Deploying ThreatLocker in a VDI environment

2 min. readlast update: 09.12.2025

ThreatLocker identifies computers based on two registry keys: the ComputerId and ComputerAuthKey, which are created when the endpoints check into the portal.

For those who utilize VDIs within their organizations, below are two VDI Configuration scenarios and procedures to follow based on your needs. If you fall under a different scenario, contact a Cyber Hero for additional assistance.

Important: ThreatLocker Recommends Keeping Your Golden Image Up to Date. If your software undergoes a major update, you should update the Golden Image to ensure that Application.db downloads the latest definitions. The Golden Image should also be updated with each ThreatLocker Agent Version update. A good rule of thumb is updating it once a month. 

Scenario One: A Completely Autonomous and Independent Virtual Desktop

This scenario is treated as any other desktop. ThreatLocker should be deployed as usual and saved onto the Golden Image.

Scenario Two: Persistent Virtual Desktop (Using a Golden Image that has a VDI that Stays with the User and Does Not Reset Back)

ThreatLocker should be deployed as usual and saved onto the Golden Image. 

Once everything has downloaded and the Golden Image has been saved, the ComputerId, ComputerAuthKey, and pk.dat file must be deleted from the Golden Image.

Steps to Delete the ComputerId, ComputerAuthKey, and pk.dat File

  • Disable Tamper Protection
  • Open Command Prompt as an Administrator.
  • Type "net stop HealthTLService" to stop the Health Service.
    • This step must be done before you attempt to stop the ThreatLocker Service as it will revive the ThreatLocker Service.
  • Press Enter
  • Type "net stop threatlockerservice" to stop the ThreatLocker Service.
  • Press Enter
  • Type "net stop threatlockerdriver" to stop the ThreatLocker Driver
  • Press Enter
  • Delete the ComputerId and the ComputerAuthKey from the registry of the image

undefined

  • Delete pk.dat from C:\Program Files\ThreatLocker 

undefined

  • Leave the ThreatLocker Service and Health Service stopped 
    • They will start when the VDI boots up.

Once you have deleted the ComputerId, ComputerAuthKey, and pk.dat file you should snapshot your Golden Image. 

These steps need to be followed each time the Golden Image is booted up and reimaged.

Note: This scenario should not be used if the VDI will be reset back to the Golden Image.
Was this article helpful?