Configure Profile Container and Office Container for per-user or per-group

By default settings for Profile Container and Office Container are applied per-machine. Per-machine configuration can be overridden by specifying settings that apply to specific users or specific groups.

User specific settings are given first priority, followed by group specific settings and finally the per-machine settings.

To create a user or group setting:

  • Create a key named ObjectSpecific in the registry under one of the following keys:
    • HKLM\Software\FSLogix\Profiles (for Profile Container)
    • HKLM\Software\Policies\FSLogix\ODFC (for Office Container)
  • Under this key, create a key named with the SID of the object. This object is the user or group to which the new value will be assigned.
  • Under the SID key, create the value that represents the Profile Container setting or Office Container setting. For example, (DWORD) IsDynamic = 1

You can verify that the setting is taking effect by examining the log file. There will be an entry in the log file where the value is being read. The log file entry will show where the setting is being read from.

Example (using the VolumeType setting):

In the log files saved at \programdata\fslogix\logs\profiles... the following will be seen for the VolumeType setting, based on configuration.

Registry configuration Resultant message in log file
Setting not in registry Configuration setting not found: SOFTWARE\FSLogix\Profiles\VolumeType. Using default: VHD
Setting specified Configuration Read (REG_SZ): SOFTWARE\FSLogix\Profiles\VolumeType. Data: VHDX
Setting specific to user or group Configuration Read (REG_SZ): SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-1-5-21-306146113-3061682913-806882557-2166\VolumeType. Data: VHD

To determine the SID of an object, you can use the wmic.exe command. For example:

  • To retrieve the SID of a user whose name is john, run wmic useraccount where name="john" get sid.
  • To retrieve the SID of a group whose name is Domain Admins, run wmic group where name="Domain Admins" get sid.
  • To retrieve the name of a user whose SID is S-1-5-21-2417102143-4260430507-1482311895-1919, run wmic useraccount where sid="S-1-5-21-2417102143-4260430507-1482311895-1919" get name.
  • To get the name of a group from a SID follow the pattern of the user example but apply to the item on how to get the SID of a group.