When a user’s profile is deleted on Windows Server 2016, either with User Profile Disk or with standard profile, there is no call to remove the “AppContainer” which is created when a user logs in.

In turn after multiple profile removal and creation cycles as in the case of UPDs this generates registry bloat for the firewall rules in the registry.

The registry bloat can be found in the following registry key:

“HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices

\Configurable\System”

Over time, this registry bloat can cause the following symptoms:

• Server hang
• Slow performance
• Slow Logons
• Black screen when logging in
• Inability to launch Start Menu or Cortana

This behavior is not limited to RDS however RDS scenarios using UPD may have greater impact given profiles are removed by default on user disconnect for UPD.

First manually backup (https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/reg-export) and then delete registry firewall rules from;

 HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices
\Configurable\System (https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/reg-delete)

You may find that if the registry is too bloated it’ll crash when trying to backup or delete from Regedit.

If so then Command Prompt is your only option. Running the below has no negative effect

The command is as below:

——————————————

“reg delete HKLM\System\CurrentControlSet\Services\SharedAccess

\Parameters\FirewallPolicy\RestrictedServices\Configurable\System /va /f”

To keep this from happening in the future you can create a scheduled task that runs a .bat file each day on each RDS server that’s effected

The first time that you run this you will need to sign out then back in again as the start menu won’t work until you sign out.