Windows OS Hub / Windows Server 2019 / Configuring FSLogix Profile Containers on Windows Server RDS

February 27, 2023 Group PoliciesWindows Server 2019Windows Server 2022

Configuring FSLogix Profile Containers on Windows Server RDS

Microsoft FSLogix technology is used to manage user profiles and allows you to replace Roaming Profiles and User Profile Disks (UPD) in RDS, VDI, and Windows Virtual Desktop (WVD) deployments. FSLogix allows you to dynamically connect user profile containers from shared network folders. It can be used both in on-premises environments and in Azure (you can use Azure Files as profile storage). In this article, we’ll look at how to use FSLogix user profile containers instead of User Profile Disks (UPD) in RDS deployments on Windows Server 2019/2022.

Contents:

What are FSLogix Containers?

The FSLogix concept is similar to RDS User Profile Disks (UPD) when user profiles are stored as virtual (VHDX) disks and connected via the network when a user logs on to Windows. However, FSLogix allows us to get rid of many UPD disadvantages in RDS environments:

  • Allows loading a user profile over the network much faster. It reduces login/logout time for a user;
  • Optimized for Office 365 (Microsoft 365 for Enterprise) apps;
  • The same profile may be used in different RDS collections, RDS/VDI farms, and even physical computers;
  • FSLogix profile may be connected to multiple sessions at once (in read-only mode);
  • In UPD, the Windows search index is cleared when a user logs out and must be regenerated at the next logon. FSLogix allows to save the search index to a user profile container;
  • Provides the availability of Outlook cache files (OST, Outlook Cached Mode), Outlook search index, cache and MS Teams data, etc.;
  • FSLogix roaming profiles containers can be used even on standalone RDS hosts.

The FSLogix is free to use in on-premises RDS deployments provided that you have purchased RDS CALs and they are installed on an RDS license server.

How to Install and Configure FSLogix for User Profiles on Windows Server 2019 RDS?

Let’s see how to install and configure FSLogix on a terminal RDS farm running Windows Server 2019.

  1. Download FSLogix (https://aka.ms/fslogix/download, about 180 MB). The tool is free;
  2. Extract the archive and install FSLogix \FSLogix_Apps\x64\Release\FSLogixAppsSetup.exe agent on the RDSH server;
  3. Then copy FSLogix administrative policy files to the Central Store of administrative GPO templates on your domain controller (fslogix.admx to \PolicyDefinitions, and fslogix.adml to \PolicyDefinitions\en-US).
    Learn more about how to install and update ADMX GPO templates.

Create a shared network folder on your file server to store containers with FSLogix user profiles. For example, \\mun-fs01\Share\Profiles.

Set the following NTFS permissions on the folder:

User AccountFolderPermissions
UsersThis Folder OnlyModify
Creator / OwnerSubfolders and Files OnlyModify

configure fslogix smb share ntfs permissions

Now you can create a GPO to configure FSLogix options for RDS hosts.

Open the domain GPO management console (gpmc.msc), create a new policy, and assign it to the Organizational Unit (OU) with your RDSH servers. Expand the GPO section Computer Configuration -> Policies -> Administrative Templates -> FSLogix. Configure the following GPO options:

  • Profile Containers -> Enabled – enable FSLogix profiles;
  • Profile Containers -> VHD Location – specify the UNC path to the profile shared folder (\\mun-fs01\Share\Profiles);
  • Profile Containers -> Delete local profile when FSLogix Profile should apply – delete a local user profile when FSLogix enabled;
  • Profile Containers -> Size in MB – to set the maximum size of a profile file (30,000 MB by default);
  • Profile Containers -> Dynamic VHD(X) allocation = Enabled. If you do not enable the policy, the VHD/VHDX disks of user profiles will be created with their maximum size;
  • Profile Containers -> Advanced -> Prevent login with temporary profile –prevent creating temporary user profiles;
  • Profile Containers -> Advanced -> Prevent login with failure –prevent log on in case of any FSLogix failures;
  • Profile Containers -> Advanced -> Locked VHD retry count = 3, specify the number of attempts to access a VHD(X) file if it is locked by another process;
  • Profile Containers -> Container and Directory Naming -> Virtual disk type –use VHDX disk type for a profile instead of the default VHD;
  • Profile Containers -> Container and Directory Naming -> Swap directory name components –use %username%_SID as a format for user profile folders (instead of SID_%username%);
  • Profile Containers -> Store search database in profile container = Disabled – don’t store Windows Search index database in a profile container;
  • Enable logging = All logs enabled —enable FSLogix logs;
  • Path to logging files –set a path to FSLogix logs (\\mun-fs01\Share\FSLogixLogs\%COMPUTERNAME%);
  • Days to keep log files – 7 days are enough.

FSLogix GPO template

Restart Windows Server to apply new GPO settings. System settings of FSLogix profiles are located under the HKLM\SOFTWARE\FSLogix\Profiles registry key.

FSLogix setting in the registry

Now, when a remote user logs in through the RDP, a notification should appear on the Welcome Screen:

Please wait for the FSLogix Apps Services

WIndows Server RDS: Please wait for the FSLogix Apps Services

Once logging in, you can open the Disk Management console and make sure that the FSLogix user profile container is mounted as a VHDX disk. A new folder for the user profile has appeared in the share you specified.

Please profile container mounted as VHDX file on Windows Server

The FSlogix administrative tools are located at C:\Program Files\FSLogix\Apps:

  • frxtray.exe – this tool displays the FSLogix window in the system tray and allows you to check if a user is logged in with an FSLogix profile; frxtray tool
  • ConfigurationTool.exe – FSLogix profiles GUI configuration tool. ConfigurationTool.exe - FSLogix profiles configuration tool

Advanced FSLogix Profile Configuration on Windows Server RDS

When you install the FSLogixAppsSetup agent on the server, several additional local groups appear. You can display these groups using Get-LocalGroup cmdlet:

Get-LocalGroup -Name "*fslo*"

  • FSLogix ODFC Exclude List — Members of this group are on the exclude list for Outlook Data Folder Containers
  • FSLogix ODFC Include List — Members of this group are on the include list for Outlook Data Folder Containers
  • FSLogix Profile Exclude List — Members of this group are on the exclude list for dynamic profiles
  • FSLogix Profile Include List — Members of this group are on the include list for dynamic profiles

Local group - FSLogix Profile Exclude List

These groups allow set users or groups having FSLogix profiles enabled or disabled.

By default, roaming FSLogix profile containers are created for all users. To allow the members of the local Administrators group to log on to the server locally in case of any FSLogix failures, add the Administrators group to the FSLogix Profile Exclude List.

You can add users to the local group using the Restricted Group policy (Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups -> Add Group -> FSLogix Profile Exclude List) or Group Policy Preferences (Computer Configuration –> Preferences –> Control Panel Settings –> Local Users and Group –> New -> Local Group -> FSLogix Profile Exclude List).

Learn more about how to add domain users to a local group using GPO.

To exclude some folders from an FSLogix roaming profile, you can use the redirection.xml file. Folders in the file are redirected to the local folders on the server’s local drive (local profile folders).

The path to the XML file with the settings is specified in FSLogix -> Profile Containers -> Advanced -> Provide RedirXML file to customize redirections GPO option. You can exclude Temp folders, IE/Edge/Chrome cache directories, etc.

Here is an example of such a file:

<?xml version="1.0"?>
<FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
<Exclude Copy="0">AppData\LocalLow\</Exclude>
<Exclude Copy="0">AppData\Local\Packages\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Temporary Internet Files\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Explorer\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\WebCache\</Exclude>
<Exclude Copy="0">AppData\Local\Temp\</Exclude>
<Exclude Copy="0">AppData\Local\Diagnostics\</Exclude>
<Exclude Copy="0">AppData\Local\Comms\</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache\</Exclude>
</Excludes>
</FrxProfileFolderRedirection>

Analyze user profiles, and installed programs and add additional exceptions to the file.

Add FSLogix executable files to your antivirus exclusions (frxdrv.sys, frxdrvvt.sys, frxccd.sys, frxccd.exe, frxccds.exe, frxsvc.exe).

0 comment
3
Facebook Twitter Google + Pinterest

Related Reading

Zabbix: How to Get Data from PowerShell Scripts

October 27, 2023

Tracking Printer Usage with Windows Event Viewer Logs

October 19, 2023

How to Use Ansible to Manage Windows Machines

September 25, 2023

How to View and Change BIOS (UEFI) Settings...

September 13, 2023

How to Create UEFI Bootable USB Drive to...

September 11, 2023

Leave a Comment