This is the first article in a series of articles called “60 Second Reviews” by Wilco van Bragt. The idea with these articles is that Wilco takes a look at various products, installs them, and shares his first impressions. These are not meant to be “full” reviews per se, but instead let you get the feel for what a product is like without having to take the time to install it yourself. We’ll have a new 60-second review every Friday for the next few months.
Managed Profile is one of the many products that has jumped into the arena to solve profile problems in Citrix and Terminal Server environments. It solves this problem in a unique way, building a solution out of an IIS web server and a SQL-based database. Managed Profile combines profile management, registry settings management, and printer management into a single product.
Compared to most products, Managed Profile has a very complex installation process. Instead of a GUI setup with next next next buttons, it ships with an installation document with a list of manual steps. While the installation is not that simple for an inexperienced user, it’s easy to script for unattended installs.
To install Managed Profile, you need to create a database on a SQL Server (or MSDE installation). They include a SQL script that you can run via the Query Analyzer to set up the database, although the version we got produced some errors. (These were quickly addressed after we submitted our support questions via a form on their website.)
Once the database is ready to go, you “install” the web server component by copying a few folders to the web server and setting their permissions for read and execute. You then need to configure a system ODBC for the database and hard-code some SQL connection information into some ASP files.
To deploy this solution to member Terminal Servers, you make a Managed Profile executable available to users in the logon and logoff scripts.
Marcorp (the maker of Managed Profile) has told us that their next version will include a much more intuitive installation and configuration process.
All configuration is done via a web page. Security is managed by the settings you apply to IIS itself, so you’ll definitely want to configure the admin pages so that only the proper users can access them.
The web console is divided in three parts: System Maintenance, Filters and Rules.
The System Maintenance section allows you to set the general settings for Managed Profile for things like the default save folder and save location. You can specify the save location based on group, user or machine. If you don't specify any location, the settings are automatically stored in the Terminal Server home drive of each user. The option to override this is nice, since you could store the data in such way that users could not accidentally delete it. You can also use the administrative web pages to disable which parts of the product you want to use.
After configuring the general settings, the next step is to specify the rules. The rules consist of five different settings:
- Registry Settings allow you to save and restore registry keys. You only need to specify which registry key (hopefully being as specific as possible) and give the setting a unique name. This functionality is the same as the Flex Profile Kit or triCerat’s Simplify Profiles.
- Folders and Files let you specify which folder are saved and restored for each user. This option replaces the standard Windows policy-based folder redirection option.
- Virtual Folders are shortcuts to shares that then directly appear under My Computer.
- Mapped Drives maps a drive letter to network share, just as you would expect.
- Processes allows you to specify an application or executable that runs when the user logs on or off.
Even though there are not too many things to configure, you unfortunately need to input everything manually. (There is no “browse” functionality.) As you configure a setting, you give it a unique name. Then, you set a filter to activate the settings. You can activate (or “filter”) the named rule based on group, user or machine basis.
When using Managed Profile, it’s critical that you give your users the rights to backup and restore files and directories. Otherwise the registry files cannot be imported and saved.
For managing printers, Managed Profile has an add-on component called “PrintGUI.” This component lets you import all of the printers from a server into your Managed Profile database. You can then use the administrative web console to assign printers to just like any other Managed Profile object.
Managed Profile has logging possibilities which are defined in System Maintenance section of the web console. You can choose three logging options: Critical, Intermediate or Verbose. The logged data can then be viewed in the web console.
You can also enable logging with a command-line parameter to the mplogon.exe process. (This process is the executable that runs on each Terminal Server that makes this whole Managed Profile thing work in the first place.)
The nice thing about logging is that you can precisely follow the process of loading or saving user settings, which really helps with troubleshooting and configuration.
Like any profile management product, users will be happy with Managed Profile since it will ensure that they can save their own settings from session to session, and administrators can configure several different options in a single place.
If the additional PrintGUI add-on is installed, the users get a additional application which replaces the standard Windows printer applet. When enabled, a user running the Add Printer wizard will only see the Managed Profile printers that are assigned to the groups to which the user belongs. However, the tool does not have a universal printer driver, so the printer driver itself still needs to be available on the server itself.
Through its ability to combine multiple rules and filters, Managed Profile is able to adequately manage several aspects of your user environment. And because it’s based on IIS and SQL server, it’s very scalable and can be configured for high availability.
Unfortunately, the fact that you have to manually enter all of the configuration information means that it’s going to take some time to get it fully configured in your environment.