This is more of a discussion kind of question to seek possible solutions to an old problem that almost everyone with multiple sites gets affected with.
There are several locations and all locations have AD implemented, using a single image everywhere. With every location having a local IT person, we could have a backdoor local account on the image and share the password with the local IT, but gradually, the password would get known by almost everyone (friend of a friend of a friend...etc) We could have the local IT guy be admins in their environment and log on to any local machine with their own credentials. The problem arises when some senior person is in a different country and needs to install something. They could go to the local office, but what about after hours. etc etc I am sure there are several options to tackle this issue, and I wanted to get an opinion on what people do for this issue. Hypothetically, could there be an option to create a USB of some sort that is non shareable (Uses the laptop's Hard disk serial number) that could be given to travellers for use in emergencies to gain admin access only on that particular machine. Obviously, it is not a fool-proof method due to the several what ifs (loss of USB, creating an additional admin account with the admin access, etc) but does something exist? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~