These instructions are applicable to most ephemeral Virtual Desktops that use a base or golden image. 

You should never let the golden image instance register with the Huntress portal. Only the child Virtual Desktop/clones should be allowed to register. This will save future issues with duplicates and unwanted instances.

Within this guide, Virtual Desktop or ephemeral Virtual Desktop shall be referred to as VD.

Pre-Requisite work required 

For the purposes of maintaining the pool of VD's and to ensure that when the machines are disposed of, we need to ensure that the Huntress Agent can be removed and the resulting entry in the Huntress Portal is also removed, so we'd recommend creating a unique and similarly named organization, perhaps appended with -VD to keep these instances housed within their own organizational instance. This will contain its own organizational key that will be required for step 2 below when installing the Huntress Agent.

See Pre-deployment Considerations for Endpoints Created via Deep Freeze, VDI, or Sysprep for additional deployment considerations.

Windows gold image checklist 

1. Build the image offline / blocked

Whilst preparing the golden image, it is recommended to ensure it can't reach the following address.

Huntress Portal address of huntress.io 

This can most easily be achieved by either disabling the NIC in the VM settings or by specifically blocking outbound traffic on port 443 to Huntress domains at the VM's firewall

2. Install the Huntress Agent as normal

Use your usual installer/script with the correct Account Key and Org Key.

Because there’s no connectivity, registration calls will fail, and the agent won’t be created within the portal. 

3. Stop and disable services before capturing

The following steps will ensure that, should the template (golden image) be accidentally powered on with networking enabled later, the agent will not start or register.

On the golden image, run (as an elevated command line prompt / SYSTEM):

sc stop "Huntress Agent"
  sc stop "Huntress Updater"
  sc stop "Huntress Rio"

sc config "Huntress Agent" start= disabled
  sc config "Huntress Updater" start= disabled
  sc config "Huntress Rio" start= disabled

4. Shut down and seal the gold image

Power off and capture/sysprep the image at this point.

Do not bring the golden image back online with the networking after this.
 

5. On the first boot of each clone, enable Huntress

Use your deployment mechanism (GPO, Intune, RMM script, scheduled task, etc.) to run as SYSTEM on first boot of each child VM: 

sc config "Huntress Agent" start= auto
  sc config "Huntress Updater" start= auto
  sc config "Huntress Rio" start= auto

sc start "Huntress Agent"
  sc start "Huntress Updater"
  sc start "Huntress Rio"

These child VMs will then register as unique agents when they come online, while the golden image itself never does. This pattern (offline install + disabling services + first‑boot re‑enable) is the safest current way to bake Huntress into a golden image without ever letting the template instance appear in the portal.

Best Practice for the removal of the Huntress Agent from VDI/VM instances.  

From the provision made in the prerequisites listed above, we'd recommend configuring the Unresponsive Agent settings for the VD Organization as follows. 

To ensure instances of the Huntress Agent can be removed from the Virtual Desktops before they are disposed of, and ensure these are not left remaining in the portal, to cause unwanted licensing fees for VD instances that no longer exist.