XenApp and XenDesktop Policy Planning Guide

Worldwide Consulting Solutions | WHITE PAPER | Citrix Policy
XenApp and XenDesktop

Policy Planning Guide
Table of Contents
Overview .................................................................................................................................... 1
Guidelines .................................................................................................................................. 2
Policy Configuration....................................................................................................................................................... 2
Planning a Baseline Policy ............................................................................................................................................. 6
Security Policies............................................................................................................................................................... 7
Connection based policy configuration....................................................................................................................... 7
Device based policy configuration ............................................................................................................................... 8
User Profile Considerations .......................................................................................................................................... 8
Planning ..................................................................................................................................... 9
Citrix User Policy Settings ........................................................................................................................................... 10
Citrix Computer Policy Settings ................................................................................................................................. 15
Microsoft Windows Policy .......................................................................................................................................... 16
Folder Redirection Policy ............................................................................................................................................ 18
Conclusion ............................................................................................................................... 20
Appendix: Policy Quick Reference ........................................................................................ 21
ii
Overview
Citrix policies provide the basis to configure and fine tune your XenDesktop and XenApp
environments, allowing organizations to control connection, security and bandwidth settings based
on various combinations of users, devices or connection types. Correctly defining an initial baseline
policy and assigning additional policies based on security requirements and specific access scenarios
can be important in delivering a high definition user experience.
This planning guide is intended to be a guideline during the decision process for creating a baseline
policy and additional policies based on connection, security, device and profile considerations.
While it creates a baseline policy and recommendations for policy settings, it should not be assumed
to be a complete configuration, or absolutely correct for every customer situation. Architects should
review the recommendations contained in this document against desired outcomes within the
organization to ensure requirements are met.
When making policy decisions it is important to consider both Microsoft Windows and Citrix
policies as components within both policy configurations have an impact on user experience and
environment optimization. Within this planning guide a base set of windows policies that can be
used to optimize XenApp and XenDesktop environments is presented. For more details on specific
Windows related policies, refer to the Group Policy Settings Reference for Windows and Windows
Server, specifically settings related to Windows Server 2008 R2 and Windows 7.
To help architects design a XenDesktop and XenApp solution based on real-world projects,
organizations can refer to the Citrix Desktop Transformation Accelerator for step by step
assessment, design and deployment guidance, and the XenDesktop Design Handbook for reference
architectures, planning guides and best practices.
Guidelines
When creating a policy set for XenDesktop or XenApp environments, it is a good practice to define
a baseline policy set which outlines all of the common configuration options for an organization
within a single policy set, and then configure policy exceptions as required to override decisions for
specific needs. The key is to keep the policy configurations simple and well-structured in order to
avoid confusion about resultant set of policy as configurations grow and become more complex.
When creating a baseline and exception based policy structure, it is important to consider the
following major areas:
Policy configuration
o Group Policy vs. Citrix Policy engine
o Policy Integration
o Policy Filtering
o Policy Precedence
Baseline policy configuration
Security policies
Connection based policy configuration
Device based policy configuration
User profile considerations
Policy Configuration
Group Policy vs. Citrix Policy Engine
With new versions of XenDesktop and XenApp, organizations have the option to configure
Citrix policies via the Citrix administrative consoles; AppCenter for XenApp or Desktop Studio
for XenDesktop, or through Active Directory group policy using Citrix ADMX files, which
extend group policy and provide advanced filtering mechanisms. Using Active Directory group
policy allows organizations to manage both Windows policies and Citrix policies in the same
location, and minimizes the administrative tools required for policy management. Group policies
are automatically replicated across domain controllers, protecting the information and simplifying
policy application. Citrix administrative consoles should be used if Citrix administrators do not
have access to Active Directory policies, or if filtering mechanisms such as Smart Access are
required. Architects should select one of the above two methods as appropriate for their
organizations needs and use that method consistently to avoid confusion with multiple Citrix
policy locations.
Policy Integration
When configuring policies, organizations will often require both Active Directory policies and
Citrix policies to create a completely configured environment. With the use of both policy sets,
the resultant set of policies can become confusing to determine. In some cases, particularly with
respect to Windows Remote Desktop Services (RDS) and Citrix policies, similar functionality can
be configured in two different locations. For example, it is possible to enable client drive
mapping in Citrix policy and disable client drive mapping in RDS policy. The ability to use the
desired feature may be dependent upon the combination of RDS and Citrix policy. It is
important to understand that Citrix policies build upon functionality available in Remote Desktop
Services. If the required feature is explicitly disabled in RDS policy, Citrix policy will not be able
to affect a configuration as the underlying functionality has been disabled. In order to avoid this
confusion, it is recommended that RDS policies only be configured where required and there is
no corresponding policy in the XenDesktop or XenApp configuration, or the configuration is
specifically needed for RDS use within the organization. Configuring policies at the highest
common denominator will simplify the process of understanding resultant set of policies and
troubleshooting policy configurations.
Policy Filtering
Once policies have been created, they need to be applied to groups of users and/or computers
based on the required outcome. Policy filtering provides the ability to apply policies against the
requisite user or computer groups. With Active Directory based policies, a key decision is
whether to apply a policy to computers or users within site, domain or organizational unit (OU)
objects. Active Directory policies are broken down in to user configuration and computer
configuration. By default, the settings within the user configuration applied to users who reside
within the OU at logon, and settings within the computer configuration are applied to the
computer at system startup, and will affect all users who logon to the system. One challenge of
policy association with Active Directory and Citrix deployments revolves around three core areas:
Citrix specific computer policies. Citrix XenApp servers and virtual desktops often have
computer policies that are created and deployed specifically for the XenDesktop or
XenApp environment. Applying these policies is easily accomplished by creating separate
OU structures for the XenApp servers and the virtual desktops. Specific policies can
then be created and confidently applied to only the computers within the OU and below
and nothing else. Based upon requirements, virtual desktops and XenApp servers may be
further subdivided within the OU structure based on server roles, geographical locations
or business units.
Citrix specific user policies. When creating policies for XenDesktop and XenApp there
are a number of policies specific to user experience and security that are applied based on
the users connection to the Citrix environment. However the users accounts could be
located anywhere within the Active Directory structure, creating difficulty with simply
applying user configuration based policies. It is not desirable to apply the Citrix specific
3
configurations at the domain level as the settings would be applied to every system any
user logged on to. Simply applying the user configuration settings at the OU where the
XenApp servers or virtual desktops are located will also not work, as the user accounts
are not located within that OU. The answer is to apply a loopback policy, which is a
computer configuration policy that forces the computer to apply the assigned user
configuration policy of the OU to any user who logs into the server or virtual desktop,
regardless of the users location within Active Directory. Loopback Processing can be
applied with either Merge or Replace settings. Using Replace overwrites the entire user
GPO with the policy from the XenApp or XenDesktop OU. Merge will combine the
user GPO with the GPO from the XenApp or XenDesktop OU. As the computer
GPOs are processed after the user GPOs when merge is used, the Citrix related OU
settings will have precedence and be applied in the event of a conflict.
Active Directory policy filtering. In more advanced cases, there may be a need to apply a
policy setting to a small subset of users like Citrix administrators. In this case, Loopback
Processing will not work as the policy is intended to be applied only to the subset of
users, not all users who log in to the system. Active Directory policy filtering can be used
to specify specific users or groups of users to which the policy is applied. A policy can be
created for a specific function, and then a policy filter can be set to apply that policy only
to a group of users such as Citrix administrators. Policy filtering is accomplished using
the Security properties of each target policy.
Citrix policies created using the Citrix administrative consoles in either XenDesktop or XenApp
have specific filter settings available, which may be used to address policy-filtering situations that
cannot be handled using group policy. Filters may be applied using any combination of the
following filters:
Filter Name
Access Control
Branch Repeater
Client IP Address
Client Name
Desktop Group
Desktop Type
Organizational Unit
Tag
User or Group
Worker Group
Filter Description
Applies a policy based on access control conditions
through which a client is connecting. For example,
users connecting through a Citrix Access Gateway can
have specific policies applied.
Applies a policy based on whether or not a user session
was launched through Citrix Branch Repeater.
Applies a policy based on the IPv4 or IPv6 address of
the user device used to connect the session. Care must
be taken with this filter if IPv4 address ranges are used
in order to avoid unexpected results.
Applies a policy based on the name of the user device
used to connect the session.
Applies a policy based on the desktop group
membership of the desktop running the session
Applies a policy based on the type of machine running
the session. For example, different policies can be set
depending upon whether a desktop is pooled,
dedicated or streamed.
Applies a policy based on the OU of the desktop
running the session.
Applies a policy based on any tags applying to the
desktop running the session. Tags are strings that can
be added to virtual desktops in XenDesktop
environments that can be used to search for or limit
access to desktops.
Applies a policy based on the Active Directory group
membership of the user connecting to the session.
Applies a policy based on the worker group
membership of the server hosting the session.
Policy Scope
User policies
User policies
User policies
User policies
XenDesktop user
or machine policies
XenDesktop user
or machine policies
XenDesktop user
or machine policies
XenDesktop user
or machine policies
User policies
XenApp user or
computer policies
Policy Precedence
With the tree-based structure of Active Directory, policies can be created and enforced at any
level in the tree structure. As such, it is important to understand how the aggregation of policies,
known as policy precedence flows in order to understand how a resultant set of policies is
created. With Active Directory and Citrix policies, the precedence is as follows:
Processed first/lowest precedence: Local server policies
Processed second: Citrix policies created using the Citrix administrative consoles
Processed third: Site level AD policies

