FSLogix Admin Guide

Contents
FSLogix Documentation
Overview
What is FSLogix?
Tutorials
Configure Profile Container
Configure Office Container
Configure Cloud Cache
Implement Application Masking
Concepts
Cloud Cache for resiliency and availability
Profile Container content
Application File Containers
Profile Container vs. Office Container
How-to Guides
Install FSLogix Agent
Create and managing Application Masking Rules
Apply masking rules to users, groups, and other contexts
Create Java Version Control rules
Configure concurrent and multiple connections
Configure Search Roaming
Configure storage for Profile Containers and Office Container
Configure per-user or per-group
Configure device-based licensing
Use visibility reports for Application Masking
Troubleshoot FSLogix
Reference
Profile Container registry configuration reference
Office Container registry configuration reference
Cloud Cache registry configuration reference
FSLogix Command Line Utility
FSLogix Disk Management Utility
Logging and diagnostics
FSLogix status and error codes
FSLogix installed components and functions reference
What is FSLogix?
7/9/2019 • 2 minutes to read
FSLogix is a set of solutions that enhance, enable, and simplify non-persistent Windows computing environments.
FSLogix solutions are appropriate for Virtual environments in both public and private clouds. FSLogix solutions
may also be used to create more portable computing sessions when using physical devices.
FSLogix solutions include:
Profile Container
Office Container
Application Masking
Java Version Control
Heres what you can do with FSLogix solutions:
Maintain user context in non-persistent environments
Minimize sign in times for non-persistent environments
Optimize file IO between host/client and remote profile store
Native (Local) profile experience, eliminating many compatibility issues with solutions using visible redirection,
such as User Profile Disk (UPD ).
Simplify the management of applications and 'Gold Images'
Specify the version of Java to be utilized by specific URL and applications
Key capabilities
Redirect user profiles to a network location using Profile Container. Profiles are placed in VHD (X) files and
mounted at run time. It's common to copy a profile to and from the network, when a user signs in and out of a
remote environment. Because user profiles can often be large, sign in and sign out times often became
unacceptable. Mounting and using the profile on the network eliminates delays often associated with solutions
which copy files.
Redirect only the portion of the profile that contains Office data by using Office Container. Office Container
allows an organization already using an alternate profile solution to enhance Office in a non-persistent
environment. This functionality is useful with the Outlook .OST file.
Applications use the profile as if it were on the local drive. Because the FSLogix solutions use a Filter Driver to
redirect the profile, applications don't recognize that the profile is on the network. Obscuring the redirection is
important because many applications won't work properly with a profile stored on remote storage.
Profile Container is used with Cloud Cache to create resilient and highly available environments. Cloud Cache
places a portion of the profile VHD on the local hard drive. Cloud Cache also allows an administrator to specify
multiple remote profile locations. The Local Cache, with multiple remote profile containers, insulates users from
network and storage failures.
Application Masking manages access to an application, font, printer, or other items. Access can be controlled by
user, IP Address range, and other criteria. Application Masking significantly decreases the complexity of
managing large numbers of gold images.
Requirements
You are eligible to access FSLogix Profile Container, Office 365 Container, Application Masking, and Java
Redirection tools if you have one of the following licenses:
Microsoft 365 E3/E5
Microsoft 365 A3/A5/ Student Use Benefits
Microsoft 365 F1
Microsoft 365 Business
Windows 10 Enterprise E3/E5
Windows 10 Education A3/A5
Windows 10 VDA per user
Remote Desktop Services (RDS ) Client Access License (CAL )
Remote Desktop Services (RDS ) Subscriber Access License (SAL )
FSLogix solutions may be used in any public or private data center, as long as a user is properly licensed. FSLogix
tools operate on all operating systems newer than, and including:
Desktop - Windows 7
Server - 2008 R2
FSLogix solutions support both 32 bit and 64 bit where applicable
In no instance are FSLogix solutions supported in an environment that is not supported by Microsoft, or the
original software or equipment vendor
FSLogix solutions may have unique integration and advantages when used in conjunction with Windows Virtual
Desktop
Provide feedback
Visit the FSLogix forum to interact with the product team, support, and community participants.
Next steps
To get started, you'll need to download and install FSLogix then configure your environment for the desired
solution(s):
Install FSLogix

Tutorial: Configure Profile Container to redirect User
Profiles
Profile Container is a full remote profile solution for non-persistent environments. Profile Container redirects the
entire user profile to a remote location. Profile Container configuration defines how and where the profile is
redirected.
Profile Container is inclusive of the benefits found in Office Container.
When using Profile Container, both applications and users see the profile as if it's located on the local drive.
In this tutorial, learn how to:
Configure Profile Container Registry Settings
Set up Include and Exclude User Groups
Prerequisites
Before configuring Profile Container:
Verify that you meet all entitlement and configuration requirements
Download and install FSLogix Software
Consider the storage and network requirements for your users' profiles
Verify that your users have appropriate storage permissions where profiles will be placed
Profile Container is installed and configured after stopping use of other solutions used to manage remote
profiles
Exclude the VHD (X) files for Profile Containers from Anti Virus (AV ) scanning
Configure Profile Container Registry settings

The configuration of Profile Container is accomplished through registry settings and user groups. Registry
settings may be managed manually, with GPOs, or using alternate preferred methods. Configuration settings for
Profile Container are set in HKLM\SOFTWARE\FSLogix\Profiles.
Full Profile Container Registry Settings Reference
Create a Group Policy Object
These settings are required to enable Office Container and to specify the location for the profile VHD to be
stored. The minimum required settings to enable Profile Containers are:
VALUE TYPE CONFIGURED VALUE DESCRIPTION
Enabled (required setting) DWORD 1 0: Profile Containers

disabled. 1: Profile
Containers enabled
VHDLocations (required MULTI_SZ or REG_SZ A list of file system locations

setting) to search for the user’s
profile VHD(X) file. If one
isn't found, one will be
created in the first listed
location. If the VHD path
doesn't exist, it will be
created before it checks if a
VHD(X) exists in the path.
These values can contain
variables that will be
resolved. Supported
variables are %username%,
%userdomain%, %sid%,
%osmajor%, %osminor%,
%osbuild%,
%osservicepack%,
%profileversion%, and any
environment variable. When
specified as a REG_SZ value,
multiple locations can be
separated with a semi-colon.
VHDLocations may be replaced by CCDLocations when using Cloud Cache

These settings are often helpful when configuring Profile Container but are not required.

DeleteLocalProfileWhenVHD DWORD 0 0: no deletion. 1: delete local

ShouldApply profile if exists and matches
the profile being loaded
from VHD. NOTE: Use
caution with this setting.
When the FSLogix Profiles
system determines a user
should have a FSLogix
profile, but a local profile
exists, Profile Container
permanently deletes the
local profile. The user will
then be signed in with an
FSLogix profile.
FlipFlopProfileDirectoryNam DWORD 0 When set to ‘1’ the SID

e folder is created as
“%username%%sid%”
instead of the default
“%sid%%username%”. This
setting has the same effect
as setting
SIDDirNamePattern =
“%username%%sid%” and
SIDDirNameMatch =
“%username%%sid%”.
PreventLoginWithFailure DWORD 0 If set to 1 Profile Container

will load FRXShell if there's a
failure attaching to, or using
an existing profile VHD(X).
The user will receive the
FRXShell prompt - default
prompt to call support, and
the users only option will be
to sign out.
PreventLoginWithTempProfil DWORD 0 If set to 1 Profile Container

e will load FRXShell if it's
determined a temp profile
has been created. The user
will receive the FRXShell
prompt - default prompt to
call support, and the users
only option will be to sign
out.

There are often users, such as local administrators, that have profiles that should remain local. During installation,
four user groups are created to manage users who's profiles are included and excluded from Profile Container
and Office Container redirection.
By default Everyone is added to the FSLogix Profile Include List group.
Adding a user to the FSLogix Profile Exclude List group means that the FSLogix agent will not attach a FSLogix
profile container for the user. In the case where a user is a member of both the exclude and include groups,
exclude takes priority.
Profile Containers is now configured and ready to be used. In order to verify that Profile Container is working,
sign in as a user in the Included List group. Using File Manager, navigate to the location specified in
VHDLocations. Verify that a folder, with the user name and SID has been created.
Next Steps
Tutorial: Configure Office Container to redirect
Microsoft Office user data
Office Container redirects only areas of the profile that are specific to Microsoft Office, and is a subset of Profile
Container. Office Container enables and enhances the Microsoft Office experience in non-persistent
environments. Office Container will generally be implemented with another profile solution. Other solutions
must be configured to exclude the portions of the profile managed by Office Container.
When using Office Container, both applications and users see the portions of the profile managed by Office
Container as if they're located on the local drive.
All benefits of Office Container are automatic when using Profile Container. There is no need to implement
Office Container if Profile Container is your primary solution for managing profiles. Office Container could
optionally be used in conjunction with Profile Container, to place Office Data in a location separate from the rest
of the user's profile.
Configure Office Container Registry settings
Configure third party profile exclusions
Prerequisites
Before configuring Office Container:
Consider the storage and network requirements for your users' Office Containers
Verify that your users have appropriate storage permissions where Office Containers will be placed
Office Container is installed and configured only after configuring other profile solutions to exclude profile
areas managed by Office Container
Exclude the VHD (X) files for Office Container from Anti Virus (AV ) scanning
Configure Office Container Registry settings

The configuration of Office Container is accomplished through registry settings and user groups. Registry
settings may be managed manually, with GPOs, or using alternate preferred methods. Configuration settings for
Profile Container are set in HKLM\SOFTWARE\Policies\FSLogix\ODFC.
Full Office Container Registry Settings Reference
Create a Group Policy Object
These settings are required to enable Office Container and to specify the location for the profile VHD to be
stored. The minimum required settings to enable Office Container is:


Containers enabled

resolved. Supported
%osbuild%,
%osservicepack%,
VHDLocations may be replaced by CCDLocations when using Cloud Cache

These settings are often helpful when configuring Office Container but are not required.


from VHD. NOTE: Use
FSLogix profile.

as setting
SIDDirNamePattern =
SIDDirNameMatch =

to sign out.

out.
IncludeOneDrive DWORD 1 1: OneDrive cache is

redirected to the container.
0: OneDrive cache isn't
IncludeOneNote DWORD 0 1: OneNote notebook files

are redirected to the
container. 0: OneNote
notebook files aren't
IncludeOneNote_UWP DWORD 0 1: OneNote UWP notebook

files are redirected to the
container. 0: OneNote UWP
notebook files aren't
IncludeOutlook DWORD 1 1: Outlook data is redirected

to the container. 0: Outlook
data isn't redirected to the
container.
IncludeOutlookPersonalizati DWORD 1 1: Outlook personalization

on data is redirected to the
container. 0: Outlook
personalization data isn't
IncludeSharepoint DWORD 1 1: Sharepoint data is

0: Sharepoint data isn't
IncludeSkype DWORD 1 1: Skype for Business Global

Address List is redirected to
the container. 0: Skype for
Business Global Address List
isn't redirected to the
container.
IncludeTeams DWORD 0 1: Teams data is redirected

to the container. 0: Teams
data isn't redirected to the
container. NOTE: User will be
required to sign in to teams
at the beginning of each
session.
There are often users, such as local administrators, that have profiles that should remain local. During installation,
four user groups are created to manage users who's profiles are included and excluded from Profile Container
and Office Container redirection.
By default Everyone is added to the FSLogix ODFC Include List group.
Adding a user to the FSLogix ODFC Exclude List group means that the FSLogix agent will not attach a FSLogix
office container for the user. In the case where a user is a member of both the exclude and include groups, exclude
takes priority.
Office Containers is now configured and ready to be used. To verify Office Container is working, sign in as a user
included in the Include List group. Using File Manager, navigate to the location specified in VHDLocations. Verify
a folder, with the user name and SID has been created.
Configure third party exclusions

When the FSLogix Office Container is used with any other profile solution, exclusions must be configured. The
following folders must be excluded from handling by the third party profile solution, or errors may occur. It isn't
necessary to configure exclusions when Office Container with local profiles.
OneDrive
Exclude profile solution (except FSLogix Profile Container) syncing for the following directories (and
subdirectories):
Users<Username><OneDrive folder name>
This folder name depends on your Office 365 subscription, so it isn't a fixed name. If you have a
question what this folder name is, set HKLM\Software\FSLogix\Logging\LoggingEnabled = 2 and sign
out and back on. Then look in c:\programdata\fslogix\logs\odfc<find file with todays date>. In the log
file, search for "OneDrive folder is" and you'll see which folder needs to be excluded.
Users<Username>\AppData\Local\Microsoft\OneDrive
These exclusions fix the following warning found in the FSLogix Profile log when users logon: " is not your
original OneDrive folder"
Outlook
Exclude the following directory (and subdirectories):
\Users\<username>\AppData\Local\Microsoft\Outlook
Search
\Users\<username>\AppData\Roaming\FSLogix\WSearch
Skype for Business
\Users\<username>\AppData\Local\Microsoft\Office\16.0\Lync
"16.0" is specific to office 2016. This may change depending on the version of Office/Skype used, so the
exclusion may be different if using something other than Office 2016
Licensing
\Users<username>\AppData\Local\Microsoft\Office\16.0\Licensing
"16.0" is specific to office 2016. This may change depending on the version of Office used, so the
exclusion may be different if using something other than Office 2016
Microsoft UPD
Using Microsoft UPD disks currently requires use of the UPD 'include' mode configuration not the 'exclude'
mode configuration. UPD exclude mode isn't supported currently as it doesn't work correctly (November 15,
2018).
Next Steps
Tutorial: Configure Cloud Cache to redirect profile
containers or office container to multiple Providers
Cloud Cache is an optional add on to Profile Container and Office Container, understand Cloud Cache.
Full Configuration Settings for Cloud Cache are Here. For a full description of the purpose and use of Cloud
Cache, visit this page.
Configure Cloud Cache for SMB
Configure Cloud Cache for Azure Page Blobs
Protect Azure Keys with Credential Manager
Prerequisites
Make sure the requirements are met
Install FSLogix
Verify that users have appropriate access to network file storage
Configure Cloud Cache for SMB

Configuring Cloud Cache for Profile Container
All settings are applied here: HKLM\SOFTWARE\FSLogix\Profiles
Remove any setting for VHDLocations
Add (or verify)
REGISTRY VALUE TYPE VALUE
CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=

<\Location1\Folder1>;type=smb,conne
ctionString=<\Location2\folder2>
Enabled DWORD 1
<Location for Cloud Cache Provider>

Each Provider is separated by a ;
The sample value above is for two SMB Providers
Configuring Cloud Cache for Office Container
All settings are applied here: HKLM\SOFTWARE\Policies\FSLogix\ODFC
Add (or verify)

<\Location1\Folder1>;type=smb,conne
ctionString=<\Location2\folder2>
Enabled DWORD 1

Each provider is separated by a ;
The sample value above is for two SMB Providers
Configure Cloud Cache for Azure Page Blobs

Configuring Cloud Cache for Profile Container
All settings are applied here: HKLM\SOFTWARE\FSLogix\Profiles
Add (or verify)

<\FILESERVER\SharedFolder>;type=azu
re,connectionString=
<"DefaultEndpointsProtocol=https;Acc
ountName=myAccountName;AccountK
ey=myAccountKey;EndpointSuffix=myS
uffix">
Enabled DWORD 1

The sample value above is for one SMB Provider and one Azure Page Blob provider
Page Blob connection string should be enclosed in "" (see sample above)
These settings are used to create the Azure Connection String:
DefaultEndpointsProtocol=[http or https]
AccountName=myAccountName
AccountKey=myAccountKey
EndpointSuffix=mySuffix
More about Azure Connection Strings can be found here and here
Azure Account Keys are sensitive and may be protected using Credential Manager
Configuring Cloud Cache for Office Container
All settings are applied here: HKLM\SOFTWARE\Policies\FSLogix\ODFC
- Remove any setting for VHDLocations
Add (or verify)

<"DefaultEndpointsProtocol=https;Acc
ountName=myAccountName;AccountK
ey=myAccountKey;EndpointSuffix=myS
uffix">
Enabled DWORD 1

The sample value above is for one SMB Provider and one Azure Page Blob provider
Page Blob connection string should be enclosed in "" (see sample above)
These settings are used to create the Azure Connection String:
DefaultEndpointsProtocol=[http or https]
AccountName=myAccountName
AccountKey=myAccountKey
EndpointSuffix=mySuffix
More about Azure Connection Strings can be found here and here
Azure Account Keys are sensitive and may be protected using Credential Manager
Protect Azure Key with Credential Manager

FSLogix will read system credentials, from Windows Credential Manager, if they're saved with fslogix/ as a prefix.
To use credential manager to protect your Azure Account Key, with a credential named 'myAccountKey' a
SYSTEM key should be added as fslogix/myAccountKey. Protected keys are accessed within the connection string
using |key|.
The samples in the two Page Blob sections above would be updated using the sample below when using
Credential Manager.

<"type=smb,connectionString=\FILESE
RVER\SharedFolder;type=azure,connecti
onString="DefaultEndpointsProtocol=h
ttps;AccountName=myAccountName;A
ccountKey=|fslogix/myAccountKey|;End
pointSuffix=mySuffix">
Enabled DWORD 1
Any information that you would like to protect may be saved in Credential Manger, and accessed in this way. For
Instance, if you wanted to protect both the Account Name and the Account Key, then system keys could be created
for both and used in the connection string as described above.
There are a number of ways to use Credential Manger, and any will work with the Azure connection string,
provided that the credential is stored under the SYSTEM user. The credential type is “generic”, and the credential
name is prefixed with fslogix/.
frx.exe may be used to create, list and delete system keys.
COMMAND PARAMETERS RESULT
frx.exe add-secure-key -<key keyName> -<value keyValue> *Creates a key with a key name of
fslogix/<keyName> value of
fslogix/<keyValue>
frx.exe del-secure-key -key keyName *Deletes specified key
frx.exe list-secure-key Lists secure keys with fslogix/ prefix
* /fslogix is added automatically when using frx.exe, don't manually add /fslogix
Next Steps
Tutorial: Implement FSLogix Application Masking
Use Application Masking to manage user access of installed components. Application Masking may be used in
both physical and virtual environments. Application Masking is most often applied to manage non-persistent,
virtual environments, such as Virtual Desktops.
Create your first Rule Set
Test your Rule Set
Make Assignments for your Rule Set
Deploy your Rule Set
Prerequisites
Verify that Entitlement and other Requirements are met
Install FSLogix on all client machines that will use Application Masking
Install Application Masking Rules Editor on machines that administrators will use to create rules
Install all applications, printers, fonts, and other resources to be managed with Application Masking
Apply any organization-specific configuration for intended environments
Create your first Rule Set

Open the FSlogix Rules Editor
Click File then New to create a new Rule Set
Enter the name that you would like for your Rule Set
Click Enter Name to create the rule set
Select the application that you would like to manage

Click Scan to have the Rules Editor detect the application settings
When scanning is complete, Click OK
When scanning is complete, click OK
The Rules Editor now shows your first Rule Set
Specific rules describing the items within the Rule Set

Additional Rule Sets may be added by Creating New Rule Set
Additional Rules may be added by Creating New Rules
Test your Rule Set

To test your Rule Set, select your Rule Set in the left Panel
Click File then Apply Rules to System
The Rules that are within your Rule Set will be applied to your system. If your rule was a hiding rule on an
application, the application will no longer be visible on the system
Make Assignments for your Rule Set

Rule Set Assignments specify how the Rules in the Rule Set will be applied. To create and manage Rule
Assignments click File then Manage Assignments.
Click Add to create a new Rule Assignment
Click the type of assignment

Fill in the required information for the assignment and click OK
Specify if you would like the rule to Apply or Not Apply

Click Apply
You may add more Rule Assignments or Click OK
See the Application Masking Users and Groups How To for all options
Deploy Rule Sets
Rule Sets and Rules are saved as (.fxa) and (.fxr) files respectively. Those files must be copied, using any preferred
method, to all client machines where they are to be used. For more details, see Deploy Rules Sets. The FSLogix
agent is required to be installed on all machines where Application Masking is going to be used.”.
Next Steps
Cloud Cache to create resiliency and availability
Cloud Cache is a technology that provides incremental functionality to Profile Container and Office Container.
Cloud Cache uses a Local Profile to service all reads from a redirected Profile or Office Container, after the first
read. Cloud Cache also allows the use of multiple remote locations, which are all continually updated during the
user session. Using Cloud Cache can insulate users from short-term loss of connectivity to remote profile
containers. Cloud Cache can also provide real time, 'active active' redundancy for Profile Container and Office
Container.
It's important to understand that, even with Cloud Cache, all initial reads are accomplished from the redirected
location. Likewise, all writes occur to all remote storage locations, although writes go to the Local Cache file first.
Cloud Cache doesn't improve the users' sign-on and sign out experience when using poor performing storage. It's
common for environments using Cloud Cache to have slightly slower sign-on and sign out times, relative to using
traditional VHDLocations, using the same storage. After initial sign-on, Cloud Cache can improve the user
experience for subsequent reads of data from the Profile Container or Office Container, as these reads are
serviced from the Local Cache file.
Cloud Cache design and functionality

Cloud Cache uses one or more remote profile containers, along with meta data. The combination of a profile
container, and meta data, is referred to as a Cloud Cache Provider or Provider. Cloud Cache can have one or more
Providers with a practical limit of 4. Cloud Cache uses a Local Cache file that contains part of the dataset stored in
the Cloud Cache Providers. Cloud Cache also uses a local “Proxy File”. The Proxy File contains no data, it's a
placeholder for the Cloud Cache system. No IO occurs directly to the Proxy File.
The Local Cache file will service most read requests. After any read from a Provider is complete, the data is stored
in, and accessed from, the Local Cache file. Additionally, the Local Cache file will service any writes from the
system, then propagate those writes to all Providers in the Cloud Cache configuration.
If a Provider becomes unavailable, the system will continue to operate with the remaining Provider(s). If a
Provider, that was unavailable, becomes available before the user signs out, then it will be brought up-to-date
from Local Cache. When a Provider isn't available when the user signs out, it will be brought up-to-date in
subsequent sessions by having all of it's data replaced from an existing, and up-to-date, Provider. If all remote
Providers are stale, the Provider with the latest meta data is considered the source of truth.
IMPORTANT
Because the Local Cache file will service most IO requests, the performance of the Local Cache file will define the user
experience. It is critical that the storage used for the Local Cache file be high-performing and highly available. It is also
suggested that any storage used for the local cache file be physically attached storage, or have reliability and performance
characteristics that meet or exceed high-performing physically attached storage.
Configuration order and prioritization

Profile Container and Office Container will read from a provider, if the data needed isn't already contained in the
Local Cache file. When configuring the CCDLocations registry value, the order Providers are listed defines the
order Profile Container uses for reads. If the first path specified is unavailable, then Profile Container will attempt
to read from the second Provider and so on.
Cloud Cache will always write to all Providers specified in CCDLocations, unless a specified Provider isn't
available.
Moving to Cloud Cache from traditional FSLogix Profile Container or

Office Container
It's possible to move current Profile Container and Office Container implementations to Cloud Cache. To start
using Cloud Cache, replace the VHDLocations setting with CCDLocations. CCDLocations and VHDLocations may
not be used in the same implementation.
A Cloud Cache Provider has both the profile container and associated metadata, a traditional VHDLocation has
only the profile container. If Cloud Cache points only to profile containers without metadata, the metadata will be
created. When the metadata is added, the Profile Container location has been converted to a Cloud Cache
provider.
If a user has profile containers in more than one CCDLocation, the profile container listed first in CCDLocations
will be updated to a Cloud Cache provider. All other profile containers in the same CCDLocations string will be
deleted and replaced from the first Cloud Cache Provider.
There's no mechanism to merge multiple profile containers into a single profile.
Using Cloud Cache in persistent physical environments

Cloud Cache is useful in physical environments to create profile high availability. The recommended configuration
when using Cloud Cache for Physical Machines that may go off-line (for example, a notebook computer) is:
CCDLocations should be configured so that the first Cloud Cache Provider is placed on the local drive.
ClearCacheOnLogoff would generally be set to 1, as to avoid eventually having two full copies of the profile on
the local machine
IMPORTANT
This configuration is not suitable for a profile that is shared between the physical device and virtual sessions, unless virtual
sessions are never accessed from alternate devices while the physical device is offline. If a remote container file is accessed by
a second session, then the remote Cloud Cache Provider and Local Cloud Cache Provider will not be synchronized. If this
occurs, the remote Provider that was accessed last will replace the data in all Cloud Cache Providers.
Get started with the Configure Cloud Cache Tutorial

Profile Container content
By default the profile container VHD will contain the entire Windows profile for the user, except for:
The TEMP (TMP ) folder location
The IE Cache folder location
The Windows user profile is composed of the contents of a specific folder location, and some registry information.
Typically this folder location is something like C:\Users\<username>.
If desired, the admin can specify that parts of the user profile are persisted in the profile container. Exclusions are
done with a redirections.xml file. The redirections.xml file instructs the FSLogix agent to redirect specific folders out
of the profile container and into the local C: drive. Any part of the profile that is excluded is deleted at sign out.
local_ Folder
When a user signs in and a FSLogix Profile container is connected and used by that user, you will see two
additional folders in the C:\Users directory:
A \<username> folder (or some variation)
A local_<username> folder
The <username> folder is a link into the profile container. FSLogix advanced redirection capabilities make contents
of the profile container look as if they exist at this location. The second folder, local_<username>, is a real folder on
C:.
At user sign out, the <username> redirect will disappear and the local_<username> folder is lazily deleted by the
FSLogix service.
redirections.xml
The redirections.xml file is used to control what folders are redirected out of the profile container to the C: drive. It
can also, optionally, sync the contents of these folders to and from the profile container at user sign out and sign in
respectively.
Location The redirections.xml file resides in the profile container in the <ProfileRoot>\AppData\Local\FSLogix
folder
Distribution The admin can use the built-in distribution capabilities of the FSLogix agent, or any other
mechanism, to place the file into the profile container. To use the built-in copy mechanism, use the
RedirXMLSourceFolder setting. At user sign in, the FSLogix agent will copy the redirections.xml file from the
specified location (if it exists) and process it immediately. The user must have Read permissions to the file.
Structure of redirection.xml file

