How to Set Up Remote Desktop Profile Management on Windows Server 2019

How to Set Up Remote Desktop Profile Management on Windows Server 2019

Profile management for Remote Desktop Services users on Windows Server 2019 is critical for ensuring users have a consistent experience across multiple RD Session Host servers, that profiles load quickly, and that storage consumption remains controlled. Without proper profile management, users connected to different RDSH servers get different profiles, lose their personalisation settings between sessions, and may experience long login times as large roaming profiles are copied across the network at logon.

Profile Management Options

Windows Server 2019 provides several profile management approaches. Traditional roaming profiles copy the entire profile to and from a network share at logon and logoff — this is slow for large profiles. Mandatory profiles are read-only profiles where all changes are discarded at logoff, giving users a clean standard environment each session. User Profile Disks (UPDs) are VHDX files mounted as local disks during sessions, providing near-local performance with central storage. Microsoft FSLogix Profile Containers (available for free with certain Microsoft 365 licences) are the recommended modern approach, storing the entire profile in a VHD container with advanced filtering and redirect features.

Configuring User Profile Disks

User Profile Disks are configured at the RDS collection level and are the built-in profile management solution in Windows Server 2019. Each user gets a dedicated VHDX file stored on a central file share. When the user logs in to any RDSH in the collection, their UPD is mounted and their profile is available.

# Create the UPD storage share
$UPDPath = "E:UserProfileDisksStandardDesktop"
New-Item -ItemType Directory -Path $UPDPath

# Share the folder with appropriate permissions
New-SmbShare -Name "UPD_StandardDesktop" -Path $UPDPath `
    -FullAccess "NT AUTHORITYSYSTEM", "CORPDomain Admins" `
    -ChangeAccess "CORPAuthenticated Users"

# Set NTFS permissions
icacls $UPDPath /inheritance:r
icacls $UPDPath /grant "CORPDomain Users:(OI)(CI)M"
icacls $UPDPath /grant "NT AUTHORITYSYSTEM:(OI)(CI)F"
icacls $UPDPath /grant "CORPDomain Admins:(OI)(CI)F"

# Enable UPDs on the collection
Set-RDSessionCollectionConfiguration `
    -CollectionName "StandardDesktop" `
    -ConnectionBroker "rdcb01.corp.local" `
    -EnableUserProfileDisk $true `
    -MaxUserProfileDiskSizeGB 10 `
    -DiskPath "\fileserverUPD_StandardDesktop"

Excluding Folders from UPDs

By default, UPDs include the entire user profile. Large or unnecessary folders such as Temporary Internet Files, AppData caches, and game saves can be excluded to keep UPD sizes manageable.

# Configure UPD folder exclusions via Group Policy
# GPO Path: Computer Configuration > Administrative Templates > 
# Windows Components > Remote Desktop Services > RD Session Host > Profiles

# Registry equivalent for exclusions
$ExclusionPath = "HKLM:SOFTWAREPoliciesMicrosoftWindows NTTerminal Services"
Set-ItemProperty -Path $ExclusionPath -Name "UPDExcludeFolderContents_1" `
    -Value "AppDataLocalMicrosoftWindowsTemporary Internet Files"
Set-ItemProperty -Path $ExclusionPath -Name "UPDExcludeFolderContents_2" `
    -Value "AppDataLocalTemp"

# Exclude specific file extensions
Set-ItemProperty -Path $ExclusionPath -Name "UPDExcludeFiles_1" `
    -Value "*.tmp"

Configuring Roaming Profiles for RDS

If you choose traditional roaming profiles, configure the profile path in Active Directory on each user account, or set a mandatory roaming profile path via Group Policy for all RDS users.

# Set RDS profile path via Group Policy (preferred — keeps RDS and regular profiles separate)
# GPO Path: Computer Configuration > Administrative Templates > 
# Windows Components > Remote Desktop Services > RD Session Host > Profiles
# Setting: Set path for Remote Desktop Services Roaming User Profile
# Value: \fileserverRDSProfiles%USERNAME%

# Set via registry equivalent
Set-ItemProperty -Path "HKLM:SOFTWAREPoliciesMicrosoftWindows NTTerminal Services" `
    -Name "WFProfilePath" `
    -Value "\fileserverRDSProfiles%USERNAME%"

# For individual users, set via Active Directory
Set-ADUser -Identity "jsmith" `
    -ProfilePath "\fileserverRDSProfilesjsmith"

Configuring a Mandatory Profile

A mandatory profile is created by renaming NTUSER.DAT to NTUSER.MAN in a template profile folder. Users load this profile at logon but all changes are discarded at logoff. This ensures a clean, consistent environment for every session — ideal for kiosk scenarios or standardised knowledge worker deployments.

