This would be awesome. Could be based on an AD OU or locally named users. To be able to restrict some image deployment to specific user would be great (i.e.: Server image not available to a specific project user).

Currently giving helpdesk staff the password to deploy an image gives them access to deploy every image, and to log into machines remotely with administrator priviledges. It would be nice to at least differentiate between personnel with access to deploy images, and personnel with access to log into connected machines as an admin. This is espeically important with RSAs, where remote offices may have an "advanced user" rather than actual helpdesk personnel. The significant problem with allowing people to deploy images is that it also currently grants those people full access to remotely administrate any workstation or server they can reach.

Take the current idea of Orgs in the K1000 and use it in the K2000. This way users from different departments in the same LAN can manage their own images and not touch anyone elses.

Why was this functionality not 'built-in'? I cannot think of a single use-case where the 'readonly admin' will be used. Enterprise customers need the ability to segregate who does what--the team that builds the images is not the team that deploys the images in our organization.

I would give this suggestion 3 votes if I had any leftover.

Ability to set unique password for separate boot environments will allow people setting up workstations (typically not high level sysadmins) access to that and nothing more. Currently the password to get into KBEs is one of the main passwords for the K2000 itself.

This option is a MUST have, this should be something like the "roles" at the K1000, where some technitians have access to some options like creating images, and others just managing/capturing users profiles from the GUI for a later deployment.

This will help a lot the Sys Admin and will delegate permissions to others.

or what if the user deploying was logged by the k2 boot actions? That would probably be easier to tackle initially

There needs to be multple boot manager users so that we can see what images certain users are deploying or capturing. This is the authentication at the PXE menu screen.

There needs to be away to allow people permissions to certain part of the K2000 without having to give them admin rights to the entire box.

Some way to authenticate users which allows different images would be nice, ie, everyone can get the BASE image, but only people who click authenticate and type AD credentials will get the TEACHER image.