CA-Microsoft-WVD_ARM-Workshop

Start / Configure FSLogix

Configure FSLogix

We will configure the FSLogix on Domain Level in this step.

In this step, you will:

  • Configure Profile datadisk & Profile share on the DC
  • Install & configure FSLogix GPO’s on the DC

Configure Profile datadisk & Profile share on the DC

  1. Sign in on the Azure Portal with your credentials.

  2. Go to Virtual Machines, select adVM, select Disks & click on + Add data disk
    Add data disk

  3. In the dropdown, select Create disk
    Create disk

  4. Enter adVM_DataDisk-FSLogix as diskname, change the size to 128GB Premium SSD & click on Create
    Create managed disk

  5. Change the Host Caching to None and click on Save
    Save managed disk

  6. RDP to your DC (See Step 2 how to connect)

  7. Open a Run box (Windows-Key + r), type in diskmgmt.msc and hit Enter

  8. The Disk Management will popup a Initialize Disk window.
    Keep the default settings (MBR) and Click OK

  9. Right-Click the Unallocated volume and click on New simple volume

  10. Go through the wizard:
    • Keep Maximum Size available
    • Change drive letter to P (profiles)
    • Change File System to ReFS
    • Change Allocation Size to 64K
    • Change Volume Label to Profiles
    • Make sure Quick Format is enabled
    • Click Finish at the end
  11. Create a new folder on the P-drive: FSLogix-Profiles

  12. Change permissions on the folder to this Best Practice from FSLogix:
User Account Folder Permissions
Users This Folder Only Modify
Creator/Owner Subfolders and Files Only Modify
Administrators This Folder, Subfolders, and files Full Control
Domain Admins This Folder, Subfolders, and files Full Control
  1. Share the folder to all Domain Users using this Powershell cmdlet:
    New-SmbShare -Name "FSLogix-Profiles$" -Path "P:\FSLogix-Profiles" -FullAccess "Domain Admins" -FolderEnumerationMode AccessBased -ChangeAccess "Domain Users" -CachingMode None
    

Install & configure FSLogix GPO’s on the DC

  1. Download the FSLogix installer zipfile (containing the GPO’s)
    Extract the zipfile
    Copy the policy files to the PolicyDefinitions folder.
    This can be done using Powershell:
    $url = "https://aka.ms/fslogix_download"
    $destination = "c:\temp\fslogix.zip"
    New-Item -Path "c:\" -Name "Temp" -ItemType "directory" -ErrorAction SilentlyContinue
    Import-Module BitsTransfer
    Start-BitsTransfer -Source $url -Destination $destination -Priority High
    Expand-Archive -LiteralPath $destination -DestinationPath c:\temp\fslogix
    Copy-Item -Path "C:\temp\fslogix\fslogix.admx" -Destination "C:\Windows\PolicyDefinitions\"
    Copy-Item -Path "C:\temp\fslogix\fslogix.adml" -Destination "C:\Windows\PolicyDefinitions\en-US\"
    
  2. Open a Run box (Windows-Key + r), type in gpmc.msc and hit Enter

  3. Create a new Policy Object (below Group Policy Objects from your domain) and name it FSLogix - Default Policy.
    Apply these settings:
    Create FSLogix Policy

  4. Create a new Organizational Unit named WVD Sessionhosts
    Move all Sessionhosts to the new OU
    FSLogix Sessionhost OU

  5. Apply the FSLogix - Default Policy policy to the new OU
    Apply FSLogix policy on OU

  6. Reboot all WVD servers for the policy to apply.
    This can be done using this Powershell oneliner, causing the Windows FW to be disabled (for ping) & reboot server
    Get-ADComputer -Filter 'Name -like "wvd-t-*"' | Select-Object DNSHostName | foreach { Invoke-Command -ComputerName $_.DNSHostName -ScriptBlock {Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False} ; Restart-Computer 
    -ComputerName  $_.DNSHostName; }
    Get-ADComputer -Filter 'Name -like "wvd-p-*"' | Select-Object DNSHostName | foreach { Invoke-Command -ComputerName $_.DNSHostName -ScriptBlock {Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False} ; Restart-Computer -ComputerName  $_.DNSHostName; }
    

    Tip You can check for the reboot using “ping wvd-t-pool-0 -t”

Test FSLogix Profile containering

  1. Start user sessions to the Full Desktop using DemoUser001, 003 & 004 one-by-one.

  2. Check on de adVM under the P:\FSLogix-Profiles if you can see folders for each user
    Each folder should have a VHDX file for the user.
    Also check the Permissions on the folders to verify the permissions

  3. Check the Sessionhost, under the folder C:\Users.
    Each user, connected to that Sessionhost, should have two folders: <Username> & local_<Username>