I want to create image for about 2000 Windows XP SP2. Those PCs are for different sites. Each site is a domain by itself. All sites and domains are connected to my network by weak connections. For every number of sites we have number of engineers.
Our policy denies form given the local Administrator to any body (kept in treasury).
Our engineers need the administrator password for:
• Adding the PC to the Domain
• For trouble shooting
• To install applications on the Local PC’s.
• There are few applications which are requiring Administrator Group
My Question is: what is the best practice in this situation?
Also, what is the best way of managing local account in remote sites not connected to the domain.