5
Processed fourth: Domain level AD policies
OU based AD policies
o Processed fifth: Highest level OU in domain
o Processed sixth and subsequent: Next level OU in domain
o Processed last/highest precedence: Lowest level OU containing object
Policies from each level are aggregated into a final policy that is applied to the user or computer.
In most enterprise deployments, Citrix administrators do not have rights to change policies
outside their specific OUs, which will typically be the highest level for precedence. In cases
where exceptions are required, the application of policy settings from higher up the OU tree can
be managed using Block Inheritance and No Override settings. The Block Inheritance setting
stops the settings from higher-level OUs (lower precedence) from being incorporated into the
policy. However if a higher-level OU policy is configured with No Override, the Block
Inheritance setting will not be applied. Given this, care must be taken in policy planning, and
available tools such as the Active Directory Resultant Set of Policy tool or the XenDesktop
policy planning feature should be used to validate the observed outcomes with the expected
outcomes.
Planning a Baseline Policy

The baseline policy should contain all common elements required to deliver a high definition
experience to the majority of users within the organization. The baseline policy creates the
foundation for user access, and any exceptions that may need to be created to address specific access
requirements for groups of users. It should be comprehensive to cover as many use cases as
possible and should have the lowest priority, for example 99 (a priority number of 1 is the highest
priority), in order to create the simplest policy structure possible and avoid difficulties in
determining the resultant set of policies. The unfiltered policy set provided by Citrix as the default
policy may be used to create the baseline policy as it is applied to all users and connections. In the
baseline configuration presented in this whitepaper, Citrix policies have been enabled with default
settings in many cases in order to clearly identify the policies applied, and to avoid confusion should
default settings change over time.
The baseline policy configuration also includes Windows policies. Windows policies reflect user
specific settings that optimize the user experience and remove features that are not required or
desired in a XenDesktop or XenApp environment. For example, one common feature turned off
in these environments is Windows Update. In virtualized environments, particularly where desktops
and XenApp servers may be streamed and non-persistent, Windows update creates processing and
network overhead, and changes made by the update process will not persist a restart of the virtual
desktop or application server. Also in many cases, organizations use Windows Software Update
Service (WSUS) to control windows updates. In these cases, updates are applied to the master disk
and made available by the IT department on a scheduled basis. Additional configuration
6
considerations for virtual desktops and XenApp servers can be found in the Windows 7 and
Windows 2008 R2 optimization guides in the XenDesktop design handbook.
In addition to the above considerations, an organizations final baseline policy may include settings
specifically created to address security requirements, common network conditions, or to manage
user device or user profile requirements. These areas need to be addressed both in the default
baseline policy configuration, as well as in any additional policy sets created to address exceptions or
additional needs.
Security Policies
Security policies address policy decisions made to enforce corporate security requirements on the
XenDesktop or XenApp environments. Requirements pertaining to data security and access can be
controlled by the correct application of security policy. Users can be allowed to read and write to
local or removable media, connect USB devices such as storage devices, smart phones, or TWAIN
compliant devices, or cut and paste from the local system based on security requirements.
Organizations can also enforce encryption and authentication requirements through security related
Citrix policies. While security is a continuum, high and low security policy guidance has been
provided in this whitepaper. Architects should consider the most appropriate level of security and
add the policy settings to the baseline policy set, and then address security exceptions through
additional policy sets.
Connection based policy configuration

