Hi all,
On our physical desktops we give the owner of the PC local administrator access in case they need to install applications etc... etc...
How would we do this using a persistent pool? I would hate to add the staff AD security group to the local administrator's group within the master image that gets snapshotted to make the persistent desktop pool-- then anyone who could log in would have admin access to that desktop!
Also, if we do log into a user's virtual desktop as the domain Administrator and add the machine owner to the local Administrators group, won't that change in security be wiped out after a recompose to update the desktop from a new snapshot?
How are other people dealing with this?
Also what is the best practice for allowing users to install their own applications, have them remain on the machine, and also allow new snapshots to be rolled out via recompositions?