The basic structure of the redirections.xml document is as follows:
<?xml version="1.0" encoding="UTF -8"?>
<FrxProfileFolderRedirection ExcludeCommonFolders="<VALUE>">
<Excludes>
<Exclude Copy="<VALUE>">AppData\Low\FolderToDiscard\</Exclude>
<Exclude>… another exclude folders… </Exclude>
</Excludes>
<Includes>
<Include>AppData\Low\FolderToDiscard\FolderToKeep</Include>
<Include>… another include folders… </Include>
</Includes>
</FrxProfileFolderRedirection>
Folders are relative to the user profile root, this is why AppData is shown in this example.
You can put any number of entries inside Includes and Excludes tags.
Exclude folders are redirected out of the container to the C: drive and Include folders are used when certain folders
should remain in the Profile Container. Include entries are used to redirect a folder back into the container when a
parent folder has been redirected out of the container.
<VALUE> should be replaced with one of the following values:
0 = No files copied in or out. (Note: the copy tag may be left out entirely and the action will be the same as
setting to 0. Only the folder(s) are created on the local_<user_name> directory.)
1 = Copy files to base. Any existing file in an excluded folder will be copied to base.
2 = Copy files back to virtual profile. Any modified file in base will be copied back to profile on user sign out.
3 = Files are copied from/to base. Combinations options 1 and 2.
Application File Containers
Auto-attach VHDs provide administrators the ability to move directories, with their files and subdirectories, to a
VHD or VHDX volume. When the contents of the directory are accessed, FSLogix Apps dynamically attaches the
VHD and redirects to the attached volume.
Auto-attach VHDs are useful to create Application File Containers to reduce the size of Gold Images. Applications
that consume a large amount of disk space can be redirected to a VHD, where They're immediately available when
needed.
VHD creation
The VHD can be created by any means, but FSLogix Apps provides a tool that can be used for this purpose. The
FSLogix command-line utility, provides copyto-vhd and moveto-vhd commands.
VHD deployment
The VHD can be located on the local drive or on a network drive. Local paths must be in drive letter format
(C:\vhd). Network paths must be in UNC format (\server\share\vhd).
If the VHD is on a network drive, Read permission for the VHD file must be given to the Active Directory computer
object.
Rule creation
Create a VHD Auto-attach Rule using the FSLogix Apps Rule Editor.
Specify the folder that should be redirected, and the location of the VHD or VHDX file.
Assign users to receive this VHD using the Manage Assignments dialog.
Rule deployment
Copy the created .fxr and .fxa files to the C:\Program Files\FSLogix\Apps\Rules folder on each computer where
you want the Auto-attach Rule applied.
Considerations
The directory that is to be redirected to the VHD must exist in the base system.
VHDs are opened in read-only mode. Because the VHDs Can't be changed, they can be accessed
simultaneously in multiple sessions.
Profile Container vs. Office Container
It's important to understand the differences between Profile Container and Office Container for proper use and
maximum benefit.
Office Container is a subset of Profile Container. Although all of the benefits of Office Container are also delivered
from Profile Container, there are times when it may be beneficial to use them together.
Profile Container and Office Container are configured differently. It's important to completely understand the
configuration process, especially when using them together.
Profile Container
Profile Container is used to redirect the full user profile. Profile Container is used in non-persistent, virtual
environments, such as Virtual Desktops. When using Profile Container the entire user profile, except for data that is
excluded.
For users familiar with managing profiles in non-persistent environments, the function of Profile Container may be
compared to Microsoft User Profile Disk, Microsoft Roaming Profiles, or Citrix UPM. Although the function is
similar the underlying method and technology is different, resulting in certain benefits as described here
Office Container
Office Container is generally implemented with another profile solution, and is designed to improve the
performance of Microsoft Office in non-persistent environments. As opposed to Profile Container, Office
Container redirects only the local user files for Microsoft Office. When configuring Office Container, each Office
component is independently included base on settings.
When Office Container is used with other profile solutions, it's that those solutions are configured to [exclude
certain data] (configure-office-container-tutorial.md#configure-third-party-exclusions).
The data contained in the Office Container can be re-created from various server locations. As an example, the
.OST file is generated from the email server(S ), if the file is lost or damaged it may be recovered.
Using Profile Container and Office Container together

There are several reasons why Profile Container and Office Container may be used together. The most common
reasons are:
Discretion is wanted in the storage location for Office Data vs. other profile data
If the Office Container or Profile Container is damaged, the remaining data remains intact. Storage discretion is
useful if there is a problem with Office Data, which can be recovered from the server as the Office Container
can be deleted without impacting the rest of the user configuration.
Office Container may be used with Profile Container as a mechanism to specify which Office components will
have their data included in the container
Download and Install FSLogix
This article describes how to download and install FSLogix tools.
FSLogix licensing and entitlement

FSLogix tools aren't licensed independently. Before downloading and using FSLogix, verify that entitlement
requirements are met. FSLogix entitlement is described here entitlement and configuration requirements.
The FSLogix software no longer requires license keys. It is recommended that the latest version of FSLogix is
downloaded and installed. If legacy FSLogix customers must continue to use an older version, the following key
may be used MSFT0-YXKIX-NVQI4-I6WIA-O4TXE. All users must be appropriately entitled and agree to license
terms before using FSLogix.
Download FSLogix
FSLogix is available for download here
Install Microsoft FSLogix components

The download for FSLogix includes three installers that are used to install the specific component(s) necessary for
your use.
Microsoft FSLogix Apps Installation
Microsoft FSLogix Apps installs the core drivers and components for all FSLogix solutions. Any environment
using FSLogix must install FSLogix Apps. After installation configure Profile Container or Office Container before
using for profile redirection.
To install FSLogix Applications:
From the FSLogix download file, select 32 bit or 64 bit depending on your environment
Run FSLogixAppSetup.exe
Click Options to specify an installation folder
Accept the license agreement and click Install
Microsoft FSLogix Apps will install

| InstallFolder | Property used to specify the install folder Syntax: InstallFolder=<//Path/Folder>
Application Masking Rule Editor Installation
The Application Masking Rule Editor is used to define rules used by Application Masking.
From the FSLogix Download file, select 32 bit or 64 bit depending on your environment
Run FSLogixAppsRuleEditorSetup.exe
Use Options to specify installation folder (see screenshot for Microsoft FSLogix Apps above)
Accept the license agreement and click install
Java Version Control Rule Editor Installation
The Java Version Control Rule Editor is used to define rules used by Java Version Control.
From the FSLogix Download file, select 32 bit or 64 bit depending on your environment
Run FSLogixAppsJavaRuleEditorSetup.exe
Use Options to specify installation folder (see screenshot for Microsoft FSLogix Apps above)
Accept the license agreement and click install
Microsoft FSLogix Apps Unattended Install
Microsoft FSLogix supports unattended and silent installation for automated use cases. Installation commands
and descriptions are described here:
COMMAND SWITCH DESCRIPTION
/install Default product installation
/repair Repairs a previous product installation
/uninstall Uninstalls a previous product installation
/quiet Hides the installation GUI
/norestart Suppresses any restart that might be needed by the installer

How to manage Rule Sets and Rules in Application
Masking
Application Masking manages access to Applications, Fonts, and other items based on criteria. The Application
Rules Editor is used to Describe the item, such as application, to be managed. The Editor is also used to define
criteria rules are managed by. For instance, GitHub should be hidden from the Accounting group. Things you can
do with the Apps Rules Editor:
Create new Rule Sets
Edit existing Rule Sets
Manage the user and group assignments for Rule Sets
Temporarily test rule-sets
Before using the Application Rules Editor, it must be installed
Rule Types
FSlogix supports four rule types
Hiding Rule - hides the specified items using specified criteria
Redirect Rule - causes the specified item to be redirected as defined

App Container Rule - redirects the specified content into a VHD
Specify Value Rule - assigns a value for the specified item

Create a new Rule Set
Open the Apps Rule Editor. The first time you enter the Apps Rules Editor there won't be any rule sets in the left
panel. In this example, one rule set has already been created named Contoso_1 with GitHub Desktop added.
Click File then New to create a new Rule Set

Provide a name for the Rule Set and click Enter Filename
After a filename is entered, a selection is made for the type and content of the rule
In this example GitHub Desktop is selected
After specifying the parameters wanted, click Scan to create a rule
Create a new rule

Select an existing Rule Set from the left panel
Select Edit then New Rule
Specify the type of rule
Enter the required parameters
Click OK
Delete a rule
Select one or more Rules from the right panel
Select Edit then Delete Rule
Edit a rule
Select an existing Rule from the right panel
Select Edit then Edit Rule
System Variables and Wildcards in Rules

The following variables and wildcards may be used for specifying paths as described.
Source Path Wildcards
A * (wildcard) character can be used in source paths to represent an entire path element.
Example: C:\users\*\Documents
Destination Path Variables
The following variables are used in destination paths only. Variables are preceded and followed by two underscore
characters
VARIABLE DESCRIPTION
__USER_SID__ Resolves to the user’s SID string.
__USER_NAME__ Resolves to the user’s name string.
__USER_PROFILE_PATH__ Resolves to the user’s profile folder (Example C:\users\admin)
Environment Variables
The following Environment Variables may be used in both source and destination paths
NOTE
Environment variables are case sensitive.
When using the Rule Editor to add or edit Rules, these variables automatically replace the proper text in the Source and
Destination strings.
%WindowsFolder%
%CommonAppDataFolder%
%CommonStartMenuFolder%
%CommonFilesFolder32%
%ProgramFilesFolder32%
%SystemFolder32%
%CommonFilesFolder64%
%ProgramFilesFolder64%
%SystemFolder64%
Redirecting to a network
Files and directories can be redirected to resources located on a network. The user must have appropriate rights to
the network resource. To redirect to a network location, enter the path (in UNC format) into the Destination field.
Deploying Rule Sets

Application Masking and Java Version Control rely on Rules and Rule Sets. By default, Rules and Rule Sets are
accessed from C:\Program Files\FSLogix\Apps\Rules. The location where Rules and Rule Sets are accessed differ
if the FSLogix installation location is changed.
To deploy a rule set, use any method to copy rule files (.fxr) and assignment files (.fxa) to the rules directory.
NOTE
Any rule sets copied into/updated/deleted from the Rules folder will be automatically detected by the Service (frxsvc.exe) and
compiled into a special format used by the Drivers (frxdrv.sys and frxdrvvt.sys). The service will then notify the driver of a
change and the driver performs a live update of your installed rule sets. The compiled rule set files are located in C:\Program
Files\FSLogix\Apps\CompiledRules
Manage User and Group Assignments in Application
Masking
Rule Sets are assigned to users, groups, and other entities using the Rules editor. Before using the Application
Rules Editor, it must be installed.
By default, Rule Sets apply to Everyone when active. The following process changes the scope that the Rule Set is
applied to.
Assignment Order
Assignments are executed from top to bottom.
Example: Consider if two assignments were made for the same Rule Set. The first assignment applies the Rule
Set to Everyone, the second specifies the Rule Set does NOT apply to User1. In this case, the Rule Set would apply
to everyone except User1.
If the assignments above is reversed, so the application to Everyone is after the exclusion of User1, the Rule Set
would apply to Everyone.
Managing Assignments
After creating Rule Sets and Rules, select the rule set you want and click File then Manage Assignments.
Click Add, then select the type of assignment you want, to create a new assignment
Select one or more Assignments and click Remove to Delete Assignments
Select one or more Assignments and click Move up or Move Down to reorder Assignments
Use the Radio Button for does or doesn't apply, the click Apply to determine the application to an entity.
Whether an Assignment applies is represented by the Applies column.
User Assignment
Group Assignment
Process Assignment
Network Location Assignment
Computer Assignment
Directory Container Assignment
Environment Variable Assignment
Only Environment Variables present at sign-on are supported. Environment variables set during sign-on aren't
supported.
Set as Template
After you've configured the assignment list, you can select Set As Template and all new assignment lists will default
to the current state of the assignment list.
Configure Java Version Control rules
Java Version Control allows specific Websites and URLs to be assigned to a specific installed version of Java.
Prerequisites
IE 8 and later is supported
Applications must run in IE7 or later
Java 1.6.0_10 or later is supported
Java 1.4.2 and later is supported for redirection
Only versions of IE currently supported by Microsoft are supported in Java Version Control
NOTE
There is a known issue regarding ActiveX blocking feature of IE that may cause applets, in certain circumstances, to stop
responding when FSLogix version selection is in place. In order to workaround this, add the domain containing the applet
URL to the Trusted Sites list in Internet Explorer.
NOTE
If rules are changed, restart the Internet Explorer instances for the modified to rules.
Create a new rule set

You can create rules to configure a website or application to use a specific version of Java. Java Rules are added
using the Java Rule Editor. Rules are deployed using the same process as other rules.
Open the Java Rule Editor
In the Java Rule Editor, click Edit > Add.
Select the type of Rule to create (Application or URL )
Application
Select Application as the type
Specify the location of the executable
URL
Select URL as the type
Specify the URL
Using Wildcards
Protocol may be http, https, or *. * matches http or https. As an example *://contoso.com matches
http://contoso.com and https://contoso.com.
Sub-Domain may be specified as *. As an example https://*.contoso.com matches
www.contoso.com, test.contoso.com and contoso.com.
Path * matches full URL under where * is specified. As an example, https://contoso.com/* matches
the entire domain. https://contoso.com/app/* matches everything in the path under app.
Specify the version of Java to use from the drop-down. As an example 1.6.0_45.
Save the Java Project file.
Click File > Generate to generate the Java Rule Files.
The files generated depend on whether the rule is for a Website (URL ) or an Application.
For URLs, there will be an XML file created.
For Applications two files will be generated, one Rule Set file (.fxr) and one Assignment file (.fxa).
Deploy the generated files, see Deploying Rule Sets and Assignment Files.
NOTE
If the latest version of Java is selected in the Java Version Field, The Java Version control and associated features are
effectively disabled for the given URL.
NOTE
The selected Java version must be installed on the client computer or the rule will not work. Multiple versions of Java can be
installed side-by-side. Major Java versions will not conflict with each other, as each installs to a unique directory. However,
Java versions that are the same major version but different minor versions install into the same directory by default. You can
simply change the path during the installation to avoid this problem.
NOTE
In almost all cases the 32-bit versions of Java should be used. Typically only if there are specific instructions to use 64-bit
Java should it be tested before the 32-bit versions.
Deploying Rule Sets

Application Masking and Java Version Control rely on Rules and Rule Sets. By default, Rules and Rule Sets are
accessed from C:\Program Files\FSLogix\Apps\Rules. The location where Rules and Rule Sets are accessed by
differ if the FSLogix installation location is changed.
To deploy a rule set, use any method to copy rule files (.fxr) and assignment files (.fxa) to the rules directory.
NOTE
Any rule sets copied into / updated / deleted from the Rules folder will be automatically detected by the Service (frxsvc.exe)
and compiled into a special format used by the Drivers (frxdrv.sys and frxdrvvt.sys). The service will then notify the driver of a
change and the driver performs a live update of your installed rule sets. The compiled rule set files are located in C:\Program
Files\FSLogix\Apps\CompiledRules
Configure Profile Container and Office for concurrent
connections and multiple connections
Users connect to their stateless working environments in different ways, depending how desktops and applications
are delivered. When using Virtual Desktops and Remote Applications users may:
Have one connection at a time
have multiple concurrent connections to a single instance of Windows
Connect to multiple instances of windows
It's important to configure Profile Container and Office Container correctly for use with concurrent connections
and multiple connections.
Prerequisites
Before configuring for Concurrent or Multiple connections, install and configure Profile Container or Office
Container
Concurrent Connections with Profile Container and Office Container