Connection based policy considerations are used to develop a policy solution that creates the best
user experience based on the network environment through which end-users access the network
infrastructure. Latency and bandwidth available will determine how to best provide access to audio
and video over the HDX connection, providing the best quality experience based on the available
resources. Image quality and compression, audio quality and video frame rates can be adjusted
based on the connection quality to utilize the bandwidth and network performance appropriately.
Multi-stream ICA features can be utilized in concert with network Quality of Service (QoS) to
provide an optimized experience for multimedia, input and display and printing requirements. This
whitepaper outlines options for WAN/High Latency connections and LAN/Low Latency
connections. In addition to the settings outlined, there are Citrix policy settings available to limit the
bandwidth consumption for Citrix sessions generally, or specifically for audio, clipboard, COM and
LPT ports, local drive, or printer access. These policies can be configured based on specific
bandwidth consumption, or a percentage of available bandwidth. These settings are very specific to
the network constraints of a given environment, and thus have not been included in the policy
baselines presented in this guide. Architects should consider the requirements of their specific
network environment in determining whether to apply these settings, and the specific
configurations. As with security policies, architects should consider the appropriate base network
configuration and add the settings to the initial baseline configuration. Additional network
requirements can be dealt with by creating additional higher level policies to override baseline
configurations.
7
Device based policy configuration

Device based policy configuration deals with the management of specific device requirements such
as tablets and smart phones within an organization. Citrix has created a set of policies to optimize
the experience of tablets and smart phones when connecting to XenApp environments, allowing
these devices to use location services and to customize the user interface where appropriate.
Multimedia specific features, such as Windows Media and Flash redirection will automatically drop
back from client side redirection to server side rendering of media content if the device does not
support it; therefore no specific configuration is required to address these features with tablets, or
with other devices such as thin clients that may not support these features.
Another consideration for device based policy configuration revolves around the security
requirements for bring your own (BYO) devices. These elements, such as the need to allow or
prohibit local access to hard drives or removable devices, should be addressed through security
policy settings.
User Profile Considerations

User profiles play a critical role in determining how successful the user experience is within a virtual
desktop or virtual application scenario. User profile management can be a key player in mitigating
the risks of lengthy logon times or lost settings, providing a consistent user experience across
multiple devices, and providing users with their specific data and settings in a virtualized
environment. With Citrix Profile Management (UPM), policies control two important aspects of
user profiles; folder redirection, handled through AD group policy, and UPM settings through Citrix
policy.
As stated in the Citrix blog Citrix Profile Management and VDI Doing it Right, there is more to
configuring UPM than simply turning the features on via Citrix policy. Architects must consider the
correct folder redirection configuration for their environment, as well as configuring Citrix policy
settings for folder exclusions from the UPM environment. Settings for profile streaming and active
write back must also be carefully considered based on the size of the profile and whether the virtual
desktops or application servers are persistent or non-persistent respectively. The base configuration
for profile management is presented in the planning section of this guide. Profile management
policies should be included in the baseline policy if they are to be applied across all users in an
organization.
Planning
The planning section outlines the initial policy configurations recommended by Citrix Consulting for various scenarios, including baseline
configuration, network related policies, security related policies, mobile device and profile policy considerations. Each policy configuration
may contain the following policy settings:
Policy Settings
Enabled - Enables the setting. Where applicable, specific settings are detailed.
Disabled Disables the setting
Note: Disabling the policy overrides lower priority policies settings.
Allow Allows the action controlled by the setting. Where applicable, specific
settings are detailed.
Prohibit Prohibits the action controlled by the setting
Note: Prohibiting a feature or functionality overrides lower priority policies
settings.
Not Configured Unless specifically set, un-configured policies use default
settings.
Note: The policy settings specified generally apply to XenApp 6.5 and XenDesktop 5.6 with Feature Pack 1 installed. If a previous version
is used, please review the Appendix of this whitepaper for applicability of settings to XenApp 6 and XenDesktop 5 or 5.5.
Citrix User Policy Settings

User Policy Setting
ICA
Client clipboard redirection
Desktop launches
Launching of non-published programs during client connection
ICA\Adobe Flash Delivery\Flash Redirection
Flash acceleration
Flash default behavior
Flash event logging
Flash intelligent fallback
Flash latency threshold
ICA\Adobe Flash Delivery\Legacy Server Side Optimization
Flash quality adjustment
ICA\Audio
Audio over UDP Real-time Transport
Audio Plug N Play
Audio quality
Client audio redirection
Client microphone redirection
ICA\ Client Sensors\ Location
Allow applications to use the physical locations of the client device
ICA\Desktop UI
Aero Redirection
Aero Redirection Graphics Quality
Desktop wallpaper
Menu animation
View window contents while dragging
ICA\File Redirection
Auto connect client drives
Client fixed drives
Client floppy drives
Client network drives
Client optical drives
Client removable drives
Host to client redirection
Preserve client drive letters
Read-only client drive access
XA
XD
X
X
X
X
X
X
X
X
X
X
X
X
X
Baseline
Low
Security
High
Security
Allow
Prohibit
Disable
Disable
WAN
Speed
Enabled
Enabled
X
X
X
X
X
X
X
X
Profile
Allow
X
X
X
Allow
Medium
Allow
Prohibit
X
X
X
Tablet
Enabled
Enable Flash Redirection
Enabled
Enabled
30 milliseconds
X
X
X
X
X
LAN
Speed
Enable if
secure
connection
X
X
X
X
X
X
X
X
X
X
X
X
X
Allow
High
Enable
Allow
Allow
Allow
Enable
Prohibit
Disable
Allow
Prohibit
Allow
Prohibit
Prohibit
Disable
Disable
Prohibit
Prohibit
Prohibit
Prohibit
Disable
Disable
Disable
10

Use asynchronous writes
ICA\ Mobile Experience
Automatic Keyboard Display
Launch touch-optimized desktop
Remote the combo box
ICA\ Multi Stream Connections
Multi-Stream
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Disable
Disable
Disable
Disable
X
X
X
X
X
X
X
X
X
X
Allow
Set to clients main printer
X
X
X
X
X
X
X
X
Default printer only

Disabled
Standard names
Allowed
X
X
X
X
Disabled
Use Universal Printing only if
requested driver is unavailable
X
X
X
X
X
X
Universal printing preview preference
Spool to printer
Best Quality
Standard Quality
Caching of embedded images
Caching of embedded fonts
Use for auto-generated and
generic
ICA\SecureICA
SecureICA minimum encryption level
ICA\Port Redirection
Auto connect client COM ports
Auto connect client LPT ports
Client COM port redirection
Client LPT port redirection
ICA\Printing
Client printer redirection
Default printer
Direct connections to print servers
Printer auto creation log preference
Wait for printers to be created (desktop)
ICA\Printing\Client Printers
Auto-create client printers
Auto-generate generic universal driver
Client printer names
Printer properties retention
Retained and restored client printers
ICA\Printing\Drivers
Automatic installation of in-box printer drivers
Universal driver usage
ICA\Printing\Universal Printing
Universal printing EMF processing mode
Universal printing image compression limit
Universal printing optimization defaults
ICA\Session Limits
Disconnected session timer
Disable
Enable
Enable
Enable
Enable
with QoS
Enable
with QoS
Enable
Disable
Prohibit
Errors
Disabled
Retained in
profile only
RCS 128 bit

