I have a customer using Aladdin eToken as 2 factor. Today running AD connector against AD groups to get users created in the EEPC database. Then assigning user groups to machine groups in the configuration. Meaning many users to all machins causing long sync time and load on the server. Installation of the machines are fully automatically using Config Manager. User connects to the network on his first startup and uses his eToken to pass through Preboot (his user is synced out to the machine as part of the installation) and log in to the Domain to get his windows profile created.
Can we use Autodomain here to add only the actual user? Does this permit multiple users on one machine? Can this remove "old users"? Can you control from which user group the Autodomain script can get the user to add to the local machine? Where can I download of the Autodomain script and help info?
Plan to upgrade to 5.1.8/5.1.9 (Which should be the same on EEPC??) Or if 5.2 appears in the very near future.
I have a few follow up questions. (I have not got hold of this yet)
When the machine is installed, the EEPC is ready and machine is fully encrypted (I assume). Then the machine is sent to the user for the first logon. Do he need to run Recover by help of the Helpdesk to be able to start up the machine, or can this be done in a way to avoid this?
Will the cached user be added to the pc at the first logon, so that this is ready to use at next startup?
Can you build in some checks to verify that the user is added to the PC. I guess this action will need communication to the Database, and if this is not replying timely I am worried about the stability of the solution.
OK. I am a bit unsure how this is working since the Password for a user is set on the eToken when this is generated.(2 factor) So in most of the cases the user will get their new token and the new Installed PC shipped. Then he will start from here. Do you see any issues in such a scenario? Machines should be fully encrypted as part of the installation.
The user will already know the token pin, and the user will already exist (because you would have had to manually create them and create the token for them).
You need to make sure you don't confuse "user creation" and "user assignment" - the former is where you will set the pin for the user, the latter is something autodomain can do for you.
if you're already going through the effort of installing EEPC, creating tokens for the user etc, why would you need autodomain at all? Surely you know who's machine you are making, why not just do the user assignment then?
Are you using eTokens in PKI mode or stored value mode?
Your environment is more complex than most, you're probably best of paying for some professional services time than trying to work this out on your own.
We use etoken in Stored Value mode. We user AD COnnector to transfer users from dedicated AD groups. This is OK Then since the customer wants that all users should be able to logg on to any machine, we have to add all user groups to the machine groups. This cause lot of syncing when the number of users increase.
Then this customer do not like manually work of assigning users to individually machines. So I hoped that Auto domain would help me in this process of automatically assigning them to the machine.
I do beleieve this should be solvable but need to be tested of cource.
Regarding Tech experts on EEPC and Scripting Autodomain we have lack on theese here in Norway /Nordics..... Any suggestions who could be assisting here. Also Performance tuning assistance would be helpful.