Happy to see FSLogix is now also has the all Cloud option, really would like to see the Cloud GPO functionality as we use a lot of them on our AVD's. I can't even move to the Cloud completly without GPO's. Great video again!

@AzureAcademy

Жыл бұрын

Cloud GPO video will be ready next week, stay tuned!

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Love your videos. Love the low key joke about Cloud (FF) while setting things up in the cloud.

@AzureAcademy

Жыл бұрын

LOL Thanks!

Kudos for raising the security qualifications. Also worth noting that windows Cred Man is also generally considered easy to compromise by red-teamers, and becoming recommended practice to disable as part of Cyber hardening practices..

@AzureAcademy

Жыл бұрын

Good point…that’s why the product teams are still working towards an Azure AD Native solution

What amazing content! Dean you rock!

@AzureAcademy

Жыл бұрын

Thanks for watching!

Great video dean! Just so I'm clear, for traditional DC scenarios the users do not need to be synced with ADConnect anymore? Also, does this solution remove the need to run the AZFiles Hybrid module to join the storage account to a domain? What about the 'Storage File Data SMB Share Contributor' RBAC role? is that gone too with this update? I've messed with machine-based auth in the past with mixed results, largely due to the authentication method and RBAC requirements.

@AzureAcademy

Жыл бұрын

If you use this method you don’t give permissions in the storage account, The access key does it for you. You don’t join the storage account to the domain And you don’t sync users HOWEVER, I haven’t tried this in an AD managed environment. But since you already have to sync users…I would generally recommend managing FSLogix the traditional way too. But you can try it and let me know

Another great video. Thank you. I have been thinking about how to go all cloud AVD with FSLogix for a while. I would love to see a video on cloud GPOs. Also, we now have a problem I am looking for a solution for. I have a fileshare in a azure storage account that is getting massive. To trim costs, we are going through it manually to clean out profiles for terminated users. Do you have a solution you can recommend to automate this process of removing profiles that have not been used for say 120 days?

@AzureAcademy

Жыл бұрын

Thanks for watching, and glad I could help. On the clean up, I do not. There are too many variables that different customers think about to nail it down. Best thing I recommend is that you create a script with your criteria and run that when you do your profile maintenance.

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO! Thanks for your videos. Top shelf!

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week, stay tuned!

Really great videos, I noticed something you recommended in the "mistakes" video, if you exclude OSTs from the virtual disks, does this mess with Outlook indexing and searching, I am sure this used to be a problem maybe not so much now?

@AzureAcademy

3 ай бұрын

OST files are a toss up. If you have HUGE OST files, because you allow such long retention of your emails AND you need regular access to the OST files…you may be better off using the Office profiles with the OST and the outlook indexing and searching. But in general, I don’t suggest it in AVD

Cloud GPO +1 Thanks for the great content! :)

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Great video man! I just have one thing to add: CLOUD GPO! Thank you!

@AzureAcademy

Жыл бұрын

Will be this Tuesday

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

This is interesting! Some of our clients only have Azure ADDS to be able to use FSLogix. So even though the File share is loaded as the computer account, this doesn't let the user on the computer browse to it/have full access? FSLogix uses the System account rather than user context?

@AzureAcademy

Жыл бұрын

No…in general users access the file share in the user context. The method I showed in this video changes the default behavior to access in the system context

Regarding security concerns, the SYSTEM account already has potential access all the user profiles on the local system, plus the ability to do anything needed to gain access to the user's data. I'm not sure that this opens up any new risks. Getting rid of AD seems like a big security and reliability win that offsets any potential risks with this approach. I'd be interested to hear if anyone sees something I'm missing here.

@AzureAcademy

Жыл бұрын

Due to the multiple groups that could have different levels of admin roles like local server admins vs. Azure admins, vs. Azure AD admins and how permissions are granted this method MIGHT give more access then folks should have…which is why I brought it up. But good thought!

Good day, Dean! I was wondering if there was a feature or solution in AVD that would automatically alert administrators by email, SMS, etc. when an FSLogix VHD/VHDx user disk is about to be full. I'm trying to write the script while looking into Azure Automation and Azure Monitor but unable to build one. I would be grateful if you could offer the finest advice or any other services we could use to make it possible.

