I recommend you talk to your domain admin and have them create a test OU and a service account that has the permissions to add computers to that OU. For the most part, domain admin disable the Computers OU to prevent rouge devices in the domain. In addition, that user account should also be part of the Scheduler service under Configure services in your Landesk Console.
If you ever go into Production, I recommend you use Public variables for your Domain, User account, password, Image share. This will secure your unattend.xml. Once your provisioning script is deployed, have a task that deletes the unattend.xml leaving no trace of your passwords. Keep us posted of the outcome.