here is our scenario,
we use GPO/WSUS to enforce patching on all corporate machines on our production domain.
The issue we have, is that many of our users create instances of VMware workstation on their corporate PC's and these VMware images are setup in "workgroups" and not joined to our domain.
As a result, we cannot enforce patching on these VM's
We also have no idea what admin credentials they setup on these VM's
What is happening is that virus outbreaks / patch vulnerabilities are breaking out on these VM's.
Does anyone know of a way that we can secure our entire environment and ensure the all PC's and VM's [even ones in workgroups] are compliant on the patches and A/V software?
thx - M