# Create a mandatory profile share
New-Item -ItemType Directory -Path "\fileserverMandatoryProfilesStandardUser.v6"
# Note: .v6 is the Windows Server 2019 profile version suffix

# Copy a template profile to the share
# First log in as a template user, customise the profile, then log off
# Then copy the profile using sysprep or robocopy

# Rename NTUSER.DAT to NTUSER.MAN to make it mandatory
Rename-Item -Path "\fileserverMandatoryProfilesStandardUser.v6NTUSER.DAT" `
            -NewName "NTUSER.MAN"

# Set the mandatory profile path via Group Policy
# GPO Path: Computer Configuration > Administrative Templates >
# Windows Components > Remote Desktop Services > RD Session Host > Profiles
# Value: \fileserverMandatoryProfilesStandardUser

Profile Size Management

Monitor and manage profile sizes to prevent disk space exhaustion on the file server and long logon times from large profiles.

# Report UPD sizes for all users in a collection
$UPDShare = "\fileserverUPD_StandardDesktop"
Get-ChildItem -Path $UPDShare -Filter "UVHD-*.vhdx" |
    Select-Object Name, 
        @{Name="SizeGB"; Expression={ [math]::Round($_.Length / 1GB, 2) }},
        LastWriteTime |
    Sort-Object SizeGB -Descending |
    Format-Table -AutoSize

# Identify profiles larger than 5 GB that need investigation
Get-ChildItem -Path $UPDShare -Filter "UVHD-*.vhdx" |
    Where-Object { $_.Length -gt 5GB } |
    ForEach-Object {
        # Get the username from the SID
        $SID = $_.Name -replace "UVHD-", "" -replace ".vhdx", ""
        try {
            $User = ([System.Security.Principal.SecurityIdentifier]$SID).Translate([System.Security.Principal.NTAccount])
            Write-Host "Large profile: $User ($SID) = $([math]::Round($_.Length/1GB,2)) GB"
        } catch {
            Write-Host "Large profile: $SID = $([math]::Round($_.Length/1GB,2)) GB (SID not resolvable)"
        }
    }

Configuring Profile Loading Speed Optimisation

Slow profile loading at RDS logon is a common complaint. Group Policy settings control which profile elements are processed at logon. Disabling slow-processing GPO elements and redirecting large folders outside the roaming profile reduces logon time significantly.

# Configure Folder Redirection to keep large folders off the roaming profile
# GPO Path: User Configuration > Windows Settings > Folder Redirection
# Redirect: Desktop, Documents, Downloads, Pictures, Videos to a network share

# For UPD-based deployments, redirect Documents to a separate share
# GPO Path: User Configuration > Administrative Templates > 
# Desktop > User Configuration > Folder Redirection

# Disable background registry synchronisation to speed logoff
Set-ItemProperty -Path "HKCU:SoftwareMicrosoftWindows NTCurrentVersionWinlogon" `
    -Name "ExcludeProfileDirs" `
    -Value "AppDataLocalTemp;AppDataLocalLow;AppDataLocalMicrosoftWindowsTemporary Internet Files"

Implementing FSLogix Profile Containers

Microsoft FSLogix Profile Containers are the modern recommended approach for RDS profile management. FSLogix is included with Windows Server 2019 and Microsoft 365. It stores the entire user profile in a VHD container with faster attach times than UPDs and supports concurrent sessions.

# Install FSLogix agent on each RDSH server
# Download FSLogix from https://aka.ms/fslogix and run FSLogixAppsSetup.exe

# Configure FSLogix via registry
$FSLogixPath = "HKLM:SOFTWAREFSLogixProfiles"
if (-not (Test-Path $FSLogixPath)) { New-Item -Path $FSLogixPath -Force }

Set-ItemProperty -Path $FSLogixPath -Name "Enabled" -Value 1
Set-ItemProperty -Path $FSLogixPath -Name "VHDLocations" -Value "\fileserverFSLogixProfiles"
Set-ItemProperty -Path $FSLogixPath -Name "SizeInMBs" -Value 30000
Set-ItemProperty -Path $FSLogixPath -Name "VolumeType" -Value "VHDX"
Set-ItemProperty -Path $FSLogixPath -Name "DeleteLocalProfileWhenVHDShouldApply" -Value 1

Write-Host "FSLogix Profile Container configured."

Conclusion

Effective profile management is foundational to a well-performing RDS deployment. User Profile Disks provide a solid built-in solution for medium-scale deployments, while FSLogix Profile Containers represent the recommended modern approach for production environments. Mandatory profiles suit kiosk and highly standardised deployments. Combining profile management with folder redirection, size limits, and exclusion policies ensures fast logon times, consistent user experiences, and controlled storage growth across the RDS farm.