VCP5-DT Objective 2.13–Manage User Configurations

Objective 2.13 – Manage User Configurations

For this objective I used the following resources:

  • VMware View Administration documentation
  • VMware View Persona Management Deployment Guide

Prior to VMware Horizon View 5.x it was common practice to either leverage Windows Roaming profiles or a 3rd party profile management tool like Liquidware Labs Profile Unity to handle end user profiles. With the introduction of VMware’s Persona Management in Horizon View 5.x you can bypass the need for using Roaming Profiles, increase log in/log out performance, and ease management.

Knowledge

Configure the Profile Store

When it comes to creating the user profile repository, there are two great Microsoft Technet Articles that cover the NTFS share/permissions creation needed:

NTFS Permissions for Roaming Profile Parent Folder

User Account Minimum Permissions Required
Creator Owner Full Control, Subfolders and Files Only
Administrator None
Security group of users needing to put data on share List Folder/Read Data, Create Folders/Append Data – This Folder Only
Everyone No permissions
Local System Full Control, This Folder, Subfolders and Files

 

Share Level (SMB) Permissions for Roaming Profile Share

User Account Default Permissions Minimum Permissions Required
Everyone Read Only No permissions
Security group of users needing to put data on share N/A Full Control

 

NTFS Permissions for Each User’s Roaming Profile Folder

User Account Default Permissions Minimum Permissions Required
%Username% Full Control, Owner of Folder Full Control, Owner of Folder
Local System Full Control Full Control
Administrators No Permissions No Permissions
Everyone No Permissions No Permissions

 

There are few things to keep in mind when creating the network share for Persona Management:

  • You can create the shared folder on a server, a network-attached storage (NAS) device, or a network share
  • The shared folder does not have to e in the same domain as View Connection Server
  • The shared folder must be in the same Active Directory forest as the users who store profiles in the shared folder
  • You must use a shared drive that is large enough to store the user profile information for your users
  • You must create the full profile path under which the user profile folders will be created.

Configure Virtual Profile GPOs

The View Persona Management Administrative (ADM) Template file contains group policy settings that allow you to configure View Persona Management. Before you can configure the policies, you must add the ADM Template file to Active Directory. As mentioned in Objective 1.5 – Prepare Active Directory for Installation, the VMware View ADM Templates are stored in the following location on a View Connection Server – install_directory\VMware\VMware View\Server\Extras\GroupPolicyFiles.

After importing the ViewPM.adm template and browsing to the Persona Management node in Group Policy Management editor, four sub-nodes are available for configuration:

  • Roaming & Synchronization
  • Folder Redirection
  • Desktop UI
  • Logging

Below is a listing of the settings available in each node:

Roaming & Synchronization

Group Policy Setting Description
Manage User Persona Determines whether to manage user profiles dynamically with View Persona Management or with Windows roaming profiles. This setting turns View Persona Management on and off.When this setting is enabled, View Persona Management manages user profiles.
When the setting is enabled, you can specify a profile upload interval in minutes. This value determines how often changes in the user profile are copied to the remote repository. The default value is 10
minutes.
When this setting is disabled or not configured, user profiles are managed by Windows.
Persona Repository Location Specifies the location of the user profile repository. This setting also determines whether to use a network share that is specified in View Persona Management or a path that is configured in Active Directory to support Windows roaming profiles.
When this setting is enabled, you can use the Share path to determine the location of the user profile
repository.
In the Share path text box, you specify a UNC path to a network share that is accessible to View Persona
Management desktops.This setting lets View Persona Management control the location of the user profile repositoryBy default, the Active Directory user profile path is used.
Specifically, when the Share path is left blank, the Active Directory user profile path is used. The Share path is blank and inactive when this setting is disabled or not configured. You can also leave the path
blank when this setting is enabled.
When this setting is enabled, you can select the Override Active Directory user profile path if it is configured check box to make sure that View Persona Management uses the path specified in the Share
path. By default, this check box is unchecked, and View Persona Management uses the Active Directory
user profile path when both locations are configured.
Remove Local Persona at Log Off Deletes each user’s locally stored profile from the desktop system when the user logs off.
You can also check a box to delete each user’s local settings folders when the user profile is removed. In Windows 7 and Windows Vista, checking this box removes the AppData\Local folder. In Windows XP, checking the box removes the Local Settings folder.When this setting is disabled or not configured, the locally stored user profiles, including local settings folders, are not deleted when users log off.
Roam Local Settings Folder Roams the local settings folders with the rest of each user profile.
For Windows 7 or Windows Vista, this policy affects the AppData\Local folder. For Windows XP, this policy affects the Local Settings folder.
By default, local settings are not roamed.
Files and Folders to Preload Specifies a list of files and folders that are downloaded to the local user profile when the user logs in.
Changes in the files are copied to the remote repository as they occur.
In some situations, you might want to preload specific files and folders into the locally stored user profile. Use this setting to specify these files and folders.
Specify paths that are relative to the root of the local profile. Do not specify a drive in a pathname. For example: Application Data\Microsoft\Certificates
After the specified files and folders are preloaded, View Persona Management manages the files and folders in the same way that it manages other profile data. When a user updates preloaded files or
folders, View Persona Management copies the updated data to the remote profile repository during the session, at the next profile upload interval.
Files and Folders to Preload (exceptions) Prevents the specified files and folders from being preloaded.
The selected folder paths must reside within the folders that you specify in the Files and folders to preload setting.
Specify paths that are relative to the root of the local profile. Do not specify a drive in a pathname.
Windows Roaming Profiles Synchronization Specifies a list of files and folders that are managed by standard Windows roaming profiles. The file and folders are retrieved from the remote repository when the user logs in. The files are not copied to
the remote repository until the user logs off.
For the specified files and folders, View Persona Management ignores the profile replication interval that is configured by the Profile upload interval in the Manage user persona setting.
Specify paths that are relative to the root of the local profile. Do not specify a drive in a pathname.
Windows Roaming Profiles Synchronization (Exceptions) The selected files and folders are exceptions to the paths that are specified in the Windows roaming profiles synchronization setting.
The selected folder paths must reside within the folders that you specify in the Windows roaming profiles synchronization setting.
Specify paths that are relative to the root of the local profile. Do not specify a drive in a pathname.
Files and Folders Excluded From Roaming Specifies a list of files and folders that are not roamed with the rest of the user profile. The specified files and folders exist only on the local system.
Some situations require specific files and folders to reside only in the locally stored user profile. For example, you can exclude temporary and cached files from roaming. These files do not need to be
replicated to the remote repository.
Specify paths that are relative to the root of the local profile. Do not specify a drive in a pathname.
By default, the user profile’s temp folder, ThinApp cache folder, and cache folders for Internet Explorer, Firefox, Chrome, and Opera are excluded from roaming.
Files and Folders Excluded From Roaming (Exceptions) The selected files and folders are exceptions to the paths that are specified in the Files and folders
excluded from roaming setting.
The selected folder paths must reside within the folders that you specify in the Files and folders
excluded from roaming setting.
Specify paths that are relative to the root of the local profile. Do not specify a drive in a pathname
Folders to Background Download The selected folders are downloaded in the background after a user logs in to the desktop.
In certain cases, you can optimize View Persona Management by downloading the contents of specific folders in the background. With this setting, users do not have to wait for large files to download when
they start an application. Also, users do not have to wait for the files to preload when they log in, as they might if you use the Files and folders to preload setting with very large files.
For example, you can include VMware ThinApp sandbox folders in the Folders to background download setting. The background download does not affect performance when a user logs in or uses other applications on the desktop. When the user starts the ThinApp application, the required ThinApp sandbox files are likely to be downloaded from the remote repository, improving the application startup time.
Specify paths that are relative to the root of the local profile. Do not specify a drive in a pathname.
Folders to Background Download (Exceptions) The selected folders are exceptions to the paths that are specified in the Folders to background download setting.
The selected folder paths must reside within the folders that you specify in the Folders to background download setting.
Specify paths that are relative to the root of the local profile. Do not specify a drive in a pathname

