Prisma Browser
Roaming Profiles Setup
Table of Contents
Roaming Profiles Setup
Roaming Profiles setup guide
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Roaming profiles allow users' browser data—including bookmarks, settings, saved
passwords, and extensions—to follow them across different Windows computers without
requiring cloud sync or internet connectivity.
Understanding Roaming Profiles in a Network Environment
Roaming profiles are a powerful feature within Windows environments
designed to offer users a consistent and personalized computing experience,
irrespective of the physical machine they log into. This technology achieves a level
of user mobility by ensuring that a user's local, personalized browser data is not
tied to a single computer but is instead stored on a central network server.
Key Components of a Roaming Profile
The central advantage of a roaming profile is its comprehensive coverage of
critical user-specific browser data. This typically includes:
- Bookmarks and Favorites: All saved web links and organizational folders remain consistent.
- Browser Settings and Preferences: Custom configurations, such as default homepage, security settings, and display options, are preserved.
- Saved Passwords and Credentials: For ease of access, encrypted login information for various websites follows the user securely.
- Extensions and Add-ons: Any installed browser extensions are synced, maintaining the user's customized functionality.
- Browser History and Cache: While sometimes managed separately for performance reasons, core history can be included.
The Mobility Mechanism (without cloud sync)
The defining characteristic of roaming profiles, particularly in
high-security or air-gapped environments, is the ability to achieve this data
persistence without requiring cloud synchronization or active internet connectivity
once the data is on the local network.
- Login: When a user logs onto any domain-connected Windows computer, the system checks for a designated roaming profile path on the network server.
- Download: The entire profile data—a copy of the user's local browser data stored on the server—is downloaded to the local machine's drive.
- Usage: The user works with this local copy of their profile.
- Logoff: Upon logoff, the operating system meticulously copies any changes made to the profile (new bookmarks, settings changes, etc.) back up to the central network location, ensuring the server-side profile is up-to-date for the next login.
This local-network-centric design provides a robust, reliable, and
network-performance-optimized method for maintaining user consistency, particularly
beneficial in corporate or educational settings where users frequently switch
workstations.
How does it work?
Prisma Browser stores profile data in a portable file (profile.pb)
within the Windows roaming profile folder. When users log into different
machines, Windows copies this file, and Prisma Browser restores their data.
For detailed information on setting up Windows Roaming
Profiles, see Folder Redirection and Roaming User
Profiles overview. For detailed step-by-step directions, see
Deploy Roaming User
Profiles
Prisma Browser Setup
Enable Roaming Profiles:
Set the following registry key on each machine:
| Registry Path | Registry Value |
|---|---|
| Software\Policies\Palo Alto Networks\PrismaAccessBrowser | RoamingProfileSupportEnabled |
The Profile Sync control only governs
cloud synchronization and has no impact on this policy.
Change roaming profile Location (Optional)
Each user’s roaming profile is kept in a file named profile.pb. By default,
this file is located in %APPDATA%\Palo Alto
Networks\PrismaAccessBrowser\User Data\Default\profile.pb, under the
Windows Roaming Profile directory.
To configure a different location for profile.pb, set the
RoamingProfileLocation registry key. You can use any of the supported path variables.
If setting the RoamingProfileLocation policy, do not set
either the UserDataDir or the DiskCacheDir policy to the same directory. Doing so
may cause the local profiles to interfere with roaming profiles and voids the
benefits of the feature.
You can point RoamingProfileLocation directly to a network
share (e.g., \\Server\Profiles\${user_name}). In this case, Prisma
Browser reads/writes profile.pb directly to the network. Windows
Roaming User Profiles is not required.
To customize the location, set:
| Registry Path | Registry Value |
|---|---|
| Software\Policies\Palo Alto Networks\PrismaAccessBrowser | RoamingProfileLocation |
If you disable the RoamingProfileSupportEnabled policy or don't configure it, this
value stored in this policy isn't used.
Example Setup
| Syncs | Does Not Sync |
|---|---|
| Bookmarks | Cookies |
| Saved Passwords | Active Sessions |
| Autofill Data | Cached Files |
| Browser Settings | Downloads |
| Extensions | Temporary Data |
| Browseing History |
| Limitation | Details |
|---|---|
| No simultaneous sessions | Users cannot run Prisma Browser on two machines at the same time. The profile file is locked during use. |
| Mutually exclusive with cloud sync | Roaming Profiles and Browser Cloud Sync cannot be used together. You need to choose one. |
| Single profile recommended | Multiple browser profiles may not map correctly across the machines. |
| Large profiles slow login | Thousands of bookmarks / extensions increase Windows login time |
Your users cannot run Prisma Browser on two machines at
the same time. The profile is locked during use.