today I was in a POC with a customer who has no Microsoft AD. So we came to a point to use Onboard to get certificates and profiles on the clients. Everything works fine.
At the end of the day the customer was asking if it is posible to create a onboarding configuration for windows clients which activates the machine or user authentication. I know we can do this by hand, but we have 300+ clients, so thats not an option.
Thanks for your thoughts and help!
The short story is that you can only have computer accounts with AD in place, as these accounts are created in/by AD.
If your goal is to Onboard devices that can be used by multiple Windows users (local accounts ;-), you can configure in the Network Settings that the credentials should be stored in the machine account of your client:
That will allow multiple users to use the same computer. The Onboard certificate (identity of the requester) will be bound to the computer instead of the account on the computer.
Please note that for pushing certs in the Machine account, you will need local administrator privileges.
And you still need to re-onboard all your devices, which might be automated by creating a new CA, check if the cert is from the old CA and redirect in that case to the onboarding page where you Onboard with a certificate from the new CA.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.