Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows Server 2019 / Configuring FSLogix Profile Containers on Windows Server RDS

December 5, 2022 Group PoliciesWindows Server 2019Windows Server 2022

Configuring FSLogix Profile Containers on Windows Server RDS

Microsoft FSLogix technology is used to manage user profiles and allows you to replace Roaming Profiles and User Profile Disks (UPD) in RDS, VDI, and Windows Virtual Desktop (WVD) deployments. FSLogix allows you to dynamically connect user profile containers from shared network folders. It can be used both in on-premises environments and in Azure (you can use Azure Files as profile storage). In this article, we’ll look at how to use FSLogix user profile containers instead of User Profile Disks (UPD) in RDS deployments on Windows Server 2019/2022.

Contents:
  • What are FSLogix Containers?
  • How to Install and Configure FSLogix for User Profiles on Windows Server 2019 RDS?
  • Advanced FSLogix Profile Configuration on Windows Server RDS

What are FSLogix Containers?

The FSLogix concept is similar to RDS User Profile Disks (UPD) when user profiles are stored as virtual (VHDX) disks and connected via the network when a user logs on to Windows. However, FSLogix allows us to get rid of many UPD disadvantages in RDS environments:

  • Allows loading a user profile over the network much faster. It reduces login/logout time for a user;
  • Optimized for Office 365 (Microsoft 365 for Enterprise) apps;
  • The same profile may be used in different RDS collections, RDS/VDI farms, and even physical computers;
  • FSLogix profile may be connected to multiple sessions at once (in read-only mode);
  • In UPD, the Windows search index is cleared when a user logs out and must be regenerated at the next logon. FSLogix allows to save the search index to a user profile container;
  • Provides the availability of Outlook cache files (OST, Outlook Cached Mode), Outlook search index, cache and MS Teams data, etc.;
  • FSLogix roaming profiles containers can be used even on standalone RDS hosts.

The FSLogix is free to use in on-premises RDS deployments provided that you have purchased RDS CALs and they are installed on an RDS license server.

How to Install and Configure FSLogix for User Profiles on Windows Server 2019 RDS?

Let’s see how to install and configure FSLogix on a terminal RDS farm running Windows Server 2019.

  1. Download FSLogix (https://aka.ms/fslogix/download, about 180 MB). The tool is free;
  2. Extract the archive and install FSLogix \FSLogix_Apps\x64\Release\FSLogixAppsSetup.exe agent on the RDSH server;
  3. Then copy FSLogix administrative policy files to the Central Store of administrative GPO templates on your domain controller (fslogix.admx to \PolicyDefinitions, and fslogix.adml to \PolicyDefinitions\en-US).
    Learn more about how to install and update ADMX GPO templates.

Create a shared network folder on your file server to store containers with FSLogix user profiles. For example, \\mun-fs01\Share\Profiles.

Set the following NTFS permissions on the folder:

User AccountFolderPermissions
UsersThis Folder OnlyModify
Creator / OwnerSubfolders and Files OnlyModify

configure fslogix smb share ntfs permissions

Now you can create a GPO to configure FSLogix options for RDS hosts.

Open the domain GPO management console (gpmc.msc), create a new policy, and assign it to the Organizational Unit (OU) with your RDSH servers. Expand the GPO section Computer Configuration -> Policies -> Administrative Templates -> FSLogix. Configure the following GPO options:

  • Profile Containers -> Enabled – enable FSLogix profiles;
  • Profile Containers -> VHD Location – specify the UNC path to the profile shared folder (\\mun-fs01\Share\Profiles);
  • Profile Containers -> Delete local profile when FSLogix Profile should apply – delete a local user profile when FSLogix enabled;
  • Profile Containers -> Size in MB – to set the maximum size of a profile file (30,000 MB by default);
  • Profile Containers -> Dynamic VHD(X) allocation = Enabled. If you do not enable the policy, the VHD/VHDX disks of user profiles will be created with their maximum size;
  • Profile Containers -> Advanced -> Prevent login with temporary profile –prevent creating temporary user profiles;
  • Profile Containers -> Advanced -> Prevent login with failure –prevent log on in case of any FSLogix failures;
  • Profile Containers -> Advanced -> Locked VHD retry count = 3, specify the number of attempts to access a VHD(X) file if it is locked by another process;
  • Profile Containers -> Container and Directory Naming -> Virtual disk type –use VHDX disk type for a profile instead of the default VHD;
  • Profile Containers -> Container and Directory Naming -> Swap directory name components –use %username%_SID as a format for user profile folders (instead of SID_%username%);
  • Profile Containers -> Store search database in profile container = Disabled – don’t store Windows Search index database in a profile container;
  • Enable logging = All logs enabled —enable FSLogix logs;
  • Path to logging files –set a path to FSLogix logs (\\mun-fs01\Share\FSLogixLogs\%COMPUTERNAME%);
  • Days to keep log files – 7 days are enough.

FSLogix GPO template

Restart Windows Server to apply new GPO settings. System settings of FSLogix profiles are located under the HKLM\SOFTWARE\FSLogix\Profiles registry key.

