There are a lot of settings and you might be overwhelmed. Under Administrative Templates you should now see FSLogix. Group Policies via ADMX files: The FSlogix installĬopy these files on your domain controller to the Group Policy folder (the ADMX file goes into C:\Windows\PolicyDefinitions and the ADML goes into C:\Windows\PolicyDefinitions\En-US) or your shared Group Policy folder on Sysvol if you have enabled a central store for group policy definitions: Next, fire up a Group Policy editor and create and link a new policy to the OU destined for the VDI computers (the one specified in the deployment of the pool).(avoids copying files into the group policy editor). You will only need to install the FSLogixAppSetup.exe.įor the configuration, there are multiple ways, you canĮither install the Group Policy extensions, or configure a group policy preference On the WVD Template install the FSLogix plug-in. Next is to test the SMB share access:Īnd finally, if you login with a user to the machine that is a member of the group that has been granted access to the share, you should be able to open the share directly: FSLogix Deployment I added a DNS entry for the storage account so, it will be available through the private IP address on that same subnet only. I’ve deployed a VM on the virtual network that will be my WVD pool network. Testing the Azure File Storage AD integration We should now have an Azure Files share with AD integration So, I’ve added the WVDDesktopUsers (and other WVDappusers) groups to the fileshare IAM blade as Storage File Data SMB Share Contributors Sense to use the same groups in Azure AD to assign permissions to the Given I’veĪlready written a script to replicate users in a group to WVD, it would make Under their account, but users and groups should not be a problem. Note that computers wont be able to utilize the file share When the integration is done, we now need to set permissions (as it’s specified as OU name and not distinguishedName). The downside here is that the OU needs to be a top-level OU In my configuration I specified a Computer object and the WVD OU: In order to execute this, make sure the logged-on user (that is executing the script) has “create privileges” in the specified OU for either service accounts or computer accounts. You need to download a PowerShell script and execute the link between Azure Files and Active Directory. Points to the private IP (by ping / nslookup) we can continue with the configuration. Once confirmed that the full storage accountname (.net) Secondly, make sure that VM can connect to the storage account by adjusting the hostsfile or by adding a DNS entry in the DNS server (storagename = privateIP of storage account). Next, make sure to have a domain joined VM on the subnet with the private endpoint. VM) can access the fileshare and configuration of the fileshare. That the fileshare is not publicly available and only our WVD VM’s (and our setup I’ve created a new storage account with the followingĪs you can see, I created a private endpoint. This as it is obviously required for Windows Virtual Desktop to operate. I already have Active Directory Domain Services up and running. Services and Azure Files as the backend as this seems to be the most costĮffective. In this post, we will look at Active Directory Domain With AD Domain Services or Azure AD Domain Services integration. This fileshareĬan be on a standard fileserver, a NetApp appliance in Azure or Azure files The backend configuration requires a fileshare where “users”Ĭan store their container. Through the ADMX files available in the installer). In the image) or through group policy (through group policy preferences or To configure the agent you can opt to add a registry key (directly The installation of FSLogix is super simple. Or thousands of files, the system copies / mounts a single file which is a lot faster. With FSLogix, the entire profile isĮncapsulated in a “container” which is copied in full. Causing a high overhead in IOPS and network utilization, and With “regular” roaming profiles, all the files are copied individuallyįrom a fileshare. Microsoft purchased a technology called FSLogix, this allows us to optimize the In regular Domain joined VM’s we configure “Roaming Profiles”įor users and ensure that this profile is stored on a fileshare somewhere. We want to ensure that the users’ profile is the same on all of those. VM’s they can be redirected to any of the available VM’s in a pool, and ideally Windows 10 VM’s that allow multiple users to login. When we deployed our WVD VM’s, these VM’s are basically
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |