Ever since Microsoft acquired FSLogix, customers with RDS CALs or different Microsoft 365 subscriptions may use Profile Container free of charge.

Wolfgang Sommergut

Wolfgang Sommergut has over 20 years of experience in IT journalism. He has also worked as a system administrator and as a tech consultant. Today he runs the German publication WindowsPro.de.

The concept of the FSLogix Profile Container is to offload user profiles to a VHD(X) file. The software then redirects the user to the data and settings in the external container. This virtual drive is mounted when the user logs on and integrates transparently into the file system from an application's perspective.

Installing the agent ^

An agent handles the VHD(X) operations; it is available in a 32- and a 64-bit version. The agent can be installed either interactively or unattended, for example, via SCCM. The target systems can be RD session hosts, or virtual or physical desktops. Setup and configuration are largely the same for all systems.

Most companies can use FSLogix without additional licensing costs since it has been taken over by Microsoft

Most companies can use FSLogix without additional licensing costs since it has been taken over by Microsoft

After the FSLogix software is installed, it remains idle unless you activate it via a group policy. But before you do that, you need to provision the storage for the user profiles. The storage is typically a share on a Windows Server or NAS device.

Configuring storage ^

It is important to assign permissions such that each user only has access to his own profile. You can do this in the same way as when setting up shares for roaming profiles or a folder redirection.

In the documentation, Microsoft proposes a simple variant, where the users only receive Modify permissions.

When providing the storage, you should ensure it is highly available, if possible. If it fails, the affected users will lose data or will have to stop working. One option to achieve high availability is the FSLogix Cloud Cache feature, which synchronizes profiles with multiple providers.

Assigning users ^

You should also define the user groups whose profiles will be virtualized by FSLogix or excluded from it. During the installation, the agent creates four local groups on the computer, two each for Profile Container and Office 365 Container.

The setup of FSLogix automatically creates four local user groups

The setup of FSLogix automatically creates four local user groups

In the Include List, which already contains Everyone by default, you include those Active Directory groups whose profiles FSLogix should manage. The Exclude List should include those that should be left alone. The Exclude List could, for example, include the administrators.

By default, the Everyone group is already set for the use of Profile Containers

By default, the Everyone group is already set for the use of Profile Containers

Activating Profile Containers via GPO ^

Now you can proceed to configure the Profile Container via a group policy. To do this, you first must copy the supplied fslogix.admx template and the corresponding language file to the PolicyDefinitions folder and to its en-us subdirectory respectively, either locally under %systemroot% or in the Central Store on a DC.

Configure the mandatory settings Enabled to start the tool and  VHD(X) Location to define the storage path.

Specifying the location for the VHD(X) files via group policies

Specifying the location for the VHD(X) files via group policies

In addition, it is recommended to consider the remaining options, as they do unlock some useful functions.

Group Policy settings for FSLogix Profile Container

Group Policy settings for FSLogix Profile Container

On session hosts in particular, you should save the Windows search index in the VHD(X) so that it does not have to be recreated after each logon.

FSLogix also allows you to set size restrictions or enable simultaneous access to the profile from multiple sessions. Another option allows you to change the naming scheme for the directories and VHDs if the default is not suitable.

Deleting or migrating existing profiles ^

As soon as the GPO is applied to the assigned computers and the first user logs in, FSLogix automatically creates a directory containing the VHD(X) for that user's profile. However, if the user has logged on to this computer in the past, so that a profile already exists, FSLogix terminates this operation.

If a conventional profile already exists for the user, FSLogix terminates container initialization

If a conventional profile already exists for the user, FSLogix terminates container initialization

As a result, the event log will show an entry with an error code of "0," but a reason code of "3." The same information and further details about a session can also be found in the registry, which can be extracted with PowerShell as follows:

FSLogix writes detailed information about the sessions into the registry

FSLogix writes detailed information about the sessions into the registry

As you can see on this page with the status codes, reason code "3" stands for REASON_LOCAL_PROFILE_EXISTS. For this scenario, you could activate the GPO setting Delete local profile when FSLogix Profile should apply. This setting should be used with caution.

In most cases, however, you will not want to delete existing profiles; instead, you'll want to migrate them to the Profile Container. For this task, the command line tool frx.exe supports the copy-profile switch. The tool is located in the program directory of FSLogix. You pass it the name of the user and the VHD(X) file. Be sure to adhere to the scheme you defined in the group policy. By default, this is "Profile_<username>.vhdx."

In addition, it is a good idea to configure the virtual drive as dynamic, so that it can grow with the increasing amount of data:

Migrate existing profiles into a VHD(X) container with frx.exe

Migrate existing profiles into a VHD(X) container with frx.exe

If you try to create the VHD(X) directly on the network drive, you may end up with an opaque error message. If you generate it locally, then you copy it to the FSLogix storage, to a directory that also complies with the naming convention. By default, this is "SID_<username>".

If you have a large number of user profiles, you can automate this process by using PowerShell to retrieve the SID with Get-ADUser.

If the permissions are set correctly, the Profile Container should be mounted the next time the user logs in and should contain all migrated data.

Keep selected directories in the local profile ^

By default, FSLogix redirects all directories except temp and the IE cache to the Profile Container. If you want to exclude certain folders, for example because you prefer to store their contents on a file server using folder redirection, then you define them in an XML file. Its structure is relatively simple and is described here.

To assign such a redirection.xml to the respective profiles, there is a separate setting in the group policies, called Provide RedirXML file to customize redirection. Specify the path to the configuration file, which is usually stored on a network share.

Conclusion ^

FSLogix Profile Containers are a much better solution for many environments than roaming profiles or user profile disks. This is especially true for RD Session Hosts, where the use of FSLogix is already covered by the Client Access Licenses.

The installation and configuration of the tool is quite simple because it uses only common Windows techniques such as user groups, GPOs, or file shares in addition to its own agent.

Are you an IT pro? Apply for membership!

Your question was not answered? Ask in the forum!

0
Share
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account