citrix UPM profile sensitivity

we use citrix profile management so our users of approx. 600 all have a citrix UPM roaming profile which resides on a windows file server. I have spotted that each users profile is accessible by the domain users security group so in theory if users new where they were they could look into each others. I am wondering though would there ever be any sensitive information in a UPM profile, it mainly just seems to be certain logs from user applications, which I guess could show browsing history. So I am leaning towards it being less of a risk unless of course anyone could think of any other examples of the type of info that would reside in users UPM profile,
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
You can see what is in a user profile
A Windows user profile is a collection of folders, files, registry settings, and configuration settings that define the environment for a user who logs on with a particular user account. These settings may be customizable by the user, depending on the administrative configuration. Examples of settings that can be customized are:

Desktop settings such as wallpaper and screen saver
Shortcuts and Start menu setting
Internet Explorer Favorites and Home Page
Microsoft Outlook signature

Maybe interested to see how the profile can be secure in best practice

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Of course users should not be able to read the profiles of anyone but themselves.
Please check ACLs, using this command:
icacls \\server\your_profileshareshare\someprofile

Please list the output.
pma111Author Commented:
Nothing btan has said makes me particularly concerned, the ACL's are indeed sharing each profile to builtin\users so dont see any value in sharing.
You should be concerned if users can see content of other users. Can they? Try it out, save a file to the documents folder or desktop in profile A and use user B afterwards and see if you can access it.
btanExec ConsultantCommented:
probably also is to see if there is policy that redirect user data to other file server hence the profile is smaller in size and not much sensitive info specific to the user.  maybe good to look into what is indeed in your environment user profile per se and assess sensitivity.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.