How do I set up Multiple users on client PC?

I have a few people who only occassionaly work in the office and so when they come in they currently sit at any PC that is available and work logged in as somebody else. I would like to get away from this situation to something more helpful and secure and some sort of hot desking. That is what this question is about. I have SBS configured with 3 users on the SBS so far. Those users are for example, Tom, Dick & Harry. When I run connectcomputer on Tom's PC to join tha PC to SBS I see Tom's name (and others) I choose Tom and proceed through the wizard until that PC is now joined to SBS with no problems. My question is, If I want Dick & Harry to also be able to walk up to Tom's PC and log in as themselves do I have to somehow run the connectcomputer wizard again and if so how? Or is it enough to simply run the connectcomputer wizard for Tom and then if Harry wants to login at Toms PC he just uses his username and password?  

Thanks

Steve
LVL 2
stevendawsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The connectcomputer wizard will only run once... it's main function is to join the workstation to the network.  It also assigns a primary user to that workstation, but you can easily have ANYONE log in to any machine on your network with their own username and password.

The only problem you'll face is that they need to be a member of the local administrators group in order to have Outlook auto-configure for them.  I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this.

If you add more CALs to your server, you may want to consider adding DEVICE CALs, which are designed for exactly this scenario... multiple users on one computer.  That way you don't need to have a CAL for each person.

Jeff
TechSoEasy
0
stevendawsonAuthor Commented:
Hi Jeff,

How do I do this?

" I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this."

Should I do that when I run connect computer and if so what if connectcomputer has already been run?

Thanks

Steve
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
First, TechSoEasy is completely correct - adding the Domain Users group to workstations admin groups will make every user an administrator on the system.

Now, SBS makes selected users administrators on systems when using the connect computer wizard.  This is a bad idea, but Microsoft does it.

Making "domain users" a member of the administrators local group is even worse because:
Viruses, Spyware, and other malware that propogate over the network will now have administrative rights to EVERY computer on your network, instead of just the one on which the first user gets it.  So you do this, you are putting yourself at greater risk for problems in the future.

How to do it - open up Computer Management and reference this graphic:
http://www.lboro.ac.uk/computing/desktop/reps-xp/images/tadmin2.gif

When the new window appears, click the add button and then type in "domain users".  OK out.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Actually, I probably should have added a couple of notes about the pros/cons of making the Domain Users Group a member of local administrators.

Thanks Leew for pointing out a few of the issues... but the issue of viruses propagating over the network would be a minor issue if you had sufficient virus protection AND you instituted a group policy to restrict software installation (which is a good idea for reasons other than viruses).  Please see:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx for the how-to.

My feeling is that with a good Software Restriction Policy, that making users local administrators on workstations carries very little risk, and makes managing your network much easier.

I do realize that there are many folks who disagree with me on this, but in the Small Business Space we always balance security against usability.  There's a good article about "Good Enough" security here:  http://sbsurl.com/security

Jeff
TechSoEasy
0
stevendawsonAuthor Commented:
Thanks Jeff,

Interesting articles and I fall into the camp of people that agree with you. "Good Enough Security" seems fine for me and most others I feel.

I don't think that the answer from leew relates to SBS (the image I mean) as I don't see that in my computer management so that brings me back to my earlier question for clarification.
--
How do I do this?

" I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this."
 --
Is it - Server Management - select the user - right click - add user to a group - choose domain user from list - OK?

and if so do I have to do that for every user every time I add a new one or is there a global setting?

Thanks

Steve
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
stevendawson - the image does not apply DIRECTLY to SBS - it applies to your clients - each WORKSTATION.  You need to set this up on each workstation, not on the server.  Every user is a member of the Domain Users group (unless you specifically take them out).  When a new user is created, they are added to this group.  By granting this group admin rights on each workstation every current and future user will have admin rights.
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You CAN do this from the server, but as leew stated, it needs to be set on each workstation -- all users should already be members of "Domain Users" by default.

To do it from the server, open the Server Management Console > Clinet Computers.  Select the computer and then click Manage Computer from the menu on the left side.  This will open the Computer Management MMC for the workstation.  Select Users & Groups > Groups > Administrators.  Then add 'Domain Users" to that local group.

Jeff
TechSoEasy
0
stevendawsonAuthor Commented:
Thanks to you both. I am much more knowledgeable again thanks to Experts Exchange. I'll have more questions so I'm afraid I'll be back.

I'm going to split the points slightly skewed to Jeff who provided the answer in the first reply but I just didn't understand it then. leew deserved some points for opposing opinions on security which are certainly worth knowing about.

Steve
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.