Configuring FSLogix Profile Containers on Windows Server RDS | Ranjan.info

Microsoft FSLogix The technology is used to manage user profiles and allows you to replace roaming profiles and user profile disks (UPD) in RDS, VDI, and Windows Virtual Desktop (WVD) deployments. FSLogix allows you to dynamically connect user profile containers to shared network folders. It can be used in both on-premises environment and Azure (you can use Azure Files as profile storage). In this article, we will see how to use FSLogix User Profile Container instead of User Profile Disk (UPD) rds Deploy on Windows Server 2019/2022.

What are FSLogix containers?

FSLogix is ​​similar in concept to the RDS User Profile Disk (UPD) when the user profile is stored as a virtual (VHDX) disk and is attached via a network when the user logs on to Windows. However, FSLogix allows us to get rid of several UPD disadvantages in an RDS environment:

  • Allows very fast loading of user profiles over the network. It reduces login/logout time for the user;
  • Optimized for Office 365 (Microsoft 365 for Enterprise) apps;
  • The same profile can be used across different RDS collections, RDS/VDI farms, and even across physical computers;
  • FSLogix profiles can be associated with multiple sessions simultaneously (in read-only mode);
  • In UPD, the Windows Search index is cleared when a user logs out and must be regenerated at the next logon. FSLogix allows the search index to be saved in the user profile container;
  • Provides availability of Outlook cache files (OST, Outlook Cached Mode), Outlook search index, cache and MS Teams data, etc.;
  • The FSLogix Roaming Profile container can also be used on a standalone RDS host.

FSLogix is ​​free to use in on-premises RDS deployments, provided you have purchased RDS CALs and they are installed on the RDS license server.

How to install and configure FSLogix for User Profiles on Windows Server 2019 RDS?

Let us see how to install and configure FSLogix on a terminal RDS farm running Windows Server 2019.

  1. Download FSLogix (https://aka.ms/fslogix/download, about 180MB). The tool is free;
  2. Extract the archive and install FSLogix \FSLogix_Apps\x64\Release\FSLogixAppsSetup.exe agent on the RDSH server;
  3. Then copy the FSLogix administrative policy files to the central store of administrative GPO templates on your domain controller (fslogix.admx for \PolicyDefinitions, and fslogix.adml From \Policy Definitions\en-US).

Create a shared network folder on your file server to store the containers containing the FSLogix user profiles. For example, \\mun-fs01\Share\Profiles,

Set the following NTFS permissions on the folder:

consumer account folder permissions
users this folder only Revised
creator Owner subfolders and files only Revised

configure fslogix smb share ntfs permissions

Now you can create a GPO to configure FSLogix options for the RDS host.

Open the Domain GPO Management Console (gpmc.msc), create a new policy, and assign it to the Organizational Unit (OU) with your RDSH servers. Expand the GPO section Computer Configuration -> Policies -> Administrative Templates -> FSLogix. Configure the following GPO options:

  • Profile Container -> active – Enable FSLogix Profile;
  • Profile Container -> vhd location – Specify the UNC path for the profile shared folder (\\mun-fs01\Share\Profiles,
  • Profile Container -> Delete local profile when FSLogix profile should be applicable – Delete a local user profile when FSLogix is ​​enabled;
  • Profile Container -> size in MB – to set the maximum size of the profile file (by default 30,000 MB);
  • Profile Container -> dynamic VHD(X) allocation , active, If you do not enable the policy, VHD/VHDX disks for user profiles will be created with their maximum size;
  • Profile Container -> Advanced -> prevent login with temporary profile – prevent the creation of temporary user profiles;
  • Profile Container -> Advanced -> prevent login with failure – prevent logging on in case of any failure of FSLogix;
  • Profile Container -> Advanced -> Locked VHD retry count = 3, specify the number of attempts to access the VHD(X) file if it is locked by another process;
  • Profile container -> Container and directory naming -> virtual disk type – use the VHDX disk type for the profile instead of the default VHD;
  • Profile container -> Container and directory naming -> swap directory name components -Use %username%_SID as the format for the user profile folder (instead of SID_%username%);
  • Profile Container -> Store search database in profile container , disabled – Do not store the Windows Search index database in a profile container;
  • enable logging , all logs enabled – Enable FSLogix Logs;
  • path to logging files – set a path for FSLogix logs (\\mun-fs01\Share\FSLogixLogs\%COMPUTERNAME%,
  • days to keep log files 7 days is enough.

