VMware Horizon Cloud with Hosted Infrastructure supports two types of cloning mechanisms for non-persistent desktop types; Traditional Clones and Instant Clones.
When choosing the Traditional Clone type, all the VM’s in the desktop pool are fully cloned from the Master Image. When a user logs off, the VM be reset to default. This means the VM will be deleted and recreated with a full clone from the Master Image.
VMware Instant Clone Technology gives admins the ability to rapidly clone and deploy virtual desktops, as much as 10x faster than using Traditional Clones. Instant Clone Technology uses rapid in-memory cloning of running virtual machines and copy-on-write to quickly deploy clones of the parent Master Image.
When using the Instant Clone type, The VM’s are “forked” from a quiesced Master Image VM which still is in a running state, and never go through a power-on operation.
Because of the nature of Instant Clones, the cloned VM’s are not powered on, like Traditional Clones.
The result is the user and machine GPO processing has not taken place yet when the VM is ready for use. Of course, this can be a real problem when the end-user logs on to the virtual desktop.
During the creation of the Instant Clone Master Image, an “it” AD object (it%randomnumber%) is created in the “Default OU” of Active Directory.
The Default OU is found in the HorizonAdmin portal under Settings -> Active Directory field. When you do not configure anything, the AD object will be created in the default Computers OU.
When having multiple Instant Clone images, there are also multiple AD objects. To see which AD object belongs to the corresponding image, you can right-click the AD object and select the Attribute Editor tab. You can look at the Attribute “whenCreated” to see the date the object is created.
To automatically have the GPO’s applied on the cloned VM’s, VMware recommends placing the “it” AD object(s) in the same OU as the cloned VM’s. In other words, the same OU where the GPO’s are applied on. This should be sufficient for most environments.
If this is still not working, there is an easy workaround which you can also use.
When editing the desktop pool, click Advanced Properties, you have the field “Run Once Script”
It’s here you can fill in the command line: C:\Windows\System32\gpupdate /force
This command line will force the user and machine GPO settings immediately after the VM clone process is completed.
It’s of course also possible to create a script locally on the Master Image which runs the same command line. When using this method, you will have the option to fill in a timeout, should this be needed.