Solved

How do I set up Multiple users on client PC?

Posted on 2006-06-11
8
418 Views
Last Modified: 2010-04-19
I have a few people who only occassionaly work in the office and so when they come in they currently sit at any PC that is available and work logged in as somebody else. I would like to get away from this situation to something more helpful and secure and some sort of hot desking. That is what this question is about. I have SBS configured with 3 users on the SBS so far. Those users are for example, Tom, Dick & Harry. When I run connectcomputer on Tom's PC to join tha PC to SBS I see Tom's name (and others) I choose Tom and proceed through the wizard until that PC is now joined to SBS with no problems. My question is, If I want Dick & Harry to also be able to walk up to Tom's PC and log in as themselves do I have to somehow run the connectcomputer wizard again and if so how? Or is it enough to simply run the connectcomputer wizard for Tom and then if Harry wants to login at Toms PC he just uses his username and password?  

Thanks

Steve
0
Comment
Question by:stevendawson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 350 total points
ID: 16880471
The connectcomputer wizard will only run once... it's main function is to join the workstation to the network.  It also assigns a primary user to that workstation, but you can easily have ANYONE log in to any machine on your network with their own username and password.

The only problem you'll face is that they need to be a member of the local administrators group in order to have Outlook auto-configure for them.  I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this.

If you add more CALs to your server, you may want to consider adding DEVICE CALs, which are designed for exactly this scenario... multiple users on one computer.  That way you don't need to have a CAL for each person.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16880545
Hi Jeff,

How do I do this?

" I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this."

Should I do that when I run connect computer and if so what if connectcomputer has already been run?

Thanks

Steve
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 150 total points
ID: 16881359
First, TechSoEasy is completely correct - adding the Domain Users group to workstations admin groups will make every user an administrator on the system.

Now, SBS makes selected users administrators on systems when using the connect computer wizard.  This is a bad idea, but Microsoft does it.

Making "domain users" a member of the administrators local group is even worse because:
Viruses, Spyware, and other malware that propogate over the network will now have administrative rights to EVERY computer on your network, instead of just the one on which the first user gets it.  So you do this, you are putting yourself at greater risk for problems in the future.

How to do it - open up Computer Management and reference this graphic:
http://www.lboro.ac.uk/computing/desktop/reps-xp/images/tadmin2.gif

When the new window appears, click the add button and then type in "domain users".  OK out.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16881811
Actually, I probably should have added a couple of notes about the pros/cons of making the Domain Users Group a member of local administrators.

Thanks Leew for pointing out a few of the issues... but the issue of viruses propagating over the network would be a minor issue if you had sufficient virus protection AND you instituted a group policy to restrict software installation (which is a good idea for reasons other than viruses).  Please see:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx for the how-to.

My feeling is that with a good Software Restriction Policy, that making users local administrators on workstations carries very little risk, and makes managing your network much easier.

I do realize that there are many folks who disagree with me on this, but in the Small Business Space we always balance security against usability.  There's a good article about "Good Enough" security here:  http://sbsurl.com/security

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16887209
Thanks Jeff,

Interesting articles and I fall into the camp of people that agree with you. "Good Enough Security" seems fine for me and most others I feel.

I don't think that the answer from leew relates to SBS (the image I mean) as I don't see that in my computer management so that brings me back to my earlier question for clarification.
--
How do I do this?

" I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this."
 --
Is it - Server Management - select the user - right click - add user to a group - choose domain user from list - OK?

and if so do I have to do that for every user every time I add a new one or is there a global setting?

Thanks

Steve
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 16888566
stevendawson - the image does not apply DIRECTLY to SBS - it applies to your clients - each WORKSTATION.  You need to set this up on each workstation, not on the server.  Every user is a member of the Domain Users group (unless you specifically take them out).  When a new user is created, they are added to this group.  By granting this group admin rights on each workstation every current and future user will have admin rights.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16890156
You CAN do this from the server, but as leew stated, it needs to be set on each workstation -- all users should already be members of "Domain Users" by default.

To do it from the server, open the Server Management Console > Clinet Computers.  Select the computer and then click Manage Computer from the menu on the left side.  This will open the Computer Management MMC for the workstation.  Select Users & Groups > Groups > Administrators.  Then add 'Domain Users" to that local group.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16893024
Thanks to you both. I am much more knowledgeable again thanks to Experts Exchange. I'll have more questions so I'm afraid I'll be back.

I'm going to split the points slightly skewed to Jeff who provided the answer in the first reply but I just didn't understand it then. leew deserved some points for opposing opinions on security which are certainly worth knowing about.

Steve
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question