com/downloadfile.aspx?id=950.
There are a lot of factors in determining the best profile solution and then configuring it correctly is another step.
If you don't configure anything, you will be using local profiles, which is very seldom a good answer. Unfortunately, user profiles can get pretty ugly if not done right, so take the time to learn about them!
There are a lot of factors in determining the best profile solution and then configuring it correctly is another step.
If you don't configure anything, you will be using local profiles, which is very seldom a good answer. Unfortunately, user profiles can get pretty ugly if not done right, so take the time to learn about them!
ASKER
As it stands, the terminal services profile tab is not set for any user within AD, so when a user accesses Citrix the tsprofiles are written to \\cslwinprn01\tsprofiles$\ ???? where ???? is the windows login user-Id. First question is when a user accesses CItrix how does it write to \\cslwinprn01 and second question the profile needs to access the c:\windows\system directory, how can I do this? Thanks for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for this. I have noticed that we have set a policy - 'Prevent access to specified drives in My Computer' for all local drives (ABCDEOnly). By doing the above, would this still work, if we have restricted access to the local drives on the citrix server?
Thanks
Thanks
Yes. What that policy actually does is removing the local drives from explorer and the user session. Programs and services, who usually use other (local) credentials, like the Systemaccount can stillwrite to the local disks. In fact youre user session will also write to the local disks when createing the local profile dir (documents and settings etc).
However, when assigning rights the way I described above, it can be handy you could browse the filesystem, or you should type the path completely
KG
However, when assigning rights the way I described above, it can be handy you could browse the filesystem, or you should type the path completely
KG
Clarifying a couple things:
1. On Terminal Servers (Citrix is simply an add-on to it therefore all that applies to TS applies to Citrix) on Active Directory Users and Computers, if there is a PROFILE set, the TS will use that as a Roaming Profile. If both the PROFILE and the TS Roaming Profile are set, the TS will use the TS one. For this reason we always make sure a profile is set on the TSs.
2. This can be accomplished by changing the user properties on AD, on the Terminal Services Profile Path OR (much easier) by Policy. It is a Computer Policy, under Windows Components | Terminal Services. By setting this on a policy, all TSs get the path where to look for a roaming profile from it.
3. Finally, if you want to learn how to do all this, step-by-step in an easy to follow guide, download the guide I wrote, "Terminal Services from A to Z" off my website, http://www.wtslabs.com. It covers this in detail plus a LOT more so you can actually learn all the best practices for TS and how to implement these.
Cheers.
Cláudio Rodrigues
Citrix CTP
Microsoft MVP - RDS
1. On Terminal Servers (Citrix is simply an add-on to it therefore all that applies to TS applies to Citrix) on Active Directory Users and Computers, if there is a PROFILE set, the TS will use that as a Roaming Profile. If both the PROFILE and the TS Roaming Profile are set, the TS will use the TS one. For this reason we always make sure a profile is set on the TSs.
2. This can be accomplished by changing the user properties on AD, on the Terminal Services Profile Path OR (much easier) by Policy. It is a Computer Policy, under Windows Components | Terminal Services. By setting this on a policy, all TSs get the path where to look for a roaming profile from it.
3. Finally, if you want to learn how to do all this, step-by-step in an easy to follow guide, download the guide I wrote, "Terminal Services from A to Z" off my website, http://www.wtslabs.com. It covers this in detail plus a LOT more so you can actually learn all the best practices for TS and how to implement these.
Cheers.
Cláudio Rodrigues
Citrix CTP
Microsoft MVP - RDS
ASKER
I have noticed that with certain user logins to access citrix applications the windows drive is represented, e.g.
\\cslwinprn01\tsprofiles$\ tst-tma.NB S\.....
Application Data
Desktop
Favourites
My Documents
NetHood
PrintHood
Recent
SendTo
Start Menu
Templates
WINDOWS
NTUSER.DAT
NTUSER.DAT.LOG
ntuser.ini
Sti_Trace.log
However, certain other user-ids when logged into citrix, the WINDOWS\system directory is not present...
Any ideas why this be the case? My application that works in Citrix requires the WINDOWS directory to be present.
Thanks
\\cslwinprn01\tsprofiles$\
Application Data
Desktop
Favourites
My Documents
NetHood
PrintHood
Recent
SendTo
Start Menu
Templates
WINDOWS
NTUSER.DAT
NTUSER.DAT.LOG
ntuser.ini
Sti_Trace.log
However, certain other user-ids when logged into citrix, the WINDOWS\system directory is not present...
Any ideas why this be the case? My application that works in Citrix requires the WINDOWS directory to be present.
Thanks
What you are seeing is not THE %SYSTEMROOT% version of WINDOWS but one that is placed in each user's profile when something is needed to be placed there. The users who don't have it, haven't needed it to be created.
ASKER
Is there a policy I could enforce then, that would ensure that a WINDOWS directory is written to each user's citrix profile?
Not that I am aware of. Look at the permissions on one of the existing WIndows folders in a users profile. Make a logon script that says if the folder tree doesn't exist, create it and then assign the appropriate permissions.
ASKER
I have created three test user account profiles and a group policy in the existing Terminal Service policy, which basically copies the WINDOWS directory to the each of these profiles, this works fine, as it relies on the BCS.INI file, which contains port numbers etc.., but the policy does not copy the WINDOWS directory to ordinary users
Is there anything in the Citrix environment, that is preventing WINDOWS directory to be copied to the users citrix profiles directory? and therefore it cannot be read?
Thanks
Is there anything in the Citrix environment, that is preventing WINDOWS directory to be copied to the users citrix profiles directory? and therefore it cannot be read?
Thanks
ASKER
Application was re-configured not to use Citrix
It may be too late, but Citrix does *not* copy the windows directory in to the user's home directory.
What happens is that when a user logs into the TS server, Windows reads the location of the home directory and creates a Windows directory underneath it. This new location is what is used for %WINDIR% in normal execute mode.
However, if a home directory is not assigned in AD or by GPO, then the user's profile is used as the home directory and a Window directory is created underneath it.
Once the user's Windows directory is created then whatever available INI files that are in %systemroot% are copied into the Windows directory.
Once the INI files are copied, they are generally kept 'in sync' with the primary INI files at login time, with changes to the primary files written to the user's files unless a flag is set to not do that.
Coralon
What happens is that when a user logs into the TS server, Windows reads the location of the home directory and creates a Windows directory underneath it. This new location is what is used for %WINDIR% in normal execute mode.
However, if a home directory is not assigned in AD or by GPO, then the user's profile is used as the home directory and a Window directory is created underneath it.
Once the user's Windows directory is created then whatever available INI files that are in %systemroot% are copied into the Windows directory.
Once the INI files are copied, they are generally kept 'in sync' with the primary INI files at login time, with changes to the primary files written to the user's files unless a flag is set to not do that.
Coralon
ASKER
I found that citrix profiles needed to be changed so it reads it from the GPO policy
Unless you have them directed in a GPO on on the Terminal Servers tab of ADU&C, they will be local profiles.
As you say PS4.5, I assume you are running on 2003? If so, profiles will be in C:\Documents and Settings.