Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows Server 2019 / Configuring FSLogix Profile Containers on Windows Server RDS

December 5, 2022 Group PoliciesWindows Server 2019Windows Server 2022

Configuring FSLogix Profile Containers on Windows Server RDS

Microsoft FSLogix technology is used to manage user profiles and allows you to replace Roaming Profiles and User Profile Disks (UPD) in RDS, VDI, and Windows Virtual Desktop (WVD) deployments. FSLogix allows you to dynamically connect user profile containers from shared network folders. It can be used both in on-premises environments and in Azure (you can use Azure Files as profile storage). In this article, we’ll look at how to use FSLogix user profile containers instead of User Profile Disks (UPD) in RDS deployments on Windows Server 2019/2022.

Contents:
  • What are FSLogix Containers?
  • How to Install and Configure FSLogix for User Profiles on Windows Server 2019 RDS?
  • Advanced FSLogix Profile Configuration on Windows Server RDS

What are FSLogix Containers?

The FSLogix concept is similar to RDS User Profile Disks (UPD) when user profiles are stored as virtual (VHDX) disks and connected via the network when a user logs on to Windows. However, FSLogix allows us to get rid of many UPD disadvantages in RDS environments:

  • Allows loading a user profile over the network much faster. It reduces login/logout time for a user;
  • Optimized for Office 365 (Microsoft 365 for Enterprise) apps;
  • The same profile may be used in different RDS collections, RDS/VDI farms, and even physical computers;
  • FSLogix profile may be connected to multiple sessions at once (in read-only mode);
  • In UPD, the Windows search index is cleared when a user logs out and must be regenerated at the next logon. FSLogix allows to save the search index to a user profile container;
  • Provides the availability of Outlook cache files (OST, Outlook Cached Mode), Outlook search index, cache and MS Teams data, etc.;
  • FSLogix roaming profiles containers can be used even on standalone RDS hosts.

The FSLogix is free to use in on-premises RDS deployments provided that you have purchased RDS CALs and they are installed on an RDS license server.

How to Install and Configure FSLogix for User Profiles on Windows Server 2019 RDS?

Let’s see how to install and configure FSLogix on a terminal RDS farm running Windows Server 2019.

  1. Download FSLogix (https://aka.ms/fslogix/download, about 180 MB). The tool is free;
  2. Extract the archive and install FSLogix \FSLogix_Apps\x64\Release\FSLogixAppsSetup.exe agent on the RDSH server;
  3. Then copy FSLogix administrative policy files to the Central Store of administrative GPO templates on your domain controller (fslogix.admx to \PolicyDefinitions, and fslogix.adml to \PolicyDefinitions\en-US).
    Learn more about how to install and update ADMX GPO templates.

Create a shared network folder on your file server to store containers with FSLogix user profiles. For example, \\mun-fs01\Share\Profiles.

Set the following NTFS permissions on the folder:

User Account Folder Permissions
Users This Folder Only Modify
Creator / Owner Subfolders and Files Only Modify

configure fslogix smb share ntfs permissions

Now you can create a GPO to configure FSLogix options for RDS hosts.

Open the domain GPO management console (gpmc.msc), create a new policy, and assign it to the Organizational Unit (OU) with your RDSH servers. Expand the GPO section Computer Configuration -> Policies -> Administrative Templates -> FSLogix. Configure the following GPO options:

  • Profile Containers -> Enabled – enable FSLogix profiles;
  • Profile Containers -> VHD Location – specify the UNC path to the profile shared folder (\\mun-fs01\Share\Profiles);
  • Profile Containers -> Delete local profile when FSLogix Profile should apply – delete a local user profile when FSLogix enabled;
  • Profile Containers -> Size in MB – to set the maximum size of a profile file (30,000 MB by default);
  • Profile Containers -> Dynamic VHD(X) allocation = Enabled. If you do not enable the policy, the VHD/VHDX disks of user profiles will be created with their maximum size;
  • Profile Containers -> Advanced -> Prevent login with temporary profile –prevent creating temporary user profiles;
  • Profile Containers -> Advanced -> Prevent login with failure –prevent log on in case of any FSLogix failures;
  • Profile Containers -> Advanced -> Locked VHD retry count = 3, specify the number of attempts to access a VHD(X) file if it is locked by another process;
  • Profile Containers -> Container and Directory Naming -> Virtual disk type –use VHDX disk type for a profile instead of the default VHD;
  • Profile Containers -> Container and Directory Naming -> Swap directory name components –use %username%_SID as a format for user profile folders (instead of SID_%username%);
  • Profile Containers -> Store search database in profile container = Disabled – don’t store Windows Search index database in a profile container;
  • Enable logging = All logs enabled —enable FSLogix logs;
  • Path to logging files –set a path to FSLogix logs (\\mun-fs01\Share\FSLogixLogs\%COMPUTERNAME%);
  • Days to keep log files – 7 days are enough.

