Note – as of today (13 May 2021) I have noticed that the images are missing from this post, because they were linked from my old blog. I will be rewriting the post as soon as I am able to restore them.
Let’s have a quick look at some cool tricks we can pull off with FSLogix.
FSLogix (now owned by Microsoft) isn’t just about mounting VHDs for profiles and OST files. It’s actually a full suite of products based around the FSLogix filter driver. As well as application masking, profile roaming, large file handling, Java remediation and now the new(ish) CloudCache feature, there are a few other cool things you can do that are a bit lesser-known. The Redirection feature is one of these, and allows you to do all sorts of clever stuff. I’m hoping that Microsoft keep all of these features in their entirety and don’t sunset any of them – so far, there’s no sign of that, so the initial prognosis is very good.
I find Redirection very handy. Essentially, it allows you to redirect any file, folder, Registry value or Registry key to another location. Now this is VERY handy for device-specific settings that you wish you could manage on a per-user or per-group basis. I’ve done quite a few things with this and there will be more coming soon – here’s a couple of useful profile-related ones to get us started.
- Multiple default profiles
One thing that is ABSOLUTELY device-specific is the default profile. Normally when users log into a device they receive a standard set of default profile settings, and then anything specific to the user’s groups or department is overlaid using Group Policy or other environment management tools. In many cases, especially where there are wholesale changes required to the profile for specific departments or tasks, it can be very handy to have specific default profiles within the image for specific sets of users. It also reduces the reliance on Group Policy to process when the user is logging in for the first time, so it has benefits for your logon KPIs and general performance. If you want to take advantage of this, this is how to set it up.
Firstly you obviously need to create a number of default profiles, as many as you require 🙂 Doing this from Windows 10 Audit Mode and then using sysprep with the /copyprofile switch specified is the easiest way to do this, here is an article that shows you exactly how to do it. When I went through the process, I took a snapshot of my reference image just prior to running sysprep so when I had saved out the first default profile I created I could easily go back and create another one with extra modifications. When finished, I saved them into two separate subfolders of C:\Profiles on the base image, but you can do this on the network as well if you wish, it’s not tied to being local. However in the interests of eliminating points of failure, I prefer to keep all copies of the default profiles local to the golden image and update them centrally within there.
Simply set up a couple of FSLogix Rules that do Redirection as so
Note that we have selected “Directory/Registry Key” and unticked the “Copy object” option for this.
Then we just need to assign each rule to a user (or a group) as below
After you deploy these Rules to the endpoints, when one of these users logs in to the image for the first time, their profile will be created not from the usual location of C:\Users\Default but instead spawned from the custom location we have specified. As said previously, this doesn’t have to be local to the image – you can point to the network instead, but if for whatever reason the folder is unavailable, the user will be unable to log on.
When this is working, users will get different default profiles used and henceforth a different base look and feel (demonstrated below)
So there it is – multiple default profiles available on the same image, which I find immensely useful 🙂
2. Custom Windows 10 Start Layouts
Now, you can manipulate the default Windows 10 Start Tiles layout in a number of ways, which are covered in this earlier article. One of the best things covered here is the ability to have different Start Tiles layouts for different versions of the Windows 10 OS by using a WMI filter to apply a specific LayoutModification.xml file to the machine at startup. However, this makes it somewhat difficult to filter this, because as it this file sits in C:\Users\Default\AppData\Local\Microsoft\Windows\Shell we can’t filter by user or user group, either in Security Filtering or Group Policy Preferences. It would be nice to allow different users on the same image to get different sets of Start Tiles delivered to them when they first log on, to match their department or function, yes? You could do this with some GPO filtering, but then the users would either be locked or partially locked in their layout, which not everyone finds useful.
So with FSLogix we can easily do this, in a very similar way to the first example. Firstly, set the Start Tiles as you want them, and then create as many sets of XML files as you need using the Export-StartLayout PowerShell cmdlet, and save them in an appropriate location. Make sure each one is called LayoutModification.xml. Run the following script for each custom layout you want to create, obviously changing the path as appropriate!
Export-StartLayout -Path c:\StartLayouts\Set1\LayoutModification.xml
Once I’ve done this, I modify the Start Tiles again for my next group of users, and then export to a different location
Export-StartLayout -Path c:\StartLayouts\Set2\LayoutModification.xml
Then it’s just a case of setting up a couple of FSLogix Redirection rules to direct the file c:\users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml to the custom file we have created. Essentially, we’re doing a very cut-down version of what we did with the entire default user profile earlier.
Once these rules are assigned to specific users or groups and then copied to the endpoint, we can now have a default Start Tiles layout applied on a per-user or per-group basis from the same base image. The two different layouts I applied are shown below
I shall be doing more of these Redirection examples soon – I’ve got some great ideas for it in the pipe and there are a whole host of nifty tricks you can do with it. Stay tuned!