A few weeks ago I did a project implementing MED-V.
Since I had to make use of the existing Active Directory, I also got a lot of policies applied to my MED-V image when the users logged on.
After some troubleshooting one of those days, I found two little gotchas you have to watch out for when you’re implementing MED-V and you want to make use of Single Sign On (SSO) for the users…
- The first one is a policy named “Deny log on through Terminal Services”.
Make sure this policy is not set and preferably make sure that the “Allow log on through Terminal Services” so that SSO can work properly. - The second one is a policy named “Interactive logon: Message text for users attempting to log on”
Make sure this policy is not set, or a nasty popup will appear in the background where the user won’t notice it, and SSO will not work. The last is something the users will notice and it won’t take long for them to provide you with the feedback that your implemented MED-V solution is not working.