DoD Customer uses CAC cards for authentication via Active Directory.
Apparently, regulations require each Windows instance to be activated using a CAC and administrative login. We would very much like to use flexible (non-persistant) VMs to reduce the administrative effort required to maintain patches, etc. Our idea is to patch just the template and let each user get the new version on next login. However, we do not clearly understand how Windows guest in each new VM would be activated.