I've ben playing around with the settings working well with getting Endpoint to Add Local Domain Users.
One thing I am having an issue with though is accounts on multiple machines. (not sure if you can help)
under Encryption Users I have setup a group of support users assigned to a container. (basically Support Perosnal who would be required to log onto many different machines)
Oz Workstation (restricted AD group assigned with 10 members)
Workstation 1 (1 User assigned)
Workstation 2 (1 User Assigned)
Workstation 3 (1 User Assigned)
Workstation 4 (1 User Assigned)
Once these machines are encrypted using the Add local domain users I can log onto each machine using accounts iherited from the Oz Workstation users group.
Issue: However when I log onto say Workstation 1 with an iherited account for the first time it asks for the default password and asks me to set mine own. That is fine. But if I take the same inherited account and try it on Workstation 2 I have to set it again. I was under the impression once logged in EPO synchs with the workstation and replicates any password change to all PC's that User is deployed to.
This currently isn't happening.
Not sure if we need to change ASCI times or if I'm missing a setting somewhere. I tried to manually tell EPO agent to update nd send event etc but dosn't seem to report back the change in password so it can be used on other machines.