FSLogix GPO Template

Restart Windows Server to apply the new GPO setting. The system settings for the FSLogix profile are located under HKLM\SOFTWARE\FSLogix\Profiles registry key.

FSLogix setting in the registry

Now, when a remote user logs in via RDP, a notification should appear on the welcome screen:

Please wait for the FSLogix Apps Services

Once logged in, you can open disk Management console and make sure the FSLogix User Profile container is mounted as a VHDX disk. A new folder for the user profile appears in the sharing that you specified.

Mounted profile container as VHDX file on Windows Server please

FSlogix Administrative Tools are located C:\Program Files\FSLogix\Apps,

  • frxtray.exe – This tool displays the FSLogix window in the system tray and allows you to check whether a user is logged in with an FSLogix profile; frctray tool
  • ConfigurationTool.exe – FSLogix Profile GUI configuration tool. ConfigurationTool.exe - FSLogix Profile Configuration Tool

Advanced FSLogix Profile Configuration on Windows Server RDS

When you install the FSLogixAppsSetup agent on the server, several additional local groups appear. You can display these groups by using the Get-LocalGroup cmdlet:

Get-LocalGroup -Name "*fslo*"

  • FSLogix ODFC Exclude List – Members of this group are on the exclude list for Outlook Data Folder containers
  • FSLogix ODFC Include List — Members of this group are included in the list for Outlook Data Folder containers
  • FSLogix Profile Exclude List – Members of this group are on the exclude list for dynamic profiles
  • FSLogix Profile Include List – Members of this group are on the include list for dynamic profiles

Local Groups - FSLogix Profile Exclude List

These group sets allow users or groups to enable or disable FSLogix profiles.

By default, roaming FSLogix Profile containers are created for all users. To allow members of the local Administrators group to log on to the server locally in case of any FSLogix failures, add the Administrators group to FSLogix Profile Exclude List,

You can add users to local groups using Restricted Group Policy (Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups -> Add Group -> FSLogix Profile Exclude List) or Group Policy Preferences (Computer Configuration -> Preferences) -> Control Panel Settings -> Local Users and Groups -> New -> Local Groups -> FSLogix Profile Exclude List).

To exclude certain folders from the FSLogix roaming profile, you can use redirection.xml file. The folders in the file are redirected to local folders on the server’s local drive (local profile folders).

The path to the XML file with the setting is specified in FSLogix -> Profile Container -> Advanced -> Provide RedirXML file to customize redirection GPO Options. You can exclude Temp folder, IE/Edge/Chrome cache directory etc.

Here is an example of such a file:

<?xml version="1.0"?>
<FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
<Exclude Copy="0">AppData\LocalLow\</Exclude>
<Exclude Copy="0">AppData\Local\Packages\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Temporary Internet Files\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Explorer\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\WebCache\</Exclude>
<Exclude Copy="0">AppData\Local\Temp\</Exclude>
<Exclude Copy="0">AppData\Local\Diagnostics\</Exclude>
<Exclude Copy="0">AppData\Local\Comms\</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache\</Exclude>
</Excludes>
</FrxProfileFolderRedirection>

Analyze user profiles and installed programs and add additional exceptions to the file.

Add the FSLogix executable files to your antivirus exclusions (frxdrv.sys, frxdrvvt.sys, frxccd.sys, frxccd.exe, frxccds.exe, frxsvc.exe).

Leave a Comment