P
Power2077
Hi,
I've got a simple issue that I would like to get some insight and possibly Microsoft would implement in a working state.
First of all I would like to start with a PC that is joined to the Domain. Due to security Purposes we would like to have the user log in to the system without needing to connect to our network. (I already suggested DirectAccess, however this company is big and probably won't implement that within the next few years) And without us IT guys having to get user's password to login to the system after imaging before mailing the laptop to the user, which defeats the purpose of password security. We use Remote Software to sometimes get into the system when the user can't login to Windows and we login to VPN. However that is like 5% out of 95% chance it works.
In Windows 10, there is a option to add a user from the domain. Control Panel > User Accounts > User Accounts > Manage User Accounts > Add
I tested this and the user still needs to connect to your Domain network in order to login the first time to cache the profile on the system. My guess its because Windows 10 Contacts the Domain in order to create the profile in the C:\Users which only happens when user logs into Windows. I feel this "Add a Domain Account" is a waste of feature if the user already has permission to login to this system through AD and need to be on the Domain network anyways.
I feel like Microsoft can take this a step further and implement this feature all the way.
Like, 1. We OIT Admins login to the system for the first time after its been imaged
2. We OIT Admins add user to the system from the feature mentioned above The system then contacts the DOMAIN and says, "Hey, this user is being added to the system. Then it copies whatever attributes from AD onto the system, like username and password"
3. We OIT Admins can send the laptop to the user and user can login without us remoting in first for VPN, or needing to be in the office and on domain network.
I've been thinking about this because of COVID-19 and it helps when the user doesn't need to drive to the office and when the user lives in a different State. Also, this would help in the future to make things easier for us OIT Admins/Tech. Seems like many people, company would benefit this a lot. I've tried googling but haven't seen someone using this feature and it worked.
Or if Microsoft won't, I would like to implement this into our environment somehow using Powershell and Batch script but I need to know how the Laptop Contacts the Domain when a user logs in the computer the first time or what file would tell me that. With all many files/folders/locations, I'm having many difficulties.
Any comments, ideas, info would be greatly appreciated.
Thank you,
Continue reading...
I've got a simple issue that I would like to get some insight and possibly Microsoft would implement in a working state.
First of all I would like to start with a PC that is joined to the Domain. Due to security Purposes we would like to have the user log in to the system without needing to connect to our network. (I already suggested DirectAccess, however this company is big and probably won't implement that within the next few years) And without us IT guys having to get user's password to login to the system after imaging before mailing the laptop to the user, which defeats the purpose of password security. We use Remote Software to sometimes get into the system when the user can't login to Windows and we login to VPN. However that is like 5% out of 95% chance it works.
In Windows 10, there is a option to add a user from the domain. Control Panel > User Accounts > User Accounts > Manage User Accounts > Add
I tested this and the user still needs to connect to your Domain network in order to login the first time to cache the profile on the system. My guess its because Windows 10 Contacts the Domain in order to create the profile in the C:\Users which only happens when user logs into Windows. I feel this "Add a Domain Account" is a waste of feature if the user already has permission to login to this system through AD and need to be on the Domain network anyways.
I feel like Microsoft can take this a step further and implement this feature all the way.
Like, 1. We OIT Admins login to the system for the first time after its been imaged
2. We OIT Admins add user to the system from the feature mentioned above The system then contacts the DOMAIN and says, "Hey, this user is being added to the system. Then it copies whatever attributes from AD onto the system, like username and password"
3. We OIT Admins can send the laptop to the user and user can login without us remoting in first for VPN, or needing to be in the office and on domain network.
I've been thinking about this because of COVID-19 and it helps when the user doesn't need to drive to the office and when the user lives in a different State. Also, this would help in the future to make things easier for us OIT Admins/Tech. Seems like many people, company would benefit this a lot. I've tried googling but haven't seen someone using this feature and it worked.
Or if Microsoft won't, I would like to implement this into our environment somehow using Powershell and Batch script but I need to know how the Laptop Contacts the Domain when a user logs in the computer the first time or what file would tell me that. With all many files/folders/locations, I'm having many difficulties.
Any comments, ideas, info would be greatly appreciated.
Thank you,
Continue reading...