• GPOZaurr and other tools help you with consolidation in the short-to-medium term, but as you move forward, there are other changes you can make that will make things much simpler and easier to manage. To make a significant difference to these user KPIs, there are two areas that must be concentrated on—folder redirection and loopback policy processing.

  • GPOZaurr from Evotec IT is a PowerShell module that is very useful for consolidating and managing Group Policy. In this post, I will demonstrate how you can use GPOZaurr to create Group Policy reports and deal with broken, disabled, invalid, or inapplicable GPOs.

  • In this series of three posts, I will discuss various tools that allow you to manage and consolidate your Group Policy environment. In today’s article, I will make some general remarks and take a look at two useful GPO tools: Get-GpoReport and Advanced Group Policy Management.

  • A popular topic in security circles these days is preventing lateral movement. Network segregation for admin tasks, or what Microsoft calls PAW—privileged access workstation—is key here.

  • In this article, you will learn about all the things you have to consider when configuring screen locking policies for Remote Desktop Session Host (RDSH) and Virtual Desktop Infrastructure (VDI) environments without affecting users.

  • James Rankin's profile was updated 1 year, 12 months ago

  • Microsoft’s OneDrive application is making large inroads into enterprises as the Enterprise File Share and Sync (EFSS) tool of choice. While it’s easy to get up and running on personal devices, managing the OneDrive experience for users at any sort of scale can be challenging, particularly where users have limited storage or if they operate in Remote Desktop Session Host or VDI environments. Another option Microsoft gives you to help with these problems is a feature called Storage Sense.

  • In my last post, I discussed the preparations and process of migrating to OneDrive with Known Folder Move (KFM). Today, I’ll walk you through the corresponding Group Policy settings.

  • Known Folder Move (KFM) is a set of Group Policy Objects (GPO) settings that attempt to migrate user data into the OneDrive Sync Client with a minimum of user and/or administrator intervention. Data are moved automatically into the user’s OneDrive storage, allowing the user to then access this data from any device that either has the OneDrive application installed or can access the OneDrive web client. This post outlines the preparations for KFM, and the next post covers the Group Policy settings for the OneDrive Sync Client.

  • James Rankin changed their profile picture 2 years, 2 months ago

  • In Remote Desktop Session Host (RDSH) environments, such as Citrix, VMware Horizon, Parallels, or Windows Virtual Desktop, adopting OneDrive can often bring a unique set of challenges. Microsoft now recommends the use of their FSLogix solution to help address these challenges by providing a “local” cache essentially mounted to a remote container.

  • FSLogix would definitely help you get around this issue, but obviously it has a dollar value attached to it 🙂 Feel free to hit me up if you want more info

  • Microsoft deprecated the “TileDataLayer” model in the Windows 10 1703 Creators Update. In this post, I describe a hack that allows you to work with Start Tiles in roaming user profiles.

  • A Group Policy Object (GPO) has always allowed administrators to exclude folders from a roaming profile but not include them. I’d always assumed that the functionality of a roaming profile was more or less hardcoded, whereby it only captured data from AppDataRoaming. However, I have to admit I was mistaken, and I give big thanks to Raphael Schulz for pointing this out to me.

  • When you see the temp profile, is there a file lock for the VHD file showing on the file server?

  • It sounds like the server with the file share might not be fully patched. We had that issue very early on in testing but a patch remedied it.

    Are you using a Windows file server and is it fully patched? If not, it might be worth doing the patching or testing a Windows SMB file share for this…

  • Thanks Per, that’s saved me a job! 🙂 I will write an updated article in future and credit you for the findings.



  • Sorry, I can’t seem to recreate the error you are having. UPD is supported in this way when using it for VDI, so you may be able to get Microsoft support to help.

    This does, however, bear out my point at the end of the article that UPD is a temperamental product. If you’re looking to deploy this in a production environment, FSLogix Profile Containers may well be worth looking into.



  • I was going to do a follow-up article around this…

    On Server 2012 R2, if you enable this, there are options for the UPD that allow you to exclude folders. I’m assuming these translate to Registry keys. So if you exclude certain folders on the Server UPD and then search the Registry for these folders you should find the exclusion keys.

    Apologies if this is a bit fiddly – hopefully I might be able to track them down and do a follow-up article by the end of the week or so.

  • Ah that may be the issue then. All my testing is done on Enterprise. The Pro edition is somewhat hobbled so may not have this available as a feature, per se.

  • Load More
© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account