How to Set Up Windows Server 2016 Remote Desktop Profile Management

Profile management in a Remote Desktop Services environment is critical for delivering a consistent user experience across sessions, especially in multi-server farms where a user may connect to a different RDSH server each time. Without proper profile management, each server maintains an independent local copy of the user profile, meaning changes made in one session are not available in the next if the user lands on a different server. Windows Server 2016 provides three primary technologies for RDS profile management: mandatory profiles, roaming profiles, and User Profile Disks (UPDs). This tutorial covers all three, with a focus on the recommended UPD approach for most environments.

Understanding RDS Profile Challenges

In a single-server RDS environment, profile management is straightforward because there is only one local profile. In a multi-server farm managed by an RD Connection Broker, users can land on any RDSH server, so the profile must follow the user. Local profiles accumulate on every server the user touches, consuming storage. Roaming profiles synchronise the profile to a network share and load it at logon, but large profiles cause slow logons and logoff synchronisation conflicts can corrupt the profile. User Profile Disks address these shortcomings by mounting a per-user VHDX file from a network share, providing a single authoritative copy of the profile without the synchronisation overhead of roaming profiles.

Option 1: Mandatory Profiles

A mandatory profile is a read-only roaming profile. User changes are not saved at logoff; each session begins from the same baseline profile. This is ideal for kiosk environments, call centres, or any scenario where a consistent, controlled desktop state is required at every logon.

To create a mandatory profile, first configure a user with a roaming profile, then rename the ntuser.dat file in the profile folder to ntuser.man. The .man extension makes the profile mandatory:

Rename-Item -Path "\fileserverprofilestemplateuserntuser.dat" -NewName "ntuser.man"

Set the profile path for user accounts in Active Directory Users and Computers or via PowerShell:

Set-ADUser -Identity "jdoe" -ProfilePath "\fileserverprofilesmandatory"

Option 2: Roaming Profiles

Roaming profiles synchronise the user’s profile folder to and from a network file share at logon and logoff. While straightforward to configure, they have notable downsides in RDS environments: large profiles significantly slow logon times, simultaneous sessions on multiple servers can cause synchronisation conflicts, and the profile folder can grow without bound unless folder redirection is used alongside it.

Create a file share for roaming profiles with appropriate NTFS and share permissions:

New-Item -Path "D:RoamingProfiles" -ItemType Directory
New-SmbShare -Name "Profiles$" -Path "D:RoamingProfiles" -FullAccess "Everyone" -FolderEnumerationMode AccessBased

Configure NTFS permissions so each user only has access to their own profile folder. Apply the following permissions to D:RoamingProfiles: Administrators Full Control, System Full Control, Creator Owner Full Control (Apply to Subfolders and Files Only), Users Read and Execute, List Folder Contents, and Read (Apply to This Folder Only).

Set the roaming profile path for users via Group Policy or Active Directory. In Group Policy, navigate to Computer Configuration > Administrative Templates > System > User Profiles and enable Set roaming profile path for all users logging onto this computer:

Set-ADUser -Identity "jdoe" -ProfilePath "\fileserverProfiles$%username%"

Always use Folder Redirection alongside roaming profiles to redirect large folders (Documents, Desktop, Downloads, AppData) to a network share, keeping the roaming profile small and logon times fast.

Option 3: User Profile Disks (Recommended)

User Profile Disks are the recommended profile management solution for RDS Session Host collections in Windows Server 2016. Each user gets a dedicated VHDX file stored on a central SMB share. At logon, Hyper-V mounts the VHDX and the user’s profile directory appears on the RDSH server. At logoff, the VHDX is unmounted but remains on the share for the next logon, regardless of which RDSH server the user connects to next.

Step 1: Create a File Share for UPDs

Create a share with sufficient storage for all expected user VHDXs. Each VHDX starts small and expands dynamically up to the configured maximum size:

New-Item -Path "D:UserProfileDisks" -ItemType Directory
New-SmbShare -Name "UPDs" -Path "D:UserProfileDisks" -FullAccess "DOMAINRDS Computers","DOMAINAdministrators"

Grant the RDSH computer accounts Full Control on the share, as the RDSH servers are the ones that mount the VHDX files, not the users directly.

Step 2: Enable User Profile Disks on a Collection

In Server Manager, navigate to Remote Desktop Services > Collections, right-click your session collection, and select Edit Properties. Go to the User Profile Disks tab. Check Enable user profile disks. Enter the UNC path to the share (e.g., \fileserverUPDs). Set the maximum size for each user’s disk in GB. Click OK to apply.

Via PowerShell:

Set-RDSessionCollectionConfiguration -CollectionName "DesktopCollection" -EnableUserProfileDisk $true -MaxUserProfileDiskSizeGB 15 -DiskPath "\fileserverUPDs" -ConnectionBroker "rdbroker.domain.local"

Step 3: Exclude Folders from the User Profile Disk

To keep UPD sizes manageable, exclude large or unnecessary folders from being stored in the disk. Common exclusions include browser caches, temp files, and downloaded installers. Configure exclusions in the Collection properties or via GPO:

Set-RDSessionCollectionConfiguration -CollectionName "DesktopCollection" -ExcludeFilePath "AppDataLocalTemp","AppDataLocalLow" -ConnectionBroker "rdbroker.domain.local"

Step 4: Monitor and Manage UPD Files

List the VHDX files in the UPD share to monitor growth:

Get-ChildItem -Path "\fileserverUPDs" -Filter "*.vhdx" | Select-Object Name, @{N='SizeGB';E={[math]::Round($_.Length/1GB,2)}}, LastWriteTime | Sort-Object SizeGB -Descending

If a UPD file becomes corrupted and a user cannot log on, mount the VHDX locally to recover data:

Mount-VHD -Path "\fileserverUPDsUVHD-S-1-5-21-xxxx.vhdx" -ReadOnly
# Access mounted volume at drive letter shown by Get-Disk
Dismount-VHD -Path "\fileserverUPDsUVHD-S-1-5-21-xxxx.vhdx"

Step 5: Folder Redirection with UPDs

Even with UPDs, it is best practice to redirect the largest user folders (Documents, Desktop, Pictures) to a separate file server using Group Policy Folder Redirection. This separates user data from profile settings, allows independent backup of documents, and reduces the VHDX file sizes. Configure Folder Redirection via a GPO linked to the OU containing user accounts:

User Configuration > Policies > Windows Settings > Folder Redirection. Right-click Documents > Properties. Set Setting to Basic – Redirect everyone’s folder to the same location. Set Root Path to \fileserverUserFolders%username%. Apply policy to all users in the collection.

Best Practices Summary

Use User Profile Disks as the primary profile technology for RDS Session Host collections; they offer the best balance of consistency, performance, and management simplicity. Pair UPDs with Folder Redirection for Documents and Desktop to keep disk sizes small and ensure important data is backed up independently. Set a realistic maximum UPD size and monitor growth regularly. Back up the UPD file share using Windows Server Backup or a third-party backup solution; losing the UPD share means losing all user profile data. Test profile load times after configuration changes and during peak concurrent logon periods (morning rush) to identify and address bottlenecks early.

Proper profile management on Windows Server 2016 RDS ensures that users experience a seamless, fast, and consistent environment every time they log on, regardless of which server they connect to in the farm, making it a foundational element of any successful RDS deployment.