Link to home
Start Free TrialLog in
Avatar of rakkad
rakkadFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Citrix 4.5 Presentation Server

I am new to Citrix 4.5 Presentation Server.   Can someone tell me how tsprofiles are configured in the citrix environment i.e. within the citrix farm where is the setup location path?

Thanks
Avatar of Alan_White
Alan_White
Flag of United Kingdom of Great Britain and Northern Ireland image

The profile is not Citrix related, it's Windows terminal server related.

Unless you have them directed in a GPO on on the Terminal Servers tab of ADU&C, they will be local profiles.

As you say PS4.5, I assume you are running on 2003?  If so, profiles will be in C:\Documents and Settings.
Avatar of joharder
User profiles are a very complex subject.  Take a look at this: http://www.dabcc.com/downloadfile.aspx?id=950.

There are a lot of factors in determining the best profile solution and then configuring it correctly is another step.

If you don't configure anything, you will be using local profiles, which is very seldom a good answer.  Unfortunately, user profiles can get pretty ugly if not done right, so take the time to learn about them!
Avatar of rakkad

ASKER

As it stands, the terminal services profile tab is not set for any user within AD, so when a user accesses Citrix the tsprofiles are written to \\cslwinprn01\tsprofiles$\???? where ???? is the windows login user-Id. First question is when a user accesses CItrix how does it write to \\cslwinprn01 and second question the profile needs to access the c:\windows\system directory, how can I do this? Thanks for your help
ASKER CERTIFIED SOLUTION
Avatar of gortm001
gortm001
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rakkad

ASKER

Thanks for this.  I have noticed that we have set a policy - 'Prevent access to specified drives in My Computer' for all local drives (ABCDEOnly).   By doing the above, would this still work, if we have restricted access to the local drives on the citrix server?

Thanks
Yes. What that  policy actually does is removing the local drives from explorer and the user session. Programs and services, who usually use other (local) credentials, like the Systemaccount can stillwrite to the local disks. In fact youre user session will also write to the local disks when createing the local profile dir (documents and settings etc).

However, when assigning rights the way I described above, it can be handy you could browse the filesystem, or you should type the path completely

KG
Clarifying a couple things:
1. On Terminal Servers (Citrix is simply an add-on to it therefore all that applies to TS applies to Citrix) on Active Directory Users and Computers, if there is a PROFILE set, the TS will use that as a Roaming Profile. If both the PROFILE and the TS Roaming Profile are set, the TS will use the TS one. For this reason we always make sure a profile is set on the TSs.
2. This can be accomplished by changing the user properties on AD, on the Terminal Services Profile Path OR (much easier) by Policy. It is a Computer Policy, under Windows Components | Terminal Services. By setting this on a policy, all TSs get the path where to look for a roaming profile from it.
3. Finally, if you want to learn how to do all this, step-by-step in an easy to follow guide, download the guide I wrote,  "Terminal Services from A to Z" off my website, http://www.wtslabs.com. It covers this in detail plus a LOT more so you can actually learn all the best practices for TS and how to implement these.

Cheers.

Cláudio Rodrigues
Citrix CTP
Microsoft MVP - RDS
Avatar of rakkad

ASKER

I have noticed that with certain user logins to access citrix applications the windows drive is represented, e.g.

\\cslwinprn01\tsprofiles$\tst-tma.NBS\.....

Application Data
Desktop
Favourites
My Documents
NetHood
PrintHood
Recent
SendTo
Start Menu
Templates
WINDOWS
NTUSER.DAT
NTUSER.DAT.LOG
ntuser.ini
Sti_Trace.log

However, certain other user-ids when logged into citrix, the WINDOWS\system directory is not present...

Any ideas why this be the case?  My application that works in Citrix requires the WINDOWS directory to be present.

Thanks

What you are seeing is not THE %SYSTEMROOT% version of WINDOWS but one that is placed in each user's profile when something is needed to be placed there.  The users who don't have it, haven't needed it to be created.
Avatar of rakkad

ASKER

Is there a policy I could enforce then, that would ensure that a WINDOWS directory is written to each user's citrix profile?
Not that I am aware of.  Look at the permissions on one of the existing WIndows folders in a users profile.  Make a logon script that says if the folder tree doesn't exist, create it and then assign the appropriate permissions.
Avatar of rakkad

ASKER

I have created three test user account profiles and a group policy in the existing Terminal Service policy, which basically copies the WINDOWS directory to the each of these profiles, this works fine, as it relies on the BCS.INI file, which contains port numbers etc.., but the policy does not copy the WINDOWS directory to ordinary users

Is there anything in the Citrix environment, that is preventing WINDOWS directory to be copied to the users citrix profiles directory? and therefore it cannot be read?

Thanks

Avatar of rakkad

ASKER

Application was re-configured not to use Citrix
It may be too late, but Citrix does *not* copy the windows directory in to the user's home directory.

What happens is that when a user logs into the TS server, Windows reads the location of the home directory and creates a Windows directory underneath it.  This new location is what is used for %WINDIR% in normal execute mode.

However, if a home directory is not assigned in AD or by GPO, then the user's profile is used as the home directory and a Window directory is created underneath it.

Once the user's Windows directory is created then whatever available INI files that are in %systemroot% are copied into the Windows directory.  

Once the INI files are copied, they are generally kept 'in sync' with the primary INI files at login time, with changes to the primary files written to the user's files unless a flag is set to not do that.

Coralon
Avatar of rakkad

ASKER

I found that citrix profiles needed to be changed so it reads it from the GPO policy