Home

Does adding user to Hostpool name gives access to local admin group of a VDI ? Like OnPrem RDS does?

%3CLINGO-SUB%20id%3D%22lingo-sub-744199%22%20slang%3D%22en-US%22%3EDoes%20adding%20user%20to%20Hostpool%20name%20gives%20access%20to%20local%20admin%20group%20of%20a%20VDI%20%3F%20Like%20OnPrem%20RDS%20does%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744199%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20adding%20user%20to%20Hostpool%26nbsp%3B%20(using%2C%20cmdlet%2C%20Add-RdsAppGroupUser%20)%20gives%20access%20to%20local%20admin%20group%20of%20a%20VDI%20%3F%20Like%20OnPrem%20RDS%20does%20while%20a%20VDI%20is%20assigned%20to%20a%20user%2C%20does%20this%20WVD%20also%20adds%20the%20assigned%20user%20to%20local%20admin%20group%20of%20that%20VDI%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751749%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20adding%20user%20to%20Hostpool%20name%20gives%20access%20to%20local%20admin%20group%20of%20a%20VDI%20%3F%20Like%20OnPrem%20RDS%20d%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751749%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F355882%22%20target%3D%22_blank%22%3E%40Jasmer1%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20a%20Pooled%20deployment%2C%20adding%20a%20user%20to%20an%20AppGroup%20does%20not%20grant%20a%20user%20Local%20Admin%20permissions%20on%20the%20Sessionhost%2C%20as%20the%20sessionhost%20can%20have%20multiple%20AppGroups%20(FullDesktop%20and%2For%20RemoteApp).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20know%20if%20this%20is%20the%20same%20in%20a%20Personal%20deployment%20tbh.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-785605%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20adding%20user%20to%20Hostpool%20name%20gives%20access%20to%20local%20admin%20group%20of%20a%20VDI%20%3F%20Like%20OnPrem%20RDS%20d%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-785605%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20here%20referring%20to%20personal%2Fpersistent%20VDI%20assignment%20and%20what%20does%20assignment%20actually%20mean%20at%20VDI%20level%20does%20it%20provide%20access%20to%20local%20admin%20group%20for%20RDP%20access%20and%20all%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-787626%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20adding%20user%20to%20Hostpool%20name%20gives%20access%20to%20local%20admin%20group%20of%20a%20VDI%20%3F%20Like%20OnPrem%20RDS%20d%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-787626%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20testing%20a%20personal%2Fpersistent%20Hostpool.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20running%20Add-RdsAppGroupUser%2C%20the%20hostpool%20was%20displayed%20on%20user's%20Windows%2FHTML%20Client.%3C%2FP%3E%3CP%3EThis%20user%20can%20use%20VM%2C%20but%20did%20not%20belong%20to%20local%20administrators%20group.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20make%20the%20user%20belong%20to%20local%20administrators%20group%2C%20some%20another%20administrator(or%20domain%20administrator%20user)%20had%20to%20launch%20'compmgmt.msc%20-%26gt%3B%20connect%20to%20another%20computer'%20to%20edit%20the%20group.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jasmer1
New Contributor

Does adding user to Hostpool  (using, cmdlet, Add-RdsAppGroupUser ) gives access to local admin group of a VDI ? Like OnPrem RDS does while a VDI is assigned to a user, does this WVD also adds the assigned user to local admin group of that VDI?

 

3 Replies

Hi @Jasmer1 ,

 

In a Pooled deployment, adding a user to an AppGroup does not grant a user Local Admin permissions on the Sessionhost, as the sessionhost can have multiple AppGroups (FullDesktop and/or RemoteApp).

 

I don't know if this is the same in a Personal deployment tbh. 

Highlighted

I'm here referring to personal/persistent VDI assignment and what does assignment actually mean at VDI level does it provide access to local admin group for RDP access and all?

I am testing a personal/persistent Hostpool.

 

After running Add-RdsAppGroupUser, the hostpool was displayed on user's Windows/HTML Client.

This user can use VM, but did not belong to local administrators group.

 

To make the user belong to local administrators group, some another administrator(or domain administrator user) had to launch 'compmgmt.msc -> connect to another computer' to edit the group.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies