3

I am looking to identify values in the Windows Desktop OS that persist in non-persistent VDI environments, that can be accessed programmatically (I.E. PowerShell). The only value I know (which isn't suitable for my requirement) is DNS Hostname.

The scenario...

I have created an SaaS application that is licensed per machine per month.

My desktop agent generates a unique ID using persistent system values, submits the ID to my API which checks the ID is unique on our side and that there are sufficient unspent credits in the customers account. If both of these conditions are true a 28 day licence key is created and sent back to the agent in the API response.

This set-up works perfectly for traditional persistent desktops, however I would like to cater for non-persistent VDI environments. Currently. if an organisation had 100 non-persistent desktops and the desktops were re-built after a user session each day, this model would result in 2800 licences being issued and charged for every 28 days rather than 100... good for my bottom line, but not for customer longevity!

The question...

Which OS values, if any, persist between sessions on non-persistent Windows 10 VDI? Is it just the hostname or are there VDI configurations that can also result in the hostname changing? (I'm not aware of any myself).

Thank you!

Arbiter
  • 141
  • 3

2 Answers2

0

Now sorry, if I do not 100% get on where and how your API connects but:

You can get quite a good look on unique identifiers if you come from the delivery controller side. With the necessary SDK, PowerShell can give you quite a load of information via get-brokermachine (I would add some necessary filters, e.g. -DesktopGroupName "YourDeliveryGroupName", just check the documentation here.

If you are talking about the desktop itself, you could in theory fetch the MAC-Adress because (I would argue independently of your host-type) this is always unique and you have the possibility of fetching the value via powershell if you have the necessary SDK added.

Other than that I am afraid (and I just checked on my non-persistent VirtualDesktop VDI) that there are no other truly unique identifiers other than your DNS.

So, if you really want to avoid DNS and also the MAC, you could in theory fetch the unique SID (or really any other unique value, Citrix DC gives you a few), push it to the according device and go from there. I am thinking about for-each get-brokermachine | ...

(although I am fond of PoSH, I am not totally sure how to do that specific task)

Bowshock
  • 1
  • Thanks for coming back to me, I solved this one a year ago! :) I'm using a hashed combination of the cryptography MachineGUID, the device SID and some additional entropy provided by my API. ā€“ Arbiter May 29 '20 at 11:49
  • Funny as hell, I only realized the post is 1yo an hour after I posted my answer. Iā€™m glad you already solved it and thanks for posting the progress, I love learning from posts like these. Guess the Citrix serverfault is not as active. ā€“ Bowshock May 29 '20 at 12:00
0

It's been a while, but someone answering a year later has brought me back :)

I am using a hashed combination of the following:

  • MachineGuid value in the SOFTWARE\Microsoft\Cryptography key
  • UUID from (Get-CimInstance Win32_ComputerSystemProduct).UUID
  • Additional entropy, collected from a proprietary private API

Each time a new device ID is seen, my API runs a collection of values about the HW and software (about 20) through a confidence function. If 15 of those values match the existing license is applied, otherwise a new license is assigned.

Arbiter
  • 141
  • 3