Adding and Using Multiple Credentials in PDQ Deploy & Inventory

In both PDQ Deploy and PDQ Inventory, you may add as many unique credentials as you need. We recommend adding and using all credentials in accordance with the principle of least privilege.
See PDQ Deploy & Inventory Credentials Explained for details.

If you have both products, start with PDQ Inventory by going to Options > Credentials > Add Credentials. Otherwise, proceed with adding the credentials to PDQ Deploy using the option located in the same location. For local accounts leave the domain field blank or enter only a period “.”, otherwise enter the name of the domain. LAPS credentials are accepted in Inventory as well and are covered in the article LAPS Integration with PDQ Inventory and PDQ Deploy.

1.png

Select Test Credentials and enter the hostname of a computer in the new domain to test the credentials against. You will get a Test Successful message if the credentials were successfully authenticated against the target.

When a computer is first added from AD Sync, the credential used for syncing is automatically set as the Scan User, but you may also manually set the Scan User for each machine afterwards. It helps to add the “Scan User” column to your main view in order to easily validate the Scan User is correct when making bulk changes.

2.png

Then you will select any number of machines and set the scan user by clicking the option “Select Scan User” located in the contextual menu.

3.png

At this point, it’s suggested to run a scan on all your machines using the default “Standard” profile to ensure there are no errors and all the data is returned. Remote UAC being enabled on the target machine is a blocker for local accounts, and some scanners query AD for certain data, but both these potential issues have resolutions outlined in the following articles.

Disable Remote UAC for Local Admin/LAPS accounts

Scan for AD Info When Using a Local Account (LAPS)

 

Moving onto PDQ Deploy, there is a great feature that makes it easy to deploy to a group of computers with different credentials between them. The option “Use PDQ Inventory Scan User credentials first, when available” can be found in both a deploy once window and in the options tab of a schedule, and does exactly what it says on the tin.

Deploy Once

Note: This selection is saved for use the next time you start a new deployment with this window.

4.png

Schedule

5.png

See Also:

Article - PDQ Deploy & Inventory Credentials Explained

Article - LAPS Integration with PDQ Inventory and PDQ Deploy

Article - Disable Remote UAC for Local Admin/LAPS accounts

Article - Scan for AD Info When Using a Local Account (LAPS)

Video - Adding Multiple Credentials in PDQ Inventory

Was this article helpful?
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.