Hi all. I just recently came on board as the IT Administrator of a new company that has everyone using folder redirection on server 2003. All users documents and settings are currently stored on the server and the local drives are locked out so no direct Access to the C drive and they can't install anything without having the Administrator do it.
This is how they want it.
Problem: The way the domain has been setup (locked down this way) the Programmers can not do their job (according to them) as they claim they have to be able to install to the C:/Program Files location, as well as remove and delete files that they do not need. Someone prior to me had granted created the Programmers local accounts with local Admin rights so they can get work done. However, because this bybasses all of the secuirty that has been put in place, not to mention their work files are being stored locally, nothing is being backed up by our nightly backups. I have been tasked with making it so the programmers are put back on the domain and still be able to perform without granting them any admin rights.
I am thinking that the best options would be to setup Terminal Server and have the programmers use Visual Studio 2010 through a remote Desktop app, with predefined paths for Projects that is stored on the server in their My Documents which older versions of VS setup by default. This ensuring that all files are not being stored locally, and are being backed up. However, they claim they need to be able to install the executable files that they create for testing and troubleshooting.
Another Solution that I was thinking of would be to create virtual desktop environments with VMware Server for them to RDP into. Grant them Power User access to the Virtual C drive, but still force where the files are stored either in the profile or a central location that is backed up via group policy. This way the local machine's hard drive is still locked out, everything is 100% on the server including the Virtual Dev machines.
Have any of you ever been tasked with locking down the Developer's machines similar to this, and if so do you recommend using Terminal Server with Remote Desktop either via a.rdp version of VS2010, or a complete remote desktop session? Or should I go the Virtual route?
We will also be replacing our existing server with a new one running SBS 2008 Premium, and the new server will either have Dual 6 core Intel Procs, or Dual 8 core Opterons and 16gb of ram.
We currently have 4 programmers, but may go as high as 8 in the future. Given how I/O intensive and ram hungry VS can be, how much ram and cores do you recommend for each virtual should I go that route.
Thanks
RKG456
Other than Remote Desktop for Administration, I have never really dealt with terminal server.