Is it possible to use a Domain Account for defining a Windows Agentless endpoint for PUPM?
Normally PUPM requires a local account on the endpoint to fully function in all aspects.
However it is possible to define the endpoint by using a Windows Domain Account instead provided this endpoint is member of this Windows Domain.
To do so please enter in the Endpoint Definition dialog the following details
User Login: myDom\myDomainAccount <-- replace this with your actual details
Host: myBox <-- use the NetBios name of your endpoint
Host Domain: myDom <-- this is the NetBios name of your Windows Domain
Is Active Directory: not checked
User Domain: myDom
Then you go to
Privileged Accounts / Accounts / Create Privileged Account
Account Name: myDomainAccount <-- note this is the domain account even you do not say e.g. myDom\myDomainAccount
Disconnected Account: checked !! <-- since PUPM can only handle local accounts as explained below
Endpoint Name: myBox
Endpoint Type: Windows Agentless
Drawback of this approach:
Since Password Change can only be done for the accounts local to the Endpoint (local SAM or AD in case of a DC) you must define the account as a Disconnected Account.
Hence it is not possible to automatically change this account password e.g. upon Checkin / CheckOut
Still you can use the automatic login to this Endpoint using Proxy_RDP or ActiveX_RDP which is in this case performed using the above defined Domain Account.
Note, even the box is defined using a Domain Account still the Discover Privileged Accounts Wizard is always only seeing accounts local to the Endpoint (local SAM or AD in case of a DC)
Please review the section Configure Windows Agentless Endpoints for SAM in the CA Privileged Identity Manager documentation
Release: ACP1M005900-12.9-Privileged Identity Manager