BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Using a default set of user profile settings can make controlling users' virtual desktop customization a little easier, and it can help high-security companies comply with regulations.
As virtual desktop infrastructure (VDI) moves into the mainstream, attention naturally begins to shift from "Can we make this technology work in our environment?" to "How do we best manage VDI?" One of the day-to-day management tasks in a VDI deployment is controlling and managing user profiles.
User profiles are OS-specific software containers that hold all of a user's desktop customizations and settings. They are specific to each user account. For instance, when you change the desktop wallpaper or the screensaver inactivity timer settings on your desktop, you are editing your user profile. As a matter of fact, most of the settings and customizations found in the Windows Control Panel are stored in the user profile. Some applications may also store user interface configuration information in the user profile.
User profiles come in two varieties: local profiles and roaming profiles. Local profiles reside on the computer and are created the first time a user logs into that computer. Roaming profiles are stored on a domain server and are downloaded every time a user logs into a computer on that domain. Roaming profiles let desktop settings follow users even when they use different computers to log into the domain.
What is user profile management and why use it?
Most commonly, IT administrators use these profiles to prevent employees from making certain desktop customizations or changes to certain settings. Admins can develop a default user profile that is the template for all newly created user profiles on the domain. Default user profile can specifically control users' access to and ability to change their personal settings in a way that contradicts company security guidelines. Their use is common in high-security environments where admins may need to prevent users from being able to subvert the requirement for all computers to lock automatically once a desktop has been idle for more than a specified period of time. The default user profile can also require users to enter their password to access their computer once the screen lock has been activated.
These two user profile settings help prevent unauthorized users from accessing computers that may have been left unlocked while a user is away from his desk grabbing a cup of coffee. Such security uses are advisable for many companies, but they may be an actual requirement for many government agencies and companies bidding on federal contracts.
Profile management tools
User profiles have been part of Windows since the days of Windows 3.1, so most administrators are already intimately familiar with user profile controls and management. But administering user profiles in a VDI environment can be a daunting task, especially in shops that support hundreds or thousands of VDI users who log into the network from large corporate offices, smaller remote locations, a local coffee shop or even from in-flight Wi-Fi.
Windows itself includes rudimentary user profile tools, and utilities such as theUser State Migration Tool and its simplified cousin, the Window Easy Transfer tool, both assist with migrating user profiles between versions of Windows. Administrators can also use default user profiles to control which settings users can and cannot customize.
More on user profile management
Users are unique -- their VDI user profiles should be too
16 user profile management tools
Authenticating Web apps with user profiles
The most versatile and useful user profile management tools, however, tend to be from third-party software vendors. A number of feature-rich profile management tools are ideal for wrangling VDI user profiles. The big VDI vendors such as Citrix and VMware offer their own profile management tools, though some of those tools are usable only in conjunction with their specific VDI software. For example, VMware's View Persona Management utility only works with VMware View software.
Other third-party user profile management tools from smaller vendors offer wider support for various VDI environments and also have features and capabilities that the bigger third-party vendors may not. Third-party tools such as AppSense, Immidio's Flex+ and Liquidware Labs' ProfileUnity with FlexApp all offer comprehensive user profile management capabilities that can save admins much time and money if they're included from the inception of the VDI planning and deployment process. There are also myriad other third-party user profile management tools on the market, with more being released on a regular basis.
Many large-scale VDI deployments have been hindered by insufficient planning for user profile management, particularly in cases when no one planned for a user profile management process before VDI was implemented. Once users create new user profiles in the VDI world, they will not like it if IT subsequently modifies or wipes out their existing user profile and desktop customizations.
Plan ahead, draft a list of user profile requirements for VDI, purchase a comprehensive user profile management tool that meets those requirements and have the user profile process tested and in place before rolling out VDI. Helpdesks will be happy not have to spend hours on the phone assisting users with their lost desktop customizations.