Deploying Huntress on Endpoints with Deep Freeze/VDI/Sysprep
This article applies to the use of the following:
- VMware Virtual Desktop Infrastructure (VDI)
- Microsoft Windows Virtual Desktop (WVD)
- Citrix VDI (formerly XenDesktop)
- The use of standard install images (Sysprep/WIM, Microsoft Deployment Toolkit, etc.)
- Faronics Deep Freeze
If any of the above are used within your environment, some deployment preparation may be required to ensure you do not end up with duplicate agents. The Huntress Agent registers with the Huntress cloud when the agent first comes online. If a host is reverted to a state prior to the install of the Huntress Agent, and the agent is then installed again, this will create a duplicate host.
In order to fix this, you'll need to change the registry key AgentId located in HKEY_LOCAL_MACHINE\SOFTWARE\Huntress Labs\Huntress to 0 (hexadecimel)
net stop huntressagent | REG ADD "HKLM\SOFTWARE\Huntress Labs\Huntress" /t REG_DWORD /v AgentID /d 0 /f
Specifically, with respect to virtual environments, we use the UUID and hostname to help uniquely identify a host. When a VM is recomposed, if these remain the same, when the agent re-registers, we will re-use the existing agent ID (preventing duplicate hosts). If the UUID and/or hostname changes each time, you will see duplicates in your Huntress Dashboard as each host re-registers.
We recommend testing a few clones before mass deploying. Reboot and revert the clones several times to verify that no new duplicate agents are created.
If you use see duplicate agents, we ask that you contact support at firstname.lastname@example.org so we can help to identify the cause and resolve the issue.