FSLogix setting in the registry

Now, when a remote user logs in through the RDP, a notification should appear on the Welcome Screen:

Please wait for the FSLogix Apps Services

WIndows Server RDS: Please wait for the FSLogix Apps Services

Once logging in, you can open the Disk Management console and make sure that the FSLogix user profile container is mounted as a VHDX disk. A new folder for the user profile has appeared in the share you specified.

Please profile container mounted as VHDX file on Windows Server

The FSlogix administrative tools are located at C:\Program Files\FSLogix\Apps:

  • frxtray.exe – this tool displays the FSLogix window in the system tray and allows you to check if a user is logged in with an FSLogix profile; frxtray tool
  • ConfigurationTool.exe – FSLogix profiles GUI configuration tool. ConfigurationTool.exe - FSLogix profiles configuration tool

Advanced FSLogix Profile Configuration on Windows Server RDS

When you install the FSLogixAppsSetup agent on the server, several additional local groups appear. You can display these groups using Get-LocalGroup cmdlet:

Get-LocalGroup -Name "*fslo*"

  • FSLogix ODFC Exclude List — Members of this group are on the exclude list for Outlook Data Folder Containers
  • FSLogix ODFC Include List — Members of this group are on the include list for Outlook Data Folder Containers
  • FSLogix Profile Exclude List — Members of this group are on the exclude list for dynamic profiles
  • FSLogix Profile Include List — Members of this group are on the include list for dynamic profiles

Local group - FSLogix Profile Exclude List

These groups allow set users or groups having FSLogix profiles enabled or disabled.

By default, roaming FSLogix profile containers are created for all users. To allow the members of the local Administrators group to log on to the server locally in case of any FSLogix failures, add the Administrators group to the FSLogix Profile Exclude List.

You can add users to the local group using the Restricted Group policy (Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups -> Add Group -> FSLogix Profile Exclude List) or Group Policy Preferences (Computer Configuration –> Preferences –> Control Panel Settings –> Local Users and Group –> New -> Local Group -> FSLogix Profile Exclude List).

Learn more about how to add domain users to a local group using GPO.

To exclude some folders from an FSLogix roaming profile, you can use the redirection.xml file. Folders in the file are redirected to the local folders on the server’s local drive (local profile folders).

The path to the XML file with the settings is specified in FSLogix -> Profile Containers -> Advanced -> Provide RedirXML file to customize redirections GPO option. You can exclude Temp folders, IE/Edge/Chrome cache directories, etc.

Here is an example of such a file:

<?xml version="1.0"?>
<FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
<Exclude Copy="0">AppData\LocalLow\</Exclude>
<Exclude Copy="0">AppData\Local\Packages\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Temporary Internet Files\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Explorer\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\WebCache\</Exclude>
<Exclude Copy="0">AppData\Local\Temp\</Exclude>
<Exclude Copy="0">AppData\Local\Diagnostics\</Exclude>
<Exclude Copy="0">AppData\Local\Comms\</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache\</Exclude>
</Excludes>
</FrxProfileFolderRedirection>

Analyze user profiles, and installed programs and add additional exceptions to the file.

Add FSLogix executable files to your antivirus exclusions (frxdrv.sys, frxdrvvt.sys, frxccd.sys, frxccd.exe, frxccds.exe, frxsvc.exe).

0 comment
3
Facebook Twitter Google + Pinterest
previous post
How to Create a Self-Signed Certificate on Windows?
next post
How to Install and Configure Squid Proxy Server on Linux?

Related Reading

Configuring Event Viewer Log Size on Windows

May 24, 2023

How to Detect Who Changed the File/Folder NTFS...

May 24, 2023

Enable Single Sign-On (SSO) Authentication on RDS Windows...

May 23, 2023

Allow Non-admin Users RDP Access to Windows Server

May 22, 2023

How to Create, Change, and Remove Local Users...

May 17, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configuring Event Viewer Log Size on Windows

    May 24, 2023
  • How to Detect Who Changed the File/Folder NTFS Permissions on Windows?

    May 24, 2023
  • Enable Single Sign-On (SSO) Authentication on RDS Windows Server

    May 23, 2023
  • Allow Non-admin Users RDP Access to Windows Server

    May 22, 2023
  • How to Create, Change, and Remove Local Users or Groups with PowerShell?

    May 17, 2023
  • Fix: BSOD Error 0x0000007B (INACCESSABLE_BOOT_DEVICE) on Windows

    May 16, 2023
  • View Success and Failed Local Logon Attempts on Windows

    May 2, 2023
  • Fix: “Something Went Wrong” Error When Installing Teams

    May 2, 2023
  • Querying Windows Event Logs with PowerShell

    May 2, 2023
  • Configure Windows LAPS (Local Administrator Passwords Solution) in AD

    April 25, 2023

Follow us

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Updating List of Trusted Root Certificates in Windows
  • Configure Google Chrome Settings with Group Policy
  • How to Delete Old User Profiles in Windows?
  • Allow Non-admin Users RDP Access to Windows Server
  • How to Find the Source of Account Lockouts in Active Directory?
  • How to Hide or Show User Accounts from Login Screen on Windows 10/11?
  • How to Disable or Enable USB Drives in Windows using Group Policy?
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top