ra2 studio - Fotolia
For years we've talked about the "locked-down desktop" as a major goal of desktop management -- whether you're using virtual or physical desktops. The locked-down desktop (also called the non-persistent desktop) means Windows desktops are fully secured and locked down. A user can't make any changes (apart from simple things like setting desktop wallpapers and changing colors and fonts). Anything else they change is wiped away the next time they log on.
The benefits of locked-down desktops are huge. They lessen support costs because users can't break things. They improve security because viruses and malware can't raise havoc with the users' admin rights. And, when all desktops are the same, software updating and patching becomes far simpler.
The biggest reason to lock down desktops is to restrict what we call user-installed apps, or UIAs. Quite simply, users can't install "their" apps onto "their" desktops if the desktop is locked down. But while we've recognized the value of the tightly controlled desktop for decades, it's been difficult to implement. The reason for this is simple: user rebellion. Users' desktops are personal to them (even when it's corporate-owned hardware), and most users object to IT locking them out of "their" desktops.
Several software vendors have tried to solve the UIA problem through all sorts or wizardry, from virtualization to application bubbles and layering. Unfortunately, these products have gained no significant traction, and the "UIA problem" is still a problem.
Or is it?
I've worked with enterprise desktops for 20 years. What I've started to notice lately is that the UIA problem doesn't seem like much of a problem anymore. Five years ago it was all anyone could talk about. But today? Not so much.
In 2015, most of the non-corporate apps that users want access to are not traditional apps at all. They're websites and Web apps. So while in 1995 users would walk up to a non-persistent desktop and get mad because they couldn't install PointCast, in 2015, they say, "Hey, does that locked-down desktop have a browser? Great! I'm fine."
The second change is that every user has a smartphone now, and many have iPads. I can't tell you how much time I spent on user complaints about not having iTunes on locked-down desktops in 2005. It's not a problem now because users have access to their entire music libraries -- not to mention most of the other apps they care about -- in their pockets.
Think about your own collection of non-corporate apps. If you walked into a job in 2005 and they said, "Here's your desktop. It's locked down. You can change nothing," you might have quit right there on the spot! But in 2015, your reaction would be more like, "Does it have a browser? Can I have my iPhone on my desk while I'm working? Meh. It's fine then."
So if you've avoided locking down desktops for the past 20 years, maybe now is the time to revisit the idea. The benefits are huge and users' objections are mostly a thing of the past.
- VMware Crash Course: Modern Pod/Block VDI Architectures –AdvizeX Technologies