Concurrent connections refers to a user being allowed multiple, concurrent connections, to the same Windows
instance. Concurrent connections would generally be used in specific environments, such as with a Citrix
implementation. Set
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\fSingleSessionPerUser (DWORD )
= 0 to enable multiple connections manually.
After configuring the environment, Profile Container and Office Container are configured to support concurrent
configuration by setting:
Profile Container: HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles\ConcurrentUserSessions(DWORD )
=1
Office Container:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC\ConcurrentUserSessions(DWORD ) = 1
Multiple Connections
Multiple Connections with Profile Container and Office Container is supported through the use of VHD (X)
difference disks. The registry configuration and functionality for Office Container and Profile Container is different.
Multiple Connections with Profile Container
Profile Container is configured for multiple connections using ProfileType when configuring Profile Container
ProfileType is set to 0, 1, 2 or 3.
Mode 0 (Normal / Default)
Sign on:
Client tries to directly attach the VHD (X) file. No difference disks are used. If a concurrent access is
attempted, it will fail with a sharing violation (error 20)
Sign out:
Client detaches the VHD (X)
Mode 1 (Read / Write)
Sign on:
Client attempts to open the RW.VHD (X) difference disk with Read/Write access. If it is successful, it
merges the difference disk to the parent. If it completes the merge, the RW.VHD (X) file is deleted.
Client creates a new RW.VHD (X) difference disk.
Client attaches the RW.VHD (X) as the Profile VHD.
Sign out:
Client detaches the RW.VHD (X) difference disk (the user’s Profile VHD/X).
Mode 2 (Read Only)
Sign on:
Client attempts to delete the previous RO difference disk (if it exists).
Client creates the new RO difference disk.
Client attached the RO difference disk as the user’s Profile VHD.
Sign out:
Client detaches the RO difference disk.
Client deletes the RO difference disk.
Mode 3 (Attempt Read/Write Fall Back Read Only)
Sign on:
Client checks to see if a RW.VHD (X) file exists. If it doesn't, the client takes the RW role and performs the
same steps as ProfileType = 1. If the RW.VHD (X) file does exist, the client takes the RO role and does the
same steps as ProfileType = 2.
General Information
RO difference disks are stored in the local temp directory and are named %usersid%_RO.VHD (X).
The RW difference disk is stored on the network next to the parent VHD (X) file and is named RW.VHD (X).
The merge operation can be safely interrupted and continued. If one client begins the merge operation and is
interrupted, For Example, powered off, another client can safely continue and complete the merge. For this
reason, both the RW and RO clients begin by attempting a merge of the RW.VHD (X).
Merge operations on an ReFS file system, where the difference disk and the parent are on the same ReFS
volume, are nearly instantaneous no matter how large the difference disk is.
Merge operations can only be done if there are no open handles to either the difference disk or the parent
VHD (X). For this reason, the RO client also attempts to merge the RW VHD (X) as it may be the last session to
disconnect.
Multiple Connections with Office Container
Office Container is configured for multiple connections using VHDAccessMode when configuring Office Container.
VHD Access Mode is set to 0, 1, 2 or 3.
Mode 0 (Normal / Default)
Sign on:
Client tries to directly attach the VHD (X) file. No difference disks are used. If a concurrent access is
attempted, it will fail with a sharing violation (error 20)
Sign out:
Mode 1 (Network)
Sign On
Client attempts to open the merge.vhd(x) difference disk with Read/Write access. If it's successful, it
merges the difference disk to the parent. If it completes the merge, the difference disk file is deleted.
Client attempts to remove any previous difference disk for this machine
(%computername%_ODFC.VHD (X)) on the network share.
Client creates a new difference disk named %computername%_ODFC.VHD (X). This difference disk is
created on the network share next to the parent VHD (X) file.
Client attaches the difference disk as the O365 VHD.
Sign out
Client detaches the difference disk.
Client attempts to rename the difference disk to merge.vhd(x). If this rename is successful, the client
attempts to merge the difference disk. The merge will only succeed if it's the last session that is ending.
Client deletes the difference disk.
NOTE
Mode '1' (Network) should not be used if the O365 Container is being used with Outlook Cached Exchange mode. Use mode
'0' or '3'.
Mode 2 (Local)
Sign On
Client attempts to remove any previous difference disk (%usersid%_ODFC.VHD (X)) for this user from
the temp folder.
Client creates a new difference disk named %usersid%_ODFC.VHD (X). This difference disk is created in
the temp directory.
Client attaches the difference disk as the O365 VHD.
Sign out
Client detaches the difference disk.
Client attempts to merge the difference disk. The merge will only succeed if it's the last session that is
ending.
Client deletes the difference disk.
NOTE
Mode '2' (Network) should not be used if the O365 Container is being used with Outlook Cached Exchange mode. Use mode
'0' or '3'.
Mode 3 (Per Session)

Sign On
Client searches for a per session VHD (X) that isn't currently in use
If one is found, it's directly attached and used
If one isn't found, one will be created and used
If a new VHD is created, resulting in a number of per-session VHDs greater than the number specified to
keep (NumSessionVHDsToKeep), this VHD (X) is marked for deletion and will be deleted on sign out.
Sign out
If the VHD (X) is marked for deletion, it's deleted
General Information
Local difference disks are stored in the local temp directory and are named %usersid%_ODFC.VHD (X).
Difference disks stored on the network are located next to the parent VHD (X) file and are named
%computername%_ODFC.VHD (X).
When the difference disk is stored on the network, the merge operation can be safely interrupted and
continued. If one client begins the merge operation and is interrupted, for example, powered off, another client
can safely continue and complete the merge.
Merge operations on an ReFS file system, where the difference disk and the parent are on the same ReFS
volume, are nearly instantaneous, no matter how large the difference disk is.
Merge operations can only be done if there are no open handles to either the difference disk or the parent
VHD (X). Therefore, only the last session can successfully merge its difference disk.
Per-session VHD (X) files are named ODFC -%username%-SESSION -<sessionnumber>.VHD (X) where
SessionNumber is an integer from 0 - 9.
The maximum number of per-session VHD (X) files is 10.
Configure Profile Container to roam the Windows
Search database
Windows Search is roamed for single user systems such as WVD Desktop, XenDesktop, or VDI. Search may also
be roamed for multi-user systems such as WVD Applications, RDSH, XenApp. In multi-user systems, only the
Outlook email search information is roamed.
Prerequisites
Before configuring for Concurrent or Multiple connections, install and configure Profile Container or Office
Container
Overview
The Windows Search Service is included with Windows. The Search Service provides search functionality for a
user's files, Outlook email, and so on. The Search Service indexes all information to a single, system-wide database.
When a user roams to another machine, all of the information that they expect to search must be reindexed on the
new system. Re-indexing has significant impact on CPU when a user logs on. Typically Search is disabled in
environments where users roam between computers to avoid CPU impact.
Disabling local Search detracts from the user experience. Without local search, users are unable to search as they
expect. If the search is sent to a remote server, performance is slow.
FSLogix provides two mechanisms to roam Search information, Single-user Search and Multi-user Search.
SUPPORTS MULTI-USER SUPPORTED INDEXING SUPPORTED

DESCRIPTION SYSTEMS SUPPORTS OUTLOOK TYPES ENVIRONMENTS
Single-user Search No Yes Yes Windows 7 and later,

Windows Server 2008
R2 and later
Multi-user Search Yes Yes (2010 and later) No, Outlook only Windows 8 and later,
Windows Server 2012
R2 and later
NOTE
Single-user Search requires either Profile Container or Office Container be used. Multi-user Search may be implemented with
Profile Container, Office Container or any other profile roaming solution.
Configure Single-user Search

Profile Container
Configure RoamSearch to 1 as described in Profile Container configuration reference
Office Container
Set RoamSearch to 1 as documented in Office Container configuration reference
NOTE
If both the Profile Container and Office Container are configured, the database into the Profile Container VHD(X).
Configure Multi-user search

This feature allows roaming a user's Outlook Search information. This feature can be used on single-user
(XenDesktop, VDI, and similar). Multi-user systems (RDSH, XenApp, and similar) are also supported, but only the
Outlook email Search information is roamed.
Multi user requirements and prerequisites
Install Windows Search
If Windows Search is installed after Microsoft Office, then the Microsoft Office installation must be
repaired in Add/Remove Programs
Reboot the machine after RoamSearch is set to 2 as documented in Office Container configuration reference.
The Microsoft Office components that integrate with Windows Search are installed only if Search is installed
before Microsoft Office. If Windows Search was installed after Microsoft Office, repair the Office installation in
add/remove programs.
Multi-user configuration
To include the per-user portion of the Search Database in the Profile Container:
Set HKLM\Software\FSLogix\Apps (DWORD ) RoamSearch = 2
Set HKLM\Software\FSLogix\Profiles (DWORD ) RoamSearch = 2
To include the per-user portion of the Search Database in the Office Container:
Set HKLM\Software\FSLogix\Apps (DWORD ) RoamSearch = 2
Set HKLM\Software\Policies\FSLogix\ODFC (DWORD ) RoamSearch = 2
Force a search reset
To reset the user's database, use the frx reset-user-search-db command
Configure storage permissions for use with Profile
Containers and Office Containers
Profile Containers and Office Container store user information in a VHD (X) file. Generally these files are stored in
a network location. Profile Containers and Office Containers can automatically create the needed folders and files.
For correct and secure use, user permissions must be created to allow permissions to create and use a profile,
while not allowing access to other users profiles.
There are many ways to create secure and functional storage permissions for use with Profile Containers and
Office Container. Below is one configuration option that provides new -user functionality that doesn't require users
to have administrative permissions.
USER ACCOUNT FOLDER PERMISSIONS
Users This Folder Only Modify
Creator / Owner Subfolders and Files Only Modify
Administrator (optional) This Folder, Subfolders, and Files Full Control

Configure Profile Container and Office Container for
per-user or per-group
By default settings for Profile Container and Office Container are applied per-machine. Per-machine configuration
can be overridden by specifying settings that apply t0 specific users or specific groups.
User specific settings are given first priority, followed by group specific settings and finally the per-machine
settings.
To create a user or group setting:
Create a key named ObjectSpecific in the registry under one of the following keys:
HKLM\Software\FSLogix\Profiles (for Profile Container)
HKLM\Software\Policies\FSLogix\ODFC (for Office Container)
Under this key, create a key named with the SID of the object. This object is the user or group to which the new
value will be assigned.
Under the SID key, create the value that represents the Profile Container setting or Office Container setting. For
example, (DWORD ) IsDynamic = 1
You can verify that the setting is taking effect by examining the log file. There will be an entry in the log file where
the value is being read. The log file entry will show where the setting is being read from.
Example (using the VolumeType setting):
In the log files saved at \programdata\fslogix\logs\profiles... the following will be seen for the VolumeType setting,
based on configuration.
REGISTRY CONFIGURATION RESULTANT MESSAGE IN LOG FILE
Setting not in registry Configuration setting not found:

SOFTWARE\FSLogix\Profiles\VolumeType. Using default: VHD
Setting specified Configuration Read (REG_SZ):

SOFTWARE\FSLogix\Profiles\VolumeType. Data: VHDX
Setting specific to user or group Configuration Read (REG_SZ):

SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-1-5-21-
306146113-3061682913-806882557-2166\VolumeType.
Data: VHD
To determine the SID of an object, you can use the wmic.exe command. For example:
To retrieve the SID of a user whose name is john, run wmic useraccount where name="john" get sid.
To retrieve the SID of a group whose name is Domain Admins, run wmic group where name="Domain
Admins" get sid.
To retrieve the name of a user whose SID is S -1-5-21-2417102143-4260430507-1482311895-1919, run wmic
useraccount where sid="S -1-5-21-2417102143-4260430507-1482311895-1919" get name.
To get the name of a group from a SID follow the pattern of the user example but apply to the item on how to
get the SID of a group.
Use device-based licensing
Device-based licensing helps administrators manage their application hiding rules to be compliant with product
license agreements. The feature is designed for software products that are licensed on a per-device basis.
With Device Based Licensing you can:
Set a time-frame during which an assigned license can't be unassigned
Record a time stamp of when a license was assigned to a device
Record a time stamp of when a license was unassigned to a device
Generate a report showing license usage over a specified time
Warn the administrator when they attempt to unassign a license that hasn't been assigned for the minimum
time
Prerequisites
Download and install FSLogix Software including Application Masking Rules Editor
Changing Licensing Parameters

The first step in using device-based licensing is to set a minimum number of days for a license to be assigned. This
setting can be changed in the Rule Editor by clicking File then Change Licensing Parameters and entering a value.
This value is stored with the rule assignment file and is specific to each rule set.
The device-based licensing features are effective only after this step is complete.
Editing Rule Assignments for Devices

Assigning devices to have an application, masked or unmasked uses the same process as other rule assignment
types. Device-based licensing is built with a more generic function that allows rules to be created based on
environment variables. Rules can be created based on any environment variable. Devices are identified by the
environment variable CLIENTNAME that is set by the remote access software (as an example, Microsoft Remote
Desktop, and Citrix Receiver) when a device connects to a server.
A device rule can be entered by clicking Add then Environment Variable in the rule assignment dialog. Then enter
the environment variable CLIENTNAME and a <client name>. The Wildcards ? and * may be used in the value
field.
Optionally, you can click the From File button and select a text file containing a list of device names, one item per
line. A rule assignment will then be created for each device name from the file.
Making the rule assignment sets Applies = No by default, means that a license has been assigned. Note: The
logical on/off for a license being assigned is reversed from the logic of the application being hidden.
Applies = No means that the hiding rule doesn't apply to that device, the software is visible to the user,
and a license is assigned.
If you attempt to set the assignment to Applies = Yes or to delete the assignment, and if it has been set to
Applies=No for less than the minimum number of days for license assignment, then a warning dialog box will
appear. You can still delete the rule assignment, but the warning indicates that you may be doing something that
violates your license agreements.
Licensing Reports
A report can be generated to show the historical license assignments by clicking File then Licensing Report, and
selecting a date range for the report.
Use Visibility reports in Application Masking
Administrators use the Reporting feature to see where applications are visible. Reports are generated for Active
Directory users, groups (in the Rule Editor), and all users.
The Reporting feature is accessible from the Rule Editor and from the Command Line (frx.exe).
Generate a Visibility Report in Rule Editor
Click File then Reporting from the main menu
AD reporting is also available by clicking the AD Reporting button in the Assignments dialog
Click New Query
Specify the users or groups for the report

