User Profile Disk (UPD) allows you to store the profile of each Remote Desktop Services user (%USERPROFILE%
) in a separate VHDX (virtual disk) file. Such a profile disk is connected when the user logs on to Windows and will be disconnected when the user logs out (with the changes to the profile being saved). You can store user profile disks on an external file share so that a user can access their environment (profiles) when they login to any server in the RDS farm. UPDs are an alternative to roaming profile or folder redirection technologies in RDS terminal solutions.
In this article, we’ll describe how to configure and manage User Profile Disks on hosts with the Remote Desktop Services role running on Windows Server 2022, 2019, 2016, or 2012R2.
Enable User Profile Disks on Windows Server RDS
Create a shared network folder to store the UPD profile files. This folder must be located on a file server outside the RDS farm. To ensure the high availability of UPD profiles, we recommend that you place the network folder on a cluster. The path to such a directory looks like this in our example: \\fs01\RDSProfiles
.
Create a security group in AD and add all the hosts in your RDS collection to it. You can create a group using the ADUC graphical console or using cmdlets from the Active Directory for Windows PowerShell module:
New-ADGroup munRDSHCollection1 -path "OU=Groups,OU=MUN,DC=woshub,DC=loc" -GroupScope Domain -PassThru –Verbose
Add-AdGroupMember -Identity munRDSHCollection1 -Members munrds1$, munrds2$, munrds3$
Now grant Full Control permissions on the \\fs01\RDSProfiles folder for the munRDSHCollection1 group.
You can enable User Profile Disks in the Remote Desktop Collection settings when you create it. If the collection already exists, find it in the Server Manager console and select Tasks-> Edit Properties in the upper right corner.
User Profile Disks mode can be enabled and configured in the collection settings of Remote Desktop Services. This mode can be enabled when creating a new collection, or you can return to it later.
Then go to the User Profile Disks tab. Check the option Enable user profile disks, specify the path to the previously created shared folder (\\fs01\RDSProfiles), and set a maximum profile disk size (let it be 7 GB). Save the changes.
Unable to enable user disks on rVHDShare. Could not create template VHD. Error Message: The network location "\\woshub.com\namespace\UserProfileDisk" is not available.
You can check if UPD is enabled for the RDS collection and get the path to the directory where the profiles are stored with the PowerShell command:
Get-RDSessionCollectionConfiguration -CollectionName munCorpApp1 –UserProfileDisk
By default, a User Profile Disk contains all the user profile contents. You can exclude certain folders from the list of synchronized directories or specify that only certain folders should be saved. Thus, any changes made to the folders in the list of excluded directories during the user’s terminal session will not be saved to the VHDX disk in the shared folder. There are two options available:
- Store all user settings and data on the user profile disk
- Store only the following folders in the user profile disk
New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy” -Type DWord -Path -Name DeleteUserAppContainersOnLogoff -Value 1
User Profile Disks in VHDX Files on RDS
After you have changed the collection settings and enabled UPD, a file called UVHD-template.vhdx will be created in the target UPD folder.
This file is the template for the user’s profile disk. When a user logs on to the RDS server for the first time, this template is copied and renamed as a VHDX file with the user’s SID in the name. For each user, a separate VHDX file is created.
You can match the UPD file name with the owner user. For example, you can manually convert the SID to a user account name using the Get-ADUser cmdlet:
Get-ADUser -Identity S-1-5-21-32549751-3956249758-2943215497-23733695
Or use the ShowUPDFolderDetails.ps1 script, which displays the names of UPD files in a specified folder and their owners:
$UPDShare = "\\fs01\RDSProfiles"
$UserProfiles = @()
$fc = new-object -com scripting.filesystemobject
$folder = $fc.getfolder($UPDShare)
"Username,SiD" >> export.csv
foreach ($i in $folder.files)
{
$sid = $i.Name
$sid = $sid.Substring(5,$sid.Length-10)
if ($sid -ne "template")
{
$securityidentifier = new-object security.principal.securityidentifier $sid
$user = ( $securityidentifier.translate( [security.principal.ntaccount] ) )
$UserProfile = New-Object PSObject -Property @{
UserName = $user
UPDFile=$i.Name
}
$UserProfiles += $UserProfile
}
}
$UserProfiles| select UserName, UPDFile
Since the UPD profile is a regular virtual disk file in VHDX format, you can mount it and view its contents from any Windows host. Right-click the file and select Mount.
