Can we produce a VM that is joined to the domain? What are the issues related to this?

Updated: Without storing a clear text password with the ability to join the domains to the machine or creating separate images for each student or having each student go through the entire RIS process (hours) from within a VM, joining machines to the domain is not an option at this time.

Not that I have found.  Because of the SID issues, we would need to uniquely generate each new VM for the students.  If we distribute them on a flash drive, then perhaps we could do this, but the SID needs to be changed with SYSPREP or the built in VMware tool before the machine is joined to the WIN.MIT.EDU domain and assigned to the right container.

I'm discussing further with Paul Lembo from VMware, but my current understanding is that this would only be an option if we looked at a VDI environment where the VMs are run from a central server and machines are created for each user and run locally as a VM.  This currently has limitations that require network connectivity, which may be acceptable for what we are trying to do.

To lock down the machines, we would have to do that locally, but for students to customize the machines, we would have to given them admin access, so they could unlock it.

I spoke to Richard Edelson and he suggested that we could accomplish this using PXE boot with a RIS image that includes the VMware driver support.  They have already done this for Server 2003, but not XP yet.  This would still involve giving the students a tempjoin account and having to get the software installation working through domain deployment which defeats a lot of the value for going with the VM in the first place.  Also to get it setup, the student would require a very solid network connection.