Using Environment Manager to flip profile state and delete roaming/local profiles

Version 5

    Introduction

    There are a number of reasons you may want to flip the state of a users profile

     

    A typical scenario would be that users log onto a Terminal / Citrix server with a local profile in order to 'roam' Certificates using Environment Manager. Basically you cannot roam Certificates when using a mandatory profile as it has a limitation restricting users from installing and exporting private keys. For that reason you may want your users to logon with a roaming/local profile.

     

    As it stands, when these users log off they will leave behind a local copy of their profile on the server which can lead to lots of folders and possibly disk space issues down the line.

     

    Detail

    In order to mitigate this issue (profile folders building up) you can configure an EM Policy action using session variables to flip the users profile to guest or temporary during logoff. This will ensure that the users local profile is cleared down and not left behind.

     

    The logoff action can be configured as follows:

    The registry value is:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<USERSID>\State

    Where <USERSID> is the users sid. The Environment Manager session variable $(UserSID) can be used for this in the action.

     

    The REG_DWORD can be set as a combination of the following hex values.

     

    001 = PROFILE_MANDATORY

    Profile is mandatory.

     

    002 = PROFILE_USE_CACHE

    Update locally Cached profile.

     

    004 = PROFILE_NEW_LOCAL

    Using a new local profile.

     

    008 = PROFILE_NEW_CENTRAL

    Using a new central profile.

     

    010 = PROFILE_UPDATE_CENTRAL

    Need to update central profile.

     

    020 = PROFILE_DELETE_CACHE

    Need to delete cached profile.

     

    040 = PROFILE_UPGRADE

    Need to upgrade profile.

     

    080 = PROFILE_GUEST_USER

    Using guest user profile.

     

    100 = PROFILE_ADMIN_USER

    Using administrator profile.

     

    200 = DEFAULT_NET_READY

    Default net profile is available & ready.

     

    400 = PROFILE_SLOW_LINK

    Identified slow network link.

     

    800 = PROFILE_TEMP_ASSIGNED

    Temporary profile loaded.

     

    For example, a state value of decimal 516 (translated to 204 hex) would be a combination of:

     

    200 = DEFAULT_NET_READY - Default net profile is available & ready.

    004 = PROFILE_NEW_LOCAL - Using a new local profile.

     

    The decimal value should be converted to hex before calculating the profile type.

     

    Once this has been configured, you can check, after the users has logged off that the profile has been removed within Advanced User Profile Settings. Note below the users profile has been removed as it was guest (hex 00000080).