Configuring FSLogix Roaming Profiles in Windows Server RDS.

Microsoft FSLogix technology is used to manage user profiles and allows you to replace Roaming Profiles and User Profile Disks (UPD) in RDS, VDI, and Windows Virtual Desktop (WVD) scenarios. The FSLogix service allows you to dynamically connect containers with user profiles from network resources. It can be used both in on-premises solutions and in Azure (you can use Azure Files as a profile storage). In this article, we'll look at how to use FSLogix Roaming User Profiles instead of User Profile Disks in RDS deployments of Windows Server 2019/2022.

What are the FSLogix containers for?

The concept of FSLogix is ​​similar to the familiar RDS User Profile Disks (UPD) technology, when user profiles are stored as virtual VHDX disks and connected over the network when a user logs into the system. However, FSLogix overcomes many of the shortcomings of UPD in RDS environments and allows you to:

  • Significantly increase the speed of loading a profile over the network, and as a result, the login / logout time for the user is reduced;
  • Optimized for Office 365 apps (Microsoft 365 for Enterprise);
  • The same profile can be used across multiple RDS collections, RDS VDI farms, and even physical computers;
  • FSLogix profile can be connected to several sessions at once (for reading);
  • In UPD, the Windows search index is cleared when the user logs out and needs to be regenerated the next time. In FSLogix, you can store an index in a roaming profile;
  • Ensures availability of Outlook cache files (OST, Outlook Cached Mode), Outlook index (search), MS Teams cache and data, etc.
  • Roaming FSLogix profiles can be used even on standalone RDSH hosts.

The FSLogix solution is free for use in on-premises RDS deployments, provided you have purchased the RDS CAL and installed it on an RDS license server.

Installing and configuring FSLogix for user profiles on Windows Server 2019 RDS.

Consider how to install and configure FSLogix for a terminal RDS farm based on Windows Server 2019.

  • Download FSLogix from this link (https://aka.ms/fslogix/download, about 180 Mb). Access to the utility is free;
  • Unzip the archive and install the FSLogic agent on the RDSH server

FSLogic \FSLogix_Apps\x64\Release\FSLogixAppsSetup.exe
  • Then copy the FSLogix administrative policy files to the central GPO administrative template store on the domain controller ( fslogix.admx in \PolicyDefinitions, and fslogix.adml in \PolicyDefinitions\en-US).

Create a network folder on the file server where containers with FSLogic user profiles will be stored. For example, \\msk-fs\Share\Profiles.

Set the following NTFS permissions on the network folder:

User AccountFolderPermissions
UsersThis Folder OnlyModify
Creator / OwnerSubfolders and Files OnlyModify

Now you can create a GPO to configure FSLogix settings for RDS servers.

Open the domain GPO management console (gpmc.msc), create a new policy and assign it to the OU with your RDSH servers. Expand Computer Configuration -> Policies -> Administrative Templates -> FSLogix. Configure the following GPO settings:

  • Profile Containers -> Enabled - enable FSLogix profiles;
  • Profile Containers -> VHD Location – specify the UNC path to the profile directory (\\msk-fs\Share\Profiles);
  • Profile Containers -> Delete local profile when FSLogix Profile should apply – delete local profile when using FSLogix;
  • Profile Containers -> Size in MB – maximum profile file size, default 30000 (30 GB);
  • Profile Containers -> Dynamic VHD(X) allocation = Enabled. If you do not enable this policy, VHD/VHDX user profile disks are immediately created with the maximum size;
  • Profile Containers -> Advanced -> Prevent login with temporary profile - do not create temporary user profiles;
  • Profile Containers -> Advanced -> Prevent login with failure - prevent login with FSLogix failure;
  • Profile Containers -> Advanced -> Locked VHD retry count = 3, specify the number of attempts to retry a VHD(X) file if it is locked by another process;
  • Profile Containers -> Container and Directory Naming -> Virtual disk type – use VHDX virtual disk type for profile instead of standard VHD;
  • Profile Containers -> Container and Directory Naming -> Swap directory name components - use %username%_SID as format for user profile directories (instead of SID_%username%);
  • Profile Containers -> Store search database in profile container = Disabled (do not store the Windows Search index database in the profile);
  • Enable logging = All logs enabled - enable FSLogix logs
  • Path to logging files – path to FSLogix logs (\\msk-fs\Share\FSLogixLogs\ %COMPUTERNAME%);
  • Days to keep log files - how many days to keep logs (7 days is enough).