 

Folder Redirection

The following folders are available for redirection:

  • Application Data (roaming)
  • Contacts
  • Cookies
  • Desktop
  • Downloads
  • Favorites
  • History
  • Links
  • My Documents
  • My Music
  • My Pictures
  • My Videos
  • Network Neighborhood
  • Printer Neighborhood
  • Recent Items
  • Save Games
  • Searches
  • Start Menu
  • Startup Items
  • Templates
  • Temporary Internet Files

Desktop UI

Group Policy Setting Description
Hide Local Offline File Icon Determines whether to hide the offline icon when a user views locally stored files that belong to the user profile. Enabling this setting hides the offline icon in Windows Explorer and most Windows dialog boxes.
By default, the offline icon is hidden.
Show Progress When Downloading Large Files Determines whether to display a progress window on a user’s desktop when the client retrieves large files from the remote repository.
When this setting is enabled, you can specify the minimum file size, in megabytes, to begindisplaying the progress window. The window is displayed when View Persona Management
determines that the specified amount of data will be retrieved from the remote repository. This value is an aggregate of all files that are retrieved at one time.
For example, if the setting value is 50MB and a 40MB file is retrieved, the window is not displayed. If a 30MB file is retrieved while the first file is still being downloaded, the aggregate download exceeds the value and the progress window is displayed. The window appears when a file starts
downloading.
By default, this value is 50MB.
By default, this progress window is not displayed.
Show Critical Errors to Users via Tray Icon Alerts Displays critical error icon alerts in the desktop tray when replication or network connectivity failures occur.
By default, these icon alerts are hidden

 

Logging

Group Policy Setting Description
Logging Filename Specifies the full pathname of the local View Persona Management log file.
On Windows 7 computers, the default path is ProgramData\VMware\VDM\logs\filename.
On Windows XP computers, the default path is All Users\Application
Data\VMware\VDM\logs\filename.
The default logging filename is VMWVvp.txt.
Logging Destination Determines whether to write all log messages to the log file, the debug port, or both destinations.
By default, logging messages are sent to the log file.
Logging Flags Determines the types of messages to log. When this setting is configured, you can select any or all log message types to generate:

  • Log error messages.
  • Log information messages.
  • Log debug messages.

By default, error and information log message types are generated.

Debug Flags Determines the types of debug messages to log. View Persona Management handles debug messages in
the same way that it handles log messages. When this setting is enabled, you can select any or all debug
message types to generate:

  • Debug error messages
  • Debug information messages
  • Debug registry messages
  • Debug IRQL messages
  • Debug port messages
  • Debug process messages

By default, no debug messages are generated.

 

Configure View Media Services for Clipboard Support

Clipboard redirection support is configured in another of the available GPO templates provided with Horizon View, PCoIP Session Variables. The setting you are looking for is “Configure Clipboard Redirection” and the following four options are available to you:

  • Enable client to server only
  • Disabled in both directions
  • Enabled in both directions
  • Enabled server to client only

Happy Studying!

-Jason