Is it possible to use a Domain Account for defining a Windows Agentless endpoint for PUPM?
Normally PUPM requires a local account on the endpoint to fully function in all aspects.
However it is possible to define the endpoint by using a Windows Domain Account instead provided this endpoint is member of this Windows Domain.
To do so please enter in the Endpoint Definition dialog the following detailsUser Login: myDom\myDomainAccount
<-- replace this with your actual detailsPassword: xxxxxx
Host: myBox
<-- use the NetBios name of your endpointHost Domain: myDom
<-- this is the NetBios name of your Windows DomainIs Active Directory: not checked
User Domain: myDom
Then you go to
Privileged Accounts / Accounts / Create Privileged AccountAccount Name: myDomainAccount
<-- note this is the domain account even you do not say e.g. myDom\myDomainAccountDisconnected Account: checked !!
<-- since PUPM can only handle local accounts as explained belowEndpoint Name: myBox
Endpoint Type: Windows Agentless
Drawback of this approach:
Since Password Change can only be done for the accounts local to the Endpoint (local SAM or AD in case of a DC) you must define the account as a Disconnected Account.
Hence it is not possible to automatically change this account password e.g. upon Checkin / CheckOut
Still you can use the automatic login to this Endpoint using Proxy_RDP or ActiveX_RDP which is in this case performed using the above defined Domain Account.
Note, even the box is defined using a Domain Account still the Discover Privileged Accounts Wizard is always only seeing accounts local to the Endpoint (local SAM or AD in case of a DC)
Please review the section Configure Windows Agentless Endpoints for SAM in the CA Privileged Identity Manager documentation