05-24-2017 10:14 AM
I'm trying to get ideas for how real world folks mass deploy laptops that need to be joined to an Active Directory domain without hard wiring them. So say dozens even hundreds of laptops are delivered to your door. You need to join them to your AD domain, but you don't want to physically hard wire each and every one of them in order to have network connectivity. You want to use some process via the wifi. What would be some options for doing this? We have clearpass so could somehow leverage that. We are a k-12 envioronment. We don't necessarily want an "open" network as an option or anything with PSK b/c that's added steps. Don't really want to allow specific macs on an ssid either (upkeep could be a nightmare). We mass deploy ipads using apple DEP which is aware of a new IPAD via it's own system. Airwatch registers the device with clearpass using SCEP. We don't have a management platform like that for windows devices. Just scratching our heads on what a clean easy solution would be. We do get our machines imaged when they come from the manufacturer so could tweak our image if need be to accomodate a potential solution.
Some ideas we've thrown around, could we somehow create a customized certificate and put on the laptop image that would allow all new laptops (that would have the certificate in the image) to join an SSID and then register to AD. MAC - but this seemed kind of difficult to manage.
Thank you for ideas!
05-24-2017 10:18 AM - edited 05-24-2017 10:19 AM