VMware Horizon Community
cradkins
Contributor
Contributor
‎09-07-2018 07:50 AM

Instant Pool not getting Group Policy

Good Morning,

We are currently configuring a Desktop Pool of instant clones with app volumes attached.  After creating the pool with a snapshot of our master VM, we are seeing the app volumes being applied  and some group policies come through, but not all.  For Example, we have network drives that are controlled by GPO and have been mapped successfully, but there is no acceptable use policy before logging in.  We don't have our administrator AD group added to the local admins, nor does UEM apply.  However, after you sign in if you run a gpudate /force these issues are resolved because it grabs the Group Policy.  The only problem with that is that once you reboot, since it's an instant clone it's going to delete that VM and re-create it. 

Would anyone happen to have any ideas why when creating an instant clone desktop pool, the group policies are not being applied when VM's are created on demand?

Reply
4 Replies
bjarters_
Contributor
Contributor
‎09-24-2018 02:05 AM

We have also seen the same problem. Sometimes UEM GPO gets applied and other times it just refuses. There is an article at vmware that recommend you to move the instant clone template computer to the OU where UEM gpo is applied. This seems to have have helped with the UEM specific gpo in our case.

Reply
0 Kudos
sjesse
Leadership
Leadership
‎09-24-2018 03:33 AM

Run gpresult /r and look at the ones the output

gpresult | Microsoft Docs

usually it will say why its not applied, security filtering or something similar. Make sure the GPO permissions allow both the users and computers access to the gpu, ahwile back I had to make sure Domain Computers was added to mine because of a windows update.

Reply
0 Kudos
jmatz135
Hot Shot
Hot Shot
‎09-24-2018 08:34 AM

To make this much more reliable we actually put a bat file on the master image that just runs gpupdate /force and then we run that as part of the provisioning.  This seems to make group policy update much more consistently on our instant clones. 

Reply
bvi1006
Enthusiast
Enthusiast
‎09-26-2018 05:35 AM

That is also what we did, run a batch file to run gpupdate /force

Reply
0 Kudos