Logon only
RCS 128 bit
Disabled
Enabled
11

Disconnected session timer interval
Linger Disconnect Timer Interval
Linger Terminate Timer Interval
Pre-Launch Disconnect Timer Interval
Pre-Launch Terminate Timer Interval
Session connection timer
Session idle timer
Session idle timer interval
ICA\Shadowing
Input from shadow connections
Log shadow attempts
Notify user of pending shadow connections
Users who can shadow other users
ICA\Time Zone Control
Estimate local time for legacy clients
Use local time of client
ICA\TWAIN devices
Client TWAIN device redirection
TWAIN compression level
ICA\USB devices
Client USB device redirection
Client USB device redirection rules
Client USB Plug and Play device redirection
ICA\Virtual Desktop Agent Settings\ICA Latency Monitoring
Enable Monitoring
ICA\ Virtual Desktop Agent Settings\ Profile Load Time
Monitoring
Enable Monitoring
ICA\Visual Display
Max Frames per Second
ICA\Visual Display\Moving Images
Moving Image Compression
Minimum Image Quality
Target Minimum Frame Rate
ICA\Visual Display\Still Images
Extra Color Compression
Extra Color Compression Threshold
Lossy compression level
Lossy compression level threshold value
Profile Management
Enable Profile Management
X
X
X
X
X
X
X
X
X
X
X
X
30 Minutes
5 Minutes
10 Minutes
15 Minutes
30 Minutes
Disabled
Disabled
Enabled
2 hours
Allow
Prohibit
Prohibit
Allow
Allow
Defined by security
X
X
Enable
Use Client time zone
X
X
X
X
Allow
X
X
X
X
X
Enable
Allow
Allow
Disabled
Disabled
X
X
X
X
X
X
X
X
X
X
X
Low
High
30
15
Very
High
10
Low
Disabled
8192
kbps
Low
Unlimited
Enabled
8192
kbps
High
Unlimited
Disable
Prohibit
Prohibit
Enabled
10
Enabled
12

Process Groups
Path to User Store
Active Write Back
X
X
X
X
X
X
Process logons of local administrators

Profile Management\ Advanced Settings
Delete Redirected Folders
Directory of MFT Cache Files
X
X
X
X
Process Internet cookie files on logoff

Profile Management\ File System
Exclusion list directories
Exclude
redirected
folders
X
X
X
X
Exclude
directories
Selected files
Selected
folders
X
X
Profile Management\ File System\ Synchronization

Directories to Synchronize
Files to Synchronize
Folders to Mirror
Profile Management\ Profile handling
Local profile conflict handling
Migration of existing profiles
Profile Management\ Profile Streamed user profiles
Profile Streaming
Server Session Settings
Session importance
Single Sign-on
Configure groups
UNC Path
Enabled
(Persistent
desktops)
Enabled
Enabled
Local or
persistent
location
Enabled
Delete local
profile
None
Enable if large
profile
Normal
Disabled
13
List of excluded files for Profile Management
AppData\Local
AppData\LocalLow
AppData\Roaming\Citrix\PNAgent\AppCache
AppData\Roaming\Citrix\PNAgent\Icon Cache
AppData\Roaming\Citrix\PNAgent\ResourceCache
AppData\Roaming\ICAClient\Cache
AppData\Roaming\Microsoft\Windows\Start Menu
AppData\Roaming\Sun\Java\Deployment\cache
AppData\Roaming\Sun\Java\Deployment\log
AppData\Roaming\Sun\Java\Deployment\tmp
Application Data
Citrix
Contacts
Desktop
Documents
Favorites
Java
Links
Local Settings
Music
My Documents
My Pictures
My Videos
Pictures
UserData
Videos
AppData\Roaming\Macromedia\Flash
Player\macromedia.com\support\flashplayer\sys
AppData\Roaming\Macromedia\Flash Player\#SharedObject
AppData\Roaming
Downloads
Saved Games
Searches
Synchronized Directories
AppData\Roaming\Microsoft\Credentials
AppData\Roaming\Microsoft\Crypto
AppData\Roaming\Microsoft\Protect
AppData\Roaming\Microsoft\SystemCertificates
AppData\Local\Microsoft\Credential
14
Synchronized Files
Example Synchronized Files for Microsoft Outlook and Google Earth
AppData\Local\Microsoft\Office\*.qat
AppData\Local\Microsoft\Office\*.officeUI
AppData\LocalLow\Google\GoogleEarth\*.kml
Mirrored Folders
AppData\Roaming\Microsoft\Windows\Cookies
Citrix Computer Policy Settings

Computer Policy Setting
ICA
ICA listener connection timeout
ICA listener port number
ICA\ Auto Client Reconnect
Auto client reconnect
Auto client reconnect authentication
Auto client reconnect logging
ICA\ End User Monitoring
ICA round trip calculation
ICA round trip calculations for idle connections
ICA\ Graphics
Display memory limit
Display mode degrade preference
Dynamic Windows preview
Image caching
Maximum allowed color depth
Notify user when display mode is degraded
Queuing and tossing
ICA\Graphics\Caching
Persistent Cache Threshold
ICA\ Keep Alive
ICA keep alive timeout
ICA keep alives
ICA\ Multimedia
Windows Media Redirection
XA
XD
Baseline
X
X
X
X
120000 ms
1494
Allow
X
X
X
Disabled
X
X
X
X
Enable
Disable
X
X
X
X
X
X
X
X
X
X
X
X
X
32768 KB
Degrade Color Depth First
Enabled
Enabled
32 bit
Disabled
Enabled
3000000 Kbps
X
X
X
X
60 seconds
Enabled
Allowed
Low
Security
High
Security
Not required
Require
LAN
Speed
WAN
Speed
Tablet
Profile
15

Windows Media Redirection Buffer Size
Windows Media Redirection Buffer Size Use
ICA\ Multistream Connections
Multistream
ICA\ Session Reliability
Session reliability connections
ICA\ Virtual Desktop Agent Settings\ CPU Usage Monitoring
Enable Monitoring
ICA\ Shadowing
Shadowing
Licensing
License server host name
License server port
X
X
X
X
10 seconds
Enabled
Prevent
Disabled
Enabled
(QoS)
Allow
X
X
License Server Name

