Problem:
This is general guidance to list ProfileUnity security requirements.
Symptoms:
ProfileUnity is not functioning as designed.
Possible Resolution(s)
- Regedit32.exe users permissions must be read/execute
- Regsvr32.exe users permissions must be read/execute
- Regedit must be able to execute silently
Description: It’s possible to prevent users from accessing registry tools but it should not be disabled from running silently.
Example:
Description: If "Access to registy editing tools is restricted" than regedit must be able to run silent for ProfileUnity to execute properly.
Example:
- File system scripting object must be enabled
- Execution of VBS scripting must be allowed
Description: VBS should not be blocked, check to make sure that this GPO setting is NOT in place.
Example:
- HKCU RunOnce must be allowed, must not be disabled in GPO
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Description: Usually "RunOnce" is disabled by this GPO policy found here. Verify that it is set to "Not Configured"
Note: New Xenapp policies might reference disabling the runonce key for best practices but doing so will break certain ProfileUnity policies.
Example:
- If GPO is used to limit size of profile it should be set to 100 MB or more or disabled.
Description: This GPO setting is found here. Verify that it is set to "Not Configured"
Example:
Product: ProfileUnity
Product Version: 5.5