In the world of desktop virtualization, there's a lot of talk about how to reign-in control of users' desktops while still giving them the freedom to work as needed (installing their own apps, etc.). For the past twenty years or so, most users have had full desktops or laptops with enough security permissions to be able to do what they needed to do.
But then this whole desktop virtualization and VDI thing came along, and a lot of companies started focusing on ways to lower the costs of management of their desktop computers. One way to do that is to "lock down" the users' desktops. As you can imagine, a locked down desktop means that users can't install anything, and when users can't install anything, it's harder for them to break things (which leads to less support and ultimately lower costs).
But the flip side of the "locked down" desktop is that users hate it. This is especially true with the whole consumerization trend where users often use non-IT-provided apps and services to do their jobs. How can an IT department embrace consumerization yet still lock down users desktops? But does letting users do whatever they want on their desktops mean that IT is forced with high support costs since users will break everything all the time?
One way around this is to give users two desktops--one which is wide open and unlocked (often called the "sandbox" or "Wild West desktop,"--and another which is locked down and controlled. The locked down desktop is the corporate desktop, complete with the corporate apps, VPN client, security software, domain membership, and no ability for users to do anything. So it's cheap and easy to support. Then the users can use their unlocked Wild West desktop to install their consumer apps and whatever else it is that they need to do to be happy. And of course, IT doesn't support the Wild West desktop. If the user breaks it, too bad for them!
So while this "dual desktops" is a perfectly valid management technique, it can be expensive and complex. Of course IT isn't literally going to give each user two laptops, but they are going to have to use some kind of client virtual machine or combine a locally-installed desktop with a full VDI desktop. Really no matter how you slice it you're talking about two desktops per user. And even though IT is only supporting one of them, it's still not too ideal.
But I wonder: For the Wild West unlocked environment, does IT really have to give the user an actual Microsoft Windows desktop? You hear so much about how users can do more and more with tablets. I wonder if IT gives each user a tablet, will that be enough to satiate their desire to do the consumer-type things they need? Then maybe you can get away with only having to support a single desktop for them, which is the locked down corporate one.
What do you think? An easy shortcut?