Configuring FSLogix without GPO – Runbook (part 2)

Following on from the previous post, in this one I am going to cover deploying FSLogix configuration using an Azure Automation Runbook

For AVD I think of Azure Automation as Task Scheduler, only better, it is useful for a variety of tasks, for this post I will just cover the FSLogix config.

First up you’ll need an automation account, if you don’t have one already, here is the official MS guide:

https://docs.microsoft.com/en-us/azure/automation/automation-quickstart-create-account

Once you have your account, you need to create a runbook:

For this version we will need to manually enter the Resource Group name and the FSLogix profile path. In a future version I will attempt to automate these.

For now, grab the powershell code from here:
https://raw.githubusercontent.com/andrew-s-taylor/public/main/Powershell%20Scripts/AVD/configure-fslogix.ps1

Paste that into the Runbook, click Save and then click Publish

Now click the start button and enter the details:

Then simply click OK and it will enter your path into the registry script, drop it onto each AVD host in the resource group and run the script

That’s it, if you have more than one resource group with machines in, just run it twice.

The change any of the registry settings, simply amend the script section:

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\FSLogix\Profiles") -ne $true) {  New-Item "HKLM:\SOFTWARE\FSLogix\Profiles" -force -ea SilentlyContinue };
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "Enabled" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "VHDLocations" -Value $FSLogixCD -PropertyType String -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "ConcurrentUserSessions" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "IsDynamic" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "KeepLocalDir" -Value 0 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "VolumeType" -Value "vhdx" -PropertyType String -Force -ea SilentlyContinue;
    
    if((Test-Path -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC") -ne $true) {  New-Item "HKLM:\SOFTWARE\FSLogix\ODFC" -force -ea SilentlyContinue };
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "Enabled" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "VHDLocations" -Value $FSLogixCD -PropertyType String -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "IncludeOneDrive" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "IncludeOneNote" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "IncludeOneNote_UWP" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "IncludeOutlook" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "IncludeOutlookPersonalization" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "IncludeSharepoint" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
    New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\FSLogix\ODFC" -Name "IncludeTeams" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;'

All of the available options are here:

https://docs.microsoft.com/en-us/fslogix/profile-container-configuration-reference

3 thoughts on “Configuring FSLogix without GPO – Runbook (part 2)”

  1. Thank you so much! However, it’s concerning that the same configuration profile with ADMX import for FSLogix is working correctly on a Windows 365 Cloud PC but not on a multi-session.

    Reply
  2. Hi Andrew,

    I’m currently dealing with the management of AVD Multi-Session Hosts Win11 22H2 Azure AD Joined only per Intune, and of course, the question arises of how to configure FSLogix. Last week, Dean Cefola released a video on using ADMX Import, and I’ve followed his exact steps, but I keep getting the “Not Applicable” error. I’ve already reached out to Dean, and he thinks it should work. I just wanted to quickly ask if the ADMX Import method has been working for you lately? For additional registry keys, I’ve been using Win32 Apps and PowerShell scripts, but I’m not completely satisfied with it. Have you had better experiences with the Automation Account Approach? One last question – have you dealt with editing members of the “FSLogix Profile Exclude List” group via Intune? If so, how did you do it? Thanks in advance, and have a great day!

    Reply
    • Hi Florian,
      If you look here, it lists the keys which are blocked:
      https://learn.microsoft.com/en-us/windows/client-management/win32-and-centennial-app-policy-configuration#overview
      Unless it hasn’t been updated yet, the FSLogix keys will still be blocked which is why you are getting the “Not Applicable” error.
      I tend to set the registry keys during the initial ‘image’ build in the packer pipeline, but you could also use proactive remediations if you need to set different settings for different people.
      Your best bet for the exclude list would probably be a PowerShell script to change the local group membership. It might be worth popping in a feature request to add it to the groups that can be managed directly in Local Group Membership though

      Reply

Leave a Comment