Configure object specific container settings

Configuration settings for profile containers and ODFC containers are applied at the computer or virtual machine level. These system-wide settings can be overridden using the object specific settings that apply to individual users or groups. Using object specific settings allows an organization to have a baseline configuration while providing a more unique or granular setting for a specific user or group.

Setting prioritization:

1. Object specific (user)
2. Object specific (group)
3. System-wide settings (default)

Note

• Object specific settings can't be configured using Group Policy template files.
• Object specific settings don't support Microsoft Entra ID (cloud-only identities).

Use PowerShell to translate user or group names to security identifiers (SID)

From any Active Directory (AD) domain joined computer, you can use PowerShell to translate a given domain and user or group name to the SID value.

1. Sign in to an AD joined computer or virtual machine.

2. Select Start.

3. Type notepad directly into the Start Menu.

4. Select Notepad from the Start Menu.

   

5. Copy the PowerShell code to Notepad.

       $DomainName = "%domainname%"
       $Username = "%username%"
       $UserObject = New-Object System.Security.Principal.NTAccount($DomainName,$Username)
       $UserObject.Translate([System.Security.Principal.SecurityIdentifier]).Value
   

   

6. Replace the values for $DomainName and $Username with your own values.

7. Select Start.

8. Type powershell directly into the Start Menu.

9. Select Windows PowerShell from the Start Menu.

   

10. Copy the edited syntax into the PowerShell window.

    • If there's a warning dialog when pasting into Windows PowerShell, Select Paste anyway.

      

11. Press Enter to see the SID for the user or group.

    

Create an object specific setting for VHDLocations

Note

This is one example for an object specific configuration. Any of the settings for profiles or ODFC can be created under an object specific configuration.

Using an object specific VHDLocations setting allows specific users or groups to create and mount their profiles from various SMB file shares.

1. Sign in to the virtual machine as the local Administrator account or an account that is a member of the local Administrators group.

2. Type registry editor in the Search box.

3. Select Registry Editor from the Start Menu.

   

4. Go to:

   • HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles (profile container)
   • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC (ODFC container)

   

5. Select Edit -> New -> Key.

   

6. Type ObjectSpecific and press Enter.

7. Select Edit -> New -> Key again.

8. Type or paste the SID from step 11 in Use PowerShell to translate user or group names to security identifiers (SID).

9. Select the new Key with the SID value.

10. Create a new REG_SZ Value Name for VHDLocations.

    

You can verify that the setting is taking effect by examining the log files. Search the log file for the ObjectSpecific key word and locate the entry showing the configuration was read successfully.

Example:

Configuration Read (REG_SZ): SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-1-5-21-0000000000-0000000000-0000000000-1234\VHDLocations. Data: \\<server-name>\<share-name>