VMware Horizon Community
netjim66
Enthusiast
Enthusiast
‎10-14-2011 12:59 PM

When does Domain Group Policy apply to linked clones?

If you have a snapshot that is not on the domain, and it is assigned to the pool, then this happens:

  1. Boots up
  2. QuickPrep runs
  3. Machine boots up again and is on the domain
    • Domain Group policy may apply, but you need another reboot
  4. Machine is available
  5. User logs in.

Domain Group Policy for the Machine will never get applied because once I log off the machine will do a refresh or recompose or whatever.

So how do you ever get Machine Policy applied?

0 Kudos
5 Replies
six4rm
Enthusiast
Enthusiast
‎10-18-2011 02:18 AM

You could create a simple script to reboot the machine and place it in a known location within the template.

shutdown /r /f /t 30

Save as "C:\Scripts\Reboot.bat"

Then use the post-customisation section of the pool settings to reference the script (enter C:\Scripts\Reboot.bat) . That way, after any customisation process the script is called, the VM is rebooted and Group Policy applied.

Give me a shout if you have any questions.

0 Kudos
netjim66
Enthusiast
Enthusiast
‎10-18-2011 07:58 AM

I'll give it a try.
For now I've created a batch file (active setup) that runs when each user logs in.

It runs the gpupdate /force.

This pulls down all the GP objects where the machine sits, which is important since I may want persona GP applied for the user (obviously).

I may have machines spun up, and a user logs in, all before domain Group Policy has time to hit the machine (90 minutes plus or minus 30, which dows me no good).

0 Kudos
netjim66
Enthusiast
Enthusiast
‎10-19-2011 05:38 PM

Domain Group policy is supposed to be applies as the provisioned machine joins the domain.

The problem was the ESX server clock was 4 hours behind the Domain.

When a new machine was spun up, the VMTools was set to use the time clock of the ESX, and so the Domain was rejecting the client initially (not applying group policy).

AFTER the machine was on the domain, the client's time service was in sync with the domain.

So initially no Domain Policy was applying.

After I set the ESX clock to the right time, machines would spin up and be "available" in View with Domain Group Policy applied.

0 Kudos
six4rm
Enthusiast
Enthusiast
‎10-20-2011 07:34 AM

That'll definitely do it! I'm glad you got to the bottom of it.

0 Kudos
JLogan3o13
Contributor
Contributor
‎10-20-2011 02:14 PM

We encountered similar issues, with profile redirection and a few other policies. The resolution we went with was to set a LOCAL policy in the golden image under Computer Config>>Admin Templates>>Logon>>Always wait for the network at computer start up and logon. Enabling this policy waits for Group Policy to refresh before the user logs into the machine.

0 Kudos