Installation FSLogix on Citrix Virtual Apps

/ By
Installation FSLogix Profile and Cache Disk in a Citrix Environment

Configuring user profiles and making sure all settings are saved, can sometimes be challenging. Especially when using UPM in Citrix Virtual Apps and Desktops environments (CVAD). We can manage user profiles in three ways: local, roaming, and mandatory profiles. But, you can also handle user profiles with newer technology like profile containers, which redirect user profiles to a network location. Profiles are stored as virtual disks and are mounted on the operating system at the time of execution, minimizing the file copy required to get the profile up and running.

We recommend our customers step away from UPM and use FSLogix containers. New technologies emerge over time and user profiles become more complex, such as with storage of Outlook OST files and OneDrive caches. This adds complexity to the configurations needed for virtual desktop environments.

Microsoft Licensing Pre-requisites for Installing FSLogix

  • Microsoft 365 E3/E5
  • Microsoft 365 A3/A5/ Student Use Benefits
  • Microsoft 365 F1/F3
  • Microsoft 365 Business
  • Windows 10 Enterprise E3/E5
  • Windows 10 Education A3/A5
  • Windows 10 VDA per user
  • Remote Desktop Services (RDS) Client Access License (CAL)
  • Remote Desktop Services (RDS) Subscriber Access License (SAL)
  • Azure Virtual Desktop per-user access license

FSLogix solutions may be used in any public or private data center, as long as the user is properly licensed. 

Installation FSLogix on Server or Desktop

You can download FSLogix here.

  • Use the FSLogixAppsSetup.exe
  • Accept the license terms and conditions and click on Install

We still need to configure the security groups we will create in the next step.

Create Security Groups and Network share

Create a separate volume (the size of the volume depends on the number of users) without VSS on an existing or dedicated file server. On average, a Profile Container is 5G, and the size of the Office Container depends on which cache you would like to use and the capacity of your environment. If you plan to use cache for Office OST files and OneDrive, the Office container could increase to be very large.

Note: Users with a Microsoft 365 subscription, get 1Tb of free storage for OneDrive. Depending on the environment, you can change the user’s OneDrive storage space.

  • Open AD Users and Computers and create two groups
    • AD FSLogix Include List
    • AD FSLogix Exclude List
  • Add the security group Domain Admins to the FSLogix Exclude List group
  • Now configure the AD security groups for FSLogix on the local machine
  • Right-click on Start and click on Computer Management
  • Go to Local Users and Computers and select Groups
  • Now we need to add the AD FSLogix groups to the local security groups of FSLogix
  • Add the AD FSLogix Include and Exclude groups to the same Include and Exclude local groups
  • Now seal the Golden Image

We will now proceed with the configuration on the fileserver.

  • Create a new volume with the name FSLogix on the fileserver
  • Create a Profiles folder
  • Right-click on the Profiles folder and choose properties
  • Click on the Sharing tab -> Advanced Sharing and create a share for this folder
  • Grant Authenticated Users Full Access
  • Now click on the Security tab to configure the NTFS permissions and click on Advanced
  • Now click on Disable inheritance and click on Convert inherited permissions into explicit permissions on this object
  • Remove both Users groups
  • Click on Add to add the AD FSLogix Include security group
  • Select Principal and add the group
  • Set Applies to: This folder only
  • Set basic permissions to Modify
  • Click on Show advanced permissions to specify any additional settings if needed
  • Click Ok to finish

FSLogix ADMX templates and Policies

Copy the file “fslogix.admx” file (from the ZIP file) to the PolicyDefinitions folder \domain\sysvol. Copy the “fslogix.adml” file to the PolicyDefinitions\en-us\ folder in the same location. Which policies you need to apply really depends on the intended use of FSLogix. We do need to set the basic settings for FSLogix, so let’s proceed.

Configure Profile Container GPO:

  • Open Group Policy Management
  • Create a new GPO or use an existing GPO and edit this GPO
  • Go to Computer Configuration -> Administrative Templates -> FSLogix -> Profile Containers
    • Profile Type Enabled
      • Read-write-profile
    • Store search database in profile container Enabled
    • Enabled Enabled
    • VHD location (the Profiles folder share we created earlier)
      • Example for SBC environment: \\(DFS) or (server)\Profiles\%username%\SBC (on the first login, the SBC folder will be created)
    • Dynamic VHD(X) allocation Enabled
    • Delete local profile when FSLogix Profile should apply Enabled
    • Size in MBs Enabled (this setting is optional. My advice is to set it to 5G, so you will be triggered if something is wrong with abnormal user profile settings)
  • Go to Computer Configuration -> Administrative Templates -> FSLogix -> Profile Containers -> Advanced
    • Provide RedirXML file to customize redirections Enabled
      • Example: \\(DFS) or (server)\Profiles (root of the share)
  • Go to Computer Configuration -> Administrative Templates -> FSLogix -> Profile Containers -> Container and Directory Naming
    • Virtual Disk Type VHDX
    • No containing folder Enabled

Example file for redirection.xml:

<?xml version="1.0" encoding="UTF-8"?>

<FrxProfileFolderRedirection ExcludeCommonFolders="###VALUE###">

<Excludes>
	<Exclude Copy="0">Videos</Exclude>
	<Exclude Copy="0">Saved Games</Exclude>
	<Exclude Copy="0">Contacts</Exclude>
	<Exclude Copy="0">Searches</Exclude>
	<Exclude Copy="0">Citrix</Exclude>
	<Exclude Copy="0">Tracing</Exclude>
	<Exclude Copy="0">Music</Exclude>
	<Exclude Copy="0">$Recycle.Bin</Exclude>
	<Exclude Copy="0">AppData\LocalLow\Adobe</Exclude>
	<Exclude Copy="0">AppData\LocalLow\Microsoft</Exclude>
	<Exclude Copy="0">AppData\Local\Apps</Exclude>
	<Exclude Copy="0">AppData\Local\Downloaded Installations</Exclude>
	<Exclude Copy="0">AppData\Local\assembly</Exclude>
	<Exclude Copy="0">AppData\Local\CEF</Exclude>
	<Exclude Copy="0">AppData\Local\Comms</Exclude>
	<Exclude Copy="0">AppData\Local\Deployment</Exclude>
	<Exclude Copy="0">AppData\Local\FSLogix</Exclude>
	<Exclude Copy="3">AppData\Local\Packages</Exclude>
	<Exclude Copy="0">AppData\Local\VirtualStore</Exclude>
	<Exclude Copy="0">AppData\Local\CrashDumps</Exclude>
	<Exclude Copy="0">AppData\Local\Package Cache</Exclude>
	<Exclude Copy="0">AppData\Local\D3DSCache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\TokenBroker\Cache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Notifications</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Internet Explorer\DOMStore</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Internet Explorer\Recovery</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\MSOIdentityCRL\Tracing</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Messenger</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Terminal Server Client</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\UEV</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\Application Shortcuts</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\Mail</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\WebCache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\WebCache.old</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\AppCache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\Explorer</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\GameExplorer</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\DNTException</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\IECompatCache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\iecompatuaCache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\Notifications</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\PRICache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\PrivacIE</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\RoamingTiles</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\SchCache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\Temporary Internet Files</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\0030</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Windows\1031</Exclude>
	<Exclude Copy="0">AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat</Exclude>
	<Exclude Copy="0">AppData\Roaming\Microsoft\Document Building Blocks</Exclude>
	<Exclude Copy="0">AppData\Roaming\Microsoft\Windows\Network Shortcuts</Exclude>
	<Exclude Copy="0">AppData\Roaming\Microsoft\Windows\Printer Shortcuts</Exclude>
	<Exclude Copy="0">AppData\Roaming\ICAClient\Cache</Exclude>
	<Exclude Copy="0">AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer</Exclude>

	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\BrowserMetrics</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Code Cache\js</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\GPUCache</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Application Cache</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\GPUCache</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\CertificateRevocation</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\CertificateTransparency</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Crashpad</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\FileTypePolicies</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\InterventionPolicyDatabase</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\MEIPreload</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\PepperFlash</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\OriginTrials</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\pnacl</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Safe Browsing</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\ShaderCache</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\SSLErrorAssistant</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Subresource Filter</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\SwReporter</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\WidevineCdm</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\JumpListIcons</Exclude>
	<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld</Exclude>

	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\BrowserMetrics</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Default\GPUCache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Default\Application Cache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\CertificateRevocation</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\CertificateTransparency</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Crashpad</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\FileTypePolicies</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\InterventionPolicyDatabase</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\MEIPreload</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\PepperFlash</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\OriginTrials</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\pnacl</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Safe Browsing</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\ShaderCache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\SSLErrorAssistant</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Subresource Filter</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\SwReporter</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\WidevineCdm</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Default\JumpListIcons</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsOld</Exclude>

