VMware Horizon Community
mat2k7
Enthusiast
Enthusiast

Delay/block login on purpose/ instant clone / fslogix

Hi,

we are planning to move from roaming-profiles to fslogix as our main profile managment solution for vdi.

During testing i have found that if a user logs on, right after customization finishes during an image push, and the desktop becomes available, some GPOs including the fslogix ones are not being applied and profile containers will not attach, which unfortunately is expected in this case. But if the user waits about 30 seconds before he eventually logs on, all GPOs are being applied successfully. I know that there is a known issue with GPOs not being applied if the golden image is prior joined to the domain, but this is only the case if the instant clone is not being recreated and from my understanding should not affect instant clones during image push operation.

My Question is, is there a way to block logon after new image push for a certain amount of time? My Problem is that once a new snapshot has been approved it gets deployed during production without forcing the user to logoff. Currently some users can log on just after the new desktop is available without their profile attached.

One possible solution is a post-synchronisation script which forces a gpupdate, but i have not tested this so far. Does anyone have another idea how to fix this issue? I may have missed something in the process.

 

Thanks

Mat

Reply
0 Kudos
2 Replies
JasperKimmel
Contributor
Contributor

Spoiler
To be frank I must say that all options you mention are workarounds and eventually will hit you again. The post-synchronisation script seems to me as the quickest win. 

Although I'm not sure if this is caused by the golden image though. Are you sure that this is not a GPO issue?

If it is a golden image issue, I would suggest to rebuild your golden image from scratch and take good note of the Optimization Tool settings which are being deployed.
Reply
0 Kudos
mat2k7
Enthusiast
Enthusiast

I agree and it might be a GPO issue but it is really weird. I came accros the known GPO issues were non of the Computer GPOs are applied with domain joined golden image but this is the first time i am seeing GPOs applied after the desktop becomes available.

For me this looks like a timing issue either from AD side or GoldenImage/Horizon. Logon time is below 20 seconds and i am seeing some user GPOs being applied after desktop is shown but this should not be the case for Computer GPOs. I may have to get in touch with the AD Team.

 

Reply
0 Kudos