Does DJoin require elevation to execute?
Hi there!
The product I am developing comprises a Windows 10 IoT client PC that needs to be joined to the Windows AD server 2019 domain at the customer site. I was analyzing the utility DJoin provided by Microsoft to achieve this via an offline domain join. The requirement is that the customer should be able to execute this utility with a domain user who is not an administrator. This would imply that the prompt used to execute DJoin to provision a blob file will not have elevated privileges. In the official MS documentation, it is stated that elevation is required. However, when I tested on my test Windows systems, DJoin provisioning executed as intended without any elevation (regular prompt) sometimes and needed the elevation otherwise.
- Could you please give an official confirmation on the usage of the utility?
- Does it need elevation? If yes, is there any way to bypass this via group policies or registry settings?
- Is this utility recommended for usage on Windows 10 IoT client with Windows AD server 2019 LTSC?
Apart from DJoin, I would also like to know the effectiveness of the following approaches to achieve my goal.
- Is there a certificate that Windows AD server provides which, when applied on a client Windows PC, enables the PC to join the domain automatically without user credentials? This could be something like a trust-trustee relationship that is enforced by the presence of the certificate.
- How effective is the Imaging and Configuration Designer (ICD) from Windows ADK to achieve pre-planned domain joins at the customer site?