I was curious what the policy is at other companies on the use of local accounts? In our company local accounts are nothing but a nuisance because we can't get any information about the logged in user. Our machines tend to move around a lot without the users notifying us. This is a problem because we need to have a correct contact for each machine in case they need to be contacted.

Our machines run with users having full admin rights, I know, I know don't look at me They don't want to stifle creativity.

Anyway, is there a local policy to prevent logging in with a local account accept maybe the local admin account in case it drops from the domain and I need to add it back? I know the users can change the admin password but I'll deal with that later. I need to get all of our assets logging in with domain accounts. I have to use local policies, which again I know they can disable, because in our particular OU's we don't use GPO. It's complicated so don't ask. I have to work with what I have to work with. I would like to hear your what your companies policies are on this issue. Thanks.