Pre-Reqs:
WinTPC machines must be domain joined
All VDI infrastructure is 2012(RD Web, CB, VH, GW) you might be able to use 2008R2 I did not use any so dunno..
All certificates must be in place for SSO
1. Setup 2012 VDI infrastructure to use SSO
2.Set group policy applied to WinTPC machines OU to allow Credential Delegation see: http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx
3. Steal the RDP file from RDWeb (do a view source to get the path to the RDP file then download it) place in a network location, we use a folder in netlogon. Alternatively you could create your own RDP file and include the loadbalanceinfo:s:tsv://VMResource.1.MYPOOLEDCOLLECTION_Name
4. Use a GPO to set a Custom Interface on the WinTPC machines it should execute a powershell or vbscript that runs the .rdp file, in our case we use a logon script to copy a powershell script to the local machine, then use that as the custom interface, it loops watching for the mstsc process to end..when it does it logs the user off. (sample)
#VDI-RDP.ps1
& 'c:\windows\system32\mstsc.exe' c:\start\myrdpfile.rdp
sleep -s 10
while(get-process mstsc){sleep -s 10}
logoff.exe
Custom Interface GPO is here:
User\Administrative Templates\System\Custom User Interface\
"powershell.exe" -windowstyle hidden c:\start\vdirdp.ps1
Voila !
When domain users login to the WinTPC they get a VDI session only... once they close the session either by logging off or closing the RDP session.. they are logged off of the WinTPC machine
MS really should document this somewhere.. not everyone wants to access VDI from RDweb.... :( nor do they wish to have to authenticate multiple times...
Good luck with it !