Apr 17 2020 11:34 AM
We are running a large Citrix environment and we need to bypass user interaction with our MS Edge Chromium published application. Currently the prompt below comes up every time a user launches the published application. We need a GPO to bypass this prompt and Auto-sync the user account.
We are experiencing profile bloat when using user data dir to save to roaming profiles, and would like to sync their data using the browser, but we cannot have user interaction every time they launch the published app.
Apr 18 2020 07:23 AM - edited Apr 18 2020 07:26 AM
@cafardijm at the moment there is NO gpo to enabled the sync (force it without user intervention).
There is a GPO to disable it. There is also a GPO to bypass the first run experience, but no auto logon if you do not enforce that (and end up with a Edge profile that the user cannot remove).
You speak about profile bloat, where? Everything that Edge does goes into AppData\Local, which is a problem to because that is a problem too, since some of the stuff is nice to roam.
AppData\Local\Microsoft\Edge can grow pretty large, up to a Gig, why do you want that kept on a Citrix server?
We have a case open with MS regarding how to reconnect to the AAD account when there is no roaming profile on a system, and we have figured out a solution.
Would you like to have this solution?
reg, Henno
May 12 2020 11:42 AM
May 14 2020 01:19 AM
I support this request. We don't sign in the users at the moment. But for a possible future use this option is mandatory in an well managed citrix environment.
Jun 09 2020 10:41 PM
@Henno_Keers please share your solution 😉
Jun 09 2020 11:22 PM
We use VMware UEM / DEM for roaming support, but you can use regular roaming profiles aswell after modifying the standard exclusion of AppData\Local and letting parts roam.
What we roam is loosely based on:
https://www.avanite.com/blog/roaming-edge-chromium
[IncludeRegistryTrees]
HKCU\Software\Microsoft\Windows NT\CurrentVersion\TokenBroker
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKCU\Software\Microsoft\Edge\PreferenceMACs
HKCU\Software\Microsoft\SystemCertificates
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore
HKCU\Software\Microsoft\IdentityCRL
HKCU\Software\Microsoft\Windows\CurrentVersion\Authentication
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo
HKCU\Software\Microsoft\Windows\CurrentVersion\Security and Maintenance
HKCU\Software\Microsoft\Windows NT\CurrentVersion\HostActivityManager
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\
[IncludeFolderTrees]
<LocalAppData>\Microsoft\Edge\User Data\Default\Sync Data\
<LocalAppData>\Microsoft\TokenBroker\Cache
<LocalAppData>\Microsoft\Vault
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
[IncludeFiles]
<LocalAppData>\Microsoft\Edge\User Data\Default\*.*
<LocalAppData>\Microsoft\Edge\User Data\*.*
Important for us was that we could roam the AAD state of the user, so that it is authenticated to AAD after starting Edge again.
regards, Henno
Aug 12 2020 12:14 PM
Is there any an update regarding how to get rid of this windows on first launch ?
Sep 05 2020 05:36 AM
Sep 06 2020 09:40 AM
@vishnumurthi
Is there any way to get rid of the notification without disabling Microsoft sync services ?
Sep 08 2020 08:13 AM
Same here, we also want to bypass this message.
For now we disabled the sync feature as it is also not working on server 2012R2.
Additionally, when we disable the fist run, Edge does not logon automaticly. We get a message stating that the accounts neds to be verified before login.
Sep 09 2020 06:45 AM
@DennisKn this is because you throw to much away of the local AppData. Lot of the data from the last session is stored in the files "First Run" and "Local State".
You should retain some of those files.