@AzureAcademy

Жыл бұрын

There is no way to alert from the Azure level if a .vhd in a file share is getting full. My preferred approach is to use dynamic disks and make the disk size very large, this way I don’t have to do maintenance except on a few disks who near the limit. Also the cost of FSLogix depends on the file share you have. If Azure files premium, the cost comes from the size of the file share, not the disks. What do you have?

Great Vid as always Dean! Will this work for a normal file share? like Azure stack hci /AvD deployment multi session? full Azure AD authentication

@AzureAcademy

Жыл бұрын

If by normal you mean Azure files standard…YES. In Azure stack…not sure, I don’t have a stack environment to test…but I think so. Demo I showed was in Azure AD Join.

@ahmadl-zahrani2993

Жыл бұрын

@@AzureAcademy No i meant On-prem file share 😃

@ahmadl-zahrani2993

Жыл бұрын

​@@AzureAcademy Us younglings in the HCI space, would like to be masters some day.

@AzureAcademy

Жыл бұрын

You can’t use this exact method to an on prem share because there isn’t an access key…however if you granted permissions to the computers instead of the users and users the access as computer object reg key I think it could work

@AzureAcademy

Жыл бұрын

Is that a request for HCI videos? If so…tell me what you want to learn?

Thanks a lot for providing this insight...We would like to see cloud gpo as well

@AzureAcademy

Жыл бұрын

will be uploaded next week, stay tuned!

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

@nishanthkumar4436

Жыл бұрын

@@AzureAcademy another interesting feature.

@AzureAcademy

Жыл бұрын

👍👍

Dean, my only concern if we rotate the storage key .. from time to time this method will definitely will create another opportunity to keep it up to date in the registry.

@AzureAcademy

Жыл бұрын

Yes…and rotating the keys is a good practice…so you can run the updates script on your existing session hosts or build from the updated script

Great tutorial Dean. Thanks first of all for that. I followed everything as you explained it. After a user logs in to the AVD, a profile is also created on the share, however I cannot include the share in the user profile. It keeps asking for credentials. I created the script with the credential manager on system context, and included the key for Win11. Can you maybe tell me what I am missing here? Thanks in advance.

@AzureAcademy

11 ай бұрын

The issue is user context i explain it and show in exact step by step multiple ways to execute this correctly 👉 kzread.info/dash/bejne/q36ltqyhYrfNqNI.html and go to Time 11:45 for the 100% cloud info Please let me know you are successful

@hakanerbas5088

11 ай бұрын

as i said, i followed everything exactly as you described :). did it once in the portal with "run command", and once with "psexec -s". unfortunately it still doesn't work for me...@@AzureAcademy

@AzureAcademy

11 ай бұрын

Then you are missing something 🥰 seriously…if you did the process correctly, then you should be able to log on with an admin account, then use PSExec to elevate your cmd. And check for the key…if it is not there you missed something in the process

Could this technique be used for MSIX appattach so I would no longer need to join storage to my local AD, add permissions etc etc?

@AzureAcademy

Жыл бұрын

Yes, you could do this for MSIX App Attach as well. If I remember, that’s just the session, hosts that need access to the file share

Hi, can this method be used if your AVD VMs are Azure AD joined, but your users are on-prem syncd? Or do i need to use the Kerberos method?

@AzureAcademy

10 ай бұрын

Yes you can do this with Azure AD joined VMs and Synced Users

If you incorporate the storage key credentials, using Credential Manager, on your golden image and then image your AVD session hosts from that golden image, will the storage key credentials persistent on the session hosts?

@AzureAcademy

Жыл бұрын

The only reason I wouldn’t use that approach is that it locks your golden image to a single pool and file share. I prefer to use one golden image for everything, and then customize at the time of deployment for that workload, but your approach could definitely work too

What would happen if a user was to attempt to browse the file share by it's UNC path? Would they be able to browse the file share and potentially see/download/mount other users FSLogix VHD(x) files? Or is it only administrators and system processes that can access the creds in Credential Manager? OK - just read Marcel's blog post - he confirms that normal users can't see others stuff. So that's good. Seems like a pretty good solution! also... Cloud GPO :)

@AzureAcademy

Жыл бұрын

They would be prompted for credentials…which they wouldn’t have. The only valid creds are the storage account key. Look for the cloud GPO video next week

Could you do it with managed identity and skip the need to use the storage account key and credential manager?

