Deploying ThreatLocker in a VDI environment
Threatlocker identifies computers based on two registry keys that are created when the endpoints check into the portal. When we configure the base image for the VDI, we have to make sure the values for the "Computer ID and the Computer Auth" registry keys are set and the process that creates the new machines also copies those original keys to the new VMS.
- Install ThreatLocker on the GOLD image for the VDI environment
- Navigate to the registry (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ThreatLocker) and take note of the keys listed below.
- Computer AuthKey
When the VDI replication process begins, that replication process must copy those registry keys. Normally, the VM's that are created in VDI environments are destroyed on a daily basis. If the registry keys aren't copied to those new VM's, new machines will be created in the TL portal on a daily/weekly basis ( Varies bases on your VM clean-up Process) and they will go offline whenever those images are destroyed.