1. Yes - but it's a very bad idea from a security point of view. If you want to add admins to each machine, make an account for each admin (using their real name) and assign them. "Bucket accounts" are always bad.
3. No. Only passwords.
What happens if one AD user have a password only policy on one laptop and eToken policy on another (which information will be storen at ePO side)?
Situation (usual for version 5. *):
Users brought me a laptop, which is not my account and it is not boots.
I boot from the disk EETECH, I enter the daily code and what the next (i have no account on laptop)?
Users can only have one token policy - it's tied to the user, not to the device.
If you don't have an account on the machine, you authenticate using an XML file from EPO, not the local account information.
I have one laptop A with assigned password only token policy and AD user "user"
And another laptop B with assigned etoken policy and the same AD user "user".
On laptop A user "user" login with password.
On laptop B the login prompt require token after entering default password for user "user".
How to change token for user (for example: user lost token or token has been physically broken)?