FSlogix Profile Container Bloat

FSLogix Profile Container Bloating

Introduction

FSLogix redirects user profiles to a network location using Profile Container. Profiles are placed in VHD(X) files and mounted at logon. Applications use the profile as if it were on the local drive. Because the FSLogix solutions use a Filter Driver to redirect the profile, applications don't recognize that the profile is located on the network. This generally results in improved logon times. However without careful configuration of your environment, the FSLogix profile containers can grow to multiple gigabytes in size putting a strain and cost on network storage.

The most common offenders for profile bloat include:

Microsoft Teams
Microsoft OneDrive
Google Chrome
Microsoft Edge
Windows Search

User Profiles broadlly consist of the following folders.

ProfileRoot (C:\Users\<USERNAME>)
AppData\Roaming
AppData\Local
AppData\LocalLow

Any application can add bloat to the user profile. More commonly this occurs when an application writes data to the ProfileRoot or AppData\Local.

About User Profiles

An FSLogix Profile container is essentially a Local User Profile that is redirected to a VHD(X) virtual disk located on network storage. Traditionally in multi-user environments, Microsoft Roaming User Profiles were deployed to maintain a consistent user state and personalised settings between sessions. Profile Management evolved through the use of Citrix Profile Management (Sepago), Appsense / Ivanti, Microsoft UEV and so forth. Functionality beyond the basics of Microsoft Roaming User Profiles was required to deal with the evolution of Windows and applications to maintain a consistent user state.

However it is worth remembering the basic principles of Microsoft Roaming User Profiles when deploying any profile solution.

By default, a Microsoft roaming profile will exclude the following directories from roaming:

AppData\Local

AppData\LocalLow

$Recycle.Bin

OneDrive

Work Folders

This is defined in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ExcludeProfileDirs.

This is primarily to prevent profile bloating by excluding superfluous temporary profile data. Microsoft's own Windows Application Developer documentation states:

https://docs.microsoft.com/en-us/windows/apps/design/app-settings/store-and-retrieve-app-data#local-app-data

DATA THAT IT DOES NOT MAKE SENSE TO ROAM

There are multiple sites providing default (application specific) folder exclusions for FSLogix Profile containers, yet few if any make the global choice to exclude AppData\Local.

If you do exclude AppData\Local, without subsequent necessary inclusions, the Windows Desktop Experience will change dramatically as key Windows subfolders in AppData\Local will not be preserved between sessions. This may even result in an unusable Windows desktop and will likely result in inconsistent application settings that have to be reconfigured at every logon.

Microsoft provide little advice with regard to FSLogix exclusions beyond...'Exclusions should be the exception...'

Profile Container Content

Exclusions should be the exception, yet there are multiple sites providing default (application specific) folder exclusions for FSLogix Profile containers. This is fine if your environment only uses the applications for which folders have been predefined however if you do not exclude all potential subfolders of AppData\Local, you will experience profile bloat when undefined applications start writing to AppData\Local.

Here are some common profile bloat folders that you probably didn't plan for.

AppData\Local\IBM\WebEx (500Mb to 1GB) - Can be installed on demand
AppData\Local\GoToMeeting (200MB+) - Can be installed on demand
AppData\Local\Mozilla (1GB+)

If you have not predefined an exclusion for these application folders and you are not excluding AppData\Local, then your FSLogix Profile containers just got a little bigger. Even if you become aware of new profile bloating applications and subsequently define required exclusions, FSLogix Profile management currently has no feature to retroactively remove excluded folders for existing profiles unlike Citrix Profile Management which has a 'Logon Exclusion Check'.

Generic Redirections.xml

<?xml version="1.0" encoding="UTF-8"?>

<FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
</Excludes>
<Includes>
</Includes>
</FrxProfileFolderRedirection>

Using the above generic redirections.xml with no exclusions, the following Scenarios and Profile sizes were observed.

Scenario	VHD / VHDX Size	Profile Size
Logon / Logoff	234 MB	60 MB
Logon – Run Word / Excel / Powerpoint	300 MB	120 MB
Logon – Run Outlook	365 MB	125 MB
Logon – Run Teams	3.2 GB	600 MB

The summary point at the end of this section is that the basic principles of Microsoft Roaming User Profiles when deploying any profile solution, including FSLogix, should be followed for efficient user profile management. When deploying a new application evaluate which User Profile folders should be included and synchronised by the profile management solution, as the default policy is to exclude.

This presents Advantage and Disadvantages.

