A user on Windows 10 is logged in and part of a domain environment.
A user on Windows 10 is logged in and part of a domain environment.
Hello, I have a concern I'd like to explore and see if Microsoft could make it a reality. First, I need a PC connected to the domain. For security reasons, we want users to log in directly without needing network access. I’ve mentioned DirectAccess before, but this company is large and may not adopt it soon. Without IT staff having to request passwords after imaging before sending laptops, it undermines password protection. We sometimes use Remote Software to gain access when Windows login fails, but that’s only about 5% success rate. In Windows 10, there’s an option to add users from the domain. I’ve tried this and found that even then, the user still needs to connect to the domain network to log in the first time, which caches the profile on the system. My thought is that adding a domain account might be unnecessary if the user already has AD access and must remain on the network. I believe Microsoft could improve this further. For example:
1. Our OIT admins log in once after imaging.
2. We add the user via the domain feature.
3. The system then reaches out to the domain, verifies credentials, and transfers AD data like username and password.
4. Admins can hand over the laptop; users can log in without further remote access—via VPN or office connection.
This would be useful during COVID-19, allowing remote work without travel. It could ease our IT team’s workload and benefit many organizations. I’ve searched online but haven’t seen this implemented yet. If Microsoft doesn’t, I’d consider using PowerShell or batch scripts to automate the process, but I need clarity on how the laptop connects to the domain during login. Any insights or suggestions would be appreciated. Thank you.
1. reset password, net user <username> <password> /domain 2. load profile and execute a script, like runas /profile /user:<username> cmd.exe * to fully automate. you might need to use psexec or powershell since runas doesn't support passwords in batch files. 3. exit the program – the profile is created and credentials are stored. the user can log in with a temporary password and connect to VPN. you could build a simple script to change the password on the VPN or guide the user to press alt+crtl+delete and use change password while on the VPN.
Another choice is to adopt a distinct technology like Citrix XenApp or Xendesktop, preventing endpoints from being linked to the domain. You can configure an internet-accessible gateway that users can reach from any PC, regardless of domain membership, with access controlled through a secure portal where passwords are entered.
Thanks for the update. We're dealing with user credential sync problems and prefer not to reset passwords or switch to temporary ones. I'm considering exploring Access Gateway as a potential solution. It seems like a more suitable path. I was also hoping to find a way to create a PowerShell script for this, but it looks like we might need to adapt our approach instead. Appreciate the guidance!