@AzureAcademy

Жыл бұрын

No, FSLogix doesn’t speak Azure yet so a managed ID doesn’t translate from the users

Hello thanks for the tutorial but i got a problem : When i connect with a user to the session host no profil has been created to the SMB File Share. I hope you could help me !!

@AzureAcademy

Жыл бұрын

Watch my latest video for the possible issues and fixes you need kzread.info/dash/bejne/nqp2y66jZ9Knd5c.html

Hi hope you could help, when logging into the workspace via AVD, I seem to get into a loopback issue with 2FA and no connection

@AzureAcademy

2 ай бұрын

There are so many things that might be wrong in that case I suggest opening a support ticket so they can look at the authentication packets

/* LogWriter("Disable Windows Defender Credential Guard (only needed for Windows 11 22H2)") */ - can you say why this is needed? - can the Windows Defender Best Practices for FSLogix be implemented into this script as well?

@AzureAcademy

Жыл бұрын

the extra RegKey is needed on Win 11 22H2 because of a bug in Credential Guard that deletes the entry from Credential manager. a fix is in the works. Yes you can also use Defender best practices with this...and there are also several defender AV exclusions you should include as well...read this 👉learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#antivirus-exclusions

Is there an easy method for configuring these settings via InTune vs 3rd party tool or using CustomScript Extension when the Host deploys?

@AzureAcademy

5 ай бұрын

Custom script extension is just a way to run PowerShell or a cmd script…so yes you can easily do that

Hey nice video! I tried your steps manual with an local administrator on my avd session host. Created the registry entries + credential to cred. manager. When i log in with an user over AVD the profiles won't be created. Any idea?

@AzureAcademy

10 ай бұрын

I believe the issue is that you are not running the Command with the proper elevated permissions watch this for the exact steps kzread.info/dash/bejne/q36ltqyhYrfNqNI.htmlsi=V9WHVXiojak9awDf at 11:45

@remoernst9225

9 ай бұрын

@@AzureAcademy The real problem was that the storage account key was not added in the system context. Like you said ;) Executed the script on the VM via Azure and it worked. Thank you so much!

@AzureAcademy

9 ай бұрын

Awesome!

Could you please make a video of setting up fslogix using AAD Kerberos for AD synced users...

@AzureAcademy

Жыл бұрын

Already done 👉 kzread.info/dash/bejne/pamqpqpmqbGyaJs.html

@shijinm345

Жыл бұрын

@@AzureAcademy Missed this... Thanks!!

@AzureAcademy

Жыл бұрын

Cool

Thanks for the very helpful video. I've got one issue to report: at 3:18 the video shows the HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles with Enabled key of type of REG_SZ. This is incorrect and the VM will flood events about errors reading the FSLogix configuration from the registry (observable with Event Viewer on session host VM). Replacing it with Enabled of DWORD type fixes the problem.

@AzureAcademy

5 ай бұрын

according to the docs...the REG_SZ is NOT correct...good catch, it should be a DWORD. The REAL question here is...how did that happen? I set up my environments with the GPO or Intune Policies 😲😲 I will have to go back and check...thanks again! learn.microsoft.com/en-us/fslogix/tutorial-configure-profile-containers#profile-container-configuration

@mloskot

5 ай бұрын

@@AzureAcademy I have also been wondering how that slipped through :) Even though, this video is a ground breaker!

@AzureAcademy

5 ай бұрын

Thanks!

I am getting an error in event viewer - fxlogix - Failed to get computer's group SIDs , Querying computer's fully qualified distinguished name failed. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.) - at the stage where i input the reg keys , share works and can get to it.

@AzureAcademy

3 ай бұрын

Which join type are your hosts using? Also are your users synced from Active Directory to the cloud Or are you using cloud only users? Do you have line of sight to your domain controller Are you using Entra ID Kerberos?

I tried your exact steps but my fslogix profile is not getting created. When i checked logs it said cannot access the path. So from my avd machine I tries to access the file share using smb path but got access error. I did add the creds in creds manager in the avd session host using local admin. Do you know what might have gone wrong?

