Is it possible to create a Windows 10 user profile for a remote user without using their credentials?
We have remote employees where their laptop has died and they need a replacement. In order to prepare a laptop to ship to them, we currently ask them for their username and password (ouch) so that we can login to the laptop and create the Windows user profile for them while the laptop is on-site and can connect to the domain.
Preferred solution: I'd like to be able to ship them a freshly imaged laptop as-is, without any configuration unique to that user, so that we can respond to these requests more quickly. Ideally the user could just remove the laptop from the box, enter their username and password and off they go. Is this possible, and if so, how?
The research I've done so far indicates this may be possible by using Windows 10 VPN at the login screen to connect to the domain first, then do the user login using their credentials. We currently use a Fortinet VPN, so not sure if this would be possible.
This may not be the best answer and there is likely a better way but we use the following trick quite often in similar situations:
1 - Get the user to login to the laptop with a local generic user account (does not need to be an admin account and can be deleted later)
2 - Connect the computer to the VPN so it can communicate to the Domain Controller
3 - Holding the shift key right click on an application like IE or Command Prompt, etc. And select "Run As User"
4 - Input his actual Domain credentials, this will create the profile and cache his password hash in the computer
5 - Disconnect the VPN, Logoff and login as himself.
6 - Profit!
This could all be scripted with a login batch or something in the generic user, after the user is logged in as himself I also normally connect the VPN and run a gpupdate /force so the computer is able to get all the group policies it could not get during the oflline login...