	<Exclude Copy="0">AppData\Local\SquirrelTemp</Exclude>
	<Exclude Copy="0">AppData\Local\OneDrive\cache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\OneNote\16.0\cache</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Office\SolutionPackages</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Office\16.0\Lync\Tracing</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Teams\Current\Locales</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Teams\Packages\SquirrelTemp</Exclude>
	<Exclude Copy="0">AppData\Local\Microsoft\Teams\current\resources\locales</Exclude>
	<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Service Worker\CacheStorage</Exclude>
	<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Application Cache</Exclude>
	<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Cache</Exclude>  
	<Exclude Copy="0">AppData\Roaming\Microsoft Teams\Logs</Exclude>
	<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\media-stack</Exclude>

	<Exclude Copy="0">AppData\LocalLow\Sun\Java\Deployment\cache</Exclude>
	<Exclude Copy="0">AppData\LocalLow\Sun\Java\Deployment\log</Exclude>
	<Exclude Copy="0">AppData\Local\Sun</Exclude>
	<Exclude Copy="0">AppData\Roaming\Sun\Java\Deployment\cache</Exclude>
	<Exclude Copy="0">AppData\Roaming\Sun\Java\Deployment\log</Exclude>
	<Exclude Copy="0">AppData\Roaming\Sun\Java\Deployment\tmp</Exclude>

	<Exclude Copy="0">AppData\Local\Citrix\Citrix Files\PartCache</Exclude>

	<Exclude Copy="0">AppData\Local\Citrix\SelfService\CitrixWebControlCache\Cache</Exclude>
	<Exclude Copy="0">AppData\Local\Citrix\SelfService\CitrixWebControlCache\Service Worker\CacheStorage</Exclude>
</Excludes>

<Includes>
	<Include Copy="3">AppData\Local\Microsoft\Office\16.0\Licensing</Include>
	<Include Copy="3">AppData\Local\Microsoft\Credentials</Include>
	<Include Copy="3">AppData\Local\Microsoft\Outlook\RoamCache</Include>
</Includes>

</FrxProfileFolderRedirection>
  • Go to Computer Configuration -> Administrative Templates -> FSLogix -> Profile Containers -> Container and Directory Naming
    • Virtual disk type Enabled
    • No containing folder Enabled

Configure Office Container GPO:

  • Open Group Policy Management
  • Create a new GPO or use an existing GPO and edit this GPO
  • Go to Computer Configuration -> Administrative Templates -> FSLogix -> Office 365 Containers
    • Include Office activation in container Enabled
    • Include Outlook data in container Enabled
    • Size in MBs Enabled (this setting is optional. The size depends on the needs of the user and capacity of the storage environment)
    • VHD location (the Profiles folder share we created earlier)
      • Example for SBC environment: \\(DFS) or (server)\Profiles\%username%\Office (on the first login, the Office folder will be created)
    • Include OneDrive in data folder Enabled
    • Virtual disk type Enabled (VHDX)
    • Include SharePoint data in container Enabled
    • Enabled Enabled
    • Include Outlook personalization data in container Enabled
    • Store search database in Office 365 container Disabled
    • Set Outlook cached mode on succesful container attach Enabled (mailbox in Office 365)
    • Dynamic VHD(X) allocation Enabled
    • Include OneNote data in container Enabled
    • Include Teams data in container Enabled
    • Include Skype data in container Enabled
  • Go to Computer Configuration -> Administrative Templates -> FSLogix -> Office 365 Containers -> Cotainer and Directory Naming
    • Swap directory name components Enabled

FSLogix Shrink script

FSLogix Profile and O365 virtual hard disks are in VHD(X) file format. By default, the disks created will be in Dynamically Expanding format rather than Fixed format. If the FSLogix storage use on the volume is expanding, there is a way to maintain the increase. You can download a script here from GitHub to shrink the FSLogix containers (cleaning up a VHD(X) file by deleting data from the container will not shrink the VHD(X) file).

Summary

You have now set up and configured FSLogix in a Citrix environment. The settings provided are settings I use for most of my customers. Which settings you should use, can differ per customer. I hope I was able to provide some useful steps. If you have any questions, please let me know.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top