27000
Enabled
(QoS)
Microsoft Windows Policy

User Policy
Policy Path
Control Panel\ Prohibit Access to the Control Panel
Control Panel\ Personalization\ Enable screen saver
Control Panel\ Personalization\ Force specific screen saver
Control Panel\ Personalization\ Password protect the screen
saver
Control Panel\ Personalization\ Screen saver timeout
Desktop\ Dont save settings on exit
Desktop\ Hide Network Locations icon on desktop
Desktop\ Prohibit user from manually redirecting Profile
Folders
Desktop\ Remove Recycle Bin icon from desktop
Start Menu and Taskbar\ Change Start Menu power button
Start Menu and Taskbar\ Prevent changes to Taskbar and Start
Menu settings
Start Menu and Taskbar\ Remove and prevent access to the
Shut Down, Restart, Sleep and Hibernate commands
Start Menu and Taskbar\ Remove links and access to
Setting
Enable
Enable
Enable scrnsave.scr
Enabled
Enabled
X Minutes (default 15)
Enabled
Enabled
Enabled
Enabled
Enabled
Log Off
Enabled
Enabled
Enabled
Description
Disables all control panel programs
Applies to
XenApp, XenDesktop
Enables the use of a Screen Saver

Forces the use of the blank screen saver in Windows
Forces password protection on the screen saver
XenApp, XenDesktop
XenApp, XenDesktop
XenApp, XenDesktop
Sets the amount of time in minutes that elapse before the screen saver is
activated
Prevents users from changing some desktop configurations such as the size
of the taskbar or the position of open windows on exit.
Removes the Network Locations icon from the desktop.
Prevents users from manually changing the path to their profile folders.
XenApp (Published Desktop),

XenDesktop
XenApp
Removes most occurrences of the Recycle Bin icon.

Set Start Menu power button functionality to Log Off user.
XenApp, XenDesktop
XenApp, XenDesktop
Removes the Taskbar and Start Menu settings from Settings on the Start
Menu.
Prevents user from performing these commands from the Start Menu or the
Windows Security screen.
Prevents users from connecting to the Windows Update website.
XenApp
XenApp
XenApp, XenDesktop
XenApp
XenApp, XenDesktop
16

User Policy
Policy Path
Windows Update
Start Menu and Taskbar\ Remove network icon from the Start
Menu
Start Menu and Taskbar\ Remove Run menu from the Start
Menu
System\ Prevent access to registry editing tools
System\ Prevent access to the Command Prompt
System\ Ctrl+Alt+Del Options\ Remove Task Manager
System\ Folder Redirection\ Do not automatically make
redirected folders available offline
System\ User Profiles\ Exclude Directories in Roaming
Profile
Windows Components\ Windows Update\ Remove access to

use all Windows Update features
Windows Explorer\ Do not move deleted files to the Recycle
Bin
Windows Explorer\ Hide these specified drives in My
Computer
Windows Explorer\ Prevent access to drives from My
Computer
Machine Policy
Policy Path
Internet Communication settings\ Turn off Windows
Customer Improvement Program
System\ Group Policy\ User Group Policy loopback
processing mode
System\ Power Management\ Select an active power plan
System\ System Restore\ Turn off System Restore
System\ User Profiles\ Do not check for user ownership of
Roaming Profile folders
Windows Components\ AutoPlay Policies\ Turn off AutoPlay
Windows Components\ Internet Explorer\ Turn off reopen
last browsing session
Windows Components\ Remote Desktop Services\ RD
Setting
Description
Applies to
Enabled
Removes the network icon from the Start Menu
XenApp, XenDesktop
Enabled
Removes the Run command from the Start Menu, Internet Explorer, and
Task Manager
Disables the Windows Registry Editor
Prevents users from running the interactive command prompt cmd.exe
Prevents users from starting Task Manager
Prohibits redirected shell folders Contacts, Documents, Desktop, Favorites,
Music, Pictures, Videos, Start Menu and AppData\Roaming from being
available offline
Excludes the specified directories from the Roaming Profile
XenApp
Removes all Windows Update functions
XenApp, XenDesktop
Prohibits deleted files from being placed in the Recycle Bin. All files are
permanently deleted.
Hides local hard drives from My Computer
XenApp, XenDesktop
Prevents access to local hard drives from My Computer
XenApp
Description
Turns off the Windows Customer Improvement Program for all users
Applies to
XenApp, XenDesktop
Applies alternate user settings when a user logs on to a computer affected by

this setting
Specifies a power plan from a list of available plans.
Turns off Windows System Restore features
Disables security check for roaming profile folders
XenApp, XenDesktop
Enabled
Enabled
Turns off AutoPlay for removable devices.

Disables ability to reopen the users last browsing session
XenApp
XenApp
XenApp server security
Specifies the servers to which RDS will provide licenses
XenApp
Enabled
Enabled
Enabled
Enabled
Citrix, Contacts,
Desktop, Downloads,
Favorites, Links,
Documents, Pictures,
Videos, Music, Saved
Games, Searches
Enabled
Enabled
Enabled
Local hard drives
Enabled
Local hard drives
Setting
Enabled
Merge or Replace
High Performance
Enabled
Enabled
XenApp, XenDesktop
XenApp
XenApp
XenApp, XenDesktop
XenApp, XenDesktop
XenApp
XenApp, XenDesktop
XenApp, XenDesktop
XenApp, XenDesktop
17

Machine Policy
Policy Path
Licensing\ License server security group
Windows Components\ Remote Desktop Services\ Remote
Desktop Session Host\ Licensing\ Set the Remote Desktop
licensing mode
Windows Components\ Remote Desktop Services\ Remote
Desktop Session Host\ Licensing\ Use the specified Remote
Desktop license servers
Windows Components\ Windows Update\ Configure
Automatic Updates
Setting
groups
Per User or Per Device
Specified servers
Disabled
Description
Applies to
Specifies the licensing mode used by Remote Desktop Server
XenApp
Specifies the preferred license servers for Remote Desktop Services
XenApp
Specifies whether the computer system will receive automatic updates

through the Windows Update process.
XenApp, XenDesktop
Folder Redirection Policy

User Policy\Windows Settings\Security Settings\Folder Redirection
Folder
Setting
AppData (Roaming)
Basic
Contacts
Desktop
Documents
Downloads
Favorites
Links
Basic
Basic
Basic
Basic
Basic
Basic
Options
Grant User Exclusive Rights: Disabled
Move Contents to new location: Enabled
Apply Policy to Windows 2000, Windows XP, Windows 2003:
Policy Removal Behavior: Leave Contents
Move Contents to new location: Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
18

User Policy\Windows Settings\Security Settings\Folder Redirection
Folder
Setting
Music
Pictures
Saved Games
Follow the Documents

Folder
Folder
Basic
Searches
Basic
Start Menu
Basic
Videos
Options
Apply Policy to Windows 2000, Windows XP, Windows 2003: Disabled


