Citrix Profile Manager and cookies

If you’ve implemented Citrix Profile Manager you will no doubt be aware of the policy options to manage cookies and the index.dat file (see here)

What isn’t mentioned anywhere (that I’ve been able to find, anyway) is that if you are using Windows 7 / 2008 R2 and redirect the APPDATA folder using Windows group policy settings, then the Citrix policy settings for cookie processing are not required and do not take effect.  This is because the cookies folder resides under the APPDATA folder (%userprofile%\AppData\Roaming\Microsoft\Windows\Cookies) therefore if you redirect it, cookies will never be stored on the local machine for the Citrix profile manager to process.

For Windows XP / Server 2003, the cookie processing settings are still required as the Cookies folder is %userprofile%\Cookies.

Citrix Profile Manager, Sophos and corrupt profiles

I’ve had various random issues with some sites that use Citrix Profile Manager and Sophos AntiVirus, usually manifesting as corrupt user profiles.  I logged an issue with Sophos but they weren’t too interested in investigating or resolving the issue so I’ve found the following two workarounds.  Some customers only needed one of these workarounds, some needed both, so your mileage may vary.

Workaround 1:

In the Sophos Enterprise Console, under “Anti-virus and HIPS” edit the policy that applies to your XenDesktop and/or XenApp servers.  Under the “Web Protection” box, set “Download Scanning” to off.

Workaround 2:

Disable the “Profile Streaming” and “Active Write Back” features of the Citrix Profile Manager, either via the INI file or Group Policy.  Edit your policy containing the Profile Manager administrative template and settings, and navigate to Computer Configuration -> Policies -> Administrative Templates -> Citrix (if using the Profile Manager 4.1 ADMX template, otherwise Classic Administrative Templates -> Citrix) -> Profile Management.  Change the “Active Write Back” setting to Disabled, then under “Streamed User Profiles” change the “Profile Streaming” setting to Disabled also.

I hope this information helps someone out, as I was unable to find any other references to this issue in Citrix or Sophos KBs, Citrix forums etc.  It’s also possible that other AV products may cause the same behaviour, but I’m yet to see it.  I’m not a fan of Sophos in general, and the performance of the product is that bad that one of my customers recommends turning off the on-acces scanning on file servers and running a nightly scan instead.  Enough said I think!