Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Requires -RunAsAdministrator
- <#
- Written by David Ott
- This script will convert Citrix UPM profiles to FSLogix .vhd profiles (you should be able to edit it to do vhdx as well)
- Pay attention to all of the commented areas. It uses diskpart to create/mount/dismount the .vhd file, and
- robocopy to copy the UPM profile to the .vhd.
- Once executed (assuming you have edited $newprofilepath and $oldprofiles to match your environment) it will give you a list of
- profiles to convert. You can then select which profile(s) you wish to convert to FSLogix profiles.
- You could also edit this script to use hyperv commands to create/mount/dismount the vhd/vhdx files instead of diskpart if you have
- the hyperv module installed.
- Before using in production test!!
- #>
- # fslogix profile path
- $newprofilepath = "\\server\fslogxprofiles" ##### FSLogix Root Profile Path
- <#
- upm profile path - our production UPM root folders are username.domain, and the actual Windows 7 profile lives under
- v2x64\UPM_Profile:
- \\server\share\%USERNAME%.%USERDOMAIN%\!CTX_PROFILEVER!!CTX_OSBITNESS!
- this would have to be edited based on environment - the main thing is to have it have the full path to all of the actual UPM_Profile
- directories
- #>
- $oldprofiles = gci \\oldserver\upmprofiles | ?{$_.name -like "*.$env:userdomain"} | select -Expand fullname | sort | out-gridview -OutputMode Multiple -title "Select profile(s) to convert"| %{
- Join-Path $_ "v2x64\UPM_Profile"
- }
- # foreach old profile
- foreach ($old in $oldprofiles) {
- <#
- Since I know that the folder has the username in it i get that and save it to the sam variable, and use that to get the user's sid
- then save that to $sid.
- You will most likely have to edit the $sam line to pull the username out of the old profile path. Play with the string and
- split-path until you nail down just the username. For instance let's say your current profile path is
- \\server\profileshare\username\v2x64\UPM_Profile you could do something like this
- $sam = (($old -split "profileshare")[1] -split "v2x64")[0] -replace "\\",""
- That splits the string at profileshare, and selects the 2nd part (0 would be the first) which is \username\v2x64\UPM_Profile
- it then splits that again using v2x64 and selects the first part (remember 0 is the first) which is \username\
- Finally it replaces the "\" characters (you need to match \\ as \ is a special character the first slash just says to use it as a
- string) with nothing... leaving you with the username.
- #>
- $sam = Split-Path ($old -split ".$env:userdomain")[0] -leaf
- $sid = (New-Object System.Security.Principal.NTAccount($sam)).translate([System.Security.Principal.SecurityIdentifier]).Value
- <#
- A .reg file located in %localappdata%\FSLogix - last thing the script does is create the .reg file for the profilelist key
- #>
- $regtext = "Windows Registry Editor Version 5.00
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$sid]
- `"ProfileImagePath`"=`"C:\\Users\\$sam`"
- `"FSL_OriginalProfileImagePath`"=`"C:\\Users\\$sam`"
- `"Flags`"=dword:00000000
- `"State`"=dword:00000000
- `"ProfileLoadTimeLow`"=dword:00000000
- `"ProfileLoadTimeHigh`"=dword:00000000
- `"RefCount`"=dword:00000000
- `"RunLogonScriptSync`"=dword:00000000
- "
- <# set the nfolder path to \\newprofilepath\username_sid - this is not default
- If you are going with the default then replace then reverse the $sam/$sid variables as below
- $nfolder = join-path $newprofilepath ($sid+"_"+$sam)
- #>
- $nfolder = join-path $newprofilepath ($sam+"_"+$sid) ##### See note above
- # if $nfolder doesn't exist - create it
- if (!(test-path $nfolder)) {New-Item -Path $nfolder -ItemType directory | Out-Null}
- & icacls $nfolder /setowner "$env:userdomain\$sam" /T /C
- & icacls $nfolder /grant $env:userdomain\$sam`:`(OI`)`(CI`)F /T
- # sets vhd to \\nfolderpath\profile_username.vhd
- $vhd = Join-Path $nfolder ("Profile_"+$sam+".vhd")
- # diskpart commands
- $script1 = "create vdisk file=`"$vhd`" maximum 30720 type=expandable"
- $script2 = "sel vdisk file=`"$vhd`"`r`nattach vdisk"
- $script3 = "sel vdisk file=`"$vhd`"`r`ncreate part prim`r`nselect part 1`r`nformat fs=ntfs quick"
- $script4 = "sel vdisk file=`"$vhd`"`r`nsel part 1`r`nassign letter=T"
- $script5 = "sel vdisk file`"$vhd`"`r`ndetach vdisk"
- $script6 = "sel vdisk file=`"$vhd`"`r`nattach vdisk readonly`"`r`ncompact vdisk"
- <#
- if the vhd doesn't exist create, attach, wait 5 seconds (windows has to catch up), create/format the partition,
- assigns letter T (change this as needed), and sets the disk label to Profile-username
- #>
- if (!(test-path $vhd)) {
- $script1 | diskpart
- $script2 | diskpart
- Start-Sleep -s 5
- $script3 | diskpart
- $script4 | diskpart
- & label T: Profile-$sam
- New-Item -Path T:\Profile -ItemType directory | Out-Null
- # set permissions on the profile
- start-process icacls "T:\Profile /setowner SYSTEM"
- Start-Process icacls -ArgumentList "T:\Profile /inheritance:r"
- $cmd1 = "T:\Profile /grant $env:userdomain\$sam`:`(OI`)`(CI`)F"
- Start-Process icacls -ArgumentList "T:\Profile /grant SYSTEM`:`(OI`)`(CI`)F"
- Start-Process icacls -ArgumentList "T:\Profile /grant Administrators`:`(OI`)`(CI`)F"
- Start-Process icacls -ArgumentList $cmd1
- } else {
- # if the vhd does exist then attach, wait 5 seconds, assign letter T
- $script2 | diskpart
- Start-Sleep -s 5
- $script4 | diskpart
- }
- # copies in the UPM profile to the Profile directory on the vhd /E /Purge - this is so it will update with the latest info
- "Copying $old to $vhd"
- & robocopy $old T:\Profile /E /Purge /r:0 | Out-Null
- # creates the %localappdata%\FSLogix path if it doesnt exist
- if (!(Test-Path "T:\Profile\AppData\Local\FSLogix")) {
- New-Item -Path "T:\Profile\AppData\Local\FSLogix" -ItemType directory | Out-Null
- }
- # creates the profiledata.reg file if it doesn't exist
- if (!(Test-Path "T:\Profile\AppData\Local\FSLogix\ProfileData.reg")) {$regtext | Out-File "T:\Profile\AppData\Local\FSLogix\ProfileData.reg" -Encoding ascii}
- $script5 | diskpart
- }
Add Comment
Please, Sign In to add comment