Deploying ThreatLocker in a VDI environment
Threatlocker identifies computers based on two registry keys that are created when the endpoints check into the portal. When we configure the base image for the VDI, we have to make sure the values for the "Computer ID and the Computer Auth" registry keys are set and the process that creates the new machines also copies those original keys to the new VMS to avoid having new machines created in the ThreatLocker Portal every time the VDI environment is destroyed.
- Install ThreatLocker on the GOLD image for the VDI environment
- Navigate to the registry (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ThreatLocker) and take note of the keys listed below.
- Computer AuthKey
When the VDI replication process begins, that replication process must copy those registry keys. If it does not, you can manually copy these keys by right-clicking on the folder in the Registry Editor of your Gold image and selecting 'Export'. Be sure to save the file as a .reg. Then you can import the file into the Registry Editor of the VDIs.
Normally, the VMs that are created in VDI environments are destroyed on a daily basis. If the registry keys aren't copied to those new VMs, new machines will be created in the TL portal on a daily/weekly basis ( varies bases on your VM clean-up process) and they will go offline whenever those images are destroyed. By copying these important registry keys, your Gold image can be used across multiple VMs but appear in the ThreatLocker Portal as a single computer.
VDI environments are billed on a per-user basis instead of a per endpoint basis.