A report will be generated specifying whether the application is visible (yes) or not visible (no) to the specified
user or group.
Trouble Shooting Guide for FSLogix products
See the following steps for trouble shooting FSLogix products.
Profile Container
Compare the current values of Status, Reason, and Error to the documentation here.
Check the log files. Look for non-zero codes being returned (zero indicates success).
Verify all prerequisites have been met
When using Windows 7 or Windows Server 2008 R2? You must have this patch installed in order for the
FSLogix Profiles product to work properly. If the patch isn't installed processes in the system will begin to
deadlock.
Is the 'Enabled' setting set to '1'?
Do you have a valid file system location in the 'VHDLocations' setting?
Does the user have appropriate permissions to the VHD (X) file on the file server?
Is the user a member of the local FSLogix Profiles Include group and NOT a member of the FSLogix Profiles
Exclude group?
Does a local profile already exist for the user?
Office Container
Compare the current values of Status, Reason, and Error to the documentation here.
Check the log files. Look for non-zero codes being returned (zero indicates success).
Verify all prerequisites have been met
Is the 'Enabled' setting set to '1'?
Do you have a valid file system location in the 'VHDLocations' setting?
Is the user a member of the local FSLogix ODFC Include group and NOT a member of the FSLogix ODFC
Exclude group?
Using Windows Server 2016, OneDrive Icons don't appear. This behavior is intended.
Outlook does not show up in the windows indexing options when FSLogix is virtualizing Outlook Search. This
behavior is intended.
Application Masking
Make sure the rules have been moved to the Rules folder. For more information about deploying rules see:
Deploying Rule Sets.
Check to make sure the service and the driver are running by using:
sc query frxsvc
sc query frxdrv
Check the logs to make sure no non-zero errors are logged
Check the assignment files to make sure the user is included in the assignment
Open the rule in the rule editor
Click on the manage assignments button
Make sure that the user in question is listed and the rule does apply to them.
If folders or files are being masked from an excluded user, make sure the Apply Rules to System button isn't
clicked.
Java Version Control

Check the IE Plugin log for any errors and to make sure the rules are being loaded properly. Logging has
information on how to enable logging for the FSLogix Internet Explorer Plugin.
Ensure that the FSLogix Internet Explorer Plugin is installed and enabled via Tools → Manage Add-ons
Make sure the rules have been moved to the Rules folder. For more information about deploying rules see:
Deploying Rule Sets.
Confirm you're using 32-bit Java.
Verify the Service and Driver are running.
Profile Container registry configuration reference
NOTE
When configuring Profile Container registry settings are added here: Registry Key: HKLM\SOFTWARE\FSLogix\Profiles
When configuring Profile Container the entire contents of the registry will be redirected to the FSLogix Profile Container. If it
is desired to redirect only Office related information see Profile Container for Office registry configuration reference.
NAME TYPE DEFAULT SETTING DATA/VALUE
AccessNetworkAsComputer DWORD 0 0: default – attach as user. 1:

Object attach as computer - folder
must have permissions for
computer objects.
AttachVHDSDDL REG_SZ SDDL string representing

the ACLs to use when
attaching the VHD.
CCDLocations REG_SZ See FSLogix Cloud Cache

Configuration Settings for
details about configuring.
ConcurrentUserSessions DWORD 0: don’t handle concurrent

sessions. 1: handle
concurrent sessions. Note:
This setting is used to
when the Windows server
feature that allows
concurrent logins for the
same Windows account
on the same server is
enabled. This scenario is
seen most often with
Citrix XenApp, when using
this configuration this
setting should be set to 1

from VHD. NOTE: Use
FSLogix profile.
DiffDiskParentFolderPath REG_SZ %TEMP% Specifies the path where

difference disks will be
created (when ProfileType is
configured to use them).
Variables may be used in
this value. Supported
%osbuild%,
%osservicepack%,
%profileversion%,
%clientname%, and any
environment variable.

Containers enabled

as setting
SIDDirNamePattern =
SIDDirNameMatch =
IsDynamic DWORD 1 If set to ‘1’ the VHD(X) that

is created will be dynamic. If
set to ‘0’ the created VHD(X)
will be fixed size.
KeepLocalDir DWORD 0 1: The “local_%username%”

folder will be left on the
system, after sign out. It will
also be used again if the
same user signs on again.
LockedRetryCount DWORD 12 Specifies the number of

retries attempted when a
VHD(X) file is locked (open
by another process or
computer).
LockedRetryInterval DWORD 5 Specifies the number of

seconds to wait between
retries (see
LockedRetryCount).
NoProfileContainingFolder DWORD 0 1: Profile Container won't

use or create a SID
containing folder for the
VHD(X) file. This setting is
intended for situations
where storage provides a
location that is already
unique per-user. Default
settings for matching VHD
names won't work correctly
if this setting is enabled, and
VHDs for multiple users are
stored in the same location.
OutlookCachedMode DWORD 0 1: Only when the Profile

Container is attached, the
Outlook setting that enables
cached mode will
temporarily be set until the
container is detached. This
setting insures cached mode
is used only when the
container is attached. 0:
Prevents FSLogix from doing
anything with cached mode.
NOTE: Outlook must be
configured for online
mode for this feature to
work. This insures if
FSLogix gets disabled,
that large OST files won't
be downloaded.
HKEY_LOCAL_MACHINE\S
oftware\Policies\Microsof
t\office\16.0\Outlook\OST
\NoOST:DWORD = 2

to sign out.

out.
ProfileDirSDDL REG_SZ SDDL string representing

creating the profile directory
(for example
“C:\Users%username%). See
the What are ACLs and
SDDL? appendix for more
information. Variables may
be used in this SDDL string.
Variable names are delimited
with '%' characters.
Supported variables are
%username%,
%osbuild%,
%osservicepack%,
%profileversion%,
environment variable. The
most common of these
variables used will likely be
sid and in the SDDL. This is
configured as %sid% in
order for it to be processed
and replaced.
ProfileType DWORD 0 0: Normal profile behavior. 1:

Machine should only be the
RW profile instance. 2:
Machine should only be the
RO profile instance. 3:
Machine should try to take
the RW role and if it can't, it
should fall back to a RO role.
NOTE: All sessions trying
to use the VHD
concurrently must have a
ProfileType of 1, 2, or 3. If
the VHD isn't accessed
concurrently, ProfileType
should be 0.
ReAttachRetryCount DWORD 60 Specifies the number of

times the system should
attempt to reattach the
VHD(X) container if it's
disconnected unexpectedly.
Re-AttachIntervalSeconds DWORD 10 Specifies the number of

retries when attempting to
reattach the VHD(X)
container if it's disconnected
unexpectedly.
RebootOnUserLogoff DWORD 0 A value of ‘0’ means, “Take

no action”. A value of ‘1’
means, “Reboot when any
user signs out”, a value of ‘2’
means, “Reboot when a
FSLogix Profile user signs
out”.
RedirectType DWORD 2 A value of '1' means, Use

legacy redirection. A value of
'2' (default) means, Use
FSLogix advanced
redirection.
RedirXMLSourceFolder REG_SZ RedirXMLSourceFolder =

<path to File System for
example
"\someserver\someshare">)
If the folder contains a
redirections.xml, it will be
copied to the local profile
and immediately used.
Variable names are delimited
with '%' characters.
Supported variables are
%username%,
%osbuild%,
%osservicepack%,
%profileversion%,
RemoveOrphanedOSTFilesO DWORD 1 A value of '0' or lack of this

nLogoff setting results in no action.
A value of '1' will cause
duplicate OST files to be
removed. NOTE: Review
the following, in full,
before setting. In rare
cases, duplicate OST files
are created for a user.
This circumstance has
been documented to
occur with and without
the use of a non-
persistent profile. When
the profile is stored in the
standard file system,
administrators may
remove orphaned or stale
OST files by deleting
them. When using Profile
Container the OST file in a
VHD, isn't as visible. Over
long periods of time
duplicate OST files may
consume incremental disk
space. Setting this option
to 1 will cause Profile
Container and Profile
Container for Office to
remove all OST files in a
VHD(X), except the OST
with the latest modify
date. Administrators
should be familiar with
the use of OST files, and
potential implications,
before choosing to enable
this setting.
RoamSearch DWORD 0 Used to control the Profile

Container Search Roaming
feature. Set to '1' or '2' to
enable the feature. See
Configure Search Roaming
for details. NOTE:
RoamSearch is set prior
to GPOs being applied, it
is not possible to rely on
GPOs to set RoamSearch
in environments where a
GoldImage is applied at
boot.
SetTempToLocalPath DWORD 3 A value of ‘0’ means, “Take

means, “Redirect TEMP and
TMP to the local drive”. A
value of ‘2’ means, “Redirect
INetCache to the local drive”.
A value of ‘3’means,
“Redirect TEMP, TMP, and
INetCache to the local drive.”
ShutdownOnUserLogoff DWORD 0 A value of ‘0’ means, “Take

means, “Shutdown when
any user signs off”, a value
of ‘2’ means, “Shutdown
when a FSLogix Profile user
signs off”.
SIDDirNameMatch REG_SZ %sid%_%username% Specifies a string pattern

used when creating a SID
container folder. Variable
names are delimited with '%'
characters. Supported
%osbuild%,
%osservicepack%,
%profileversion%,
NOTE: In almost all cases,
SIDDirNameMatch and
SIDDirNamePattern
should match. Unless
there's a well understood
use case that requires
these settings to be
different, verify
SIDDirNameMatch and
SIDDirNamePattern are
the same when setting
either.
SIDDirNamePattern REG_SZ %sid%_%username% Specifies a string pattern

%osbuild%,
%osservicepack%,
%profileversion%,
SIDDirNameMatch and
SIDDirNamePattern
different, verify
SIDDirNameMatch and
either.
SIDDirSDDL REG_SZ SDDL string representing

creating the SID container
folder. See the What are
ACLs and SDDL? appendix
for more information.
SizeInMBs DWORD 3000 Specifies the size of newly

created VHD(X) in number
of MBs. Default of 3000 =
30 GB
VHDNameMatch REG_SZ Profile* Specifies a string pattern

used to match (find) the
profile VHD(X) file. Variable
%userdomain%,
%sid%,%osmajor%,
%osminor%, %osbuild%,
%osservicepack%,
%profileversion%,
NOTE-1: In almost all
cases, if VHDNameMatch
and VHDNamePattern are
changed from the default
they should match. Unless
different, verify
VHDNameMatch and
VHDNamePattern are the
same when changing
either setting. NOTE-2:
Beginning in 2.9.4
VHDNameMatch appends
either .vhd or .vhdx to the
Name Match string.
Before 2.9.4 this search
used a ".*" rather than
specifying the file type.
the VolumeType setting
will determine which file
type is appended.
VHDNamePattern REG_SZ Profile_%username% Specifies a string pattern

used when creating a profile
VHD(X) file. Variable names
are delimited with '%'
%userdomain%,
%sid%,%osmajor%,
%osservicepack%,
%profileversion%,
if VHDNameMatch and
VHDNamePattern are
they should match. An
administrator should have
a well understood use
case that requires these
settings to be different,
verify VHDNameMatch
the same when changing
either setting.

resolved. Supported
%osbuild%,
%osservicepack%,
VHDXSectorSize DWORD 0 Sector size to use if the file

being created is a VHDX.
Currently can only be 512
(0x200) or 4096 (0x1000).
Setting of 0 (default setting)
results in system default
being used
VolumeType REG_SZ "vhd" A value of "vhd" means that

newly created files should be
of type VHD. A value of
"vhdx" means that newly
created files should be of
type VHDX.
VolumeWaitTimeMS DWORD 20000 Specifies the number of

milliseconds the system
should wait for the volume
to arrive after the VHD(X)
has been attached. Default
value of 20000 = 20
seconds
Office Container registry configuration reference
NOTE
When configuring Office Container registry settings are added here: HKLM\SOFTWARE\Policies\FSLogix\ODFC
Office Container is a special sub-set of Profile Container used to enable and enhance Office in a non-persistent
environment. All Office Container functionality is also delivered when using Profile Container. Office Container is generally
used in conjunction with a full non-persistent profile solution.
For a full non-persistent profile solution see Profile Container registry configuration reference.
AccessNetworkAsComputer DWORD 0 0: default – attach as user. 1:

Object attach as computer - folder
must have permissions for
computer objects.
AttachVHDSDDL REG_SZ SDDL string representing

attaching the VHD.
CCDLocations REG_SZ See FSLogix Cloud Cache

Configuration Settings for
details about configuring.
ConcurrentUserSessions DWORD 0: don’t handle concurrent

sessions. 1: handle
concurrent sessions. Note:
This setting is used to
when the Windows server
feature that allows
concurrent logins for the
same Windows account
on the same server is
enabled. This scenario is
seen most often with
Citrix XenApp, when using
this configuration this
setting should be set to 1
DiffDiskParentFolderPath REG_SZ %TEMP% Specifies the path where

difference disks will be
created (when ProfileType is
configured to use them).
Variables may be used in
this value. Supported
%osbuild%,
%osservicepack%,
%profileversion%,

Containers enabled

as setting
SIDDirNamePattern =
SIDDirNameMatch =
IncludeOfficeActivation DWORD 1 1: Office activation data is

0: Office activation data is
not redirected to the
container.
IncludeOfficeFileCache DWORD 1 1: Office Cache Data is

0: Office Cache Data is not
Note: This setting is
specific to Office 2016
and later.
IncludeOneDrive DWORD 1 1: OneDrive cache is

