User Profile Disk (UPD) allows you to store the profile of each Remote Desktop Services user (%USERPROFILE%) in a separate VHDX (virtual disk) file. Such a profile disk is connected when the user logs on to Windows and will be disconnected when the user logs out (with the changes to the profile being saved). You can store user profile disks on an external file share so that a user can access their personal environment (profiles) when they login to any server in the RDS farm. UPDs are an alternative to roaming profile or folder redirection technologies in RDS terminal solutions.
In this article, we’ll describe how to configure and manage User Profile Disks on hosts with the Remote Desktop Services role running on Windows Server 2022, 2019, 2016, or 2012R2.
Enable User Profile Disks on Windows Server RDS
Create a shared network folder to store the UPD profile files. This folder must be located on a file server outside the RDS farm. To ensure the high availability of UPD profiles, we recommend that you place the network folder on a cluster. The path to such a directory looks like this in our example: \\fs01\RDSProfiles .
Create a security group in AD and add all the hosts in your RDS collection to it. You can create a group using the ADUC graphical console or using cmdlets from the Active Directory for Windows PowerShell module:
New-ADGroup munRDSHCollection1 -path "OU=Groups,OU=MUN,DC=woshub,DC=loc" -GroupScope Domain -PassThru –Verbose
Add-AdGroupMember -Identity munRDSHCollection1 -Members munrds1$, munrds2$, munrds3$
Now grant Full Control permissions on the \\fs01\RDSProfiles folder for the munRDSHCollection1 group.
You can enable User Profile Disks in the Remote Desktop Collection settings when you create it. If the collection already exists, find it in the Server Manager console and select Tasks-> Edit Properties in the upper right corner.
User Profile Disks mode can be enabled and configured in the collection settings of Remote Desktop Services. This mode can be enabled when creating a new collection, or you can return to it later.
Then go to the User Profile Disks tab. Check the option Enable user profile disks, specify the path to the previously created shared folder (\\fs01\RDSProfiles), and set a maximum profile disk size (let it be 7 GB). Save the changes.
Unable to enable user disks on rVHDShare. Could not create template VHD. Error Message: The network location "\\woshub.com\namespace\UserProfileDisk" is not available.
You can check if UPD is enabled for the RDS collection and get the path to the directory where the profiles are stored with the PowerShell command:
Get-RDSessionCollectionConfiguration -CollectionName munCorpApp1 –UserProfileDisk
By default, a User Profile Disk contains all the user profile contents. You can exclude certain folders from the list of synchronized directories or specify that only certain folders should be saved. Thus, any changes made to the folders in the list of excluded directories during the user’s terminal session will not be saved to the VHDX disk in the shared folder. There are two options available:
- Store all user settings and data on the user profile disk
- Store only the following folders in the user profile disk
New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy” -Type DWord -Path -Name DeleteUserAppContainersOnLogoff -Value 1
User Profile Disks in VHDX Files on RDS
After you have changed the collection settings and enabled UPD, a file called UVHD-template.vhdx will be created in the target UPD folder.
This file is the template for the user’s profile disk. When a user logs on to the RDS server for the first time, this template is copied and renamed as a VHDX file with the user’s SID in the name. For each user, a separate VHDX file is created.
You can match the UPD file name with the owner user. For example, you can manually convert the SID to a user account name using the Get-ADUser cmdlet:
Get-ADUser -Identity S-1-5-21-32549751-3956249758-2943215497-23733695
Or use the ShowUPDFolderDetails.ps1 script, which displays the names of UPD files in a specified folder and their owners:
$UPDShare = "\\fs01\RDSProfiles"
$UserProfiles = @()
$fc = new-object -com scripting.filesystemobject
$folder = $fc.getfolder($UPDShare)
"Username,SiD" >> export.csv
foreach ($i in $folder.files)
{
$sid = $i.Name
$sid = $sid.Substring(5,$sid.Length-10)
if ($sid -ne "template")
{
$securityidentifier = new-object security.principal.securityidentifier $sid
$user = ( $securityidentifier.translate( [security.principal.ntaccount] ) )
$UserProfile = New-Object PSObject -Property @{
UserName = $user
UPDFile=$i.Name
}
$UserProfiles += $UserProfile
}
}
$UserProfiles| select UserName, UPDFile
Since the UPD profile is a regular virtual disk file in VHDX format, you can mount it and view its contents from any Windows host. Right-click the file and select Mount.
As you can see, the VHDX disk contains a set of folders and files of a standard user profile.
On the RD Session Host, the user profile in the VHDX file is mounted to the C:\users\<username> and looks like this:
The UPD profile is mounted in exclusive mode. This means that if a user profile is currently connected to the user’s RDS session or manually mounted, you will not be able to open it with an error: The file couldn’t be mounted because it’s in use.
Data is written to the VHDX file in real time. This means that when data is copied to a user profile on an RDS server, the size of the vhdx file on the shared storage is increased immediately.
If the user profile folder already exists in Windows, the folder with an old profile is renamed to the <username>-BACKUP-<number>.
A VHDX disk is mounted when a user logs on to a VDI or RDS host. Each UPD profile is mounted to the C:\Users directory. The list of mounted VHDX disks and mount points of the user profiles appears in Disk Management.
How to Expand/Reduce User Profile Disk with PowerShell?
