|
Re: Allow a domain user to add some Virtual PCs
That does not exactly work. Windows and AD have some built in safegaurds to
be sure forged computers are not coming onto the network. At irregular
intervals a computer will validate with AD/the domain and if someone had
made an exact copy from a month or so ago and tried to drop it on the
network you will get an error saying the computer account could not be found
because AD thinks it is a forged computer because all the recent checks are
not there.
Now if you use NTBackup to restore the computer, if available and
accessible, those IDs don't get wiped from what I understand. It is only
when you try to load the image of what you had from some time ago back on.
You can fix this by just logging on the PC and removing and rejoining the
domain, but that is not exactly what I want for them because they could make
a backup of something that has already gone bad. I would rather them just
reformat and allow my RIS server to deploy the setup I want and have AD
install all the apps I want and have WSUS install all the patches I approved
so they will be fresh.
I am thinking of creating an AD container and letting the Engineering Group
Manage, but I want to be sure they can only add computers to and rebuild
computers in that container and not do things like add users to the domain.
"Robert Moir" <usenet@REMOVE2EMAILrobertmoir.com> wrote in message
news:e%23clCYvpIHA.3408@TK2MSFTNGP03.phx.gbl...
>
> "Jordan" <none@here.com> wrote in message
> news:OkBuxctpIHA.1772@TK2MSFTNGP03.phx.gbl...
>>I have a couple of engineers that are developing software. They need to
>>have a few Virtual PCs setup that they can reck and rebuild repeatedly.
>>They need to do this as quick as possible so I figured the fastest way was
>>to use what I use and that is RIS to install Windows XP and Active
>>Directory to deploy the standard apps we use. The problem is I don't want
>>to give them any more domain access than they have as a standard domain
>>user nor do I want them to be able to build more than the units I give
>>them.
>
> So basically you want them to be able to do stuff except for when you
> don't want them to be able to do stuff. That would require a telepathic
> system that hasn't been invented yet.
>
> Let's think outside that box for a moment.
> The fastest way to "wreck and rebuild" a virtual machine is to save a
> 'snapshot' of the VMC (virtual machine settings) and VHD (virtual hard
> disk) files associated with the virtual machine once you've built it how
> you want, and copy those files back over the top of the old files every
> time you want to rebuild. No extra rights or access to special tools
> required at all. I'd just setup each person's virtual machine(s) in nice
> tidy seperate folders, and train them to unzip a fresh copy of the
> appropriate folders over the place of the appropriate 'old' folder each
> time they want to refresh their virtual machine testbed.
>
> Fast, Simple, Robust, also works on a laptop if they ever need to do
> development or possibly a demo away from the office.
>
>
|
Linear Mode