0: OneDrive cache is not
IncludeOneNote DWORD 0 1: OneNote notebook files

are redirected to the
container. 0: OneNote
notebook files are not
IncludeOneNote_UWP DWORD 0 1: OneNote UWP notebook

files are redirected to the
container. 0: OneNote UWP
notebook files are not
IncludeOutlook DWORD 1 1: Outlook data is redirected

to the container. 0: Outlook
data is not redirected to the
container.
IncludeOutlookPersonalizati DWORD 1 1: Outlook personalization

on data is redirected to the
container. 0: Outlook
personalization data is not
IncludeSharepoint DWORD 1 1: Sharepoint data is

0: Sharepoint data is not
IncludeSkype DWORD 1 1: Skype for Business Global

Address List is redirected to
the container. 0: Skype for
Business Global Address List
is not redirected to the
container.
IncludeTeams DWORD 0 1: Teams data is redirected

to the container. 0: Teams
data is not redirected to the
container. NOTE: User will be
required to sign in to teams
at the beginning of each
session.
IncludeOneNote DWORD 1
IsDynamic DWORD 1 If set to ‘1’ the VHD(X) that

is created will be dynamic. If
set to ‘0’ the created VHD(X)
will be fixed size.
KeepLocalDir DWORD 0 1: The “local_%username%”

folder will be left on the
system, after sign out. It will
also be used again if the
same user signs on again.
LockedRetryCount DWORD 12 Specifies the number of

retries attempted when a
VHD(X) file is locked (open
by another process or
computer).
LockedRetryInterval DWORD 5 Specifies the number of

retries (see
LockedRetryCount).
MirrorLocalOSTToVHD DWORD 0 0: Do nothing with an

existing OST file. 1: When a
new VHD is created, and
there are contents in the
local OST folder, they will be
copied to the VHD before
the user is given access.3:
When a new VHD is created,
and there are contents in
the local OST folder, they will
be moved to the VHD
before the user is given
access.
NoProfileContainingFolder DWORD 0 1: Profile Container won't

use or create a SID
containing folder for the
VHD(X) file. This setting is
intended for situations
where storage provides a
location that is already
unique per-user. Default
settings for matching VHD
names won't work correctly
if this setting is enabled, and
VHDs for multiple users are
stored in the same location.
NumSessionVHDsToKeep DWORD 2 This setting is used when

VHDAccessMode is set to
'3'. This controls the number
of session VHDs that are
persistent. For example, if
this is set to '2' and the user
creates a 3rd session, a new
session VHD will be created
and used, but it will be
deleted when the 3rd
session ends.
OutlookCachedMode DWORD 0 1: Only when the Profile

Container is attached, the
Outlook setting that enables
cached mode will
temporarily be set until the
container is detached. This
setting insures cached mode
is used only when the
container is attached. 0:
Prevents FSLogix from doing
anything with cached mode.
NOTE: Outlook must be
configured for online
mode for this feature to
work. This insures if
FSLogix gets disabled,
that large OST files won't
be downloaded.
HKEY_LOCAL_MACHINE\S
oftware\Policies\Microsof
t\office\16.0\Outlook\OS
T\NoOST:DWORD = 2
OutlookFolderPathOutlookF REG_SZ The path to the user’s

olderPath Outlook folder. Default is
“%userprofile%\AppData\Lo
cal\Microsoft\Outlook

to sign out.

out.
ReAttachRetryCount DWORD 60 Specifies the number of

times the system should
attempt to reattach the
VHD(X) container if it's
disconnected unexpectedly.
Re-AttachIntervalSeconds DWORD 10 Specifies the number of

retries when attempting to
reattach the VHD(X)
container if it's disconnected
unexpectedly.
RebootOnUserLogoff DWORD 0 A value of ‘0’ means, “Take

means, “Reboot when any
user signs out”, a value of ‘2’
means, “Reboot when a
FSLogix Profile user signs
out”.
RedirectType DWORD 2 A value of '1' means, Use

legacy redirection. A value of
'2' (default) means, Use
FSLogix advanced
redirection.
RefreshUserPolicy DWORD 0 If a GPO is configured for an

Office Product that is
included in Office Container,
there may be a conflict with
a previous user setting.
Standard behavior is for the
GPO to be applied, but
when the Office Container is
read, the GPO will be over-
written by the setting in
Office Container. If the
desire is for the GPO change
to be universally applied,
then this setting should be
set to 1 prior to the GPO
update being applied. When
this setting is set to 1, then
Office Container will
overwrite the previous user
setting with the GPO
setting. NOTE: there is a
performance implication
to setting
RefreshUserPolicy to 1.
RefreshUserPolicy should
not be set, or should be
set to 0, unless there is a
specific GPO event. After
the GPO event, the setting
should be referted to
default
RemoveOrphanedOSTFilesO DWORD 1 A value of '0' or lack of this

nLogoff setting results in no action.
A value of '1' will cause
duplicate OST files to be
removed. NOTE: Review
the following, in full,
before setting. In rare
cases, duplicate OST files
are created for a user.
This circumstance has
been documented to
occur with and without
the use of a non-
persistent profile. When
the profile is stored in the
standard file system,
administrators may
remove orphaned or stale
OST files by deleting
them. When using Profile
Container the OST file in a
VHD, isn't as visible. Over
long periods of time
duplicate OST files may
consume incremental disk
space. Setting this option
to 1 will cause Profile
Container and Profile
Container for Office to
remove all OST files in a
VHD(X), except the OST
with the latest modify
date. Administrators
should be familiar with
the use of OST files, and
potential implications,
before choosing to
enable this setting.
RoamSearch DWORD 0 Used to control the Profile

Container Search Roaming
feature. Set to '1' or '2' to
enable the feature. See
Roaming the Windows
Search Database for details.
See Configure Search
Roaming for details. NOTE:
RoamSearch is set prior
to GPOs being applied, it
is not possible to rely on
GPOs to set RoamSearch
in environments where a
boot.
SIDDirNameMatch REG_SZ %sid%_%username% Specifies a string pattern

%osbuild%,
%osservicepack%,
%profileversion%,
SIDDirNameMatch and
SIDDirNamePattern
different, verify
SIDDirNameMatch and
either.
SIDDirNamePattern REG_SZ %sid%_%username% Specifies a string pattern

%osbuild%,
%osservicepack%,
%profileversion%,
SIDDirNameMatch and
SIDDirNamePattern
different, verify
SIDDirNameMatch and
either.
SIDDirSDDL REG_SZ SDDL string representing

creating the SID container
folder. See the What are
ACLs and SDDL? appendix
for more information.
SizeInMBs DWORD 3000 Specifies the size of newly

created VHD(X) in number
of MBs. Default of 3000 =
30 GB
VHDAccessMode DWORD 0 0: Normal direct access

behavior. This is the simplest
access model, but only
allows one concurrent
session. 1: A difference disk
will be used and stored on
the network. This allows for
simultaneous session access.
This mode should not be
used if the O365 Container
is being used with Outlook
Cached Exchange mode. 2:
A difference disk will be used
and stored on the local
machine. This allows for
simultaneous session access.
This mode should not be
used if the O365 Container
is being used with Outlook
Cached Exchange mode. 3:
A unique VHD(X) will be
used for each concurrent
session. These VHD(X) files
will typically persist so that
they can be used the next
time a user creates a
session. To control the
number of VHD(X) files that
will persist, see the
NumSessionVHDsToKeep
setting. NOTE:If the O365
Container is being used
with Outlook Cached
Exchange mode,
VHDAccessMode 0 or 3
must be used.
VHDNameMatch REG_SZ Profile* Specifies a string pattern

used to match (find) the
profile VHD(X) file. Variable
%userdomain%,
%sid%,%osmajor%,
%osservicepack%,
%profileversion%,
*NOTE-1: In almost all
cases, if VHDNameMatch
they should match. Unless
use case that requires these
verify VHDNameMatch and
VHDNamePattern are the
same when changing either
setting. NOTE-2: Beginning
in 2.9.4 VHDNameMatch
appends either .vhd or
.vhdx to the Name Match
string. Before 2.9.4 this
search used a . rather than
specifying the file type. the
VolumeType setting will
determine which file type is
appended.**
VHDNamePattern REG_SZ Profile_%username% Specifies a string pattern

used when creating a profile
VHD(X) file. Variable names
are delimited with '%'
%userdomain%,
%sid%,%osmajor%,
%osservicepack%,
%profileversion%,
if VHDNameMatch and
VHDNamePattern are
they should match. An
administrator should have
a well understood use
case that requires these
verify VHDNameMatch
the same when changing
either setting.

resolved. Supported
%osbuild%,
%osservicepack%,
VHDXSectorSize DWORD 0 Sector size to use if the file

being created is a VHDX.
Currently can only be 512
(0x200) or 4096 (0x1000).
Setting of 0 (default setting)
results in system default
being used
VolumeType REG_SZ "vhd" A value of "vhd" means that

newly created files should be
of type VHD. A value of
"vhdx" means that newly
created files should be of
type VHDX.
VolumeWaitTimesMS DWORD 20000 Specifies the number of

milliseconds the system
should wait for the volume
to arrive after the VHD(X)
has been attached.
Cloud Cache registry configuration reference
NOTE
Cloud Cache configuration may be used for both Profile Container and Office Container. For Profile Container registry
settings are applied here: HKLM\SOFTWARE\FSLogix\Profiles. For Office Container registry settings are applied here:
HKLM\SOFTWARE\Policies\FSLogix\ODFC.
When using Cloud Cache, CCDLociations replaces VHDLocations. CCDLocations and VHDLocations may not both be present
at the same time.
For a the full Profile Container reference see: Profile Container registry configuration reference. For a the full Office Container
reference see: Office Container registry configuration reference.

CCDLocations (Required REG_SZ / MULTI_SZ Specifies the storage type

Setting) and location of Cloud Cache
remote containers.
CCDLocations should be
used INSTEAD OF
VHDLocations when using
Cloud Cache, see Profile
Containers or Office
Container for further
instructions. When setting
CCDLocations for a base
product, Type must be SMB
and only and one remote
container may be specified.
When setting CCDLocations
for full products, Type may
be any supported
CCDLocations type, and up
to 4 remote container
locations may be specified.
When setting CCDLocation,
the first location set will be
the primary read location.
The primary read location
will be read from, unless it's
unavailable. All locations will
be written to. When setting
CCDLocations, do not
place spaces around
delimiters. CCDLocations
values are always case-
sensitive.. type = Type of
Storage. Supported Storage
Types: SMB, Azure Page
Blobs, andAzure Premium
Page Blobs. See the
Tutorial for step by step
instructions.
ConnectionString = Location
of folder for remote
container. Example:
\Location\Folder.
CCDLocations SMB
Example:
type=smb,connectionStrin
g=\Location1\Folder1;typ
e=smb,connectionString=
\Location2\folder2
ClearCacheOnLogoff DWORD 0 By default, the Local Cache

file won't be removed when
the user sign out. If a user
accesses a system where it is
desirable to have the Local
Cache file deleted when they
sign out, set
ClearCacheOnLogoff to 1
Enabled DWORD Used as described in Profile

Container Reference and
Office Container Reference.
The following values are Cloud Cache Specific and are used for all Cloud Cache implementations whether applied to Profile Containers
or Office Containers. These settings are applied here: Registry Key: HKLM\SYSTEM\CurrentControlSet\Services\frxccd\Parameters
CacheDirectory REG_SZ CacheDirectory specifies the

location of the Local Cache
file. By default, the local
Cache file will be placed in
C:\ProgramData\FSLogix\Cac
he. The Local Cache file may
be placed on another
mapped drive or a UNC.
CacheDirectory and
ProxyDirectory MUST NOT
be the same location as the
Proxy File and the Cache File
are the same name and will
conflict. IMPORTANT:
When considering the
location of the Local
Cache file, it's critical to
select storage that is
Highly Available and High
Performing. Storage that
is appropriate for the
Local Cache file will have
performance and
availability characteristics
similar to higher
performing local storage.
NOTE: CacheDirectory is
set prior to GPOs being
applied, it is not possible
to rely on GPOs to set
CacheDirectory in
environments where a
boot.
The following values are Cloud Cache Specific and are used for all Cloud Cache implementations whether applied to Profile Containers
or Office Containers. These settings are applied here: Registry Key: HKLM\SYSTEM\CurrentControlSet\Services\frxccds \Parameters

ProxyDirectory REG_SZ ProxyDirectory specifies the

location of the Local Proxy
Stub file. By default, the local
Cache file will be placed in
C:\ProgramData\FSLogix\Pro
xy. The Proxy Directory may
be placed on another
mapped drive.
CacheDirectory and
ProxyDirectory MUST NOT
be the same location as the
Proxy File and the Cache File
are the same name and will
conflict.
NOTE
Although it is possible to change the location of the Proxy Directory, it is strongly recommended that this is only done when
there is no C drive. The Proxy Directory contains no data.
FSLogix Command-Line Utility command reference
Redirection
Command
add-redirect
Description
Add a new path redirection for the virtualization (VT) driver
-src= (required)
Specifies the source path to redirect
-dest= (required)
Specifies the path to act as redirection target
Example
frx add-redirect -src C:\mysource -dest d:\mytest
frx add-redirect -src C:\mysource -dest \?\VolumeXXXXX\Test
frx add-redirect -src=<Source Path> -dest=<Path of redirection target>
Hiding Rule
Command
add-rule -hide
Description
To add a hiding rule, specify the following options with add-rule:
-hide (required) -src-parent= (required) If this rule is for a directory or registry key, the directory or key path is
entered here. If this is for a file or registry value, the parent directory or parent registry key path is entered here.
-src= (optional)
represents the name of the file or registry value. This parameter is not used when the rule is targeted for a
directory or registry key.
-volatile (optional)
This option tells the system not to persist this Rule. The Rule will disappear when the driver is stopped (either
manually or if the system is restarted).
Example
frx add-rule -hide -src-parent="C:\users\admin\desktop" -src="chrome.lnk" -volatile
frx add-rule -hide -src-parent=<folder or directory key>
Redirect Rule
Command
add-rule -redirect
Description
To add a redirect rule, specify the following options with add-rule:
-redirect (required) -src-parent= (required) If this rule is for a directory or registry key, the source directory or
source key path is entered here. If this is for a file or registry value, the source parent directory or source parent
registry key path is entered here.
-src= (optional)
represents the name of the source file or source registry value. This parameter is not used when the source object
of a rule is a directory or registry key.
-dest-parent= (required)
If this rule is for a directory or registry key, the destination directory or destination key path is entered here. If this
is for a file or registry value, the destination parent directory or destination parent registry key path is entered
here.
-dest= (optional)
represents the name of the destination file or destination registry value. This parameter is not used when the
destination object of a rule is a directory or registry key.
-no-copy (optional)
By default, when a redirect is about to happen, the FSLogix Apps Agent checks to see if the destination file,
directory, registry key, or registry value exists. If it does exist, the request is simply redirected. If the object does not
exist, the object will be created (and in the case of a file or registry value, the contents of the source object copied
to the destination object) and then the redirection will happen. This flag tells the system not to do this check and to
simply redirect.
-volatile (optional)
This option tells the system not to persist this Rule. The Rule will disappear when the driver is stopped (either
manually or if the system is restarted).
Example
frx add-rule -redirect -src-parent="C:\windows" -src="bad.ini" -dest-
parent="USER_PROFILE_PATH\badprogram" -dest="bad.ini"
frx add-rule -redirect -src-parent=<folder or key name>
Add Secure Key to Credential Manager

