Group Policy Object (GPO) configuration is an option in addition to INI files for managing your User Profile Manager environment. While the INI configuration approach provides a quick and easy way to get started on a few machines, if you wish to evaluate or try on more than a few machines, you should leverage the GPO configuration approach. If using GPO for configuration you should rename or delete the INI files. A GPO setting will always take precedence, but if a GPO setting is Not Configured and that setting exists in the INI, it will use the INI setting. Thus this situation could result in unexpected behavior if not watching both configurations reliably. Although with logging enabled, the log file will contain details of the source for applied settings. E.g. the setting came from the GPO or from an INI file.
In order to use a GPO for configuration, you need to import the ADM template. So first thing is to place the “UserProfileManager 2.0.0.adm” template somewhere easily accessible (e.g. you will need to search and select this file when importing into the GPO so place it somewhere easy to get like on the desktop where you will be running the Group Policy Management Console).
Launch Group Policy Management Console (GPMC) and either create a new GPO or select an existing GPO to manage your User Profile Manager settings. I’ll leave the discussion of balancing the number of GPOs against managing GPOs on a single functional role for another day J. There are good arguments for both sides of keeping a GPO functionally specific versus having too many GPOs bogging down the logon. Also, if you do not already have GPMC on your Windows Server 2003 or Windows XP system, download it here. That console is by default already on Vista and Windows Server 2008.
Once your GPO is created (or selected if using an existing GPO), you need to import the ADM template which will then expose all the User Profile Manager settings. Details on importing an ADM template can be found here under the Custom ADM Files paragraph/section: http://support.microsoft.com/kb/816662. Once imported, all the ADM settings will be available for configuration. Details of all the available UPM GPO settings are located here: http://support.citrix.com/article/ctx118944.
You can now enter edit mode for that GPO and view the settings and configure as desired. You will find these settings under Computer Configuration/ Administrative Templates/ Citrix/ User Profile Manager. If you are using a Windows Server 2008 or a Vista machine to manage your GPOs, the path will be Computer Configuration/ Policies/ Administrative Templates/ Classic Administrative Templates (ADM)/ Citrix/ User Profile Manager. A good start is to have a look at the INI file and use the settings provided there in your GPO.
Side note: Keep in mind that by default, everything in the user profile is included. Therefore you do not have to define anything in the include section except in certain circumstances. For example, you would use inclusions to include any sub folders within excluded folders (e.g. you exclude Local Settings since this contains mostly temp garbage but then turn around and include the folders that actually contain useful application settings data like Local Settings\Application Data\Microsoft\Feeds and Local Settings\Application Data\Microsoft\Outlook).
Best practices suggest that configurations should be done on a per OS basis as Windows XP and Vista do not have compatible profiles. For example create two OU’s, one containing XP Desktops and one with Vista desktop and apply a GPO to each OU. Here is a specific example on how to the design the user store for this scenario: http://blogs.sepago.de/helge/2009/01/23/citrix-user-profile-manager-released-user-store-design-recommendations/
Although you can share profiles between Win2k3 & XP and between Vista & W2k8 please refer to this FAQ on potential repercussions to take into consideration: http://support.citrix.com/article/ctx119039.
Once you have completed your configured to your desired state, you are ready to go. To force a target machine to collect this updated configuration, run “gpupdate /force” in a command shell. Or typically after about 90 minutes, group policy will refresh by default. Once again you are ready to evaluate and test.