Hello,
To exclude the administrator account from using the user profile disk in an RDS deployment, you can try the following steps:
First, open Remote Desktop Services in Server Manager. Navigate to the collection you are using and click "Properties" to edit it. In the collection properties, go to the "User Profile Disks" tab and specify which users or groups should have the user profile disk.
Then, use Group Policy to specify the users/groups to include or exclude to complete the exclusion.
For Group Policy, the general configuration direction is as follows:
- From the Group Policy Management Editor, navigate to the following path:
Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Profiles.
- Find the setting "Set the path for Remote Desktop Services roaming user profiles" and double-click it to edit the policy setting. Set it to "Enabled" and enter the roaming profile path you want standard users to use. Click "OK" to apply the setting.
- To ensure that the policy does not affect administrators, you need to use security filtering. In the Scope tab of the GPO, find the "Security Filtering" section. Delete the "Authenticated Users" group. Add a new security group that includes all Remote Desktop Services (RDS) users, but excludes administrators.
- After configuring the GPO, force an update of Group Policy using the "gpupdate /force" command (run on the RDS server) or simply wait for the next automatic policy refresh. Then, test logging on as an administrator to ensure that roaming profiles are not applied.
Note: Be careful when editing GPOs, as incorrect settings can affect your entire domain. Always test new settings on a limited scale before putting them into production, and consider creating a backup of existing GPOs before making changes.
I hope this helps.
Best regards,
Jacen Wang