Folder
19
Conclusion
Creating policies for XenDesktop and XenApp configurations involves a combination of Citrix and
Microsoft Active Directory group policy settings. Correctly configuring a baseline policy
configuration and keeping policy exceptions to a minimum allows organizations to create an
environment that meets user experience and security requirements, while providing a policy
structure that is easy to review and diagnose. This planning guide has provided a suggested set of
policies as a starting point for a XenDesktop or XenApp configuration. It can be used as a basis for
architects to customize an initial policy configuration for an organization.
20
Appendix: Policy Quick Reference

The following table provides a description for all Citrix policy settings contained in this document. For complete and up-to-date policy
settings, consult the policy settings references sections for the various technologies in Citrix eDocs.
User Policy
Policy Group\ Policy
Description
ICA
Client clipboard redirection
Allow or prevent the clipboard on the client device to be mapped to the clipboard on the server.
Desktop launches
When allowed, non-administrative users can connect.
Launching of non-published programs
Specifies whether to launch initial applications or published applications on the server.
during client connection
ICA\Adobe Flash Delivery\Flash Redirection
Flash acceleration
Enables or disables, in Legacy mode only, Flash content rendering on client devices instead of
the server.
Flash backwards compatibility
Enabling Flash backwards compatibility allows earlier versions of Citrix Receiver to work with
legacy Flash Redirection features
Flash default behavior
Establishes the default behavior of second generation Flash acceleration.
Flash event logging
Flash intelligent fallback
Allows Flash events to be recorded in the Windows application event log.

If enabled, the system attempts to automatically revert to server-side rendering for Flash Player
instances for which client-side rendering is unnecessary or would provide a poor experience
Flash latency threshold
Maximum latency threshold for Flash redirection. Only applies to Legacy mode features. Flash
backwards compatibility must be enabled.
ICA\Adobe Flash Delivery\Legacy Server Side Optimizations
Flash quality adjustment
Adjusts quality of Flash content rendered on session hosts to improve performance.
ICA\ Audio
Audio over UDP Real-time Transport
Allows transmission of audio between host and client over Real-time Transport Protocol (RTP)
using the user datagram protocol (UDP).
Audio Plug N Play
Allows the use of multiple audio devices.
Audio quality
Specify the sound quality as low, medium, or high.
Select "Medium - optimized for speech" for delivering Voice over IP applications. Audio sent to
the client is compressed up to 64Kbps.
Client audio redirection
Allows or prevents applications hosted on the server to play sounds through a sound device
installed on the client computer. Also allows or prevents users to record audio input.
Client microphone redirection
Enables or disables client microphone redirection.
ICA\ Client Sensors\ Location
Allow applications to use the physical
Enables or disables the ability for applications to use the physical location of the client device.
locations of the client device
ICA\ Desktop UI
Aero Redirection
Allow the redirection of Aero commands from VDA to client to enrich user experience.
Applies to
XA 6, XD 5
XA 6 RDS only
XA 6
XA 6, XD 5
XA 6.5, XD 5.5
XA 6.5, XD 5.5
XA 6, XD 5
XA 6.5, XD 5.5
XA 6, XD 5
XA 6
XD 5.5
XA 6
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6.5 FP1
XD 5.5
21

User Policy
Aero Redirection Graphics Quality
Desktop wallpaper
Menu animation
View window contents while dragging
ICA\ File Redirection
Auto connect client drives
Client drive redirection
Client floppy drives
Client fixed drives
Client network drives
Client optical drives
Client removable drives
Host to client redirection
Preserve client drive letters
Read-only client drive access

Use asynchronous writes
ICA\ Mobile Experience
Automatic Keyboard Display
Launch touch-optimized desktop
Remote the combo box
Multi-Stream
ICA\ Port Redirection
Auto connect client COM ports
Auto connect client LPT ports
Client COM port redirection
Client LPT port redirection
ICA\ Printing
Client printer redirection
Default printer
Printer auto-creation event log preference
Wait for printers to be created (desktop)
Description
Determine the quality of graphics for Aero Redirection.
Enables or disables the desktop wallpaper in user sessions.
Allows or prevents menu animation.
Controls the display of window content when dragging a window across the screen.
Applies to
XD 5.5
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
Allows or prevents automatic connection of client drives when users log on.
Enables or disables file (drive) redirection to and from the client.
Allows or prevents users from accessing or saving files to floppy drives on the client device.
Allows or prevents users from accessing or saving files to fixed drives on the user device.
Allows or prevents users from accessing and saving files to client network (remote) drives.
Allows or prevents users from accessing or saving files to CD-ROM, DVD-ROM, and BDROM drives on the client device.
Allows or prevents users from accessing or saving files to removable drives on the user device.
Enables or disables file type associations for URLs and some media content to be opened on
the client device.
Enables or disables preservation of client drive letters.
When enabled, files/folders on mapped client drives can only be accessed in read-only mode.
When disabled, files/folders on mapped client drives can be accessed in regular read/write
mode.
Specifies the minimum level at which to encrypt session data sent between the server and a
client device.
Enables or disables asynchronous disk writes.
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
Enables or disables the automatic display of the soft keyboard on mobile devices.
Enables or disables the launching of a touch-optimized desktop for mobile clients.
Enables or disables the remoting of the combo box on mobile devices.
XA 6.5 FP1, XD 5.6 FP1

XA 6.5 FP1, XD 5.6 FP1
XA 6.5 FP1, XD 5.6 FP1
Enables or disables the Multi-Stream feature for specified users.
XA 6.5, XD 5.5
When enabled, COM ports from the client are automatically connected.
When enabled, LPT ports from the client are automatically connected.
When enabled, COM port redirection to and from the client is allowed.
When enabled, LPT port redirection to the client is allowed.
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
Allows or prevents client printers to be mapped to a server when a user logs on to a session.
Specifies how the clients default printer is established in an ICA session.
XA 6, XD 5
XA 6, XD 5
Specifies which events are logged during the printer auto-creation process. You can choose to
log no errors or warnings, only errors, or errors and warnings.
Allows or prevents a delay in connecting to a session so that desktop printers can be autocreated.
XA 6, XD 5
XA 6, XD 5
XA 6
XD 5
XA 6.5, XD 5.5
XA 6
XA 6, XD 5
XA 6, XD 5
22

