You wish to know the best way to configure PDQ Deploy and/or PDQ Inventory to work with machines that are not joined to an Active Directory domain such as Workgroup computers.
Working with non-domain machines is covered in the following:
In both PDQ Deploy and PDQ Inventory, you may add as many unique credentials as you need. If you have an identical local admin account on all your targets then you’re one-and-done, but we know this is rarely the case.
If you have both products, start with PDQ Inventory by going to Options > Credentials > Add Credentials. Otherwise, proceed with adding the credentials to PDQ Deploy using the option located in the same location. For these local accounts leave the domain field blank or enter only a period “.”.
Next, you will set the Scan User for each machine using the associated credential. It helps to add the “Scan User” column to your main view in order to easily validate the Scan User is correct when making bulk changes.
Then you will select any number of machines and set the scan user by clicking the option “Select Scan User” located in the contextual menu.
It is at this point that it’s suggested to run a scan on all your machines using the default “Standard” profile to ensure there are no errors and all the data is returned. Remote UAC being enabled on the target machine is a blocker for local accounts, and some scanners query AD for certain data, but both these potential issues have resolutions outlined in the following articles.
Moving onto PDQ Deploy, there is a great feature that makes it easy to deploy to a group of computers with different credentials between them. The option “Use PDQ Inventory Scan User credentials first, when available” can be found in both a deploy once window and in the options tab of a schedule, and does exactly what it says on the tin.
Note: This selection is saved for use the next time you start a new deployment with this window.
Note: This section will not apply if you have a strictly non-domain environment.
When you have a mix of both domain and non-domain machines you’ll want to set your AD Sync Delete Mode Options > Preferences > Active Directory > Delete Mode to Mixed Sync or Import Only. Either option will ensure that your inventory not synced from AD will remain when a sync runs. More details on these modes may be found in the following article: How to Synchronize Active Directory with PDQ Inventory
- Server is installed on a domain machine, but client is on a non-domain machine
- Server and client are both in a non-domain environment, but utilize different local admin accounts
For both of the scenarios listed above, you will need to go through the following two steps in order for the client to connect to the server.
- The local admin account used to launch the client console will need to exist as a local admin on the server using the same exact username/password.
- Add those credentials into Options > Console Users, leaving the domain field blank or with just a period ".".