Command
add-secure-key
Description
Places information in the Windows Credential Manger (Credential Vault) under the SYSTEM user with fslogix/
prefix to be used with Azure Cloud Cache Connection String
-key = name of key to be used in Azure Connection String
NOTE: fslogix/ is automatically prefixed to the key when the key is generated with frx.exe add-secure key
-value = this is the value that is intended to be secured, it is anticipated that this will be utilized with the Azure
Account Key.
The secure key may be accessed in CCDLocations when using the azure Type by placing the key name with pipes.
Example
Use in registry setting as:
type=smb,connectionString=\FILESERVER\SharedFolder;type=azure,connectionString="DefaultEndpointsProtoc
ol=https;AccountName=myAccountName;AccountKey=|fslogix/myAccountKey|;EndpointSuffix=mySuffix"
frx add-secure-key -key=<key variable name> -value=<value of key to be assigned to variable name in credential
manager>
Edit Profile
Command
begin-edit-profile
Description
Attaches the specified VHD or VHDX and attaches the registry hive so the contents of the profile can be viewed
and edited. Prints out a cookie that should be handed back with a end-edit-profile command line to clean up.
-filename (required) Specifies the path to the VHD (X) file \n );
Example
frx begin-edit-profile -filename C:\Profile.vhd
frx begin-edit-profile -filename <path to profile VHD>
Copy folder to VHD

Command
copyto-vhd
Description
Copies a folder along with all sub folders and files to a VHD container.
-filename= (required)
Full file path and name of the VHD file to be created
-src= (required)
Full path to source folder
-size-mbs= (optional)
Size of the VHD in number of MBs
-vhdx-sector-size= (optional)
VHDX only. Specifies the sector size to use.
-dynamic=<0|1> (optional)
Set to “1” for a dynamic sizing VHD, or “0” for a full allocation VHD
-src-parent= (optional)
Path to a parent VHD. If specified, the new VHD will be created as a differencing disk.
(O PTIO NAL) -label=
Label to assign to the new volume.
Example
frx copyto-vhd -filename=<VHD file for folder to be copied to> -src=<folder to be copied to vhd>
Copy Profile to VHD

Command
copy-profile
Description
Copies the specified local user profile to a VHD or VHDX container. If the VHD file does not exist, it will be created,
formatted, as appropriate.
-username= (required unless sid is specified)
‘username’ or ‘domain\username’
-sid= (required unless username is specified)
Can be used instead of username to identify the profile
Path to a parent VHD. If specified, the new VHD will be created as a difference disk.
-profile-path= (optional)
Path to the folder that contains the profile. If this is not specified, the profile location will be read from the registry.
-verbose (optional)
Enables verbose output
Example
frx copy-profile -filename=<VHD file for folder to be copied to> -username=<username for profile>
Create junction to specified VHD

Command
create-junction
Description
Creates a junction point to a target volume or directory.
-src=(required)
Specifies the drive or directory where the junction point will be added.
-dest=(required)
Specifies the target directory or volume.
-name
Indicates the optional display name.
Example
frx create-junction -src=E:\ -dest \Volume{2dd97d8a-3bab-11e1-b9ff-080027e238aa} frx create-junction -
src=C:\TestDir -dest C:\Data
frx creae-junction -src=<source folder for redirection> -dest=<destination vhd for junction>
Create an FSLogix Rule Set

Command
create-ruleset
Description
Creates a Rule Set by scanning the specified install directory
-filename (required)
Specifies the name of the file to be created.
-install-dir (required)
Specifies the installation path of the application to be scanned.
-ARP -keyname (required)
Specifies the Add/Remove Program registry location
Example
frx create-ruleset -name Chrome -install-dir "C:\Program Files\Google\Chrome\Application" -ARP -keyname
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"
frx create-ruleset -filename=<name of file to be created> -install-dir=<specifies the path where the
application to be scanned is installed> -ARP-keyname<add remove program registry location>
Create new VHD

Command
create-vhd
Description
Example
frx create-vhd -filename=<vhd file to be created>
Delete active redirection

Command
del-redirect
Description
Delete an active VT driver redirection
-src= (required)
Identifies the redirect source path of the redirection to be removed
Example
frx del-redirect -src=C:\MyData\Docsfrx del-redirect -src C:\MyData\Docs
frx del-redirect -src=<path for redirection to be removed>
Delete FSLogix rule

Command
del-rule
Description
Deletes a rule. To delete a rule you must identify the rule to remove by specifying the src-parent and src (if any).
-src-parent= (required)
If this rule is for a directory or registry key, the directory or key path is entered here. If this is for a file or registry
value, the parent directory or parent registry key path is entered here.
-src= (optional)
represents the name of the file or registry value. This parameter is not used when the object of a rule is a directory
or registry key.
Example
frx del-rule -src-parent="C:\users\admin\desktop" -src="chrome.lnk"
frx del-rule -src-parent="C:\windows" -src="bad.ini"
frx del-rule -src-parent=<source parent for rule to be deleted> -src=<source to be deleted>
Delete secure FSLogix key from Credential Manager

Command
del-secure-key
Description
Deletes a secure key set with add-secure-key
-key = key name to be deleted
NOTE: the key name that is passed here does NOT include the fslogix/ prefix
Example
frx del-secure-key -key<name of key only without fslogix/ prefix>

Edit Profile Container Profile
Command
edit-profile
Description
Attaches the specified VHD or VHDX and opens Explorer and Regedit windows for the container contents. Press
any key and the windows will be closed and the VHD detached from the system.
Full file path and name of the VHD file to be attached
Example
frx edit-profile=<vhd file that contains profile to be edited>
Enable Shell Refresh Notification

Command
enable-shnot
Example
frx enable-schnot
End editing profile

Command
end-edit-profile
Description
Detaches the specified VHD or VHDX and the registry hive.
-cookie (required)
Specifies the cookie printed out from the begin-edit-profile call
Specifies the path to the VHD (X) file
Example
frx end-edit-profile -cookie=4876 -filename=C:\Profile.vhd
frx end-edit-profile -cookie=<cookie provided from begin edit profile> -filename=<filename of vhd containing
the profile being edited>
Export Profile Configuration

Command
export-profilecfg
Description
Exports profile configuration settings and inclusion/exclusion group memberships to a file. The settings can be
imported later with the import-profilecfg command or with the Profile Configuration Tool
Specifies the file/location for the configuration data to be stored.
Example
frx export-profilecfg -filename=C:\profiles.frxconfig
frx export-profilecfg -filename=<folder/file where the data will be exported>
Help
Command
help
Description
Displays frx help without parameters, or help for specific command if specified
Example
frx help
frx help
frx help add-rule
frx help
Import Profile Configuration

Command
import-profilecfg
Description
Import profile configuration settings from a file.
The full path to the profile configuration file.
Example
frx import-profilecfg -filename=C:\data.frxconfig
frx import-profilecfg -filename=<folder/file containing exported profile configuration>

List active FSLogix redirects
Command
list-redirects
Example
frx list-redirects
List active FSLogix Rules

Command
list-rules
Example
frx list-rules
List all secure key names in Credential Manager with a fslogix/ prefix
Command
list-secure-key
Example
frx list-secure-key
Move folder and subfolders to VHD

Command
moveto-vhd
Description
-src= (required)
Full path to source folder
-dynamic=<0/1> (optional)
Example
frx moveto-vhd -filename=C:\mydisk.vhd -src=C:\data
frx moveto-vhd -filename=<folder/filename for vhd to move folder to> -src=<folder to be moved to VHD>
Migrate contents of current VHD to a new VHD

Command
migrate-vhd
Description
-src (required)
Specifies the path to the source VHD (X) disk.
-dest (required)
Specifies the new VHD (X) filename.
-dynamic=<0/1> (optional)
Example
frx migrate-vhd -src C:\old.vhdx -dest C:\new.vhdx -dynamic 1
frx migrate-vhd -src=<folder/file of vhd to migrate> -dest=<>
Register a font to the font table

Command
regfont
Description
Registers a font in the system font table.
Specifies the path to the font file.
Example
frx regfont -filename=<path for font file>
Reload FSLogix rules

Command
reload-rules
Description
Instructs FSLogix driver to unload and reload all rules
Example
frx reload-rules
Reports the applicability of a specified rule set by comparing the rule

set to active directory
Command
report-assignment
Description
Specifies the path to the Assignment File.
-username (optional)
Reports the applicability of the Assignment File for the user specified in FQDN syntax.
-verbose (optional)
Enables verbose output.
-csv (optional)
Specifies that output should be in CSV format.
Example
frx report-assignment -filename=C:\test.fxa -username="CN=User,DC=domain"
frx report-assignment -filename=<rules file to be analyzed>
Reset the user search database

Command
reset-user-search-db
Description
Queue's a windows search re-index for the specified user. To be used with the FSLogix Multi-user Search Roaming
feature.
-username (required)
A user's DOMAIN\USERNAME
-sid
A user's SID can be used instead of a username .
Example
frx reset-user-search-db -username=domain\user
frx reset-user-search-db -username=<domain\user whos database is to be reset>
Update active profile redirection

Command
set-profile-redir
Description
Sets the profiles folder redirections configuration.
Specifies the path to the VHD (X) file
-redirections (optional)
Specify the redirections file to copy to the profile
-no-redirections (optional)
Remove any existing redirections from the profile
Example
frx set-profile-redir -filename=C:\Profile.vhd -redirections C:\redir.xml
frx set-profile-redir -filename=<vhd file to be redirected>
Command
show -junction-info
Description
Shows information about a junction point
-src (required)
Specifies the path to the junction point.
Example
frx show -junction-info -src=C:\TestDir
frx show-junction-info -src=<fold with assigned junction>
Font removal from system font table

Command
unregfont
Description
Removes a font from the system font table.
Specifies the path to the font file.
Example
frx unregfont -filename<font file to be removed>
Command
Description
Example
frx
Display FSLogix version information

Command
version
Description
Displays the versions for the command-line, the service, and the driver.
Version information is queried dynamically from the service and the driver so that information for currently
running components is shown. It is possible, although unlikely, that the running components could be a different
version than what is installed. If the service or the driver is not loaded, no version information will be displayed for
that component.
Example
frx versions
FSLogix Disk Management Utility Reference
frxcontext.exe allows you to manage FSLogix containers and aid in managing containers by adding context menu's
to vhd(x) files.
The following commands are executed in an administrator command prompt.
Install
Command
--install
Description
Install FSLogix container management to the Windows context menu for vhd(x) files. Installs for all users.
Example
frxcontext.exe --install
Uninstall
Command
--uninstall
Description
Uninstall FSLogix container management from the windows context menu. Uninstalls for all users.
Example
frxcontext.exe --uninstall
Install per user

Command
--install-per-user
Description
Install FSLogix container management to the Windows context menu for vhd(x) files. Install for the current (logged
in) user.
Example
frxcontext.exe --install-per-user
Uninstall per user
Command
--uninstall-per-user
Description
Uninstall FSLogix container management from the windows context menu. Uninstalls for the current (logged in)
user.
Example
frxcontext.exe --uninstall-per-user
Attach VHD)x)
Command
<vhd(x)>
Description
Attaches a FSLogix profile or Office 365 container for edit.
Example
frxcontext.exe <C:\path\to\profile_user.vhdx>
Alternate Mount / Unmount

After installation, you may also mount and unmount using the interface.
Mount Right click any Profile Container or Office Container and select Mount for FSLogix edit.
Profile containers: Two windows will open, the user's registry and a File Explorer window pointing into the
vhd(x) disk.
Office 365 containers: A single File Explorer window will open showing your Skype, Outlook, and One-drive
data.
Unmount
After mounting a container, it is represented in the tray. To unmount, right-click on the icon in the tray representing
the VHD (X) and select Unload FSLogix VHD<C:\path\to\profile_user.vhdx>
Logging and diagnostics
The various components of the FSLogix create comprehensive logs. Examination of log files is the first place to
look when diagnosing system behavior.
At the top of each log file, the system records basic information including versions of the FSLogix agent
components.
Each operation performed by FSLogix components will create a section that contains all of the relevant log entries
for that operation.
At the beginning of each day, a new log file is created. The daily log files are kept for 7 days by default. Log files
older than this period are deleted.
The default path for the log files can be changed. For example, it may be useful to redirect the log files to a
network share when using non-persistent machines.
For each log entry, an entry of zero indicates success. When looking for problems, scan for non-zero entries.
##Initial state
A new install (or an install after an uninstall) will set the default level of logging. A new install will also clear
previous logging settings and return to defaults. An upgrade install will leave all logging settings as they exist
before the ungrade install.
Logging settings and configuration