Reboot Windows Server to apply the new GPO settings. System settings for FSLogix profiles are stored in the following registry branch HKLM\SOFTWARE\FSLogix\Profiles.

Now, when an RDP user logs in, a notification should appear on the screen:

Please wait for the FSLogix Apps Services

Once logged in, you can launch the Disk Management console and verify that the FSLogix user profile is mounted as a VHDX disk. This creates a new directory for the user profile in the specified network directory.

The s directory C:\Program Files\FSLogix\App contains a few additional utilities for the administrator:
  • frxtray.exe - a utility that displays the FSLogix window in the system tray and allows you to check that the user is logged in with an FSlogix profile;

  • ConfigurationTool.exe is a utility for configuring FSLogix profiles.

Advanced configuration of FSLogix profiles on Windows Server RDS.

When the FSLogixAppsSetup agent is installed on the server, several additional groups appear in the list of local groups. You can display this list using the Get-LocalGroup cmdlet:

Get-LocalGroup -Name "*fslo*"
  • FSLogix ODFC Exclude List — Members of this group are on the exclude list for Outlook Data Folder Containers
  • FSLogix ODFC Include List — Members of this group are on the include list for Outlook Data Folder Containers
  • FSLogix Profile Exclude List — Members of this group are on the exclude list for dynamic profiles
  • FSLogix Profile Include List — Members of this group are on the include list for dynamic profiles

These groups allow you to specify users or groups for which you want to enable or disable FSLogix profiling.

By default, roaming profiles are created for all users. To be able to log on to the server locally for the Administrators group when FSLogix is ​​experiencing problems, you must add the Administrators group to the local group FSLogix Profile Exclude List.

The easiest way to do this is with the Restricted Group policy (Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups -> Add Group -> FSLogix Profile Exclude List) or Group Policy Preferences (Computer Configuration -> Preferences -> Control Panel Settings –> Local Users and Group –> New -> Local Group -> FSLogix Profile Exclude List).

To exclude certain directories from an FSLogix roaming profile, you can use the redirection.xml file . The directories in this file are redirected to local folders on the server's disk.

The path to this XML file with settings is set in the GPO parameter FSLogix -> Profile Containers -> Advanced -> Provide RedirXML file to customize redirections . You can exclude Temp folders, IE cache directories, Chrome, etc.

An example of such a file is shown below:

 <?xml version="1.0"?> <FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
<Exclude Copy="0">AppData\LocalLow\</Exclude> <Exclude Copy="0">AppData\Local\Packages\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Temporary Internet Files\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Explorer\</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\WebCache\</Exclude>
<Exclude Copy="0">AppData\Local\Temp\</Exclude>
<Exclude Copy="0">AppData\Local\Diagnostics\</Exclude>
<Exclude Copy="0">AppData\Local\Comms\</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache\</Exclude>
</Excludes>
</FrxProfileFolderRedirection>

Analyze user profiles and installed programs and add new exclusions to the file.

Add FSLogix executable files to your antivirus exclusions (frxdrv.sys, frxdrvvt.sys, frxccd.sys, frxccd.exe, frxccds.exe, frxsvc.exe).

Disadvantages. 

Good technology, but many pitfalls. For example, a profile is versioned and can only be used on computers with the same OS version. That is, you cannot use the same profile for 2012R2 and 2019. This is a limitation of the profiles themselves, not fslogix. I am not aware of the incompatibility of 2016-2019-2022 and various Windows 10 builds. Also a year ago, the technology had problems with indexing and the manuals recommended making special settings for indexing, including indexing in Outlook. Compatibility with 365 programs is practically a setting for these programs, that is, with Office 365 on the fslogix installation computer, some are recommended, but if there is no office, then others, although they may also have been finalized. 

From useful to the bargain. 

To convert UPD -> FSLogix, you can use the ready-made Migrate UPD Profiles to FSLogix script: https://github.com/andif888/convert-udp-fslogix

RDS remote desktop server, FSLogix, configuration file migration, policy is applied, the modification does not take effect: https://docs.microsoft.com/en-us/answers/questions/437992/rds-remote-desktop-server-fslogix-configuration-fi.html

FSLogix Deploy: https://docs.microsoft.com/en-us/answers/questions/336201/fslogix-deploy.html

Install and Configure Remote Desktop Services RDS on Windows Server 2019.

 

Отправить комментарий

Добавлять новые комментарии запрещено.*

Новые Старые