Introduction

Softdrive's remote desktop software connects a device to a full Cloud PC, rather than to a new Windows session on a PC as Microsoft RDP would.

As a result, you can use Softdrive at the Windows login screen, you can use Softdrive before any Windows accounts are created in the Windows Out of Box Experience (OOBE) phase, and you can switch Windows accounts while running Softdrive.

The implication of this is that authenticating with Windows is a separate requirement, outside of authenticating with Softdrive to connect to the Cloud PC.

Softdrive also uses separate credentials from Windows in order for the Softdrive Launcher to be able to query the Cloud PCs and other PCs associated with your account. The benefits of this are that it:

1. Avoids requiring a user to know the IP address or hostname of the PC they are trying to connect to.
2. Enables connecting to a PC on another network without a pre-existing VPN connection (using Softdrive servers to facilitate NAT traversal to establish a peer-to-peer connection between the local device and remote PC).

Types of Windows Authentication

There 3 main options when it comes to authenticating with Windows:

1. Local Windows Accounts
2. Self-Managed Domain Controllers (On-Prem)
3. Cloud

By default, Softdrive provides Cloud PCs at the Windows Out of Box Experience (OOBE) phase. This way, you can choose which type of Windows accounts you would like to use, and you can use different types among your users if desired.

Local Windows Accounts

Local Windows accounts are tied to a particular PC, rather than being cloud-based or tied to a directory of users.

This type of account can be created by selecting an Offline Account in the OOBE process, or otherwise adding a user without a Microsoft account and without joining the Cloud PC to a domain.

This can be useful for short-term Cloud PCs, such as for contractors. However, these accounts are generally not recommended for organizations due to additional management challenges. Microsoft has been vocal in their desire to minimize usage of local accounts.

Self-Managed Domain Controllers (On-Prem)

In this model, PCs are joined to a domain, and logging into Windows requires authenticating with an Active Directory Domain Controller that is managed by your organization.

To use this authentication option, your Cloud PC must have network access to your on-prem Domain Controllers. For additional guidance, please see our page on How to Connect Softdrive Cloud PCs to Your Network.

To join your domain from OOBE:

1. Use Ctrl+shift+f3 to bypass OOBE and login to the Windows built-in local Administrator account.
2. Go to the Windows Settings page called "Access work or school". You can search for this in the Windows search bar.
3. Press Connect.
4. Under Alternate actions, select "Join this device to a local Active Directory domain".
5. Enter your domain.
6. Restart the PC. It will re-initiate the OOBE process and it will be joined to your domain.

If you choose to use this option, we would generally recommend uploading a template or creating a template that is already joined to your domain.

Cloud

The last way to authenticate with Windows is using one of Microsoft's cloud-based offerings: Microsoft Accounts for individuals, or Azure Active Directory for organizations.

The default OOBE instructions will guide you to setting up one of these accounts.

We would generally recommend this approach as it is the most flexible, it is the simplest to set up and manage, it is Microsoft's recommended practice, and it works well with device management tools such as Microsoft Intune.

For more information about these options, please see the following article: www.policypak.com/resources/pp-blog/windows-10-join-domain.