?
Solved

How do I set up Multiple users on client PC?

Posted on 2006-06-11
8
Medium Priority
?
423 Views
Last Modified: 2010-04-19
I have a few people who only occassionaly work in the office and so when they come in they currently sit at any PC that is available and work logged in as somebody else. I would like to get away from this situation to something more helpful and secure and some sort of hot desking. That is what this question is about. I have SBS configured with 3 users on the SBS so far. Those users are for example, Tom, Dick & Harry. When I run connectcomputer on Tom's PC to join tha PC to SBS I see Tom's name (and others) I choose Tom and proceed through the wizard until that PC is now joined to SBS with no problems. My question is, If I want Dick & Harry to also be able to walk up to Tom's PC and log in as themselves do I have to somehow run the connectcomputer wizard again and if so how? Or is it enough to simply run the connectcomputer wizard for Tom and then if Harry wants to login at Toms PC he just uses his username and password?  

Thanks

Steve
0
Comment
Question by:stevendawson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 1400 total points
ID: 16880471
The connectcomputer wizard will only run once... it's main function is to join the workstation to the network.  It also assigns a primary user to that workstation, but you can easily have ANYONE log in to any machine on your network with their own username and password.

The only problem you'll face is that they need to be a member of the local administrators group in order to have Outlook auto-configure for them.  I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this.

If you add more CALs to your server, you may want to consider adding DEVICE CALs, which are designed for exactly this scenario... multiple users on one computer.  That way you don't need to have a CAL for each person.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16880545
Hi Jeff,

How do I do this?

" I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this."

Should I do that when I run connect computer and if so what if connectcomputer has already been run?

Thanks

Steve
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 600 total points
ID: 16881359
First, TechSoEasy is completely correct - adding the Domain Users group to workstations admin groups will make every user an administrator on the system.

Now, SBS makes selected users administrators on systems when using the connect computer wizard.  This is a bad idea, but Microsoft does it.

Making "domain users" a member of the administrators local group is even worse because:
Viruses, Spyware, and other malware that propogate over the network will now have administrative rights to EVERY computer on your network, instead of just the one on which the first user gets it.  So you do this, you are putting yourself at greater risk for problems in the future.

How to do it - open up Computer Management and reference this graphic:
http://www.lboro.ac.uk/computing/desktop/reps-xp/images/tadmin2.gif

When the new window appears, click the add button and then type in "domain users".  OK out.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16881811
Actually, I probably should have added a couple of notes about the pros/cons of making the Domain Users Group a member of local administrators.

Thanks Leew for pointing out a few of the issues... but the issue of viruses propagating over the network would be a minor issue if you had sufficient virus protection AND you instituted a group policy to restrict software installation (which is a good idea for reasons other than viruses).  Please see:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx for the how-to.

My feeling is that with a good Software Restriction Policy, that making users local administrators on workstations carries very little risk, and makes managing your network much easier.

I do realize that there are many folks who disagree with me on this, but in the Small Business Space we always balance security against usability.  There's a good article about "Good Enough" security here:  http://sbsurl.com/security

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16887209
Thanks Jeff,

Interesting articles and I fall into the camp of people that agree with you. "Good Enough Security" seems fine for me and most others I feel.

I don't think that the answer from leew relates to SBS (the image I mean) as I don't see that in my computer management so that brings me back to my earlier question for clarification.
--
How do I do this?

" I'd suggest that you just add the "Domain Users" group to the local administrators group of every workstation to accommodate for this."
 --
Is it - Server Management - select the user - right click - add user to a group - choose domain user from list - OK?

and if so do I have to do that for every user every time I add a new one or is there a global setting?

Thanks

Steve
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 16888566
stevendawson - the image does not apply DIRECTLY to SBS - it applies to your clients - each WORKSTATION.  You need to set this up on each workstation, not on the server.  Every user is a member of the Domain Users group (unless you specifically take them out).  When a new user is created, they are added to this group.  By granting this group admin rights on each workstation every current and future user will have admin rights.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16890156
You CAN do this from the server, but as leew stated, it needs to be set on each workstation -- all users should already be members of "Domain Users" by default.

To do it from the server, open the Server Management Console > Clinet Computers.  Select the computer and then click Manage Computer from the menu on the left side.  This will open the Computer Management MMC for the workstation.  Select Users & Groups > Groups > Administrators.  Then add 'Domain Users" to that local group.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:stevendawson
ID: 16893024
Thanks to you both. I am much more knowledgeable again thanks to Experts Exchange. I'll have more questions so I'm afraid I'll be back.

I'm going to split the points slightly skewed to Jeff who provided the answer in the first reply but I just didn't understand it then. leew deserved some points for opposing opinions on security which are certainly worth knowing about.

Steve
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question