@AzureAcademy

3 ай бұрын

You are probably not running the Command in the system context Watch this for the EXACT steps at about 11 minutes kzread.info/dash/bejne/dJOGlKSiZbbXhtI.htmlsi=DO6kr7O-t3OWwqio

Thanks for this video. I wish I could actually see this work in the video. I saw Marcelos blog before and followed it step by step. It never creates the profile in the share. So i always get "FindFile failed for path", "No Create Access......"the parameter is incorrect"

@AzureAcademy

Жыл бұрын

Are your session hosts on windows 11 22h2? Marcel has an extra reg key that you need to add so the creds don’t disappear

@footballsuperstar1290

Жыл бұрын

@@AzureAcademy I have same issue using Windows 10 Multi session 21h2

@AzureAcademy

Жыл бұрын

strange...I haven't had that experience...what does the FSLogix logs show?

@alvinabraham777

Жыл бұрын

its 21H2 I statyed away fro 22H2 because of sysprep issues.

@AzureAcademy

Жыл бұрын

got it

Why not use Azure AD Auth for the computer with System Managed Identity? Then no credentials needed in the mount code. And can be automated with Azure Policy / IAM / Dynamic Device Group.

@AzureAcademy

Жыл бұрын

I don’t think that will work…but if you can try it and make it work…I’ll make a video on it and give you the credit! ☺️

Hey, I did all of this and nothing is showing up on the Network tab, my enterprise is only using Azure Active Directory without any Domain controllers. Am I doing something wrong or is there extra things I need to configure?

@AzureAcademy

Жыл бұрын

You are probably not running the Command properly, Watch this 👉 kzread.info/dash/bejne/q36ltqyhYrfNqNI.html at 11:45 I talk about the cloud only method

@leexu2073

Жыл бұрын

​ @AzureAcademy I went back and set NTFS permissions and used the Powershell "run command" on the operations tab with your 100%cloud scripts and it Worked! I cannot thank you enough, I am an intern with absolutely no certifications and through your videos, I have learned so much about Virtual desktops.

@AzureAcademy

Жыл бұрын

Awesome, that’s why I do this…thanks! 👍👍

Hi. I tried the same steps as illustrated here but Fx logix profiles are not getting created in storage account

@AzureAcademy

Жыл бұрын

The issue is that you are running the script as a user not running the script as SYSTEM. To run as SYSTEM you can either run it as a custom script extension or in the VM run Command blade powershell script or run it with sysinternsls PSExec.exe

followed guide - same error in event viewer under fxlogix - Failed to get computer's group SIDs, Querying computer's fully qualified distinguished name failed. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.) - can anyone help? i have put the reg keys in, rebooted machine, windows 10 enterprise multisession - latest version

@AzureAcademy

3 ай бұрын

Which reg keys are you talking about? Which join type are your hosts using? Are the users cloud only or synced

@2:14 - can Cred Manager be locked down? is there any power tool app to password protect a windows app/feature? can the SMB share be private ($) or/and can we use private endpoint?

@AzureAcademy

Жыл бұрын

Yes you can use private endpoint with FSLogix file share, as far as I know the credential manager has 2 layers, user and computer The user layer is locked down per user and the computer is secured by SYSTEM rights, which is beyond normal Admin. Just like running the script to set all this up, needs to be run in the SYSTEM context, not a user or admin. As for a tool to lock down credential manager…none that I know of. AND since a local admin CAN elevate to SYSTEM if they know how…this is why I warned you in the video about considering IF you should use this method because your local admins COULD access the file share and the profiles

@fbifido2

Жыл бұрын

@@AzureAcademy is it possible for Cred manager use the TPM chip to store and access the keys, every time it's needed, and what is shown in cred manager is an encrypted key?

@AzureAcademy

Жыл бұрын

Not that I know of.

can you limit the access to the share via allowing only the FSLogix services? if so, how?

@AzureAcademy

Жыл бұрын

Not that I know of because of the system context, and that FSLogix works at the OS level. That’s why at the end I said the product team is still working on Azure AD improvements

What if the users are cloud sync´ed but you still want to do a VM on a dmz where there is no connectivity to the on-prem domain controller?

@AzureAcademy

9 ай бұрын

Without a domain controller the VMs must be Azure AD Joined and the users will function as cloud only users. YES this will work ☺️

@TriumphAventura

9 ай бұрын

well thank you sir! love your content@@AzureAcademy

@AzureAcademy

8 ай бұрын

Thanks! Very Appreciated 😁

What if the storage account was not AD joined but, instead of using a storage key, you cached an Azure AD user account credentials via Credential Manager for each user and then mapped a drive to the fslogix Azure File share using those cached Azure AD user account credentials?