As you can see, the VHDX disk contains a set of folders and files of a standard user profile.
On the RD Session Host, the user profile in the VHDX file is mounted to the C:\users\<username> and looks like this:
The UPD profile is mounted in exclusive mode. This means that if a user profile is currently connected to the user’s RDS session or manually mounted, you will not be able to open it with an error: The file couldn’t be mounted because it’s in use.
Data is written to the VHDX file in real-time. This means that when data is copied to a user profile on an RDS server, the size of the VHDX file on the shared storage is increased immediately.
If the user profile folder already exists in Windows, the folder with an old profile is renamed to the <username>-BACKUP-<number>.
A VHDX disk is mounted when a user logs on to a VDI or RDS host. Each UPD profile is mounted to the C:\Users directory. The list of mounted VHDX disks and mount points of the user profiles appears in Disk Management.
How to Expand/Reduce User Profile Disk with PowerShell?
You can expand or shrink a virtual VHDX disk image with a specific user’s UPD profile using the Resize-VirtualDisk PowerShell cmdlet from the Hyper-V module (Hyper-V management tools must be installed on a computer: Enable-WindowsOptionalFeature -Online –FeatureName Microsoft-Hyper-V-Management-Clients
):
Net use U: \\fs01\RDSProfiles
Resize-VHD -Path u:\UVHD-<SID>.vhdx -SizeBytes 40GB
Net use U: /delete
Now you need to increase the volume size from the Disk Management console GUI (Action -> Attach VHD -> Extend volume).
Or use the following PowerShell script to automatically extend the VHDX file to the maximum available size:
<#
.Synopsis
This script extend size of VHDX file and resize the disk partition to Max
#>
Param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[alias("Path")]
[string]$vhdxFile,
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[alias("Size")]
[int64]$vhdxNewSize
)
begin{
try {
Mount-VHD -Path $vhdxFile -ErrorAction Stop
}
catch {
Write-Error "File $vhdxFile is busy"
Break
}
$vhdx = Get-VHD -Path $vhdxFile
if ($vhdx.Size -ge $vhdxNewSize){
Write-Warning "File $vhdxFile already have this size!"
$vhdx | Dismount-VHD
Break
}
}
process{
Dismount-VHD -Path $vhdxFile
Resize-VHD -Path $vhdxFile -SizeBytes $vhdxNewSize
$vhdxxpart = Mount-VHD -Path $vhdxFile -NoDriveLetter -Passthru | Get-Disk | Get-Partition
$partsize = $vhdxxpart | Get-PartitionSupportedSize
$vhdxxpart | Resize-Partition -Size $partsize.SizeMax
}
end{
Dismount-VHD -Path $vhdxFile
}
Note that you can’t expand the UPD disk of a user with an active RDS session.
To reduce the size of the UPD file (assuming that you deleted the user’s data inside the VHDX file and the data size on the disk is less than the size assigned to it), you can use the commands:
Resize-VHD \\fs01\RDSProfiles\UVHD-<SID>.vhdx –ToMinimumSize
And then optimize the allocation of space in the file:
Optimize-vhd -path \\fs01\RDSProfiles\UVHD-<SID>.vhdx -mode full
Temporary Profile Issue When Using User Profile Disks on RDS
Temporary user profiles are one of the most common problems you may encounter when using roaming profiles or user profile disks on RDS:
We can’t sign in to your account. You’ve have been signed in with a temporary profile. You can’t access your files, and files created in this profile will be deleted when you sign out. To fix this, sigh out and try signing later.
A temporary profile is created for the user in this case: Event ID 1511 Source: User Profile Service
A temporary profile is created for the user because Windows cannot find the local profile. Changes you make to this profile will be lost when you log off.
