ClonePrep customizes instant clones during the creation process.

ClonePrep ensures that all instant clones join an Active Directory domain. The clones have the same computer security identifiers (SIDs) as the golden image. ClonePrep also preserves the globally unique identifiers (GUIDs) of applications, although some applications might generate a new GUID during customization.

When you add an instant-clone desktop pool, you can specify a script to run immediately after a clone is created and another script to run before the clone is powered off.

How ClonePrep Runs Scripts

ClonePrep uses the Windows CreateProcess API to run scripts. Your script can invoke any process that can be created with the CreateProcess API. For example, cmd, vbscript, exe, and batch-file processes work with the API.

Specifically, ClonePrep passes the path of the script as the second parameter to the CreateProcess API and sets the first parameter to NULL. For example, if the script path is c:\myscript.cmd, the call to CreateProcess is CreateProcess(NULL,c:\myscript.cmd,...).

Providing Paths to ClonePrep Scripts

You can specify the scripts when you create or edit the desktop pool. The scripts must reside on the golden image. You cannot use a UNC path to a network share.

If you use a scripting language that needs an interpreter to run the script, the script path must start with the interpreter executable. For example, instead of specifying C:\script\myvb.vbs, you must specify C:\windows\system32\cscript.exe c:\script\myvb.vbs.

Important: Put the ClonePrep customization scripts in a secure folder to prevent unauthorized access.

ClonePrep Script Timeout Limit

By default, ClonePrep terminates a script if the execution takes longer than 20 seconds. You can increase this timeout limit. For details, see Increase the Timeout Limit for ClonePrep Customization Scripts.

Alternatively, you can specify a script that runs another script or process that takes a long time to run.

ClonePrep Script Account

ClonePrep runs the scripts using the same account that the VMware Horizon Instant Clone Agent service uses. By default, this account is Local System. Do not change this login account. If you do, the clones will fail to start.

ClonePrep Process Privileges

For security reasons, certain Windows operating system privileges are removed from the VMware Horizon Instant Clone Agent process that runs ClonePrep customization scripts. The scripts cannot perform actions that require those privileges.

The process that runs ClonePrep scripts do not have the following privileges:

  • SeCreateTokenPrivilege
  • SeTakeOwnershipPrivilege
  • SeSecurityPrivilege
  • SeSystemEnvironmentPrivilege
  • SeLoadDriverPrivilege
  • SeSystemtimePrivilege
  • SeUndockPrivilege
  • SeManageVolumePrivilege
  • SeLockMemoryPrivilege
  • SeIncreaseBasePriorityPrivilege
  • SeCreatePermanentPrivilege
  • SeDebugPrivilege
  • SeAuditPrivilege

ClonePrep Script Logs

ClonePrep writes messages to a log file. The log file is C:\Windows\Temp\vmware-viewcomposer-ga-new.log.