@AzureAcademy

Жыл бұрын

Wouldn’t work. The Azure AD user has no rights in the file share so mapping the permissions to credential manager wouldn’t work. And in order to make it work you need Azure AD Kerberos…which requires synced users

@alozborne

Жыл бұрын

@@AzureAcademy I didn't mention it but I meant that you could first use the "Connect" PS script with the storage key to mount a drive to the Azure File share, then add Azure AD user/group permissions at the root as needed. Then, the rest of what I mentioned before. I'll need to read up more on the need for syncing for Azure AD kerberos auth, thanks for that detail.

@AzureAcademy

Жыл бұрын

Here is my video on Azure AD Kerberos kzread.info/dash/bejne/pamqpqpmqbGyaJs.html

@azureacademy i have tried the tutorial but stuck in two issues. One credential manager deletes the credentials after restart and second after adding credentials still machine can't able to access the file share. I have tried to add file share by using mount script it successfully adds it and i can access it. The only difference is mount script has new-psdrive command extra, do you think i am missing something. Testing environment is AVD joined to Azure Ad and win10 muti session host.

@AzureAcademy

Жыл бұрын

In Marcel’s blog he mentioned windows version 22H2 needing another reg key for LsaCfgFlags which will fix the credential manager

@shehzadamir11

Жыл бұрын

@@AzureAcademy update: troubleshooted the issue with Marcel. The script which is provided has small correction which Marcel will do. The other catch is to run the script as system context i was running the script in user context. To run the script is system context one option can be to leverage run command from the portal.

@AzureAcademy

Жыл бұрын

Oh…yeah needs to be in system context otherwise it registers the creds as YOU instead of the computer

I was looking for this solution. Thanks.😊 Question: can this method be used for cloud only and ad-sync users. What would be the best solution if we have ad sync users and only a couple cloud only users? Do I have to add first part of the script for automation or once I have the golden image and I can run that once with the registry keys and that should do the trick.. Thanks

@AzureAcademy

5 күн бұрын

You’re welcome! Answers: you would only use this for cloud users. Synced users will use Entra ID Kerberos or AD Authentication. And YES you can use both methods at once…but on different shares. You can add the script into your image but I generally discourage that so you can use your image with more solutions

@tabaniz

5 күн бұрын

@@AzureAcademy Thank you. God bless you

@AzureAcademy

5 күн бұрын

Amen!

Cloud GPO pls. Great content as always!!

@AzureAcademy

Жыл бұрын

Cloud GPO video will be ready next week, stay tuned, thanks for watching

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Awesome. Cloud GPO +1

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

CloudGPO - yes please!

@AzureAcademy

Жыл бұрын

the Cloud GPO video will be ready next week,

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Also remember to securely store your script that contains the storage account access key - you don't want that getting out .

@AzureAcademy

6 ай бұрын

Great point

Dean, thanks for the great video, I tried doing exactly as you have explained in the Video but for some reason, when I login as a regular user, it is not able to create a FSlogix profile for me so what I did was open File Explorer and try to browse to the FSLogix Storage Account and it asking me to put in the credentials. I am not sure if I am missing anything but I RDPd to the Server as a local admin, setup all the Registry Keys and also Saved the Credentials under Windows Credentials and logged off as local admin and used the Remote Destkop (AVD) app to login but it is not creating the FSLogix Profile for me, Am I missing anything?

@shajihyder3454

Жыл бұрын

I have also found Marcel's blog and added the registry keys so it doesn't forget the credentials and it is still not working

@AzureAcademy

Жыл бұрын

Marcel has a note in his blog for anyone using version 22 H2 there is another registry key for LSACFGflags you need to enter, which will stop the credential manager from wiping out your creds

@shajihyder3454

Жыл бұрын

@Azure Academy yes, tried that as well and didn't work

@AzureAcademy

Жыл бұрын

What version of windows are you using?

@shajihyder3454

Жыл бұрын

@@AzureAcademy windows 11 multisession 22h2 fen 2

The User Profile Disk did not appear in File Share. Do I need to wait for couple of hours to reflect?

