Citrix UPM_Profile. User rights


I have recently noticed a few of our users who are saving documents into their UPM_Profile folder which is in turn increasing the size of the users profile which then causes Slow log on and Log off times. This also causes various other issues with the Profile not fully being removed from the Citrix server they log off from, which in turn means if that same user logs back into that particular server they get a temp profile.

We have put quite a bit of work into reducing profile sizes by following this best practices guide

However this mainly talks about folder redirection and basically preventing the Appdata folder (Within UPM_Profile) from copying back allot of unwanted/unrequired files and folders. This has greatly reduced profile sizes with  our infrastructure but we still have the odd user who seems to have found this black hole for saving to! Anyway I've considered applying a GPO blocking users from writing to the UPM_Profile folder within their profile. However I'm concerned that if I do this it would have drastic implications to the end user experience as a lot of applications write back to the Appdata folder within the UPM_Profile folder (Eg Google Chrome) Therefore I'm left scratching my head on how to prevent users writing to this folder.

Does anyone have any suggestions?


Who is Participating?
James RankinConnect With a Mentor Commented:
I wouldn't lock the permissions on the folder, that could cause issues.

You could mark the UPM folder as Hidden and set a Registry key via Group Policy to always hide hidden and OS files in Explorer.

You should also redirect as much as possible (Documents, Downloads, Pictures, etc.) to stop users from being tempted to access this folder.

Even putting a file in the folder called "DO NOT SAVE FILES IN THIS FOLDER.txt" or something like that may help.
Muir_GroupAuthor Commented:
Hi James

That sounds like a great idea. I now have the registry setting set up via Group policy to hide all hidden folders from users. However I cannot figure out how to hide the UPM_Profile folder without having to manually Right click the folder and select the Hidden option. Ive played around with Scripts and could rename the folder on logon as I was under the impression that a $ sign at the end of a folder name hid the folder. But that doesnt appear to be the case. Is there a way to hide the folder by renaming it?

James RankinConnect With a Mentor Commented:
No, that's not the way.

Use a Group Policy Preference "File" item to set the Hidden attribute on the folder. There is a checkbox to set the properties to Hidden. Make sure that you choose the Replace option so if it changes back it gets Hidden again. Then link this to the OU with the Computers or Users in (whichever works best)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.