Example case: Customer has network printers defined on the pool servers. They would like to modify the security settings to define who can print to specific printers.
The idea is to create an Entra security groups, then create corresponding local groups on the desktop template and add the Entra group to the local group.
But of course the desktop template isn't azure joined, so there's no security context for pulling the Entra Group into the local group while the desktop template is booted up.
I ran through a trial where I pulled out the SID for the Entra group, then used powershell to add it to the local group on the desktop template. It added fine, but once the pool server was deployed didn't appear to have really "connected" to the Entra group. The users included in the Entra group weren't able to print.
Ignore the topic about printing - the ultimate goal is to come up with a known process for adding an Entra ID User or Group object into the desktop template directly. Another path would be to not mess with the desktop template, but instead create a scripted action that adds the entra object to the local group via powershell and run it on pool server deployment. I may try that next, but wondering if anyone has solved this issue already?
Comments (1 comment)