Advantages	Disadvantages
Profile Bloating is minimised by excluding AppData\Local and AppData\LocalLow VHD(X) file size is minimised Logon / Logoff times are minimised Risk of Profile corruption is reduced Shared storage costs are minimised Future maintenance (to remove bloat) is reduced	Specific inclusions are required for the modern Windows User interface Specific inclusions are required for Windows Modern applications Specific Exclusions may need to be defined for AppData\Roaming

Include Nothing

Redirections.xml

This configuration implements the standard Microsoft Roaming Profile default exclusions. It should not be deployed, however for reference and benchmarking, a single user Logon results in the following FSLogix Profile Container size.

Scenario	VHD / VHDX Size	Profile Size
Logon / Logoff	200 MB	5 MB

Changes to the Windows Environment are not preserved.

Stable Base Configuration

Redirections.xml

<?xml version="1.0" encoding="UTF-8"?>

<FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
<Exclude Copy="0">OneDrive</Exclude>
<Exclude Copy="0">Work Folders</Exclude>
<Exclude Copy="0">$Recycle.Bin</Exclude>
<Exclude Copy="0">AppData\LocalLow</Exclude>
<Exclude Copy="0">AppData\Local</Exclude>

<Exclude Copy="0">AppData\Local\Microsoft\Windows\0</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\1033</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\ActionCenterCache</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\AppCache</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Application Shortcuts</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Burn</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\CloudStore</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Explorer</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\GameExplorer</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\IECompatCache</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\IECompatUaCache</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Notifications</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Ringtones</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Safety</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\SchCache</Exclude>
</Excludes>
<Includes>

<Include Copy="3">AppData\Local\Microsoft\Windows</Include>
</Includes>
</FrxProfileFolderRedirection>

This configuration restores a consistent Windows Desktop Experience.

Scenario	VHD / VHDX Size	Profile Size
Logon / Logoff	233 MB	45 MB

As more applications are deployed into the environment, further inclusions must be defined to include subfolders of AppData\Local that would otherwise be excluded.

Ensure that user data folders are redirected outside the profile container. This may include:

Desktop
Documents
-Pictures
-Videos
-Music
Downloads
Favorites

This will reduce the Profile Container size and In the event of a profile reset, the user's personal data will be retained.

Stable Base + Microsoft Office

Redirections.xml

This configuration excludes unnecessary Office folders and includes Outlook profile information and the cached mailbox.

Additionally, configure the following Group Policy settings to redirect items to AppData\Roaming subfolders, which are not excluded.

Computer Configuration

Policies - Administrative Templates

Microsoft Office 2016 (Machine)/Licensing Settings

Specify the location to save the licensing token used by shared computer activation

Folder location: %appdata%\Microsoft\Office\16.0\Licensing

User Configuration

Policies - Administrative Templates

Microsoft Office 2016/Global Options/Customize

Allow roaming of all user customization: Enabled

Quick Access Toolbar and Ribbon Customisations are stored in AppData\Roaming

Microsoft Outlook 2016/Account Settings/E-mail

Specify Offline Address Book path

Offline Address Book path: %APPDATA%\Microsoft\Outlook

To minimise the size and growth of the cached Outlook mailbox, consider setting a limit on retained items (e.g. three months) which aligns with your archiving solution, and empty deleted items on exit.

Scenario	VHD / VHDX Size	Profile Size
Logon – Run Word / Excel / Powerpoint / Outlook	233 MB	92 MB

In the Scenario above, the user has run Outlook however cached mode is disabled.

Stable Base + Microsoft Office + Teams

The majority of profile bloat with Teams occurs in AppData\Roaming. No inclusions are required.

Redirections.xml

<?xml version="1.0" encoding="UTF-8"?>

<FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
<Exclude Copy="0">$Recycle.Bin</Exclude>
<Exclude Copy="0">AppData\LocalLow</Exclude>
<Exclude Copy="0">AppData\Local</Exclude>
<Exclude Copy="0">AppData\Roaming\Adobe\Flash Player</Exclude>
<Exclude Copy="0">OneDrive</Exclude>

<Exclude Copy="0">AppData\Local\Microsoft\Windows\0</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\1033</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\ActionCenterCache</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\AppCache</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Application Shortcuts</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Burn</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\CloudStore</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Explorer</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\GameExplorer</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\IECompatCache</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\IECompatUaCache</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Notifications</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Ringtones</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\Safety</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Windows\SchCache</Exclude>

