I had a similar issue and resolved it by adding the built-in NT AUTHORITY\INTERACTIVE account in the Administrators group via Group Policy. I followed instructions here: Make all users local admins on only their current computer - Spiceworks. Any user who logs in to a non-persistent VM becomes a local admin on only that machine.
↧