Basic Golden Image Settings

A "Golden Image" is the base ("Master") desktop image. It is the model for clone images.

To create the Golden Image:

  1. Install the Windows OS.

  2. Configure the network settings:

    1. Configure the network settings to match your environment settings (DNS, Proxy).

    2. To verify that the configuration is correct, add it to your domain.

    3. Make sure you can ping Domain FQDN.

    4. Make sure you can ping Connection Server FQDN.

  3. Install the required software and tools.

  4. Install the latest Windows updates.

  5. Optimize the Guest machine in one of these ways:

    1. Optimize the master image according to the Microsoft VDI Recommendation.

    2. Use the Vendor's specific optimization tool:

    Important - Make sure that you do not disable the Windows Security Center service.

  6. Install the Virtual Delivery Agent (VDA).

    • VMware Horizon:

      • Version 7.10 supports up to 19H1.

      • Make sure that during installation you choose the correct settings (Linked clones or Instant Clones).

    • Citrix:

      • Make sure that during installation you choose the correct settings (MCS / PVS).

      Notes for Citrix PVS:

      • Before the first Endpoint installation, boot the machine from the network using the relevant vDisk in Read / Write mode.

      • When upgrading Endpoint in maintenance mode, make sure that you upgrade the vDisk through the golden image and not one of the clones.

      • The transfer of a clone back to the golden image is not supported.

  7. Configure Trust with the Domain Controller:

    • Make sure that the golden image has a Trust Relationship with the Domain Controller.

    • You can use this PowerShell command:

      Test-ComputerSecureChannel

  8. Install an Endpoint Security Client:

    1. Create an exported Endpoint client package.

    2. Install the Endpoint client package as administrator.

    3. Get the latest Anti-MalwareClosed A component of the Endpoint Security client that protects against known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. signatures.

      Best Practice - Update manually with Update Now from the Endpoint tray icon at least once a day.

    4. Scan for malware.

      Best Practice - Scan manually with Scan System Now from the Endpoint tray icon for every signature update.

  9. Shut down the Virtual Machine.

  10. Save the snapshot.