Disable UPD for administrator account on RDS Farm

Anonymous
2024-05-24T13:02:30+00:00

Hello Guys, I need your help. I have RDS Farm deployment and I used User Profile Disk for all users. Right now the problem is when administrator try to login to more than one RDS host he gest temporary profile error. I need to exclude administrator from using UPD and keep their profile locally. Any help please

Windows for business | Windows Server | User experience | Remote desktop services and terminal services

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Anonymous
    2024-05-26T18:00:40+00:00

    Hello,

    To exclude the administrator account from using the user profile disk in an RDS deployment, you can try the following steps:

    First, open Remote Desktop Services in Server Manager. Navigate to the collection you are using and click "Properties" to edit it. In the collection properties, go to the "User Profile Disks" tab and specify which users or groups should have the user profile disk.

    Then, use Group Policy to specify the users/groups to include or exclude to complete the exclusion.

    For Group Policy, the general configuration direction is as follows:

    1. From the Group Policy Management Editor, navigate to the following path:

    Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Profiles.

    1. Find the setting "Set the path for Remote Desktop Services roaming user profiles" and double-click it to edit the policy setting. Set it to "Enabled" and enter the roaming profile path you want standard users to use. Click "OK" to apply the setting.
    2. To ensure that the policy does not affect administrators, you need to use security filtering. In the Scope tab of the GPO, find the "Security Filtering" section. Delete the "Authenticated Users" group. Add a new security group that includes all Remote Desktop Services (RDS) users, but excludes administrators.
    3. After configuring the GPO, force an update of Group Policy using the "gpupdate /force" command (run on the RDS server) or simply wait for the next automatic policy refresh. Then, test logging on as an administrator to ensure that roaming profiles are not applied.

    Note: Be careful when editing GPOs, as incorrect settings can affect your entire domain. Always test new settings on a limited scale before putting them into production, and consider creating a backup of existing GPOs before making changes.

    I hope this helps.

    Best regards,

    Jacen Wang

    0 comments No comments
  2. Anonymous
    2024-05-27T09:16:57+00:00

    Thank you for reply. But this solution will not exclude administrators. It will exclude other users. I need to exclude UPD only for administrators

    0 comments No comments
  3. Anonymous
    2024-05-28T06:55:41+00:00

    For your information I follow your proposed solution but still not working. I still have Temp profile for administrator

    0 comments No comments
  4. Anonymous
    2024-06-11T14:41:16+00:00

    Hello, please ensure that the GPO is correctly configured to apply only to the specific user groups you defined and not to administrators. If multiple group policies exist, make sure the precedence is set correctly. Use the "gpresult /R" command to check which policies are being applied to the administrator account.

    Since you are using an RDS collection, double-check the collection properties to ensure that the UPD is not configured to be attached to all users without exception, including administrators. Also check the NTFS and share permissions of the folder where the UPD is stored.

    0 comments No comments
  5. Anonymous
    2024-09-04T16:01:19+00:00

    Hello,

    ...

    First, open Remote Desktop Services in Server Manager. Navigate to the collection you are using and click "Properties" to edit it. In the collection properties, go to the "User Profile Disks" tab and specify which users or groups should have the user profile disk.

    ...

     

     

    Best regards,

    Jacen Wang

    Where are you seeing a place to specify which users or groups should have the user profile disk? I have an RDS in Azure running Server 2022 Datacenter.

    When I go to the Session Collection -> User Profile Disks tab I have

    a tick box for Enable user profile disks

    Location:

    \myserver\myshare

    Maximum size in GB

    50

    User profile disks data settings

    (o) Store all user settings and data on the user profile disk

    Exclude the following folders (Add button and remove button)

    (o) Store only the following folders on the user profile disk

    All other folders in the user profile will not be preserved

    Contacts

    Desktop

    Documents

    ..

    ..

    ..

    Include the following folders:

    (Add button and remove)

    My "User Groups" tab in the Session Collection properties specifies a single Security group with just a few users in it, but anyone and everyone who logs on to the server, whether by RDP, or via a console logon, get's a User Profile Disks. Ideally, I want only the members of that Security group to have user profile disks, and everyone else to have a local profile in c:\users

    Thanks

    Mike

    1 person found this answer helpful.
    0 comments No comments