Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

Sepago Profile

More and more companies are suffering with profile challenges as described in my article Terminal Services and the Profile Challenge. Certain in Terminal Server where the Silo Concept (a.k.a. Load Managed Groups) the need to gain control over the profiles is getting bigger. A few years ago only the freeware tool Flex Profile Kit was available, but more and more products came on this market. From Germany comes a new product called Sepago Profile. The product differs from other products because the product does not have a console, but all configuration settings are done via Group Policies.

Installation




The installation of Sepago Profile exists of one single MSI. This MSI needs to be installed on all the Terminal Server (or workstations) where you would like to use the profile solution on. The installation is pretty straight forward, only the standard windows like the license agreement and the destination location of the installation appear. After the installation the system need to be restarted and then the installation is done. Because the installation file is one MSI it can be easily installed unattended.

Preparation

The manufactures of Sepago Profile also advices you to use a mandatory profile to fully use the capabilities of their product. In their manual they are describing in detail how you should configure a mandatory profile for your infrastructure with several references to corresponding knowledgebase articles. Also the way to configure the mandatory profile for the users using Group Policies or the profile settings within the Active Directory is described thoroughly (again with referrals to hotfixes and knowledgebase articles).


After the configuration of the mandatory profile and the assignment of this profile to the user one more step should be done to start the configuration. As already mentioned Sepago Profile does not have an administrator console to configure the product, but are using Microsoft's default Group Policy for the configuration. Therefore we should add the configuration template to a group policy object. This GPO should be assigned to the OU containing the computer accounts. This can be done via the standard Group Policy editor or Group Policy Management console by simple adding a ADM template to the GPO.

Configuration

When the ADM template is integrated in the Group Policy Object the configuration of SepagoProfile can be created. Because most people are familiar with the GPO editor it's easy to start your configuration. Within the Administrative templates the Sepago products two kind of settings are available for configuration. For convenience Sepago adds several Microsoft standard policies concerning profiles and logically the product configuration settings as well.

Image

Most profile products offer one possibility to save all settings (except you would like to exclude) or one possibility to specify which settings you would like to save. Sepage Profile offers both functionalities, so you can choose with method you would like to use. Sepago also merge settings when using the silo concept for Terminals or using Published Applications and Fat Clients in one infrastructure.

On the registry folder you can specify which settings you would like to include or to exclude. By default Sepago saves all setting (except the configured exclusions), but if you enable the Inclusion List setting, the product will only be saving the registry keys specified. Because it's the policy editor you can not "browse" to the registry settings, but you need to type those settings in manually.

Image

For the Profile directories and files you need to specify which objects you would like to retain. Two options are available: Synchronizing and Archiving. With Archiving only from the last logoff sessions files and directories will be saved, while by synchronizing those directories and files will be merged. You specify which directories or files you want to include first. Secondly you can exclude directories or files in the above added synchronization directories. For example you can save the folder ApplicationData and exclude the directory ApplicationData\Microsoft\Mediaplayer. Logically you should specify those directories and files by typing the configuration into the GPO editor which is located under %userprofile%.

Besides the profile and registry the folder also includes some setting for the product. You can configure the actions that should be logged, the location where Sepago stores the usersetting (by default in the Windows folder in the homedirectory) and other settings concerning the profile.

Using the product

When the configuration is done and the GPO is linked to the right OU's Sepago Profile will do his job. When the user logs off in the specified folder (default %homedrive%%homepath%\Windows) a file called %username%.dat will be showing up and a directory called spBackup will be created. The dat file is containing all the registry information, while in the spBackup the specified profile directories will be synchronized.

Personally I find it a pity that all the registry settings are stored in one file. When there will be a corruption of the settings for one application you still need to delete all application settings. Both scenario's (exclusion and inclusion) gave the expected result and user will like the merging possibilities even combining settings changed in one application.

Managing

As already mentioned within the administrative template you can also define the logging level. All the configured logging will be saved in one file on C:\Windows\System32\LogFiles. The logging is very detailed, but because it is in on file you will probably only use it for trouble shooting purposes. Also logging based on user level would be very useful.

Migrating to the Sepago Profile product

One of the difficult steps to implement a hybrid profile is to start the solution including the user current setting (in the roaming profile). In my article Migrating User Sessions with the FPK I described how this can be accomplished with the FPK. But Sepago also delivers a nice solution with their product to accomplish this. The Sepago Profile Migrator can export the specified settings and directories directly out of the roaming profiles (the user even does not need to logon in). The only disadvantage in the tool is that you need to specify each user (think of migration in big environments), but beside this point it is a very cool solution.

Image

Conclusion

Although Sepago Profile is a young player on the market the product it is already a grown up product. Besides the basis registry savings it also supports synchronization of profile directories and also supports advanced features like certificates. I really like that the product can support both hybrid profile methods (exclusion and inclusion). Configuring the settings using the default Microsoft GPO's has both advantages as disadvantages. For example there is need for additional software like a database or fileshare, but it lacks the support for "browsing" to the registry keys or directories. It is a pity that all registry settings are stored in one file, so by a corruption all applications settings are deleted.  On the other hand the merge settings from other sessions are wonderful, because even different settings from one application are merged. Also the support of both Terminals Servers and workstations is the right step forward for hybrid infrastructures.

Advantages:

  • Supporting both the exclusion as the inclusion Hybrid Profile method;
  • No additional software/resources needed by usage of Microsoft GPO's;
  • The merging feature is very useful when using the silo concept of Terminal Servers.

Disadvantages:

  •  Storage of the registry settings in one file;
  • Configuration must be done by manually typing all the settings (no browse option);
  • Only logging on server level, user level could be more useful.

Sepago Profile