Frequently customers in VDI environments request that users are local administrators on their non-persistant desktop.
Some simply just add domain users to the local administrator Group, but this is a really bad idea because this will give users admin rights across desktops, giving them access to destroying other desktops.
Instead we can simply add the built-in Interactive user to the local administrators Group:
This basically means who ever logs onto this desktop will be a local administrator for as long as they are logged on interactively.
Awesome blog you have here but I was curious about if you knew of any community forums that cover the same topics talked about here? I’d really love to be a part of community where I can get feedback from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Bless you!
I can recommend going to http://www.earlyexperts.net if you are interested in being part of a Windows Server 2012 study group.
I don’t get it what’s so new or different about this? take a look at HP RGS (hp.com) or the video demo of VDIWorks Video Over IP (vdiworks.com)This has been done by VDI vernods previously. VMware seems to be behind the curve on this one.
hi. there seems to be a lot of article on the net on how to give “join to a domain” rights to a user (without making them domain admins) but they don’t work.
have you found out how to do this? win2k3 AD.
I am sure you are thinking about the new “djoin” command. However this is only available with Windows Server 2008 R2 domain controllers or newer.
You can read more about it on Technet: http://technet.microsoft.com/en-us/library/dd392267(WS.10)