@AzureAcademy

11 ай бұрын

No, if it worked the profile would show up right away. Check the cmdkey for the storage account credentials…remember they should be in the system account. I show multiple ways to do this process in this video 👉 kzread.info/dash/bejne/q36ltqyhYrfNqNI.htmlsi=AFQ10p6Su_APu--f

@fll-cloud

11 ай бұрын

@@AzureAcademy I was able to sync the Azure Files but after that I was not able to access to session host. DomainTrustCheck and DomainJoinedCheck Failed in Health Status.

@AzureAcademy

10 ай бұрын

Usually that is because the passwords are out of sync update the password in powershell and try again

Great video John ! Cloud GPOs could be nice to have ;) One day FSLogix could be stored Blob storage ;)

@AzureAcademy

Жыл бұрын

Thanks for watching ☺️. Yes you can use blob storage as well, but it doesn’t scale in performance like SMB file shares.

@jlou65535

Жыл бұрын

​@@AzureAcademy Was not aware of that ;)

@AzureAcademy

Жыл бұрын

👍👍

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Thanks!!! Cloud GPO +1

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week, stay tuned!

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

I got this to work - once. I am having to run the script multiple times per day. Why is it not persisting? I have a brand new host pool, session host, workspace, applications group, etc. and new fslogix/storage. We are all in the cloud: no AD DS, no Kerberos, no syncing; ONLY Entra ID authentication. But of course I can't deploy it like this. I don't care about being able to see a mounted drive (although when I DO see it as admin, it indicates "disconnected" even though it worked). What am I doing wrong?

@AzureAcademy

5 ай бұрын

I believe the answer is in how you are running the script. You are not in the system context. I show multiple ways to do this here: kzread.info/dash/bejne/q36ltqyhYrfNqNI.htmlsi=npJK-SOQsWHoJAvy at 11:45

@maryvacherweill8505

5 ай бұрын

@@AzureAcademy I ensured I ran the script yesterday using psexe.exe. All worked well in the afternoon through multiple logins of both admin and standard users. Today, after powering up the session host again, I get "The User Profile Service service failed the sign-in. User profile cannot be loaded." I can't seem to find the reason.

@AzureAcademy

5 ай бұрын

Is there anything in the windows event viewer? Also is there anything in the Azure Files activity logs for the login failure?

@maryvacherweill8505

5 ай бұрын

@@AzureAcademy nothing in Azure Files activity logs. Event Viewer indicates Error 1508 "Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights." and "The configuration registry database is corrupt." (for every user tried), but when the script is run all works.

@AzureAcademy

5 ай бұрын

after you reboot, when people can’t log in, RDP in with an admin account. Then check the credential manager like I showed…is the correct entry for the file share present?

CLOUD GPO HEART YOU

@AzureAcademy

Жыл бұрын

Here ya go 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html

I am just getting: "FindFile failed for path", "No Create Access......"the parameter is incorrect" . This is for Windows 10 Multi session 21h2. Anyways around this?

@AzureAcademy

Жыл бұрын

I haven’t run into that error…check to be sure the credential manager still has the data in it Also have you looked at the FSLogix logs or is that where you saw this error message?

@footballsuperstar1290

Жыл бұрын

@@AzureAcademy Thanks, I have checked and yes , still there. I can browse to the share without username and password prompt.. Error message from fslogix is: [ERROR:00000057] FindFile failed for path: \\acwwfslogix.file.core.windows.net\fslogixuserprofiles\AVDTES2_S-1-12-1-772530151-1232695167-1584538045-2811400153\Profile*.VHDX (The parameter is incorrect.) [10:32:56.832][tid:00000c60.000012dc][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\VHDNamePattern. Using default: Profile_%username% [10:32:56.847][tid:00000c60.000012dc][ERROR:00000057] No Create access: \\acwwfslogix.file.core.windows.net\fslogixuserprofiles\AVDTES2_S-1-12-1-772530151-1232695167-1584538045-2811400153-test (The parameter is incorrect.) [10:32:56.847][tid:00000c60.000012dc][INFO] Status set to 6: Cannot retrieve virtual disk location

@fadijeji

Жыл бұрын

@@AzureAcademyI got the same errors and these errors came from the Fslogix profile log. I have the same error and the credential manager clears the credentials after logoff estart. I used Windows 10 versions 22H2 and 22H1 and also I tried the LsaCfgFlags registry but it did not work. I have also tried to change the storage account network setting and that solved the issue of failing to find the path. but I still get "the parameter is incorrect" or "Username and password incorrect", knowing I can map the Fslogix drive using the key without issue on the session

@AzureAcademy

Жыл бұрын

Did the creds in credential manager disappear?

