I have done this enough times, but just for documentation sake.
So, you get a cool new OS (Windows 8 Release Preview maybe?) and you repave your machine. You want to add to your domain over VPN and then login with your domain creds. Now, you must have an account that has access to add computers to the domain, of course, but this is what you do.
Why would you want to do this? Well, if you are telecommuter, it might be something you run into. If you want to redo your machine at night and not waste time during the workday, is another reason. If anything, it isn’t that complicated, but it could be confusing if you have never done it before. If you have a basic understanding of windows networking and Active Directory you should be able to get what is going on here.
1. Repave your machine!
2. Set up machine with new name
3. Install VPN, connect to your network.
4. Add your machine to your domain as you would when on the LAN network.
5. DO NOT REBOOT. I repeat, DO NOT REBOOT. Even though Windows wants you to!
6. Go to user management and add the domain user you want to login as to the local admin group.
7. Now, feel free to reboot.
8. Drink a beer.
9. When the login screen comes up, login as your local machine account that you setup when you repaved your machine.
10. Connect to VPN.
11. “Switch Account” back to login screen (VPN is still connected!)
12. Login as the domain account from step #6.
I have been using Windows 8 for a while now, here and there, the developer preview, on the tablet I got at build. Pretty cool, rough around the edges. I was really waiting for the next iteration.
Last week the Windows 8 Consumer Preview was released. My computer at work was getting “crufty” so I decided to install Windows 8 on it fresh and see what I could see.
Well, first off, if you run Windows 8, you can associate your login account with a
Windows Live Id Microsoft account. This is pretty cool for a couple of reasons. Most services on the OS then automatically know who you are, and second, your settings and Windows Store apps will sync between devices.
But what happens on domain? I was as curious as I could be as the info out there is/was sparse as of now from what I could see. So I set up the machine fresh on Windows 8. Logged in as my Microsoft account and got into the OS. Once on the corp network, got it on the domain, as normal, and then I could log in with my domain account. Great.
But then what? Do I lose all the cool Microsoft account stuff? Well, it depends. What you can do is go to the new “Settings” in Metro land on the machine and find the account stuff, you can then associate your Microsoft account with your Domain account. This is pretty cool. Then your settings on your domain machines (if you have multiple) will sync, but you still get the domain stuff of the corporate network. I have two Microsoft accounts anyways (One for personal, one for work – MSDN, etc, etc).
There is one article out there that tells admins how to restrict the Windows Store on domain, or at least they will be able to, so I am guessing most things will be configurable or restrictable by domain admins and group policy, but at least there is some cohesiveness between Microsoft account and Domain account now. Good stuff. More to come on my Windows 8 Experience, as I am and will be putting it through its paces.