AppProfileSafe can operate in Virtual Desktop Infrastructure (VDI) environments including Citrix Virtual Apps & Desktops, Azure Virtual Desktop (AVD), and VMware Horizon. This page covers considerations for both persistent and non-persistent desktops as well as FSLogix profile containers.

Persistent Desktops

Persistent VDI desktops (where each user has a dedicated VM that retains changes) work identically to physical machines. No special configuration is required. Install AppProfileSafe, deploy the license, and use the GUI or CLI as on any Windows machine.

Non-Persistent Desktops

Non-persistent desktops reset to a base image at logoff. Key considerations:

• Installation — Install AppProfileSafe into the base image so it is available on every session. Include the license files and settings.xml in the image.
• Export at logoff — Use a GPO logoff script or scheduled task to export application settings to a UNC share. This captures the user's profile data before the session is destroyed.
• Import at logon — Use a GPO logon script or scheduled task to import application settings from the UNC share. This restores the user's profile data into the fresh session.
• Application log and audit log — Configure <LogFolder> and <AuditFolder> in settings.xml to point to a persistent location (e.g. a UNC share or the user's profile container). Otherwise, logs are lost when the session resets.
• System Restore Points — Typically not relevant on non-persistent desktops. Use --noRestorePoint in CLI scripts to skip creation.

FSLogix Profile Containers

FSLogix profile containers mount a per-user VHDX at logon, redirecting the user's profile into the container. When FSLogix is in use:

• User-scope paths — AppProfileSafe reads and writes user-scope files (e.g. %AppData%, %LocalAppData%) which are automatically redirected into the FSLogix container. No special configuration is needed for these paths.
• Machine-scope paths — Registry keys under HKEY_LOCAL_MACHINE and files in %ProgramData% are not part of the FSLogix container. Imports targeting machine-scope settings require that the target machine has the applications installed.
• Export timing — When using AppProfileSafe alongside FSLogix, export before the FSLogix container is unmounted (i.e. before logoff completes). In logoff scripts, AppProfileSafe should run early in the logoff sequence.
• AppProfileSafe data folder — The default data folder (%ProgramData%\IT-Consulting Kinner\AppProfileSafe) is on the machine, not in the container. This is correct — configuration, licenses, and schemas should be consistent across sessions.

Recommendations

• Use the CLI with --silentMode for all automated VDI scenarios.
• Store exports on a central UNC share using --unc-credential-store for authentication.
• Use per-user manifest paths (e.g. \\server\profiles$\%USERNAME%\AppProfileSafe\Manifest.xml) to keep exports separated.
• Check exit codes in logon/logoff scripts and log failures to a central location.
• Include AppProfileSafe in your antivirus exclusion list to avoid scan-related delays during logon/logoff.