Creating a golden image with the agent software

Procedure

1. Power on and set up the source desktop you want to use to create the template, including configuring the operating system, VM settings, and software.
2. Configure the software for a VDI or cloned environment, including any endpoint protection software.
3. If you are deploying a Server & Workload Protection agent, configure Agent-Initiated Activation.
   1. In the Trend Vision One console, go to Endpoint Security Operations → Server & Workload Protection → Administration → System Settings → Agents.
   2. Select Allow Agent-Initiated Activation.
   3. Select Allow Trend Vision One Virtual Desktop Infrastructure (VDI) support and cloned virtual machines.

      Important Enabling this feature locks other Agent-Initiated Activation settings. For more information, see Agent settings.

4. In the Trend Vision One console, go to Endpoint Security Operations → Endpoint Inventory and click Agent Installer.
5. Download the Agent Installer package you want to use and install the agent on the source desktop.
   Follow the steps in the linked topics based on the agent type you wish to use to install the agent program on the source desktop:

   • Standard Endpoint Protection Agent Deployment
   • Server & Workload Protection Agent Deployment
   • Endpoint Sensor Agent Deployment
6. After installation finishes, go to Endpoint Security Operations → Endpoint Inventory and locate the source desktop on the list.
7. Verify that the desired endpoint policy settings are correct.
8. If you want to facilitate future agent upgrades, create a snapshot of your source desktop.
   For more information, see Updating the agent for golden image templates.

   The following the steps detail how to download and run the Image Setup Tool. Trend Micro recommends using the Image Setup Tool for all of your template-based deployments.

   Important The Image Setup Tool does not support Linux or macOS deployments. Skip ahead to complete the setup. You must use the Image Setup Tool for deploying non-persistent Windows virtual desktops. The Image Setup Tool disables updates for the endpoint agent. To maintain the ability to update the agent program in the future, you must create a snapshot of the source desktop before installing and running the Image Setup Tool.

9. In the Trend Vision One console, go to Endpoint Security Operations → Endpoint Inventory and click Agent Installer.
10. Click the Download Image Setup Tool icon () for your agent type.
    The Virtual Desktop Image Setup Tool screen appears.
11. Click Download to download the Image Setup Tool.

    Important The downloaded Image Setup Tool package is specific to your organization.

12. Copy the Admin token.

    

13. Extract the contents of the ImageSetupTool.zip package onto the source desktop.
14. For customers installing the Standard Endpoint Protection agent, run the TCacheGen tool found in <ImageSetupTool folder>\TCacheGen before running the Image Setup Tool.
    • Use the graphics user interface:
      1. Double-click the executable (TCacheGen.exe or TCacheGen_x64.exe).
      2. Select Generate the pre-scan template and remove the GUID or Remove the GUID from the pre-scan template.
      3. Click Next.
    • Use the command line:
      1. Unload the Agent.
      2. Put a copy of the following files under <Agent installation folder>:
         • 32-bit platform: TCacheGen.exe and TCacheGenCli.exe
         • 64-bit platform: TCacheGen_x64.exe and TCacheGenCli_x64.exe
      3. Start the Agent again from the Start Menu.
      4. Run one of the following commands as an administrator:
         1. To scan and remove the GUID:
            • TCacheGenCli Generate_Template
            • TcacheGenCli_x64 Generate_Template
         2. To only remove the GUID:
            • TCacheGenCli Remove_GUID
            • TcacheGenCli_x64 Remove_GUID
      5. Provide the agent unload password.

    Note The TCacheGen executable is automatically deleted after generating the template to avoid unexpectedly triggering this tool again. Running the tool again re-creates the agent GUID and causes the agent to register as a new entry, breaking the association to current settings and logs.

15. Run ImageSetupTool.exe as an administrator on the source desktop to prepare the agent.

    Important Specify if your cloned machine is physical/persistent or non-persistent.

    Command	Use Case	Supported Features
    ImageSetupTool.exe --persistent	Persistent virtual desktops Physical desktop clones	Standard agent auto-removal Vulnerability Assessment available In-place upgrades
    ImageSetupTool.exe --non-persistent	Non-persistent virtual desktops	Non-persistent agent auto-removal available from Endpoint Inventory Vulnerability Assessment disabled In-place upgrades disabled
    ImageSetupTool.exe --persistent --no-login ImageSetupTool.exe --non-persistent --no-login	Do not require a login for the newly provisioned machine	Citrix ICA virtual channels

16. Paste the admin token copied from the Endpoint Inventory app when prompted.
17. Delete the Image Setup Tool from the source desktop once image setup completes.
18. Export your source desktop as a golden image template.
    When signing into a desktop created using the golden image template, the newly-provisioned endpoint appears in the Endpoint Inventory list.