You can expand or shrink a virtual VHDX disk image with a specific user’s UPD profile using the Resize-VirtualDisk PowerShell cmdlet from the Hyper-V module (Hyper-V management tools must be installed on a computer: Enable-WindowsOptionalFeature -Online –FeatureName Microsoft-Hyper-V-Management-Clients):
Net use U: \\fs01\RDSProfiles
Resize-VHD -Path u:\UVHD-<SID>.vhdx -SizeBytes 40GB
Net use U: /delete
Now you need to increase the volume size from the Disk Management console GUI (Action -> Attach VHD -> Extend volume).
Or use the following PowerShell script to automatically extend the VHDX file to the maximum available size:
<#
.Synopsis
This script extend size of VHDX file and resize the disk partition to Max
#>
Param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[alias("Path")]
[string]$vhdxFile,
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[alias("Size")]
[int64]$vhdxNewSize
)
begin{
try {
Mount-VHD -Path $vhdxFile -ErrorAction Stop
}
catch {
Write-Error "File $vhdxFile is busy"
Break
}
$vhdx = Get-VHD -Path $vhdxFile
if ($vhdx.Size -ge $vhdxNewSize){
Write-Warning "File $vhdxFile already have this size!"
$vhdx | Dismount-VHD
Break
}
}
process{
Dismount-VHD -Path $vhdxFile
Resize-VHD -Path $vhdxFile -SizeBytes $vhdxNewSize
$vhdxxpart = Mount-VHD -Path $vhdxFile -NoDriveLetter -Passthru | Get-Disk | Get-Partition
$partsize = $vhdxxpart | Get-PartitionSupportedSize
$vhdxxpart | Resize-Partition -Size $partsize.SizeMax
}
end{
Dismount-VHD -Path $vhdxFile
}
Note that you can’t expand the UPD disk of a user with an active RDS session.
To reduce the size of the UPD file (assuming that you deleted the user’s data inside the vhdx file and the data size on the disk is less than the size assigned to it), you can use the commands:
Resize-VHD \\fs01\RDSProfiles\UVHD-<SID>.vhdx –ToMinimumSize
And then optimize the allocation of space in the file:
Optimize-vhd -path \\fs01\RDSProfiles\UVHD-<SID>.vhdx -mode full
Temporary Profile Issue When Using User Profile Disks on RDS
Temporary user profiles are one of the most common problems you may encounter when using roaming profiles or user profile disks on RDS:
We can’t sign in to your account. You’ve have been signed in with a temporary profile. You can’t access your files, and files created in this profile will be deleted when you sign out. To fix this, sigh out and try signing later.
A temporary profile is created for the user in this case: Event ID 1511 Source: User Profile Service
A temporary profile is created for the user because Windows cannot find the local profile. Changes you make to this profile will be lost when you log off.
Most often, this is because the user’s VHDX file was not closed in the previous session. Use the following PowerShell to locate the RDSH host on which the user’s VHDX drive is mounted (run the script on the host with the RD Connection Broker role):
$UserToFind = "a.smith"
$User = $env:USERDOMAIN + '\' + $UserToFind
$RDCollection = Get-RDSessionCollection | where {$_.ResourceType -eq 'Remote Desktop'}
$RDHosts = Get-RDSessionHost -CollectionName $RDCollection.CollectionName | select SessionHost
$Array = Invoke-Command -ComputerName $RDHosts.SessionHost -ScriptBlock { Get-Disk | select Location,DiskNumber | where {$_.Location -notmatch "Integrated"} }
foreach ($VHD in $Array){
$DiskID = (Get-Item $VHD.Location).Name.Substring(5).Split(".")[0]
$objSID = New-Object System.Security.Principal.SecurityIdentifier ($DiskID)
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
if ($objUser.Value -eq $User){
$result = "$($objUser.Value) disk number $($VHD.DiskNumber) on $($VHD.PSComputername)"
}else{
$result = "$($User) - no active RSH sessions were found."
}
}
$result
You can unmount the UPD virtual drive remotely with the command:
Invoke-Command -ComputerName $VHD.PSComputername -ScriptBlock { Dismount-VHD -DiskNumber $VHD.DiskNumber }
To reduce problems with temporary profiles on RDS, it is a good idea to configure timeouts for RDS user sessions. Set idle/disconnected sessions to terminate after 2 to 4 hours. You can also enable the GPO setting that prevents creating temporary profiles: Computer Configuration -> Administrative Templates -> System -> User profiles, enable the option Do not log users on with temporary profiles.
The User Profile Service failed the sign-in, user profile cannot be loaded” if the user profiles folder is unavailable.The administrator must manually delete the temporary user profile on the RDS host after releasing the VHDX disk:
- Delete the subkeys with the user SID under the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. In this example, there are two subkeys, one of which ends with .bak (delete them both);
- Remove the user’s TEMP profile folder from the C:\Users directory.See the article at the link for more information about deleting user profiles in Windows.
So, we have looked at how to configure User Profile Disks in RDS/VDI environment on a Windows Server. Configuring UPDs is much easier than configuring roaming profiles or redirected folders. User Profile Disks are bound to an RDS collection and cannot be corrupted when a user profile is shared between multiple terminal servers (unlike standard user profile folders). The User Profile Disks can be stored on SMB shares, CSV, SOFS, SAN, or local disks.
