Thoughts on profile deletion script (XenApp servers)

Discussion in 'Business & Enterprise Computing' started by Rampage101, May 14, 2014.

  1. Rampage101

    Rampage101 Member

    Joined:
    Jun 27, 2001
    Messages:
    2,034
    Location:
    Country NSW
    Hi All,

    At present we run a bank of XenApp servers (virtualised) for the bulk of our users. Currently user profiles are stored as citrix roaming profiles back to a DFS share. Now the problem we have is due to tight disk allocations, staff occasionally dump too much data on desktop etc, which during logoff the profile getting save to the store doesn't happen (timeout trying to save too much data) and the profile gets left on that server. I am proposing a script to run when the server reboots (which is nightly) to cleanup any profiles (except Public/Administrator etc) so that the server is fresh and clean for logons each morning.
    Would there be any reason I shouldn't do this? Obviously I know there are people who will potentially lose data, but that will come down to education and taking responsibility, as staff are continually told to store their data on the network where it is backed up.
     
  2. Swathe

    Swathe (Banned or Deleted)

    Joined:
    Mar 23, 2007
    Messages:
    2,508
    Location:
    Rockhampton
    What about just enforcing a fixed profile size?
     
  3. Great_Guru

    Great_Guru Member

    Joined:
    Sep 5, 2001
    Messages:
    1,225
    Location:
    Australia
    My thoughts,

    IT side
    --
    - Stop users saving to desktop/mydocs via group policy.
    - If you permit users to silo data then map them a home drive and enforce disk quotas.

    Why are you servers rebooted nightly?

    Business side
    --
    Educate users that all data saved to appropriate shared drives, repremand if business suffers due to silo'ing data.
     
  4. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,645
    Location:
    Sydney, Australia
    I presume you have quota enforcement on users' home directories. If so, do they have enough disk space to save what they need for work? This is the root issue that really needs to be addressed; if the user doesn't have enough space to save their files in the 'right' place, it is not reasonable for them to have their work-related files deleted, even if they were saved in the 'wrong' place.

    You could do what I've done in the past - use folder redirection (actually, a script to modify a particular registry value) so the desktop is a sub-folder of the user's home directory. This means it is 'portable' between computers (without the logon/logoff copy necessary with roaming profiles) and is automatically saved on the network. Of course, it won't solve any issues if the user doesn't have enough disk space to save their work.
     
  5. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    Can you use folder redirection to move data out of the user profiles?
     
  6. OP
    OP
    Rampage101

    Rampage101 Member

    Joined:
    Jun 27, 2001
    Messages:
    2,034
    Location:
    Country NSW
    Ok,

    So how can I remove My (Documents/Pictures/Videos) / Desktop access via GP? The methods I've seen don't work correctly, or give unfriendly messages when people are able to stumble upon them.

    I'm all for doing a job properly and fixing the root cause, but as yet I haven't found a nice solution.

    I won't be fixing the timeout issue, as I don't want that much data being transferred every time someone logs on/off.

    Staff already have a 'H' drive, it was previously allocated to 'personal' data, and then their mapped drives depending on section.

    Edit, missed those two posts.
    Space is not an issue on the network drives, only 'Local' to the XenApp servers. I think in the past I had redirected the folders to read only locations.

    Ideally, I'd like to disable the 'My Docs/Pics/Vids' etc, and put a very small quota on Desktop so it basically only get's used for shortcuts (so they can still customise icons and/or placement)
     
    Last edited: May 14, 2014
  7. QuakeDude

    QuakeDude ooooh weeee ooooh

    Joined:
    Aug 4, 2004
    Messages:
    8,629
    Location:
    Melbourne
    We do exactly this - have 80 odd Citrix servers, and use folder redirection so all of the users Profiles and home drives reside on our file server. Given its redirection, the files are never on the Citrix servers themselves, so we don't have this issue.

    Citrix Best practice. Well, not 'nightly', but you do need to reboot the servers regularly to make sure they're 100% clean (from a session / hang perspective).
     
  8. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,645
    Location:
    Sydney, Australia
    I believe the registry entries you want to modify with a script are in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

    Redirect My Documents (and My Pictures, My Videos, Downloads etc.) to the user's home directory (sounds like H drive is where this should go?). This way the user won't get any error message when they try to save there, and if it's redirected to a network share, there's no problem with them doing so.

    Sounds like you are using roaming profiles. Test a redirection of the Desktop to a subfolder of their home directory and you won't have any data being copied backwards and forwards on logon/logoff. Regarding a quota, if they have x GB of storage space on y server, what does it matter whether they're storing their stuff on the Desktop or in My Documents or Downloads etc.? All of those would be subdirectories of the same root directory (which has a quota, and is on the network and is being backed up) so how it is presented to the user is really immaterial, as far as you're concerned.
     