The following settings are set in: Registry Key: HKLM\SOFTWARE\FSLogix\Logging
VALUE NAME VALUE TYPE VALUE DEFINITION
LogDir REG_SZ Specifies the location where log files

should be stored. Local and UNC paths
are accepted. Default is
%ProgramData%\FSLogix\Logs.
logging is done as SYSTEM when
logging to a local drive, and as the
Computer Object when logging to a
network share. When logging to the
network, be sure to grant access for
the Computer Object to the network
share and the folder.
LogFileKeepingPeriod DWORD New log files are begun each day. This
specifies how many to keep. If the value
is not set, the default is ‘7’. Default set
by install is 2.
VALUE NAME VALUE TYPE VALUE DEFINITION
LoggingEnabled DWORD This value can be '0', '1', or '2'. When

set to '0', the specific settings for each
log file are ignored and all log files are
disabled. When set to '1' the specific
settings for each log file are honored.
When set to '2', the specific settings for
each log file are ignored and all log files
are enabled. Default set by install is 2.
LoggingLevel DWORD This value be set between 0 and 3

inclusive, with the following meanings.
Changing this value will take effect at
the next reboot. 0 - Log DEBUG level
messages and higher 1 - Log INFO
level messages and higher 2 - Log
WARN level messages and higher 3 -
Log ERROR level messages and higher
RobocopyLogPath REG_SZ Specifies a log file name and path where

the output of robocopy calls (e.g.,
during mirroring of data in or out of a
VHD) will be logged. If the value is non-
existent then the robocopy results are
not logged at all. This setting is
recommended to be used only for
troubleshooting.
Component specific log files

The following settings are set in: HKLM\SOFTWARE\FSLogix\Logging
All values are of type DWORD and are set to '0' to disable logging for the component, or '1' to enable logging for
the component.
COMPONENT VALUE NAME DEFAULT DEFAULT PATH
Profile Configuration Tool ConfigTool 1 %ProgramData%\FSLogix\Lo

gs\ConfigTool.
IE Plugin (Java Control) IEPlugin 0 %UserProfile%\AppData\Loc

alLow\FSLogix\Java\Logs
Rule Editor RuleEditor 0 %ProgramData%\FSLogix\Lo

gs\RuleEditor
Java Rule Editor JavaRuleEditor 0 %ProgramData%\FSLogix\Lo

gs\JavaRuleEditor
FSLogix Agent Service Service 0 %ProgramData%\FSLogix\Lo

(frxsvc.exe) gs\Service
Profiles Profile 1 %ProgramData%\FSLogix\Lo

gs\Profile.
COMPONENT VALUE NAME DEFAULT DEFAULT PATH
Java Launcher FrxLauncher 0 %ProgramData%\FSLogix\Lo

gs\FrxLauncher
Office 365 Container ODFC 0 %ProgramData%\FSLogix\Lo

gs\ODFC
Rule Compilation RuleCompilation 0 %ProgramData%\FSLogix\Lo

gs\RuleCompilation
Font Visibility Font 0 %ProgramData%\FSLogix\Lo

gs\Font
Network Information Network 0 %ProgramData%\FSLogix\Lo

gs\Network
Printer Visibility Printer 0 %ProgramData%\FSLogix\Lo

gs\Printer
AD Computer Group AdsComputerGroup 0 %ProgramData%\FSLogix\Lo

Processing gs\AdsComputerGroup
Driver Interface DriverInterface 0 %ProgramData%\FSLogix\Lo

gs\DriverInterface
Windows Search Roaming Search 1 %ProgramData%\FSLogix\Lo

gs\Search.
Windows Search Plugin SearchPlugin 0 %ProgramData%\FSLogix\Lo

gs\SearchPlugin
Process Start Monitor ProcessStart 0 %ProgramData%\FSLogix\Lo

gs\ProcessStart
Status, reason, and error codes
The Profile Container and the Office Container set three values that represent the state of Profile Container or
Office Container:
Status
Reason
Error
Profile Container stores error values here: HKLM\Software\FSLogix\Profiles\Sessions<UserSID>
FSLogix Office Container stores error values in two places:
HKLM\Software\Policies\FSLogix\ODFC\Sessions<UserSID> and HKCU\Software\FSLogix\ODFC\Sessions
If Status is zero, the system is in a working state and Reason will reflect the state. For example, if Status and
Reason are both zero, then the FSLogix Container is attached and working for this user.
Status Codes
CODE DESCRIPTION EXPLANATION
0 STATUS_SUCCESS The system is working as expected.

Check Reason to see the state of the
Profile.
1 STATUS_ERROR The system is in an error state.
2 STATUS_ERROR_VIRT_DLL The DLL that provides the Virtual Disk

API ("virtdisk.dll") cannot be found.
3 STATUS_ERROR_GET_USER Unable to get the user SID from the

user token.
5 STATUS_ERROR_SECURITY A security API failed.
6 STATUS_ERROR_VHD_PATH There was an error determining the

path to the VHD/X file.
7 STATUS_ERROR_CREATE_DIR There was an error creating a directory.
8 STATUS_ERROR_IMPERSONATION There was an error impersonating the

user.
9 STATUS_ERROR_CREATE_VHD There was an error creating the VHD/X

file.
10 STATUS_ERROR_CLOSE_HANDLE There was an error closing a handle.
11 STATUS_ERROR_OPEN_VHD There was an error opening the VHD/X

file.
12 STATUS_ERROR_ATTACH_VHD There was an error attaching the

VHD/X.
13 STATUS_ERROR_GET_PHYSICAL_PATH There was an error getting the physical

path of the virtual disk.
14 STATUS_ERROR_OPEN_DEVICE There was an error opening the device.
15 STATUS_ERROR_INIT_DISK There was an error initializing the disk.
16 STATUS_ERROR_GET_VOL_GUID There was an error retrieving the

volume GUID.
17 STATUS_ERROR_FORMAT_VOL There was an error formatting the

volume.
18 STATUS_ERROR_GET_PROFILE_DIR Unable to determine the user's profile

directory.
19 STATUS_ERROR_SET_MOUNT_POINT There was an error creating a junction

in the file system.
20 STATUS_ERROR_REG_IMPORT There was an error importing registry

data.
21 STATUS_ERROR_CHK_GRP_MEMBERSHI There was an error checking group

P membership for the user.
22 STATUS_ERROR_HANDLE_PROFILE There was an error trying to determine

the profile type.
23 STATUS_ERROR_PROFILE_SUBFOLDER_ There was an error processing the

REDIRECTION redirections.xml file.
100 STATUS_WAITING_FOR_PROFILE_DIR_S The VHD/X is attached and ready. The

ET system is waiting for the Windows
Profile Service to begin creation of the
user's profile.
200 STATUS_IN_PROGRESS The FSLogix Profile system is currently

working on setting up the profile.
300 STATUS_ALREADY_ATTACHED The FSLogix Profile was already

attached for the user logging on. This
only happens on a machine that has
been configured to allow multiple,
concurrent logons for the same user.
Reason Codes
4 PROFILE_REASON_SHORT_SID The FSLogix system will not handle

profiles for special users.
2 REASON_IN_BLACK_LIST The user is a member of the FSLogix

Exclude group, and should therefore
not receive a FSLogix Profile.
3 REASON_LOCAL_PROFILE_EXISTS A local profile for the user already

exists.
1 REASON_NOT_IN_WHITE_LIST The user is not a member of the

FSLogix Include group, and should
therefore not receive a FSLogix Profile.
0 REASON_PROFILE_ATTACHED The FSLogix Profile has been attached

and is working.
Error Codes
Usually when an FSLogix component is not working, Error will be set. When it is set, it corresponds to a standard
Windows Error Code.
FSLogix installed components and functions
There are five main components of the Agent. The command-line utility, service, two drivers, and the IE Browser
Helper Object. All of these components are installed in the main application installation directory at C:\Program
Files\FSLogix\Apps.
##frx.exe The command-line utility, frx.exe, lets you manage rule sets and many other features of FSLogix Apps. A
reference of all commands the command-line utility accepts may be found here. The utility is installed to
c:\program files\fslogix\apps.
frxsvc.exe
The service, frxsvc.exe, communicates with the Command Line (frx.exe) and Drivers (frxdrv.sys and frxdrvvt.sys), as
well as monitors the rules directory for changes.
The service starts automatically when the computer starts and remains running while the computer is powered on.
frxdrv.sys and frxdrvvt.sys

The frxdrv.sys driver is a combined File System Filter driver and Registry Filter driver (mini-filter). It is responsible
for handling file system and registry requests to make hiding and redirection work.
The frxdrvvt.sys driver is a File System Filter driver (mini-filter). It provides the advanced redirection functionality
used by FSLogix solutions.
IE Browser Helper Objects - frxlauncher.exe and frx_plugin_*.dll

The FSLogix Apps browser helper object is necessary for Java virtualization.
The Internet Explorer Browser Helper Object is comprised of the following files:
frx_plugin_ie_helper_x64.dll frx_plugin_ie_Win32.dll frx_plugin_ie_x64.dll frxlauncher.exe
These DLLs are registered only if Java Rules are present in the environment.
frxcontext.exe
frxcontext.exe allows you to manage FSLogix containers as well as aid in managing containers by adding context
menu's to vhd(x) files. A reference for frxcontext.exe is found here
frxrobocopy.exe
Frxrobocopy is used to exclude the file copy, done by the FSLogix agent, from Anti-virus scanners.
Since the FSLogix agent only copies files that have already been scanned by the AV product, the admin can use this
feature to bypass scanning of the files to improve system performance.
To enable this frxrobocopy:
Copy robocopy.exe to the %Program Files%\FSLogix\Apps folder as frxrobocopy.exe
Add an exclusion for the anti-virus product for %Program Files%\FSLogix\Apps\frxrobocopy.exe
If frxrobocopy.exe exists in the FSLogix\Apps folder, it will be used and the AV product will not scan the file copying
activity.
usermode DLL
In order to achieve the desired behavior in some circumstances. Processes must be hooked with an FSLogix User
mode module. These include Outlook to maintain a per user search database and printers in order to be hidden
properly depending on the user. Logs for User mode may be found in the User mode log.
Configuration for the User mode DLL: Registry Key: HKLM\SOFTWARE\FSLOGIX\UserModeDll
VALUE NAME VALUE TYPE DEFAULT VALUE DESCRIPTION
OutlookSearchComponentE DWORD 1 0 - Disabled, Outlook search

nabled will be handled by Windows.
1 - Enabled, Outlook search
may be handled by FSLogix
PrinterComponentEnabled DWORD 0 Required to make Printer

hiding work across all OSs. 0
- Disabled, Printer hiding will
work in some situations, but
not all. 1 - Enabled, Printer
hiding will successfully hide
printers on all operating
systems.
ProcInitTimeoutMs DWORD N/A Allows the user to specify a

maximum allowed time in
milliseconds for the User
mode Dll injection to
succeed before moving on.

FSLogix Admin Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FSLogix Admin Guide

Uploaded by

Copyright:

Available Formats

Contents

Configure Profile Container

Implement Application Masking

Configure Profile Container Registry settings

VALUE TYPE CONFIGURED VALUE DESCRIPTION

Enabled (required setting) DWORD 1 0: Profile Containers

VHDLocations (required MULTI_SZ or REG_SZ A list of file system locations

VHDLocations may be replaced by CCDLocations when using Cloud Cache

VALUE TYPE CONFIGURED VALUE DESCRIPTION

DeleteLocalProfileWhenVHD DWORD 0 0: no deletion. 1: delete local

FlipFlopProfileDirectoryNam DWORD 0 When set to ‘1’ the SID

PreventLoginWithFailure DWORD 0 If set to 1 Profile Container

PreventLoginWithTempProfil DWORD 0 If set to 1 Profile Container

Set up Include and Exclude User Groups

Configure Office Container Registry settings

VALUE TYPE CONFIGURED VALUE DESCRIPTION

Enabled (required setting) DWORD 1 0: Profile Containers

VHDLocations (required MULTI_SZ or REG_SZ A list of file system locations

VHDLocations may be replaced by CCDLocations when using Cloud Cache

VALUE TYPE CONFIGURED VALUE DESCRIPTION

DeleteLocalProfileWhenVHD DWORD 0 0: no deletion. 1: delete local

FlipFlopProfileDirectoryNam DWORD 0 When set to ‘1’ the SID

PreventLoginWithFailure DWORD 0 If set to 1 Profile Container

PreventLoginWithTempProfil DWORD 0 If set to 1 Profile Container

IncludeOneDrive DWORD 1 1: OneDrive cache is

IncludeOneNote DWORD 0 1: OneNote notebook files

IncludeOneNote_UWP DWORD 0 1: OneNote UWP notebook

IncludeOutlook DWORD 1 1: Outlook data is redirected

IncludeOutlookPersonalizati DWORD 1 1: Outlook personalization

IncludeSharepoint DWORD 1 1: Sharepoint data is

IncludeSkype DWORD 1 1: Skype for Business Global

IncludeTeams DWORD 0 1: Teams data is redirected

By default Everyone is added to the FSLogix ODFC Include List group.

Configure third party exclusions

Configure Cloud Cache for SMB

REGISTRY VALUE TYPE VALUE

CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=

<Location for Cloud Cache Provider>

CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=

<Location for Cloud Cache Provider>

Configure Cloud Cache for Azure Page Blobs

REGISTRY VALUE TYPE VALUE

CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=

<Location for Cloud Cache Provider>

CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=

<Location for Cloud Cache Provider>

Protect Azure Key with Credential Manager

REGISTRY VALUE TYPE VALUE

CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=

COMMAND PARAMETERS RESULT

frx.exe del-secure-key -key keyName *Deletes specified key

frx.exe list-secure-key Lists secure keys with fslogix/ prefix

Create your first Rule Set

Select the application that you would like to manage

Specific rules describing the items within the Rule Set

Test your Rule Set

Make Assignments for your Rule Set

Click the type of assignment

Specify if you would like the rule to Apply or Not Apply

Cloud Cache design and functionality

Configuration order and prioritization

Moving to Cloud Cache from traditional FSLogix Profile Container or

Using Cloud Cache in persistent physical environments

Get started with the Configure Cloud Cache Tutorial