Scenario: we're in the process of setting up central virtualised server that acts as a demonstration environment. This VM (running Windows 7) will be cloned and put on sales laptops so demonstrations can be done "in the field" - using a VM allows us to ensure that we have a good working standard build, without having to worry about what the actual laptop.
The central VM needs to be on our coporate Active Directory domain. We ideally want to remove the domain membership from the cloned versions before it goes on to the sales laptops - in some cases, we'll be getting the VM to the sales guys remotely, so we don't want to have to support them in taking the machine of the domain.
Now, we can't just remove a clone from the domain, as being a direct clone it will also take the central VM off the domain. Removal of the domain will probably be done whilst the machine is on the corporate network - so whilst we could try and isolate the clone from the network, I'm expecting this to be forgotten about at some point.
So - I'm thinking that we need to look at using sysprep
to do the dirty work, using the [Identification]
section to take it off the domain and stick it on a workgroup. Has anyone any experience of this and advise of any caveats given what we want to do? It seems straightforward enough that it's making me think I've missed something...
Cheers :-)
EDIT (in answer to questions)
We're intending to use VirtualBox on the laptops to host the virtual machines; it's both fairly straightforward for non-techs to use, whilst being completely reliable without going to the extreme of having a Server OS on the laptop.
No domain access is needed - the VM is entirely standalone; however it needs to be on the domain whilst being centrally hosted and network-accessible due to our security policies.
Remote access isn't an option - this leaves us at the mercy of a third party's network (i.e., can we raise a VPN connection - or even get on a network in the first place?) or the mobile network (is the signal going to be good enough and reliable enough for a sustained demo?). Having a VM locally hosted where no external connctivity is required ensures that demos can occur regardless of local conditions.
So if I understand you correctly, you are setting up a "Demo VM" that is normally hosted in your own datacenter and is only joined to the domain to adhere to security policies. Semi-regularly(?), you intend to clone the current state of this VM, and transfer the clone to a number of sales laptops so they can be demoed in the field.
Were I in your situation, I'd probably do the following when it was time to make a new clone of the central VM.
Alternatively, automate your app deployment process so you can just spin up new "Field" VMs from scratch rather than needing to clone from the central one.
If you make a clone, disconnect the NIC on the clone, then do a forced Disjoin on the clone, then reattach the clones NIC, wouldn't that do the same thing and not worry about messing with the original VM in any way?