citrix UPM profile sensitivity

we use citrix profile management so our users of approx. 600 all have a citrix UPM roaming profile which resides on a windows file server. I have spotted that each users profile is accessible by the domain users security group so in theory if users new where they were they could look into each others. I am wondering though would there ever be any sensitive information in a UPM profile, it mainly just seems to be certain logs from user applications, which I guess could show browsing history. So I am leaning towards it being less of a risk unless of course anyone could think of any other examples of the type of info that would reside in users UPM profile,
LVL 3
pma111Asked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
You can see what is in a user profile
A Windows user profile is a collection of folders, files, registry settings, and configuration settings that define the environment for a user who logs on with a particular user account. These settings may be customizable by the user, depending on the administrative configuration. Examples of settings that can be customized are:

Desktop settings such as wallpaper and screen saver
Shortcuts and Start menu setting
Internet Explorer Favorites and Home Page
Microsoft Outlook signature
Printers
https://docs.citrix.com/en-us/profile-management/5/upm-about-profiles.html

Maybe interested to see how the profile can be secure in best practice
https://docs.citrix.com/en-us/profile-management/5/upm-plan-permissions.html
0
 
McKnifeConnect With a Mentor Commented:
Of course users should not be able to read the profiles of anyone but themselves.
Please check ACLs, using this command:
icacls \\server\your_profileshareshare\someprofile

Please list the output.
0
 
pma111Author Commented:
Nothing btan has said makes me particularly concerned, the ACL's are indeed sharing each profile to builtin\users so dont see any value in sharing.
0
 
McKnifeCommented:
You should be concerned if users can see content of other users. Can they? Try it out, save a file to the documents folder or desktop in profile A and use user B afterwards and see if you can access it.
0
 
btanExec ConsultantCommented:
probably also is to see if there is policy that redirect user data to other file server hence the profile is smaller in size and not much sensitive info specific to the user.  maybe good to look into what is indeed in your environment user profile per se and assess sensitivity.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.