Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
An upcoming change to Windows, included in the April 2026 Windows Server update, the default Kerberos encryption type is changing from RC4 to AES-SHA1.
File shares hosting FSLogix containers that aren't upgraded to AES-SHA1 might have access issues after this change is applied. To avoid disruption, complete the upgrade to AES-SHA1 before installing the update.
Customers who have already upgraded to AES-SHA1 aren't affected.
For more information, see the FSLogix blog: Action required: Windows Kerberos hardening (RC4) may affect FSLogix profiles on SMB storage.
FSLogix provides four (4) local groups to granularly control which users or groups are processed by the FSLogix service. Each type of container has a respective include and exclude group. The exclude groups have no members by default. The include groups automatically include the Everyone group.
Use cases:
- You don't want your administrator accounts to use FSLogix.
- You only want FSLogix to apply to a specific group of users.
- You want to prevent a specific group of users from using FSLogix.
- Used for pilot or 'proof-of-concept' programs.
Figure 1: Computer Management Local Groups
Default include group members
Tip
Checking the include and exclude group members is a good start when troubleshooting a user's container fails to attach or signs in with a temp or local profile.
Figure 2: Default group memberships