Most often, this is because the user’s VHDX file was not closed in the previous session. Use the following PowerShell to locate the RDSH host on which the user’s VHDX drive is mounted (run the script on the host with the RD Connection Broker role):
$UserToFind = "a.smith"
$User = $env:USERDOMAIN + '\' + $UserToFind
$RDCollection = Get-RDSessionCollection | where {$_.ResourceType -eq 'Remote Desktop'}
$RDHosts = Get-RDSessionHost -CollectionName $RDCollection.CollectionName | select SessionHost
$Array = Invoke-Command -ComputerName $RDHosts.SessionHost -ScriptBlock { Get-Disk | select Location,DiskNumber | where {$_.Location -notmatch "Integrated"} }
foreach ($VHD in $Array){
$DiskID = (Get-Item $VHD.Location).Name.Substring(5).Split(".")[0]
$objSID = New-Object System.Security.Principal.SecurityIdentifier ($DiskID)
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
if ($objUser.Value -eq $User){
$result = "$($objUser.Value) disk number $($VHD.DiskNumber) on $($VHD.PSComputername)"
}else{
$result = "$($User) - no active RSH sessions were found."
}
}
$result
You can unmount the UPD virtual drive remotely with the command:
Invoke-Command -ComputerName $VHD.PSComputername -ScriptBlock { Dismount-VHD -DiskNumber $VHD.DiskNumber }
To reduce problems with temporary profiles on RDS, it is a good idea to configure timeouts for RDS user sessions. Set idle/disconnected sessions to terminate after 2 to 4 hours. You can also enable the GPO setting that prevents creating temporary profiles: Computer Configuration -> Administrative Templates -> System -> User profiles, enable the option Do not log users on with temporary profiles.
The User Profile Service failed the sign-in, user profile cannot be loaded
” if the user profiles folder is unavailable.The administrator must manually delete the temporary user profile on the RDS host after releasing the VHDX disk:
- Delete the subkeys with the user SID under the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
. In this example, there are two subkeys, one of which ends with .bak (delete them both); - Remove the user’s TEMP profile folder from the C:\Users directory.See the article at the link for more information about deleting user profiles in Windows.
So, we have looked at how to configure User Profile Disks in an RDS/VDI environment on a Windows Server. Configuring UPDs is much easier than configuring roaming profiles or redirected folders. User Profile Disks are bound to an RDS collection and cannot be corrupted when a user profile is shared between multiple terminal servers (unlike standard user profile folders). The User Profile Disks can be stored on SMB shares, CSV, SOFS, SAN, or local disks.
23 comments
Can we delete all VHDX files ? It is occupying arround 18 GB of space. please suggest. Thanks
If these vhdx files are not used , of course you can delete them.
If you are not sure – rename files and look at the operation of the system.
We are implementing VDI currently and we only have a couple of users on a pooled desktop using VDI with UPDs. Someone of these user will sometimes get logged in with a temporary profile. This is extremely problematic. I have searched everywhere and cannot figure out why this is happening. Even on the data server where the UPDs are stored, it shows them having a connected to the UPD and all folder redirects are working but the settings that they change that are saved in the UPD are not coming through. Any tips on how to solve this issue??
Do you use Round Robin DNS with farm name on each host in RDS farm?
This is wrong for server 2012. Try to create an A record with the farm name in DNS, which then refers to the broker address/
On the broker server create a registry entry:
Path: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Cluster Settings
Type: REG_SZ
Value for desktop collection: TSV: // MS Terminal Services Plugin.1.Name
Value For VDI: TSV: //VMResource.1.Name
No we do not use a Farm, these are Virtual Desktops.
We are using the RD Virtualization Host Method with a MasterImage to create each user their own VM. Not the RD session Host Method that you are referring to. So your fix for the Registry does not apply.
Are UPS disks required? If we’re happy with pure folder redirection to their respective servers…?
You can use User Profile Disks together with the Redirected Folders
In 2016 I noticed a phenomenon that you cannot mount/access the UPD disk with domain admin. It only worked as a local admin.
On the file share that a UPD was stored (and UPD was dismounted when user wasn’t logged in) – this was the case to login as a local admin.
On the RDS session host that a UPT was mounted (when a user was logged in) – again this was the case to login as a local admin to access the files on the UPD.
can i edit the users registry setting for short date format in the UPD
Mount user’s UPD and load the registry hive as follows:
1) Run regedit
2) Select the menu File – > “Load Hive”
3) Go to the mounted drive and select the NTUSER.DAT file
4) Don’t forget to unload the hive after editing
We use UserProfileDisk (RDS) on an Server 2016. But when a lot of users connect to the Server 2016, every UPD maps to an drive letter, so sometimes the networkdrives are occuped with the UPD-Mapping Drives.
Can i exclude for the mapping some letters used for networkdrives like T:\ I:\ and J:\?
Hi, thank you for this article. Do you know a way of switching back from UPDs to a “normal” roaming profile? We have performance issues on one 20102R2 RDS-Server and i want to see if this has to do with the UPSs.
[…] Originally Posted by mavhc Just for RDS, right? Yes, only for RDS. UPDs are configured when you first set up the RDS server. User Profile Disks on Windows Server 2012 R2 / 2016 RDS | Windows OS Hub […]
Where could I grab the ShowUPDFolderDetails.ps1 file now that gallery on technet has been removed ?
Web Archive : https://web.archive.org/web/20130912063313/http://gallery.technet.microsoft.com/Retrieve-usernames-for-a-94780a9e/file/77381/1/ShowUPDFolderDetails.ps1
“Note that the UPD drive is bound to the RDS server Windows OS version. You can’t transfer (use) an UPD user profile from an RDS server from one version of Windows Server to another.”
How do migrate 2012R2 RDSH Farm using UPD to 2019 RDSH Farm?
Two weeks ago we have to install a new server (Windows S. 2012R2) as terminal server. There was ServerA ; ServerB; and now ServerC We tried to clone the ServerB to ServerC but because of issue with the Uid we decided to install a brand new system.
After the clean install of windows ready, we:
install some application
patches
put to domain
etc..etc..
After this step we put this ServerC to the session host server group. Configure everything as the ServerA and ServerB.
–> Login as domain user, and test…–> Everything fine –> Login as local administrator –> Local administrator get TEMP profile
Rollback an earlier snapshot and test again: –> Login as local administrator –> Local administrator fine!
–> Put server as session host..configure everything –> Login as domain user, and test…–> Everything fine –> Login as local administrator –> Local administrator get TEMP profile
Any idea what the hack is goin’? May i miss something? Why local administrator get Temp profile after add the server as a new RD session host?
Do you use User Profile Disks (UPD)? If so, then this is the reason, since the UPD can only be connected to one RDSH at a time.
if your admin session is active on ServerA then if it is logging in to ServerC, it can’t attach the UPD as it’s already in use, so a temporary profile is used.
how we can mapp a drive for users , if we only use remote app and users not rdp to host sessions direclty?
Even if you use RemoteApp, an UPD is still created for the RDS user
good day, are there any download size restrictions when using upd’s I have a number of users that have not reached capacity however when attempting to download a file larger than 10mb I get an error.
On a single RDS session host, I would like to be able to exclude some accounts (local admins, non-RDS user accounts) from receiving a UPD when signing in, so that their c:\users\xyz folders live locally and not a Junction point. Reason being a consultant is trying and failing to install SQL Server on this RDS session host and UPDs might not be helping.
Jacen Wang seemed to think it was possible – https://answers.microsoft.com/en-us/windowserver/forum/all/disable-upd-for-administrator-account-on-rds-farm/ab5d93de-e4c2-4bec-9943-5f2d90038470?rtAction=1725465095776 – but I can’t see a section to exclude users.
Thanks
Mike
Enable UPDs for specific groups of users, rather than for the default ‘remote desktop users’ group.
1) In AD, create a MyRDSUsers group and populate it with users.
2) On RDS go to RDS server -> Session collection -> User Groups -> add the security group you created
3) Enable the UPD for this collection.
This excludes all local users from the UPD profile policy.