Company logoHelp Center
Visit www.threatlocker.com

Deploying ThreatLocker in a VDI environment

5 min. readlast update: 03.17.2026

Important Note: Deleting ComputerSettingsV6 is critical for ThreatLocker Agent versions 10.5.3 and above. If ComputerSettingV6 is not deleted, it can lead to potential issues with machines not checking in after the initial installation.

ThreatLocker identifies computers based on two registry keys: the ComputerId and ComputerAuthKey, which are created when the endpoints check into the portal.

For those who utilize VDIs within their organizations, below are two VDI Configuration scenarios and procedures to follow based on your needs. If you fall under a different scenario, contact a Cyber Hero for additional assistance.

Important: ThreatLocker Recommends Keeping Your Golden Image Up to Date. If your software undergoes a major update, you should update the Golden Image to ensure that Application.db downloads the latest definitions. The Golden Image should also be updated with each ThreatLocker Agent Version update. A good rule of thumb is updating it once a month. 

Scenario One: A Completely Autonomous and Independent Virtual Desktop

This scenario is treated as any other desktop. ThreatLocker should be deployed as usual and saved onto the Golden Image.

Scenario Two: Non-Persistent Virtual Desktop

The following scenario has two separate options for how it can appear in your ThreatLocker Portal:

Scenario A

With this option, you will ONLY see the Golden Image listed in the 'Devices' page. No other devices will appear.

ThreatLocker should be deployed as usual and saved onto the Golden Image.  

You will see only one device, the Golden image, listed in the devices page for this group; however, you will see all logs for all VDI’s in the Unified Audit. You can use the Asset Name’ field in the Unified Audit to search for a particular VDI.

ThreatLocker should be deployed as usual and saved onto the Golden Image.

Scenario B

This option will allow you to see each VDI as an individual device listed on the 'Devices' page.

Note: Ensure Agent Version 10.9.4 or above installed on the Golden Image.

To start, create a computer group for your VDIs. Once done, open a Support ticket with a Cyber Hero to configure the computer group you just created to 'Permit & Replace', which was previously called 'Sticky Hostnames'. Be sure to include the Computer Group's name and ID in the ticket you create.

After this is completed, install the ThreatLocker Agent for this group onto your Golden Image.

If your Golden Image already had the ThreatLocker Agent installed on it and you have moved it to the newly-created computer group, you will need to update the 'GroupKey' registry value to match the 'Install Key' from the ThreatLocker Portal.

To locate your 'Install Key', hover over 'Assets' using the left-hand side of the ThreatLocker Portal, then select 'Groups' from the menu.

Select the group you have created for your VDIs from the list, which will open the 'Edit Computer Group' sidebar. The 'Install Key' can be found in this sidebar.

Next, you will need to disable Tamper Protection on your Golden Image. For guidance on how to Disable Tamper Protection, please refer to the following article:

Disable Tamper Protection | ThreatLocker Help Center

On your Golden Image, open 'Regedit' as an Administrator and navigate to the following Registry Path:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ThreatLocker

Select 'GroupKey' from the list.

In the 'Edit String' window, change the 'Value Data' field to match the Computer Group's 'Install Key', then select 'OK'.

For both options, once everything has downloaded and the Golden Image has been saved, the ComputerId, ComputerAuthKey, and pk.dat file must be deleted from the Golden Image.

Steps to Delete the ComputerId, ComputerAuthKey, ComputerSettingsV6, and pk.dat File

Important Note: Deleting ComputerSettingsV6 is critical for ThreatLocker Agent versions 10.5.3 and above. If ComputerSettingV6 is not deleted, it can lead to potential issues with machines not checking in after the initial installation.

  • Disable Tamper Protection
  • Open Command Prompt as an Administrator.
  • Type "net stop HealthTLService" to stop the Health Service.
    • This step must be done before you attempt to stop the ThreatLocker Service as it will revive the ThreatLocker Service.
  • Press Enter
  • Type "net stop threatlockerservice" to stop the ThreatLocker Service.
  • Press Enter
  • Type "net stop threatlockerdriver" to stop the ThreatLocker Driver
  • Press Enter
  • Delete the ComputerId, ComputerAuthKey, and ComputerSettingsV6 from the registry shown in the image below:

  • Delete pk.dat from C:\Program Files\ThreatLocker 

undefined

  • Leave the ThreatLocker Service and Health Service stopped 
    • They will start when the VDI boots up.

Once you have deleted the ComputerId, ComputerAuthKey, ComputerSettingsV6, and pk.dat file you should snapshot your Golden Image. 

These steps need to be followed each time the Golden Image is booted up and reimaged.

Best Practices

  • Prior to sealing the Golden Image, ensure a Baseline scan has been completed, and all ThreatLocker files & policies have been deployed to the device.

  • Ensure the Golden Image is online 1-2 times a week. This will allow ThreatLocker files to update. The cleanup process needs to be performed each time the Golden Image is spun up before sealing. 

  •  Keep the ThreatLocker Agent version up to date.  

  • Any Computer Group where a Golden Image & VMs live needs to be a brand new group. 

Was this article helpful?