<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Instant Clones - user full local admin rights in Horizon Desktops and Apps</title>
    <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234282#M86504</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;o/&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I have a customer that has a legacy app that requires the logged in user to have full admin rights to their VM. What is best practise for if you wanted to grant full local administrator rights for users on their instant clone VM. I dont want to grant say domain users full local access rights on the golden image, anyone every crossed this question/Dilemma?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Really i want the customer to understand their application better so we can determine why it needs full admin rights and apply whatever it needs or whatever its modifying to the golden image. Do you think ThinApp or possibly AppVolumes could help in this instance? I've deployed App Stacks before but not used ThinApp, it looks really cool though!.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Wed, 19 Jun 2019 21:17:39 GMT</pubDate>
    <dc:creator>jooji</dc:creator>
    <dc:date>2019-06-19T21:17:39Z</dc:date>
    <item>
      <title>Instant Clones - user full local admin rights</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234282#M86504</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;o/&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I have a customer that has a legacy app that requires the logged in user to have full admin rights to their VM. What is best practise for if you wanted to grant full local administrator rights for users on their instant clone VM. I dont want to grant say domain users full local access rights on the golden image, anyone every crossed this question/Dilemma?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Really i want the customer to understand their application better so we can determine why it needs full admin rights and apply whatever it needs or whatever its modifying to the golden image. Do you think ThinApp or possibly AppVolumes could help in this instance? I've deployed App Stacks before but not used ThinApp, it looks really cool though!.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 19 Jun 2019 21:17:39 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234282#M86504</guid>
      <dc:creator>jooji</dc:creator>
      <dc:date>2019-06-19T21:17:39Z</dc:date>
    </item>
    <item>
      <title>Re: Instant Clones - user full local admin rights</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234283#M86505</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I do it with group policy&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A href="https://support.microsoft.com/en-us/help/279301/description-of-group-policy-restricted-groups" title="https://support.microsoft.com/en-us/help/279301/description-of-group-policy-restricted-groups"&gt;https://support.microsoft.com/en-us/help/279301/description-of-group-policy-restricted-groups&lt;/A&gt; &lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 19 Jun 2019 21:41:21 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234283#M86505</guid>
      <dc:creator>sjesse</dc:creator>
      <dc:date>2019-06-19T21:41:21Z</dc:date>
    </item>
    <item>
      <title>Re: Instant Clones - user full local admin rights</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234284#M86506</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;We don't allow any local admins so we instead leverage Liquidware ProfileUnity to grant per process privilege escalation. I believe UEM can do the same.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 20 Jun 2019 23:08:43 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234284#M86506</guid>
      <dc:creator>BenFB</dc:creator>
      <dc:date>2019-06-20T23:08:43Z</dc:date>
    </item>
    <item>
      <title>Re: Instant Clones - user full local admin rights</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234285#M86507</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Assuming that isn't a free solution?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 21 Jun 2019 09:49:16 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234285#M86507</guid>
      <dc:creator>jooji</dc:creator>
      <dc:date>2019-06-21T09:49:16Z</dc:date>
    </item>
    <item>
      <title>Re: Instant Clones - user full local admin rights</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234286#M86508</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I wouldn't recommend doing this without a level above you's permission, but you could add NTAUTHORITY\Authenticated Users to the local admins group on your desktop and then restrict access east/west using GPO's or Windows firewall. Turn off the admin shares or restrict access to them using GPO's so admins can still pull logs from the View desktops if needed.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Just a thought - but again not recommended and not very secure. Make sure you have a defined refresh policy (hopefully within 24 hours of user login, if not shorter).&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 21 Jun 2019 12:09:29 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234286#M86508</guid>
      <dc:creator>mchadwick19</dc:creator>
      <dc:date>2019-06-21T12:09:29Z</dc:date>
    </item>
    <item>
      <title>Re: Instant Clones - user full local admin rights</title>
      <link>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234287#M86509</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;After looking back at my notes from the Horizon course for something completely different i noticed a line in the UEM section "privileged elevation" and with a bit of digging it does offer this functionality yes! Exactly what i need.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A href="https://www.youtube.com/watch?v=YlMbz13dQpE" title="https://www.youtube.com/watch?v=YlMbz13dQpE"&gt;VMware User Environment Manager 9.2: Privilege Elevation - Feature Walk-through - YouTube&lt;/A&gt; &lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 21 Jun 2019 13:28:56 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clones-user-full-local-admin-rights/m-p/2234287#M86509</guid>
      <dc:creator>jooji</dc:creator>
      <dc:date>2019-06-21T13:28:56Z</dc:date>
    </item>
  </channel>
</rss>

