Although I dont believe I will be able to achieve the offsite DEP enrollment this year, I am looking at the logistics and reliability of possible achieving it, whilst including AD integration
we use AD for our user integration, so setting up an AD proxy is desired.
I have a few questions regards to AD proxy and achieving the following (if anyone can answer it):
1. can the AD proxy be used to sign into the macbooks agaisnt the AD user? or is it only a step to allow the ad binding? And is there a document floating around on how to set one up?
2. with AD accounts you need a smb share, would we need to set up an SMB share proxy also for the purpose of their enrolment? e.g. a mirrored smb share public web path, which open ports externally, with file folder monitoring, so tehy have no ability to write data tot he public paths.
3. is there any option of a forced VPN profile to combat the above two problems?
The tertiary problem with the DEP setup externally is the localadmin account creation, ideally we wish to lock out this account after its made, as we dont want end users to use non AD accounts, we use AD accounts, to improve the use of single sign on can function where possible. (very minimal these days).
I know there is a means to change a local accounts password, but there isnt a means to delete or change the password of all local user accounts.
is anyone aware of any means to script this for local accounts?
