Deploying FSLogix Profile Containers
Have an issue you can't solve? I offer consulting engagements and can be reached here: consulting[а𝐭]amorales[․]org
This is an extension of my FSLogix Office 365 container guide. All of the steps in that guide should be followed before continuing onto this one.
OverviewFSLogix profile containers allow you to easily roam user files and settings across multiple machines. A VHDX file will be created and it will store all user settings. This is similar to roaming profiles, but you do not have to deal with any login delays while files copy. Instead, the VHDX file is attached to the RDS server and the user's profile loads immediately.
FSL Profiles vs UPDsWindows has a native solution called User Profile Disks, but it has some big limitations. With UPDs some applications will detect that data is being stored in a UNC path and malfunction. The best example of this is the inability to install Google Chrome extensions on UPDs. FSLogix drivers trick the OS into thinking that the VHDX data is local to the machine so applications never know that the data is in a network path.
If there is a brief network loss UPDs will disconnect and user profiles will crash out and going into limbo. FSL profiles will try to re-connect if there is a network loss. In my experience it is not perfect, but it does seem to keep most of the profile running.
- Follow all the steps on the FSLogix Office 365 container guide.
- Make sure that no other profile management solution (UPD, UPM, Roaming Profiles, etc.) is enabled.
- Delete any local profiles on the machine (not mandatory, but recommended)
- Create a group in AD called "APP_FSLogixProfiles_Exclude"
- You will use this to easily exclude users from AD
- Create the exclusions file (optional)
- Instructions below
- Create a new GPO just for FSLogix Profile settings (don't combine ODFC and profiles into one GPO)
- GPO settings are at the bottom of this article
- Apply the GPO to the server, run GPUpdate, and restart to confirm that everything has been closed out.
- Login as a test user and confirm that a profile and ODFC VHDX is created
- Confirm that you see a local_*user* folder under c:\users
- Create some files in one of your excluded folders.
- Log out of the RDS and log back in. Confirm that the excluded folders no longer have any files in them. Also confirm that the profile settings are persisting across logins.
FSL disk are dynamically allocated which means that they expand to whatever size is required, but they do not automatically shrink. This can lead to unnecessary disk usage on your file server.
Also, there are instances where some user profiles will get left behind in C:\Users.
To combat both of these issues see the sections titled "Delete bad folders under the Users Folder" and "Compact your UPDs" on the Best Practices for Deploying User Profile Disks article.
ExclusionsBy default FSL will copy all of the user's data into the VHDX file. However, you also have the ability to exclude certain folders. Excluding temp and cache folders will allow you to keep your VHDX files as small as possible.
To configure this:
- Create a folder called FSLRedirections
- I create this in the same directory as the FSL files
- Make sure that all users have read only permission to this folder. Only admins should have write access.
- Create a Redirections.xml file in this location
- You can find the XML file I use here. I try to stick to only cache and temp data.
GPO SettingsComputer Configuration/Policies/Windows Settings/Restricted Groups
Group: FSLogix Profile Exclude List
Members: APP_FSLogixProfiles_Exclude (make sure to browse for the group, don't just type it in)
Path to your FSLogix share (DFS prefered)
Computer Configuration/Administrative Templates/FSLogix/Profile Containers/Advanced/Provide RedirXML file to customize redirections
\\%DFS%\FSLogix\FSLRedirections (just the folder, not the file)
Disabled (you might need this enabled depending on your config)
Computer Configuration/Policies/Administrative Templates/FSLogix/Profile Containers/Delete local profile when FSLogix Profile should apply
Normal direct-access profile
Computer Configuration/Policies/Administrative Templates/FSLogix/Profile Containers/Store search database in profile container
Disabled (it will be stored in the ODFC container)
Don't enable this at all on Server 2019!