VMware Horizon Instant Clones and Active Directory Computer GPO’s
Bijgewerkt op: 27 mrt.
VMware Horizon Instant Clones and Active Directory Computer GPO’s.. There is just a little caveat with Instant Clones where the GPO's don't always seem to apply..
I’ve seen a couple of times people struggling with this especially when they are used work with Citrix PVS, MCS, VMware Linked Clones, persistent VDI's or anything that has a regular boot process..
So in this blog I will explain why this happens with Instant Clones and a way to cope with this.
We seem to always need them.. Computer GPO’s within Active Directory.
It’s important to understand there are two type of GP settings:
Foreground: Applies only when the machine start OR when the user logs in
Background: Happens at regular intervals usually around every 90 minutes + a 30 minutes random interval
Some GP background settings need a reboot, or some foreground settings needs to be applied BEFORE the user logs in.
This is the kicker with Instant Clones.. there is no start/boot when a new Instant Clone is created.. they are forked of a booted machine. So you can imagine this can give a very unpredictable result.
But wait, are you telling me to create a new or break open the Golden Image when I update a computer GPO? That will result in retesting the Image cause some software could slip in there!
You could but you don’t have to. The policies are applied during the publishing process. The easiest fix is to just create a new snapshot, call it GPupdate or something and push that new snapshot. It will start the instant clone process again, where when ClonePrep is run, the publishing will start creating new templates etc and the GPO’s will be applied during the process.
This will solve the GP foreground settings..
Now the GP background setting..
To make sure these are available when the user log’s in (and not half way the session…) set the Always wait for the network at computer startup and logon gpo setting.
Computer Configuration\Administrative Templates\System\Logon.
When a background policy is due it will update as soon as the network is available.
It isn’t always clear when a setting is a foreground or background setting and when a background policy refresh is applied, so when changing computer policy’s it’s my best practice to always create a new snapshot and push it. Better safe than sorry..
Some additional about Group Policy information:
VMware also recently published an article about this: