# Citrix Profile Management ## Check Roaming Profile User Configuration\Policies\Administrative Templates\System\User Profiles Computer Configuration\Policies\Administrative Templates\System\User Profiles\Set roaming profile path for all users logging onto this computer ## CITRIX PROFILE MANAGEMENT DONE CORRECTLY https://www.lewan.com/blog/citrix-profile-management-done-correctly-part-1-of-2 When Profile Management is done correctly the profile should never exceed 10-20MBs of space. Here’s what should be in the profile to be processed on logon, anything more is going to slow you down. - ntuser.dat: The user’s registry hive. This isn’t very large regardless of what is happening. - AppData\Roaming: Typically unavoidable, preserving the entirety of the folder usually isn’t more than a few MBs of space, but it is a place to observe just in case it starts to grow. - AppData\Local: In this location extremely large portions of data can reside so effort needs to be made to only include critical data here. ### Directory Exclusion (Citrix Policy) Citrix\Profile Management\File system\Exclusion list - directories ### Directory Inclusion (Citrix Policy) Citrix\Profile Management\File system\Synchronization\Directories to synchronize ### Folder Redirection (GPMC) User Configuration\Policies\Windows Settings\Folder Redirection ### Exclude directories in Roaming Profile (GPMC) User Configuration\Policies\Administrative Templates\System/User Profiles\Exclude directories in roaming profile ## Enable Large file handling https://docs.citrix.com/en-us/profile-management/current-release/configure/to-enable-large-file-handling.html ### Large File Handling (Citrix Policy) Citrix/Profile Management/File system/Large File Handling - Files to be created as symbolic links ## Carl Citrix Profile Management Recommandation https://www.carlstalhood.com/citrix-profile-management/ # Certificate ## APG existing environment Old Farm contain internal certificate with SAN ### How to Request a Certificate With a Custom Subject Alternative Name(Microsoft) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff625722(v=ws.10) "To use the Certificate Enrollment wizard with an enterprise CA" With ScreenCap https://aventistech.com/2019/08/09/generate-csr-from-windows-server-with-san-subject-alternative-name/ ### Netscaler create cert with SAN https://support.citrix.com/article/CTX227983/how-to-create-a-csr-and-key-file-for-a-san-certificate-with-multiple-subject-alternate-names # SAN VS WILDCARD CERTIFICATE ## Secure Multiple Sub Domain with single certificate wildcard certificates secure a single domain and up to 250 subdomains. https://www.digicert.com/tls-ssl/wildcard-ssl-certificates ## Multi-Domain Certificates, also called SAN certificates offer boundless flexibility and complete control over the Subject Alternative Name field. https://www.digicert.com/tls-ssl/multi-domain-ssl-certificates ### SAN VS WILDCARD VIDEO https://www.youtube.com/watch?v=haOzS1dNouc ### Sample case on Netscaler SAN usage https://www.youtube.com/watch?v=HXVuJY7PIPw