  9. RiMeS

    RiMeS Member

    Joined:
    Sep 7, 2008
    Messages:
    17
    Location:
    Perth
    UPM + Folder redirection + DFSR (if you have multiple XenApp sites) is your friend.
    You're welcome.
     
  10. OP
    OP
    Rampage101

    Rampage101 Member

    Joined:
    Jun 27, 2001
    Messages:
    2,034
    Location:
    Country NSW
    So far with my quick testing folder redirection will do what I want, so far only issue seemed to be I couldn't have the 'My Docs' as a subfolder in the Home drive, which is not as clean as I would like given the existing data stored in the H drive.
     
  11. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,645
    Location:
    Sydney, Australia
    Script changes to the values in the registry key I mentioned above and you won't have that problem.
     
  12. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    Don't Bad things happen tm if you redirect your folders to the same location as you try and store roaming profiles?

    Ie. If I have roaming profiles confiured to live in \\server\profiles$\<username>
    and then try to redirect Desktop to \\server\profiles$\<username>\Desktop

    Every workplace I've been in that uses roaming profiles and folder redirection has them pointing to two different locations (\\server\profiles\ and \\server\redirectedfolders)
     
  13. OP
    OP
    Rampage101

    Rampage101 Member

    Joined:
    Jun 27, 2001
    Messages:
    2,034
    Location:
    Country NSW
    Our roaming profiles are stored on a DFS share:
    \\Domain\ctxprofiles$

    Our homedrive is mapped to the file server:
    \\fserver\share\staff_drives\%username%

    If I script the changes in the registry will it still move the users current data to the new location?
     
  14. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    Whats the folder target for \\domain\ctxprofiles$?

    ---

    If you configure your folder redirections via GPO rather than just directly (or scripting) registry editing, then you have easy to access options...

    Its under user config -> Policies -> Windows Settings -> Folder Redirection and then option you want is "Move the contents of <Folder> to the new location"

    As always, make backups of things before you enable/disable them, because doing this can result in deletion of profile or folder data if you don't do it exactly right.
     
  15. OP
    OP
    Rampage101

    Rampage101 Member

    Joined:
    Jun 27, 2001
    Messages:
    2,034
    Location:
    Country NSW
    There's two, ones on one XenApp server (zone data collectors), the other is on another

    \\xa6-serv1\ctxprofiles$
    (E:\ Shared as ^)

    \\xa6-serv2\ctxprofiles$
    (E:\ Shared as ^)


    It's ok, upon further testing, it let me use %homedrive%\Testing as the root path, not sure what I was doing before. This time I got a warning that the path must be accessible (obviously only the homedrive part, as it created the Testing in my test).


    EDIT:
    Ok, problem was doing this with the 'Desktop' folder. This still exists.

    Yeh I wanted to use the GPO instead of scripting as I wanted the 'move contents', as I want to apply this to ~100 users with existing data in H drives.
     
    Last edited: May 27, 2014
  16. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,645
    Location:
    Sydney, Australia
    I don't know, we never used roaming profiles. I did however run into some issues with folder redirection (a perfectly OK and legitimate thing to do) and it wouldn't let me. Just seemed easier to have a single PS script to make changes to whatever folders we wanted, even ones that weren't 'available' to be redirected in folder redirection.
     
  17. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    Did these catch data that was written to the locations not using the proper windows API calls (iTunes, I'm looking at you)?
     
  18. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,645
    Location:
    Sydney, Australia
    Those are the registry values modified by Folder Redirection, so it worked exactly the same way, just without the restrictions that using the FR GUI brings. I believe we had iTunes folders in 'My Music' (which had been redirected).
     
  19. RaZ

    RaZ Member

    Joined:
    Aug 6, 2001
    Messages:
    391
    Location:
    Brissy
  20. NiTeHaWk

    NiTeHaWk Member

    Joined:
    Feb 22, 2002
    Messages:
    1,937
    Location:
    Brisbane
    As others have said use folder redirection for documents, pictures, desktop, downloads to another share.

    - Implement Citrix User Profile Management

    Via Citrix group policy that you imported:
    - set it to delete profiles when the user logs off (which it will do after it finishes uploading the changes to a share)
    - Enable Active write-back in UPM to reduce logout storms, and keep data for users that still can't figure out how to logoff
    - Don't enforce quotas you will just piss users off, but do occasionally anaylse the profile share and discover what the big data is and educate users to put it elsewhere if that is what is needed
    - If you don't want users saving to the desktop, don't let them do it, but again you will piss them off, we debated it, and considered against it

    Potentially i have to question why you would need to delete profiles even without using UPM?

    If the majority of your servers are the same SOE set them up with Provisioning Services. When the server is rebooted nightly the gold image is again downloaded and user profiles that were created the previous day would disappear. It also ensures your servers are the same.

    If you have "department" style or silo servers it is too much overhead though. Better to just use inbuilt profile delete policies aka "Delete user profiles older than a specified number of days on system restart" in group policy.
     

Share This Page

Advertisement: