User Profile Disks (Group Policy not applying future changes)

Glen Harrison 1 Reputation point
2022-01-31T13:34:53.75+00:00

Hi Everyone,

We use FSLogix profile disks for our RDS servers which have been running great for a number of years. Recently we want to start using these for our windows 10 clients.

The issue we have found is that if a brand new user without a profile disk logs into RDS, then later on logs into windows 10 the GPOs for windows 10 don't apply. The same in reverse, where if someone first logs into windows 10, and then RDS, the group policy for RDS doesn't apply.

In testing, we have learnt that it doesn't matter what they are logging into, once they have a profile disk created, future policy changes don't get applied.

Same as this - https://social.technet.microsoft.com/Forums/ie/en-US/6bcc7897-e2fa-4d8a-a3b6-9e209a866f0f/group-policy-issues-when-using-user-profile-disks?forum=winserverTS

One idea I had was to add an exclusion in redirections.xml like this:

<Exclude>AppData\Local\GroupPolicy</Exclude>

but my users take long enough logging in as it is without it taking longer. Maybe some optimizations?

any ideas?

Thanks

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,955 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,451 questions
FSLogix
FSLogix
A set of solutions that enhance, enable, and simplify non-persistent Windows computing environments and may also be used to create more portable computing sessions when using physical devices.
471 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,471 Reputation points
    2022-02-04T10:52:48.233+00:00

    Hello

    Thank you for your question and reaching out.

    I can understand you are facing issue with GPO in RDS environment,

    You can Loopback Policy processing. Move the RDS server to a new OU. Link your GPO to this OU. Configure Loopback Policy processing in this GPO to Replace or Merge mode (depending on whether you want to replace the users normal GPO settings with these GPO settings or merge the users normal GPO settings with these settings). I suspect you'll want Merge mode.

    Now when a user logs on to the RDS server the User Configuration settings from the GPO linked to this OU will apply in addition to or in replacement of the users normal GPO settings. This way the drive restriction is only effective when logging on to the RDS server and not on their workstations.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/apply-group-policy-objects-terminal-services

    ------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments