I always wanted make sure all the machines to have "itsecsupport" local user access.
best way for itsecsupport to be on all machines is add it to Entire organization as an authorized preboot user to the whole domain will give you this.
I tried this way and I am able to see that local User in Endpoint Server, But the challenge is, Machine-1 shows "ITSeecsupprt" but I am unable to use in Machine-2 as its integrated only AD user, Even after its same if I am adding current existing "ITSeecsupprt".
Because this "ITSeecsupprt" is not belongs to Machine-2 its belongs to machine-1.
When I checked under Other users and computer folder I am able to see many "ITSeecsupprt" users as each represent each machine local user, as its not same for all.
There was a huge conversation with my AD & Windows team and they finalize( AD user will require AD administrator privileged when its connected to AD server if I want to install any software otherwise it will prompt enter local Administrator to install the software).
AD administrator to install software ? or local admin ? Runas is your fix here.
If i am installing some software when the machine is connected to AD Server , it expect me to enter AD administrator privilege, whereas its quite opposite when the machine is not connected to AD Server ((ex: When the machine is roaming out of office) it expected me to enter local user Admin privilege).
Due to this issue, I have to make sure of both accesses (Local Admin i.e ITSeecsupprt and AD admin privilege).