From d0f4e623458589f75398a15c7b1e9b28c67e9c4c Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 3 Jan 2017 09:48:40 -0800 Subject: [PATCH] format --- windows/manage/configure-devices-without-mdm.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/manage/configure-devices-without-mdm.md b/windows/manage/configure-devices-without-mdm.md index 7b63a5986b..d5f5cf6cc2 100644 --- a/windows/manage/configure-devices-without-mdm.md +++ b/windows/manage/configure-devices-without-mdm.md @@ -107,6 +107,7 @@ When you run Windows ICD, you have several options for creating your package. > [!WARNING] > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend: + - Use a least-privileged domain account to join the device to the domain. - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully. - [Use Group Policy to delete the temporary administrator account](https://blogs.technet.microsoft.com/canitpro/2014/12/10/group-policy-creating-a-standard-local-admin-account/) after the device is enrolled in Active Directory.