First Time PC Login for Remote Users

First Time Login Procedures for Remote Employees:

Purpose: To assist Technicians with caching User accounts that have not logged into a specific computer before disconnecting from the Gaudenzia Network.

Notes Before Starting: You will need to be able to access the Local Administrator Password within Entra to be able to perform these steps. The Authentication Administrator PIM role should provide sufficient access for this.

Steps to Resolve:

Access the Local Admin Password for the Device in Entra ID. You can locate this by going to DevicesàAll Devices and searching for the device you need the password for by Name. Click on the Device Name once located.
Select “Local Administrator Password Recovery”, then Show Local Administrator Password. You can then click the “eye” symbol to show the Password or the “clipboard” symbol to copy it to your clipboard.
Now that you have the Local Administrator Password, you can log into the Remote Device. Provide the Employee with the Username (without quotes) “.\Gaud-Admin” and password recovered from Entra ID. This will log them into the device. *The period/backslash symbols tell Windows this is a Local Account, so they are necessary during the log in.*
Once logged in, open the “Cisco AnyConnect Secure Mobility Client” VPN and sign in with your O365 account. If done correctly, the application should launch as usual.
Hold the SHIFT key on your Keyboard and Right Click any Shortcut on the Taskbar that does not have an open session. (EG: Edge, Chrome etc…) You will then choose Run as Different User. You will then be prompted with a UAC box- have the Employee enter their Username and Password in these fields and hit Yes.
Now that the User account is cached, we need to log into it to build it. Click the Start ButtonàNameàThree Dots and choose Switch User. This will take you to the Log In screen. Have the Employee log in with their credentials and confirm a successful login.
Once the Employee is logged in, restart the computer to disconnect the Gaud-Admin profile session. Once the restart is completed and the Employee is logged back in, ensure OneDrive and any other required services are signed in.
Done!