<Exclude Copy="0">AppData\Local\SquirrelTemp</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Application Cache</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\blob_storage</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Cache</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\databases</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\GPUCache</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Indexeddb</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Local Storage</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\media-stack</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Service Worker\CacheStorage</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Service Worker\ScriptCache</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\tmp</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft Teams\Logs</Exclude>

<Exclude Copy="0">AppData\Local\Microsoft\OneNote\16.0\Backup</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\OneNote\16.0\OneNoteOfflineCache_Files</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\OneNote\16.0\cache</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Document Building Blocks</Exclude>
<Exclude Copy="0">AppData\Roaming\Microsoft\Templates\LiveContent</Exclude>
</Excludes>
<Includes>
<Include Copy="3">AppData\Local\Microsoft\Windows</Include>

<Include Copy="3">AppData\Local\Microsoft\Outlook</Include>
</Includes>
</FrxProfileFolderRedirection>

Scenario	VHD / VHDX	Profile Size
Logon – Run Word / Excel / Powerpoint / Outlook / Teams	266 MB	124 MB

In the Scenario above, the user has run Outlook however cached mode is disabled.

OneDrive

By default, the Personal OneDrive folder is created in the root of the user profile: %USERPROFILE%\OneDrive

By default, the Personal OneDrive for business folder is created in the root of the user profile: %USERPROFILE%\OneDrive – <COMPANYNAME>

As previously mentioned, it is recommended that user data folders are redirected and therefore outside the User Profile container.

This creates a dilemma, as OneDrive by default will sync the user's documents to the cloud resulting in three copies of the data.

In the user's redirected Documents Folder
In the Cloud
In the OneDrive Cache folder (in the profile container)

If redirecting Documents, to prevent profile bloat, then shouldn't the same principle be applied to the OneDrive Cache?

In all cases it is suggested that you Prevent users from syncing personal OneDrive accounts. This can be disabled using Group Policy.

User Configuration - Policies - Administrative Templates
OneDrive
Prevent users from syncing personal OneDrive accounts: Enabled

The non-business OneDrive icon in Explorer may be hidden with the following registry setting.

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}]
"System.IsPinnedToNameSpaceTree"=dword:00000000

Additionally ONLY allow synching of OneDrive for your specific organisation, using Group Policy.

Computer Configuration - Policies - Administrative Templates
OneDrive
Allow syncing OneDrive accounts for only specific organizations: Enabled
Specify tenant ID: In the Value field, enter the tenant ID you want to add to this list.

Five Options exist for your OneDrive deployment

Don't Use OneDrive
Use OneDrive in standard sync mode (will cause profile bloat)
Use OneDrive in On-Demand Mode (will cause reduced profile bloat)
Use OneDrive in On-Demand Mode (Non-Persistent)
Map a Windows Drive to OneDrive (Online Mode)

Don't Use OneDrive

Uninstall OneDrive using teh following script

set x86="%SYSTEMROOT%\System32\OneDriveSetup.exe"
set x64="%SYSTEMROOT%\SysWOW64\OneDriveSetup.exe"

echo Closing OneDrive process.
echo.
taskkill /f /im OneDrive.exe > NUL 2>&1
ping 127.0.0.1 -n 5 > NUL 2>&1

echo Uninstalling OneDrive.
echo.
if exist %x64% (
%x64% /uninstall
) else (
%x86% /uninstall
)
ping 127.0.0.1 -n 5 > NUL 2>&1

echo Removing OneDrive leftovers.
echo.
rd "%USERPROFILE%\OneDrive" /Q /S > NUL 2>&1
rd "C:\OneDriveTemp" /Q /S > NUL 2>&1
rd "%LOCALAPPDATA%\Microsoft\OneDrive" /Q /S > NUL 2>&1
rd "%PROGRAMDATA%\Microsoft OneDrive" /Q /S > NUL 2>&1

echo Removeing OneDrive from the Explorer Side Panel.
echo.
REG DELETE "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f > NUL 2>&1
REG DELETE "HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f > NUL 2>&1

rem remove One Drive from Default User

reg load HKLM\DefUser C:\Users\Default\ntuser.dat

reg DELETE HKLM\DefUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v OneDriveSetup /f

reg unload HKLM\DefUser

rem remove One Drive from Current User
reg DELETE HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v OneDriveSetup /f

You can also hide the entry points to OneDrive in Microsoft Office with the folowing Group Policy setting.

User Configuration - Policies - Administrative Templates
Microsoft Office 2016/Privacy/Trust Center
Allow the use of connected experiences in Office: Disabled

Before	After

Use OneDrive in On-Demand Mode

Save disk space with OneDrive Files On-Demand for Windows 10

With OneDrive Files On-Demand, you can:

Save space on your device by making files online only
Set files and folders to be always available locally on your device
See important information about files, such as whether they are shared
See thumbnails of over 300 different file types even if you don’t have the required application installed to open it

OneDrive Files On-Demand can be enabled using Group Policy.

Computer Configuration - Policies - Administrative Templates
OneDrive
Use OneDrive Files On-Demand: Enabled

Although not all files will be synched to %USERPROFILE%\OneDrive – <COMPANYNAME>, files that are created / editted will accumulate over time.

Use OneDrive in On-Demand Mode (Non-Persistent)

If retaining the On-Demand OneDrive Cache in the Profile Container is still causing too much profile bloat, you can redirect the OneDrive – FOR BUSINESS folder to an alternative location using Group Policy.

User Configuration - Policies - Administrative Templates
OneDrive
Specify the tenant ID and default path.
In the Value name field, enter the tenant ID. In the Value field, enter the path.
Path: 11111111-2222-3333-4444-55555555 %LocalAppData%

In this case, OneDrive for business has been redirected to the AppData\Local\OneDrive – <COMPANYNAME>.

If you are excluding Appdata\Local in redirections.xml, then the OneDrive cache will not be retained at logoff. This does mean that the cache has to be recreated at every logon which will require time and network I/O.

You may need to add the following excludes to your redirections.xml.

<Exclude Copy="0">OneDrive</Exclude>
<Exclude Copy="0">OneDrive – YOUR COMPANY</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\OneDrive</Exclude>
<Exclude Copy="0">AppData\Local\OneDrive</Exclude>

The Group Policy setting must be in place on the user’s first logon. This is because the location of the OneDrive folder is stored in the registry.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Business1]
"UserFolder"="C:\\Users\\user1\\AppData\\Local\\OneDrive - <COMPANYNAME> "

However excluding the OneDrive cache will create an issue at the user's second logon, becasue the preconfigured cache no longer exists.

The error may be resolved by configuring a Group Policy Registry Preference.

Action: Delete
Hive: HKEY_CURRENT_USER
Key path SOFTWARE\Microsoft\OneDrive

This configuration will cause OneDrive to configure itself at every logon as if it has never been configured before. This may take an unreasonable amount of time to complete a full sync at every logon.

Map a Windows Drive to OneDrive (Online Mode)

It is possible to map a drive to OneDrive using Windows Explorer for direct online access.
An Open Source Powershell script, OneDriveMapper, is available at https://www.lieben.nu/liebensraum/onedrivemapper/
Or
Third Party products are available such as IAM Cloud CloudDriveMapper.

Google Chrome

Google Chrome will increase the size of the user profile enormously as a large amount of data is located in AppData\Local\Google\Chrome\User Data.

Most of this data is superfluous and redirections can be configured to reduce the amount of data stored in the user profile while retaining settings such as bookmarks, autofill data, passwords, some browsing history, browser preferences, and installed extensions.

However there is a far simpler way to retain user settings that allows the entire AppData\Local\Google folder to be deleted at logoff.

Use Chrome Browser with Roaming User Profiles

You can let Microsoft® Windows® users in your organization create a single Chrome Browser profile and reuse it on each computer they need for work or school. To allow roaming profiles, you turn on Roaming User Profiles for these users.
When a user signs in to Windows on a computer on your network, Windows copies information from the user’s roaming user profile to their local computer. When they start Chrome, Chrome uses their roaming profile to update the local Chrome profile.

The Chrome user profile (by default) is stored in AppData\Roaming\Google\Chrome\User Data\Default\profile.pb

If you are already excluding AppData\Local from the user profile, then you need not exclude AppData\Local\Google.

Enable Chrome Browser Roaming Profiles with the following Group Policy Setting.

User Configuration - Administrative Templates
Google/Google Chrome
Enable the creation of roaming copies for Google Chrome profile data Enabled

Be aware that existing Chrome User profile settings are NOT migrated to the profile.db file, therefore it is important to configure this setting before any users have logged on and run Chrome.

If not using Chrome Browser Roaming Profiles, the following redirections may be configured to minimize user profile size

<!—Google Chrome 2020-01-Mar -->
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\BrowserMetrics</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\CertificateRevocation</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Code Cache</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Crashpad</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Crowd Deny</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\FileTypePolicies</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\GPUCache</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\MEIPreload</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\OriginTrials</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\PepperFlash</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\pnacl</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\RecoveryImproved</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Safe Browsing</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\SafetyTips</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Service Worker</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\ShaderCache</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\SSLErrorAssistant</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Subresource Filter</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\SwReporter</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig</Exclude>
<Exclude Copy="0">AppData\Local\Google\Chrome\User Data\WidevineCdm</Exclude>

Microsoft Edge

Microsoft Edge stores its configuration data in AppData\Local\Microsoft\Edge\User Data\Default.

If you do not retain this data, you will likely receive an error message at second logon.

Microsoft Edge has a similar Roaming Profile feature to Chrome.

The following Group Policy Settings are required:

Enable using roaming copies for Microsoft Edge profile data
Set the roaming profile directory
Path Variables
Disable synchronization of data using Microsoft sync services
Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account

However this feature ONLY works if the user device is not Azure AD joined and SSO is enabled. If using Teams, Office or OneDrive it is highly likely that you cannot use Roaming Profile support for Edge.

The only way to preserve User data when Roaming Profile support cannot be enabled is to enable the following Group Policy Setting to save the user's preferences in the Cloud.

Force synchronization of browser data and do not show the sync consent prompt

Forces data synchronization in Microsoft Edge. This policy also prevents the user from turning sync off.
If you don't configure this policy, users will be able to turn sync on or off. If you enable this policy, users will not be able to turn sync off.
For this policy to work as intended,
'BrowserSignin' (Browser sign-in settings) policy must not be configured, or must be set to enabled. If 'BrowserSignin' is set to
disabled, then 'ForceSync' (Force synchronization of browser data and do not show the sync consent prompt) will not take affect.
'SyncDisabled' (Disable synchronization of data using Microsoft sync services) must not be configured or must be set to False. If this is
set to True, 'ForceSync' will not take affect.
0 = Do not automatically start sync and show the sync consent (default)
1 = Force sync to be turned on for Azure AD/Azure AD-Degraded user profile and do not show the sync consent prompt

Windows Search

Windows Search can be personalised and roamed using FSLogix Profile Containers.

However as noted in the above URl, Changes to enhance native search behavior in Windows Server 2019 and Windows 10 multi-session remove the need for FSLogix search functionality. FSLogix search functionality is not compatible with Server 2019, Windows 10 multi-session, and subsequent multi-session operating systems with enhanced native search capabilities.

James Kindon explains this new feature and highlights that the enhanced native search behavior in Windows Server 2019 and Windows 10 multi-session can cause profile logoff issues and stability issues with the Windows Search service.

Per-User Windows Search data is located in AppData\Roaming\Search\Data\Applications\<USERSID>\<USERSID>.edb

As of July 2021 it appears that this data still gets left behind at logoff as the Windows Search Service does not release handles to the database.

If using the per-user Windows search feature, then FSLogix Search Roaming must be disabled.

[HKLM\Software\FSLogix\Apps]
SearchRoam=dword:00000000

However there are suggestions that the FSLogix Search Roaming Feature may be enabled if the per-user Windows search feature is disabled.

[HKLM\SOFTWARE\Microsoft\Windows Search]
EnablePerUserCatalog=dword:00000000

If using the per-user Windows search feature then the search database will sync to the FSLogix Profile Container unless AppData\Roaming\Search\Data is configured as an exclusion. Monitor the size of the EDB file for profile bloat and possible corruption.

If excluding the per-user Windows search database, it will be regenerated at each logon which may cause excess CPU consumption.

The Windows Search service may be disabled. However this may result in slower searches for files and Outlook items.

Disabling the Windows Search service will result in informational messages in Outlook and OneNote which may be suppressed.

Message	Resolution
	[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Other] "DontRemindIndexerServiceStopped"=dword:00000001
	[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\General] "PONT_STRING"="53"

Example Application - RSA SecurID Software Token 5.0.2

If AppData\Local is configed as an exclusion in the FSLogix redirections.xml then applications that rely on data stored in subfolders may not behave as expected.

When using RSA SecurID Software Token 5.0.2 for the first time, users have to create a profile which involves importing a unique seed file. This creates a small database in AppData\Local\RSA\RSA SecurID Software Token Library\RSASecurIDStorage.

If the database is not preserved between logons then users have to recreate the profile by importing the seed file at every logon.

In this case, adding the RSA profile directory as an include resolves the issue while maintaining an efficient profile container size.

All the information above was compiled using Windows 10 Multi-User build 2004 and Microsoft Office 365. Configurations may differ depending on Windows O/S Version and build numbers as well as specific application deployments and environment configurations.