Basic Golden Image Settings

  1. Install the Windows OS.
  2. Configure the network settings.
    1. Configure the network settings to match your environment settings (DNS, Proxy).
    2. To verify that the configuration is correct, add it to your domain.
    3. Make sure you can ping Domain FQDN.
    4. Make sure you can ping Connection Server FQDN.
  3. Install the required software and tools.
  4. Install the latest Windows updates.
  5. Optimize the Guest machine.
    1. Optimize the master image according to the Microsoft VDI Recommendation.
    2. Use the Vendor's specific optimization tool.

      VMware - VMware OS Optimization Tool.

      Citrix - Citrix Optimizer.

    Important:

    Make sure that you do not disable the Windows Security Center service.

  6. Install the Virtual Delivery Agent (VDA).
    • VMware Horizon:

      • Version 7.10 supports up to 19H1.

      • Make sure that during installation you choose the correct settings (Linked clones or Instant Clones).

    • Citrix:

      • Make sure that during installation you choose the correct settings (MCS / PVS).

      Notes for Citrix PVS:

      • Before the first Endpoint installation, boot the machine from the network using the relevant vDisk in Read / Write mode.

      • When upgrading Endpoint in maintenance mode, make sure that you upgrade the vDisk through the golden image and not one of the clones.

      • The transfer of a clone back to the golden image is not supported.

  7. Configure Trust with the Domain Controller.
    • Make sure that the golden image has a Trust Relationship with the Domain Controller.

    • You can use this PowerShell command:

      Test-ComputerSecureChannel

  8. Install an Endpoint Security Client.
    1. Create an exported Endpoint client package.
    2. Install the Endpoint client package as administrator.
    3. Get the latest Anti-Malware signatures.
      Tip:

      Update manually with Update Now from the Endpoint tray icon at least once a day.

    4. Scan for malware.
      Tip:

      Scan manually with Scan System Now from the Endpoint tray icon for every signature update.

  9. Shut down the Virtual Machine.
  10. Save the snapshot.