FSLogix GPO template

Restart Windows Server to apply new GPO settings. System settings of FSLogix profiles are located under the HKLM\SOFTWARE\FSLogix\Profiles registry key.

FSLogix setting in the registry

Now, when a remote user logs in through the RDP, a notification should appear on the Welcome Screen:

Please wait for the FSLogix Apps Services

WIndows Server RDS: Please wait for the FSLogix Apps Services

Once logging in, you can open the Disk Management console and make sure that the FSLogix user profile container is mounted as a VHDX disk. A new folder for the user profile has appeared in the share you specified.

Please profile container mounted as VHDX file on Windows Server

The FSlogix administrative tools are located at C:\Program Files\FSLogix\Apps:

  • frxtray.exe – this tool displays the FSLogix window in the system tray and allows you to check if a user is logged in with an FSLogix profile; frxtray tool
  • ConfigurationTool.exe – FSLogix profiles GUI configuration tool. ConfigurationTool.exe - FSLogix profiles configuration tool

Advanced FSLogix Profile Configuration on Windows Server RDS

When you install the FSLogixAppsSetup agent on the server, several additional local groups appear. You can display these groups using Get-LocalGroup cmdlet:

Get-LocalGroup -Name "*fslo*"

  • FSLogix ODFC Exclude List — Members of this group are on the exclude list for Outlook Data Folder Containers
  • FSLogix ODFC Include List — Members of this group are on the include list for Outlook Data Folder Containers
  • FSLogix Profile Exclude List — Members of this group are on the exclude list for dynamic profiles
  • FSLogix Profile Include List — Members of this group are on the include list for dynamic profiles

Local group - FSLogix Profile Exclude List

These groups allow set users or groups having FSLogix profiles enabled or disabled.

By default, roaming FSLogix profile containers are created for all users. To allow the members of the local Administrators group to log on to the server locally in case of any FSLogix failures, add the Administrators group to the FSLogix Profile Exclude List.

You can add users to the local group using the Restricted Group policy (Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups -> Add Group -> FSLogix Profile Exclude List) or Group Policy Preferences (Computer Configuration –> Preferences –> Control Panel Settings –> Local Users and Group –> New -> Local Group -> FSLogix Profile Exclude List).

Learn more about how to add domain users to a local group using GPO.

To exclude some folders from an FSLogix roaming profile, you can use the redirection.xml file. Folders in the file are redirected to the local folders on the server’s local drive (local profile folders).

The path to the XML file with the settings is specified in FSLogix -> Profile Containers -> Advanced -> Provide RedirXML file to customize redirections GPO option. You can exclude Temp folders, IE/Edge/Chrome cache directories, etc.

Here is an example of such a file:

<?xml version="1.0"?>
<FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
<Exclude Copy="0">AppData\LocalLow\</Exclude>
<Exclude Copy="0">AppData\Local\Packages\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Temporary Internet Files\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Explorer\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\WebCache\</Exclude>
<Exclude Copy="0">AppData\Local\Temp\</Exclude>
<Exclude Copy="0">AppData\Local\Diagnostics\</Exclude>
<Exclude Copy="0">AppData\Local\Comms\</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache\</Exclude>
</Excludes>
</FrxProfileFolderRedirection>

Analyze user profiles, and installed programs and add additional exceptions to the file.

Add FSLogix executable files to your antivirus exclusions (frxdrv.sys, frxdrvvt.sys, frxccd.sys, frxccd.exe, frxccds.exe, frxsvc.exe).

0 comment
2
Facebook Twitter Google + Pinterest
previous post
How to Create a Self-Signed Certificate on Windows?
next post
How to Install and Configure Squid Proxy Server on Linux?

Related Reading

Using Previous Command History in PowerShell Console

January 31, 2023

How to Install the PowerShell Active Directory Module...

January 31, 2023

Enable Internet Explorer (IE) Compatibility Mode in Microsoft...

January 27, 2023

How to Disable or Uninstall Internet Explorer (IE)...

January 26, 2023

How to Delete Old User Profiles in Windows?

January 25, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023
  • Adding Trusted Root Certificates on Linux

    January 9, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Updating List of Trusted Root Certificates in Windows
  • Configure Google Chrome Settings with Group Policy
  • How to Delete Old User Profiles in Windows?
  • How to Find the Source of Account Lockouts in Active Directory?
  • How to Hide or Show User Accounts from Login Screen on Windows 10/11?
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • How to Disable or Enable USB Drives in Windows using Group Policy?
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top