[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I set up Multiple users on client PC?

Posted on 2006-06-11
8
Medium Priority
?
432 Views
Last Modified: 2010-04-19
I have a few people who only occassionaly work in the office and so when they come in they currently sit at any PC that is available and work logged in as somebody else. I would like to get away from this situation to something more helpful and secure and some sort of hot desking. That is what this question is about. I have SBS configured with 3 users on the SBS so far. Those users are for example, Tom, Dick & Harry. When I run connectcomputer on Tom's PC to join tha PC to SBS I see Tom's name (and others) I choose Tom and proceed through the wizard until that PC is now joined to SBS with no problems. My question is, If I want Dick & Harry to also be able to walk up to Tom's PC and log in as themselves do I have to somehow run the connectcomputer wizard again and if so how? Or is it enough to simply run the connectcomputer wizard for Tom and then if Harry wants to login at Toms PC he just uses his username and password?  

Thanks

Steve
0
Comment
Question by:stevendawson
  • 3
  • 3
  • 2
8 Comments
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 1400 total points
ID: 16880471
The connectcomputer wizard will only run once... it's main function is to join the workstation to the network.  It also assigns a primary user to that workstation, but you can easily have ANYONE log in to any machine on your network with their own username and password.

The only problem you'll face is that they need to be a member of the local administrators group in order to have Outlook auto-configure for them.  I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this.

If you add more CALs to your server, you may want to consider adding DEVICE CALs, which are designed for exactly this scenario... multiple users on one computer.  That way you don't need to have a CAL for each person.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16880545
Hi Jeff,

How do I do this?

" I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this."

Should I do that when I run connect computer and if so what if connectcomputer has already been run?

Thanks

Steve
0
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 600 total points
ID: 16881359
First, TechSoEasy is completely correct - adding the Domain Users group to workstations admin groups will make every user an administrator on the system.

Now, SBS makes selected users administrators on systems when using the connect computer wizard.  This is a bad idea, but Microsoft does it.

Making "domain users" a member of the administrators local group is even worse because:
Viruses, Spyware, and other malware that propogate over the network will now have administrative rights to EVERY computer on your network, instead of just the one on which the first user gets it.  So you do this, you are putting yourself at greater risk for problems in the future.

How to do it - open up Computer Management and reference this graphic:
http://www.lboro.ac.uk/computing/desktop/reps-xp/images/tadmin2.gif

When the new window appears, click the add button and then type in "domain users".  OK out.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16881811
Actually, I probably should have added a couple of notes about the pros/cons of making the Domain Users Group a member of local administrators.

Thanks Leew for pointing out a few of the issues... but the issue of viruses propagating over the network would be a minor issue if you had sufficient virus protection AND you instituted a group policy to restrict software installation (which is a good idea for reasons other than viruses).  Please see:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx for the how-to.

My feeling is that with a good Software Restriction Policy, that making users local administrators on workstations carries very little risk, and makes managing your network much easier.

I do realize that there are many folks who disagree with me on this, but in the Small Business Space we always balance security against usability.  There's a good article about "Good Enough" security here:  http://sbsurl.com/security

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16887209
Thanks Jeff,

Interesting articles and I fall into the camp of people that agree with you. "Good Enough Security" seems fine for me and most others I feel.

I don't think that the answer from leew relates to SBS (the image I mean) as I don't see that in my computer management so that brings me back to my earlier question for clarification.
--
How do I do this?

" I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this."
 --
Is it - Server Management - select the user - right click - add user to a group - choose domain user from list - OK?

and if so do I have to do that for every user every time I add a new one or is there a global setting?

Thanks

Steve
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16888566
stevendawson - the image does not apply DIRECTLY to SBS - it applies to your clients - each WORKSTATION.  You need to set this up on each workstation, not on the server.  Every user is a member of the Domain Users group (unless you specifically take them out).  When a new user is created, they are added to this group.  By granting this group admin rights on each workstation every current and future user will have admin rights.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16890156
You CAN do this from the server, but as leew stated, it needs to be set on each workstation -- all users should already be members of "Domain Users" by default.

To do it from the server, open the Server Management Console > Clinet Computers.  Select the computer and then click Manage Computer from the menu on the left side.  This will open the Computer Management MMC for the workstation.  Select Users & Groups > Groups > Administrators.  Then add 'Domain Users" to that local group.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16893024
Thanks to you both. I am much more knowledgeable again thanks to Experts Exchange. I'll have more questions so I'm afraid I'll be back.

I'm going to split the points slightly skewed to Jeff who provided the answer in the first reply but I just didn't understand it then. leew deserved some points for opposing opinions on security which are certainly worth knowing about.

Steve
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Loops Section Overview
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question