Instant Clones and GPO Enforcement

One challenge a few of my customers have had lately is being able to leverage Instant Clones while keeping current GPOs enforced. The issue might happen when using Instant Clones. Horizon will create the final copy of the original VM, called a parent, which will be used to fork the running VMs. When a new Instant Clone is provisioned from a logoff operation, no reboot is done at the parent level; thus any new GPOs are not applied. To enforce new GPOs the following steps will resolve this problem:

1. Power-on the Gold Image
2. Create a DOS Batch file and place it in an accesable area, example C:\TEMP\enforce.bat

Example batch file:

@ECHO ON
echo N | gpupdate /force
EXIT

3. After creating the batch file, shut-down the Gold Image
4. Create a new snapshot
5. In the Horizon View Administrator console, when creating a pool or modifying a pool, you will need to specify the batch file that is located in the Gold Image.

That’s it! From this point going forward when an Instant Clone is created in this pool the script is executed during the provisioning process and will enforce GPOs.