Tip

How to make user profiles delete themselves in any VDI environment

One of my customers recently had a very common problem: The organization wanted to create an environment for people using common machines, but it didn't want user profiles to exist after each person logged off the desktop. However, each user needed his own profile so that his home drive could be mapped and his basic

    Requires Free Membership to View

Group Policy Objects could be applied.

There are two ways to solve problem: You can use nonpersistent desktops in a product such as View or XenDesktop or you can use some Active Directory tricks.

The nonpersistent desktop is very straightforward in VMware View. When creating a pool of desktops, use linked clones. While creating the desktop pool, click "delete after logoff" in the configuration. Each desktop will then destroy itself after the user logs off, creating an environment that will always present a new desktop.

In Citrix XenDesktop, the disk has to be set to nonpersistent, resetting the desktop each time the virtual machine rebooted. Of course, this method requires the organization buy VMware View Premier with linked clones. What about the organizations that did not go with View or XenDesktop?

Well, there are three other ways to do this, but I have found one to be the simplest. The first Active Directory trick is to use mandatory profiles. Note that they are basically a form of roaming profiles, which many virtual desktop infrastructure (VDI) architects have been trying to get away from. A mandatory profile is basically a predefined roaming profile that is applied for all users when they log in. When they log off, you would delete their profiles and reset them to re-download on login. In this scenario, mandatory profiles must be created and managed.

The second trick is to use a Microsoft tool called Delprof.exe. The User Profile Deletion Utility can delete all profiles on a Windows machine to clean it up. The only problem is that this tool has to be run as an administrator. Therefore, it is harder to run forever upon user login or logoff, but it is easier to run it on a nightly schedule.

My favorite way to set up nonpersistent desktops is to place the user in two different organizational units (OUs). Users can belong to their standard OUs, and they can be placed in "Domain Guests" OU. The Domain Guests OU will force users to be treated as guests, with many restrictions such as the automatic deletion of their profiles upon exiting. The only problem that I have found is that a small set of folders gets left behind, but they can be cleaned up on a periodic basis.

When design criteria require user profiles and the deletion of desktops, there are multiple ways to accomplish this through new technology as well as some built-in tricks.

Author's note: I would like to thank IT experts Ron Oglesby and Rob Zylowski in helping me to test multiple solutions.

ABOUT THE AUTHOR
Brad Maltz is CTO of International Computerware, a national consulting firm focused on virtualization and storage technologies. He holds certifications from VMware and EMC for many technologies. Maltz can be reached at bmaltz@iciamerica.com for any questions, comments or suggestions.


 

This was first published in September 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.