User Policy
ICA\ Printing \ Client Printers
Auto-create client printers
Description
Applies to
Specifies which client printers are auto-created.
XA 6, XD 5
XA 6, XD 5
Printer properties retention
Enables or disables auto-creation of the Citrix UNIVERSAL Printer generic printing object for
sessions with a UPD capable client.
Selects the naming convention for auto-created client printers.
Enables or disables direct connections from the host to a print server for client printers hosted
on an accessible network share.
Specifies whether and where to store printer properties.
Retained and restored client printers
Enables or disables the retention and re-creation of client printers.
XA 6, XD 5
Enables or disables the automatic installation of printer drivers from the Windows in-box driver
set or from driver packages which have been staged onto the host using "pnputil.exe /a".
Specifies when to use universal printing. Universal printing employs generic printer drivers
instead of standard model-specific drivers potentially simplifying burden of driver management
on host machines.
XA 6, XD 5
Controls the method of processing the EMF spool file on the Windows client machine.
Defines the maximum quality and the minimum compression level available for images printed
with the Universal Printer driver.
Specifies the default settings for the Universal Printer when it is created for a session.
Specifies whether to use the print preview function for auto-created or generic universal
printers.
XA 6, XD 5
XA 6, XD 5
Specifies the minimum level at which to encrypt session data sent between the server and a
client device.
XA 6
Enables or disables a timer to determine how long a disconnected, locked workstation can
remain locked before the session is logged off.
XD 5
Determines how long, in minutes, a disconnected, locked workstation can remain locked before
the session is logged off.
Disconnects an existing session the specified number of minutes after the last application exits.
Terminates an existing session the specified number of minutes after the last application exits.
Disconnects an existing Pre-launch session after the specified number of minutes.
Terminates an existing Pre-launch session after the specified number of minutes.
Enables or disables a timer to determine the maximum duration of an uninterrupted connection
between a user device and a workstation.
Enables or disables a timer to determine how long an uninterrupted user device connection to a
XD 5
Auto-create generic universal printer

Client printer names
Direct connections to print servers
ICA\ Printing \ Drivers

Automatic installation of in-box printer
drivers
Universal driver usage
ICA\ Printing \ Universal Printing

Universal printing EMF processing mode
Universal printing image compression
limit
Universal printing optimization defaults
Universal printing preview preference
ICA\ Security
ICA\ Session Limits
Disconnected session timer
Disconnected session timer interval

Linger Disconnect Timer Interval
Linger Terminate Timer Interval
Pre-launch Disconnect Timer Interval
Pre-launch Terminate Timer Interval
Session connection timer
Session idle timer
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
XA 6.5
XA 6.5
XA 6.5
XA 6.5
XD 5
XD 5
23

User Policy
Session idle timer interval
ICA\ Shadowing
Input from shadow connections
Log shadow attempts
Notify user of pending shadow
connections
Users who can shadow other users
ICA\ Time Zone Control
Estimate local time for legacy clients
Use local time of client
ICA\ TWAIN devices
Client TWAIN device redirection
TWAIN compression level
ICA\ USB devices
Client USB device redirection
Client USB device redirection rules
Description
workstation will be maintained if there is no input from the user.
Determines, in minutes, how long an uninterrupted user device connection to a workstation will
be maintained if there is no input from the user.
Applies to
Allows or prevents shadowing users to take control of the keyboard and mouse of the user
being shadowed during a shadowing session.
Allows or prevents recording of attempted shadowing sessions in the Windows event log.
Allows or prevents shadowed users to receive notification of shadowing requests from other
users.
Specifies the users who can shadow other users.
XA 6
Enables or disables estimating the local time zone of client devices that send inaccurate time
zone information to the server.
Determines the time zone setting of the user session.
XA 6
Allows or prevents users to access TWAIN devices, such as digital cameras or scanners, on the
client device from published image processing applications.
Specifies the level of compression of image transfers from client to server.
XA 6, XD 5.5
Enables or disables redirection of USB devices to and from the client (workstation hosts only).
XA 6 VM Hosted Apps,
XD 5
XA 6 VM Hosted Apps,
XD 5
XA 6 Terminal Server
Lists redirection rules for USB devices.
Client USB Plug and Play device

redirection
ICA \ Visual Display
Max Frames per Second
ICA \ Visual Display \ Moving Images
Minimum Image Quality
Moving Image Compression
Allows or prevents plug-n-play devices such as cameras or point-of-sale (POS) devices to be

used in a client session.
Target Minimum Frame Rate

ICA \ Visual Display \ Still Images
Extra Color Compression
The system will try its best to maintain this many frames per second when bandwidth is low.
Extra Color Compression Threshold

Lossy compression level
Lossy compression threshold value
XD 5
XA 6
XA 6
XA 6
XA 6, XD 5
XA 6, XD 5.5
Sets the maximum number of frames per second that the virtual desktop will send to the client.
XA 6, XD 5
Adaptive Display JPEG Quality Floor.

Enables Adaptive Display.
XD 5.5
XA 6.5 (with hotfix
XA650W2K8R2X64011),
XD 5.5
XD 5.5
Extra color compression improves responsiveness over low bandwidth connections at the
expense of image quality.
Threshold at which Extra Color Compression is applied.
Degree of lossy compression used on images.
The maximum bandwidth in kilobits per second for a connection to which lossy compression is
applied.
XA 6.5, XD 5
XA 6.5, XD 5
XA 6, XD 5
XA 6, XD 5
Server Session Settings
24

User Policy
Session importance
Single Sign-On
Description
Specifies the importance level at which a session is run.
Enables or disables the use of Single Sign-On when users connect to servers or published
applications in a XenApp farm.
ICA\ Virtual Desktop Agent Settings\ ICA Latency Monitoring
Enable Monitoring
Enable or disable ICA Latency monitoring.
Monitoring Period
Period of time, in seconds, during which the moving average for ICA Latency is calculated.
Threshold
Threshold, in milliseconds, that triggers a High Latency condition, displayed in Desktop Studio
and Desktop Director.
ICA\ Virtual Desktop Agent Settings\ Profile Load Time Monitoring
Enable Monitoring
Enable or disable Profile load time monitoring.
Threshold
Threshold, in seconds, that triggers a High Profile Load Time condition, displayed in Desktop
Studio and Desktop Director.
Computer Policy
ICA
Applies to
XA 6
XA 6.5, XD 5.5
XD 5.5
XD 5.5
XD 5.5
XD 5.5
XD 5.5
Description
Applies to
ICA listener connection timeout
Maximum wait time for a connection using the ICA protocol to be completed.
ICA listener port number
The TCP/IP port number used by the ICA protocol on the server.
XA 6 (VM Hosted Apps),

