SEP with VDI question - SEPM groups
SEP and SEPM 12.1.3001.165
For the most part, 2 groups in SEP management used to handle and manage settings, configuration, security, policies and rules within SEP.
One group of computers is used by clients - is more public, very restrictred.
The other is for most of the rest of the employees, daily work sort of stuff. Still plenty of security (2.5 years virus-free sort of proves that)
We are working on a VDI project - VMWare products, virtual desktops, one standard "gold image" from which all desktops will spawn.
I am looking for a way to keep SEP on the gold image and yet "direct SEP" on the virtual computer or desktop to "be a member of" one of the two groups depending on who is logged in.
For the one group, the user ID or name will always start with the same characters and they will pull a desktop from one pool just because of who they are. That's the clients - they all share a group of login IDs. I want those computers to end up in their group so they get the proper set of SEP policies and rules and settings.
For the other group I want them to end up in our standard desktop group in SEPM so they will have their own set of rules or policies and settings.
Is there an easy way to do this while keeping a single base image in our VMWare VDI setup - with SEP pre-installed on it?
How about this - SEP is installed in that gold image to default to our normal desktop group in SEPM, but if a user with a user name following a certain pattern logs in, that computer runs a script that moves SEP into that group?
Perhaps a script that changes the registry - or a script that puts the sylink.xml file on that "computer" during the login process and SEP then just "moves" into that SEPM group?
How do others running VDI handle putting different computers into different groups in SEP?
Each time the user logs in keep in mind that the computer is recreated from scratch and it will be as if SEP was new again - if I read things right. It not like it's set one time and then every time that user logs in it's the exact same computer and holds all software settings. For their profile, yeah, if we do persistant.