I need a solution for the following scenario. We have many "robot stations" that control instruments and experiments that may take in upwards of 7 days to complete. Once the machine logs off the application is ended so the session that starts the application must remain logged in until it completes. These stations are mostly Windows 2000 Pro. Currently they are using one domain account to run the experiment. As the application runs it is not uncommon for a team of people to need access that session from time to time and look at the screen and 'play' with the application. This worked for a while and was ok since it was a small group of people. However now this team has increased 5 fold and there is now a security problem since global account requires local admin rights. What we like to do is have the ability for these machines to run these applications and have each person use thier own personal global domain account to unlock the screen and show the running application.
In a nutshell is it possible to limit the number of profile sessions on a machine to 1 but have a way that if anyone with specific group membership can open and look at the original session that began without knowledge of that original global account. Or better yet,
can we get rid of that original global account entirely and have the machine setup so that anyone in this group can begin a session that shares with everyone else in that group?