XD 5
XA 6 (VM Hosted Apps),
XD 5
ICA\ Auto Client Reconnect

Auto client reconnect
Auto client reconnect authentication
Auto client reconnect logging
ICA\ End User Monitoring
ICA round trip calculation
ICA round trip calculations for idle
connections
ICA\ Graphics
Display memory limit
Display mode degrade preference
Dynamic Windows preview
Image caching
Maximum allowed color depth
Notify user when display mode is
Allows or prevents automatic reconnection by the same client after a connection has been
interrupted.
Requires authentication for automatic client reconnections.
Records or prevents recording auto client reconnections in the event log.
XA 6, XD 5
Enables or disables the calculation of ICA round trip measurements.
XA 6, XD 5
Determines whether ICA round trip calculations are performed for idle connections.
XA 6, XD 5
Specifies the maximum video buffer size in kilobytes for the session.
Degrades either color depth or resolution first when the session display memory limit is
reached.
Dynamic Windows preview enables the state of seamless windows to be seen on the various
windows previews (Flip, Flip 3D, Taskbar Preview, and Peek).
Cache image to make scrolling smoother
Specifies the maximum color depth allowed for a session.
Displays a popup with an explanation to the user when the color depth or resolution is
XA 6, XD 5
XA 6, XD 5
XD 5
XA 6, XD 5
XA 6.5, XD 5.5
XA 6, XD 5
XA 6
XA 6, XD 5
25

Computer Policy
degraded
Queuing and tossing
ICA\Graphics\Caching
Persistent Cache Threshold
ICA\ Keep Alive
ICA keep alive timeout
ICA keep alives
ICA\ Multimedia
Windows Media Redirection
Use
Multi-Stream
Description
degraded.
Discards queued images that are replaced by another image.
Applies to
Caches bitmaps on the client disk.
XA 6, XD 5
Seconds between successive ICA keep-alive messages.

Sends or prevents sending ICA keep-alive messages periodically.
XA 6, XD 5
XA 6, XD 5
Controls and optimizes the way XenApp servers deliver streaming audio and video to users.
Specify a buffer size from 1 to 10 seconds for Windows Media Redirection.
If this setting is enabled, the system will use the buffer size specified in the "Windows Media
Redirection Buffer Size" setting.
XA 6, XD 5
XA 6, XD 5
XA 6, XD 5
Enables or disables the Multi-Stream feature on the server. By default, Multi-Stream is disabled.
This policy need not be enabled when using branch repeater that supports Multi-Stream.
Enable this policy when using 3rd party routers or legacy branch repeaters to achieve desired
QoS. Restart the server for the changes to take effect.
XA 6.5, XD 5.5
ICA\ Session Reliability

Session reliability connections
Allow or prevent session reliability connections.
ICA\ Virtual Desktop Agent Settings\ CPU Usage Monitoring
Enable Monitoring
Enable or disable CPU usage monitoring.
Monitoring Period
Period of time, in seconds, during which the moving average for CPU usage is calculated.
Threshold
Threshold, as a percentage, that triggers a High CPU condition, displayed in Desktop Studio
and Desktop Director.
ICA\ Shadowing
Shadowing
Allow shadowing of ICA sessions
Licensing
License server host name
The name of the server hosting XenApp licenses.
License server port
The port number of the server hosting XenApp licenses.
Profile Management
Enable Profile Management
Turns on Citrix Profile Management
Process Groups
Active Directory groups that will use Citrix Profile Management
Path to User Store
Network location of end-user profile store
Active Write Back
Files and folders (but not registry keys) will be synchronized as they are modified.
Process logons of local administrators
Process the profile of a user who is a local administrator on a system.
Profile Management\ Advanced Settings
Delete Redirected Folders
Folder is deleted from the local profile when the user next logs on.
Directory of MFT Cache Files
Identifies the location for the MFT Cache file. The MFT cache file should be saved in a
persistent, easily accessible location for best performance
Process Internet cookie files on logoff
Stale Internet cookie files are removed on user logoff
XA 6, XD 5
XA 6, XD 5
XD 5.5
XD 5.5
XD 5.5
XA 6
XA 6
XA 6
UPM 2.0
UPM 2.0
UPM 2.0
UPM 3.0
UPM 2.0
UPM 3.2
UPM 2.0
UPM
26

Computer Policy
Description
Profile Management\ File System
Exclusion list directories
Identifies what directories to exclude from the user profile
Profile Management\ File System\ Synchronization
Directories to Synchronize
Identifies which directories should be synchronized from the system to the profile on logoff.
Files to Synchronize
Identifies specific files, which should be synchronized from the system to the profile on logoff.
Folders to Mirror
Mirroring folders allows Profile management to process a transactional folder and its contents
as a single entity, thereby avoiding profile bloat.
Profile Management\ Profile handling
Local profile conflict handling
Identifies how UPM handles conflicts between Windows local profiles and Citrix profiles.
Migration of existing profiles
Determines which types of existing user profiles to migrate.
Profile Management\ Profile Streamed user profiles
Profile Streaming
Enables streaming of profiles as files are requested.
Applies to
UPM 2.0
UPM 2.0
UPM 2.0
UPM 3.1
UPM 2.0
UPM 2.0
UPM 3.0
27
Acknowledgments
Citrix Consulting Solutions would like to thank all of the individuals that offered guidance and
technical assistance during the course of this project including who were extremely helpful
answering questions, providing technical guidance and reviewing documentation throughout the
project:
Adeel Arshed
Nicholas Rintalan
Thomas Berger
Dimitrios Samorgiannidis
Daniel Feller
Product Versions
Product
XenDesktop
XenApp
Citrix Profile Manager
Version
5.0 / 5.5 / 5.6
6.0 / 6.5
3.x / 4.0
Revision History
Revision
1.0
Change Description
Initial Document
Updated By
Rich Meesters
Date
July 13, 2012
About Citrix
Citrix Systems, Inc. (NASDAQ:CTXS) is a leading provider of virtual computing solutions that help
companies deliver IT as an on-demand service. Founded in 1989, Citrix combines virtualization,
networking, and cloud computing technologies into a full portfolio of products that enable virtual
work styles for users and virtual datacenters for IT. More than 230,000 organizations worldwide rely
on Citrix to help them build simpler and more cost-effective IT environments. Citrix partners with
over 10,000 companies in more than 100 countries. Annual revenue in 2011 was $2.20 billion.
2012 Citrix Systems, Inc. All rights reserved. Citrix, Access Gateway, Branch Repeater,
Citrix Repeater, HDX, XenServer, XenApp, XenDesktop and Citrix Delivery Center
are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered
in the United States Patent and Trademark Office and in other countries. All other trademarks and
registered trademarks are property of their respective owners.
28

XenApp and XenDesktop Policy Planning Guide

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

XenApp and XenDesktop Policy Planning Guide

Hochgeladen von

Copyright:

Verfügbare Formate

Worldwide Consulting Solutions | WHITE PAPER | Citrix Policy