I have a question about using TAG for VDI Pool on Horizon 8, my manager needs to apply Firewall rules based on VM Tags, the Firewall is Fortinet and I have created manually Tag and assigned it to VDI Machine then we were able to apply Firewall in that tagged VM, but for VDI Desktop Pool (we have instant clone Desktop Pool) is there any way to automate the tag so the Specific Tag will be assigned on the Specific Desktop Pool we have like 15 Desktop VDI Pool, I appreciate any help here, the thing here for every Desktop Pool there is a different FW Rules that will apply.
You could try using a script to use during the instant clone creation process.
I found this link where it is talked about and it seems to me that it is right for you:
This way looks good but there is an issue with it, in the script the username and the password are clear text, we can't hide it and it will be on all VDI Machines? is there any way to hide the password
You can try to create a file on the Gold Image with the encrypted password, to create it you need to use the following commands:
(get-credential).password | ConvertFrom-SecureString | set-content "C:\Attimo_Fabio\password.txt"
and in the script you can call it like this:
$password = Get-Content "C:\Attimo_Fabio\password.txt" | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PsCredential("<user>",$password)
Connect-ViServer <vcenter fqdn> -Credential $credential
and at the end of the script you can put a remove file command, like this:
try and let me know if it works
@othmanabukarma1 Please confirm if the solution provided by @fabio1975 worked for you. I'm working on applying tagging on the instant clones using the script provided in https://joeyvmware.wordpress.com/category/personal/ and the above commands to avoid plain text passwords.
For me, it's working on the parent image when I manually run the post-sync.bat file but the tags are not being applied when I publish new image to the instant clone pool.
Ok, figured it out. ClonePrep uses SYSTEM account to launch the post sync script and if you are using any other account to encrypt the password then the script won't run, so I had to encrypt the password by launching the PowerShell as SYSTEM account.
Note: you need to have PSTools available on the parent machine to run this command.
psexec.exe -i -s powershell.exe
Took a new snapshot and published the new image on an instant clone pool and could see the tags being applied successfully.