@AzureAcademy

Жыл бұрын

I haven’t scene or heard of that issue happening outside of windows 11 22h2, and the LSACfgFlags regkey fixes it…not sure what’s up with that. I’d suggest contacting support

I did everything as per the instructions, but it is not working for me.

@AzureAcademy

8 ай бұрын

Make sure you are running the Command in the computer system context Watch this for how at 11:45 kzread.info/dash/bejne/q36ltqyhYrfNqNI.htmlsi=JlAsxoFpGliuG022

@uzairahmed09

8 ай бұрын

@@AzureAcademy Thanks a lot, It worked like a charm.

@AzureAcademy

6 ай бұрын

Awesome

Does this work for Pooled session hosts?

@AzureAcademy

Жыл бұрын

Yes it does, that’s what I showed in the video

@footballsuperstar1290

Жыл бұрын

@@AzureAcademy Thanks for the advice

@AzureAcademy

Жыл бұрын

anytime!

I don't think this method works. I read the guide from the source blog. Of course I can get this to work from an interactive user, but from SYSTEM it does not work. You can't at the Azure Files IAM level assign an AAD computer object (machine account) the "Storage File Data SMB Share Contributor" role. To do something like that, you'd need to set "default share-level permissions" which requires an AD source, which is the entire point of trying to cloud-native.

@AzureAcademy

5 ай бұрын

Many have told me about this issue…turns out that they were NOT executing the script in the system context. Watch this starting at 11:45 for the right ways kzread.info/dash/bejne/q36ltqyhYrfNqNI.htmlsi=v1JMaUOQvk1vxrPu

CloudGPO

@AzureAcademy

Жыл бұрын

You got it

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO or Intune?

@AzureAcademy

Жыл бұрын

Find out tomorrow at 9 am EST

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO :)

@AzureAcademy

Жыл бұрын

Thanks, should be done by next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

CloudGPO :)

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud gpo 😁

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week, stay tuned!

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO +1

@AzureAcademy

Жыл бұрын

Stay tuned, Thanks for watching, the Cloud GPO video will be ready next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO please!

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

@BuggageandGlitchage

Жыл бұрын

@@AzureAcademy what a Legend! I’ll check it out right away.

@AzureAcademy

Жыл бұрын

What did you think?

@BuggageandGlitchage

Жыл бұрын

@@AzureAcademy I showed it my InTune colleague and it blew her away. It’s on our roadmap to start migrating policies over. At the moment we’re focusing on moving away from the MMA and and over to the AMA agent. Might be a good idea for a video as it’s a little tricky with the data collection rules.

Cloud/GPO

@AzureAcademy

Жыл бұрын

Next week…stay tuned

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO

@AzureAcademy

Жыл бұрын

Next week, stay tuned

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

CLOUD GPO

@AzureAcademy

3 ай бұрын

Here ya go kzread.info/dash/bejne/h31sxs6EmNm1nJM.htmlsi=gCihKO4BbL80d6yO

Cloud gpo

@AzureAcademy

5 күн бұрын

Here ya go! kzread.info/dash/bejne/o5yOrdqDlpCvnbg.htmlsi=1Ofuh5FeKyKVu48s

CloudGPO

@AzureAcademy

Жыл бұрын

Working on it, thanks

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO

@AzureAcademy

11 ай бұрын

Thanks!

CLOUD GPO

@AzureAcademy

Жыл бұрын

Next week, stay tuned

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

CloudGPO

@AzureAcademy

Жыл бұрын

Thanks for watching, Will be ready by next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO

@AzureAcademy

5 ай бұрын

Thanks!

Cloud GPO

@AzureAcademy

Жыл бұрын

the Cloud GPO video will be ready next week,

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️

Cloud GPO

@AzureAcademy

Жыл бұрын

Thanks for watching, the Cloud GPO video will be ready next week

@AzureAcademy

Жыл бұрын

Here is the video I promised on Cloud GPOs 👉 kzread.info/dash/bejne/o5yOrdqDlpCvnbg.html Let me know what you think ☺️